all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-23-1580: (0Day) Microsoft Exchange DownloadDataFromOfficeMarketPlace Server-Side Request Forgery Information Disclosure Vulnerability

Add to bookmarks
Nov. 2, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1.

0day attackers authentication cvss disclosure exchange exploit forgery information information disclosure information disclosure vulnerability microsoft microsoft exchange rating request sensitive sensitive information server server-side request forgery vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability 3 days ago | www.zerodayinitiative.com
arbitrary code attackers bluetooth code +20
ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 3 days ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 3 days ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +15
ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 3 days ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-435: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 3 days ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +15
ZDI-24-434: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability 3 days ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-433: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 3 days ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-432: Dassault Systèmes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability 3 days ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +17
ZDI-24-431: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 3 days ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Associate, Cybersecurity Operations

@ Ares Management Corporation | Los Angeles, CA - CULVER CITY
View on infosec-jobs.com

Senior DevSecOps Engineer

@ Peraton | Fort Gordon, GA, United States
View on infosec-jobs.com

Senior DevSecOps Engineer

@ Diverto | Zagreb, Croatia
View on infosec-jobs.com

Lead DevSecOps Engineer

@ DTCC | Tampa, FL, United States
View on infosec-jobs.com

Incident Responder (Fraud Threat Management)

@ Scotiabank | Toronto, ON, CA, M5H1H1
View on infosec-jobs.com

Penetration Tester, Expert (Federal agency) - Tysons, VA - Full Time

@ iSoftTek Solutions | Tysons, Virginia, United States
View on infosec-jobs.com
View more jobs