Piotr Bazydło (chudy)
Now: Vulnerability Researcher at Trend Micro Zero Day Initiative
Before: Penetration Tester (consultant and internal), network traffic analysis
Twitter: @chudypb
Mastodon: @chudypb@infosec.exchange
Linkedin: piotr-bazydlo
Selected Conference Talks
OffensiveCon 2024: Half Measures and Full Compromise: Exploiting Microsoft Exchange PowerShell Remoting
- Video - soon
Hexacon 2023: Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization
DefCamp 2021: Penetration Testing Management - Problems in Large Corporations
Confidence 2018: Network Telescop Traffic Analysis
Blog Posts
RIDING THE INFORAIL TO EXPLOIT IVANTI AVALANCHE: PART 1
RIDING THE INFORAIL TO EXPLOIT IVANTI AVALANCHE: PART 2
CONTROL YOUR TYPES OR GET PWNED: REMOTE CODE EXECUTION IN EXCHANGE POWERSHELL BACKEND
FINDING DESERIALIZATION BUGS IN THE SOLARWINDS PLATFORM
UNPATCHED POWERFUL SSRF IN EXCHANGE OWA – GETTING RESPONSE THROUGH ATTACHMENTS
Selected Achievements/Awards
-
3rd at Pwn2Own Miami 2022: results
-
Microsoft Most Valuable Researcher 2023, 4th at Office Category: results
-
2nd best web research of 2023 in PortSwigger “Top 10 Web Hacking Techniques of 2023” - Exploiting Hardened .NET Deserialization: results
Selected Research Highlights
-
Microsoft Exchange vulnerabilities (17 CVEs), including 5 Remote Code Execution issues.
-
Remote Code Execution through serialization (CVE-2022-47504, CVE-2023-1139 and CVE-2023-1145).
-
.NET deserialization/serialization research and commits to ysoserial.net (5 new gadgets in main line + 3 plugins).
-
Entire SolarWinds Orion Platform (and its modules) research and deserialization issues in SolarWinds.
-
Ivanti Avalanche vulnerabilities in 3 different attack surfaces: web, custom protocol and low-level services (memory corruptions).
-
Research and abuse of custom deserializer implemented in Inductive Automation Ignition (Pwn2Own vulnerability).
-
Microsoft SharePoint: several vulnerabilities, including XXE->File Read (CVE-2024-30043).
-
Vulnerabilities in Apache libraries (SSRF and RCE in Apache Batik + RCE in Apache ActiveMQ NMS).
-
Deserialization leading to Authentication Bypass (CVE-2023-1136).
-
One click RCE in MDaemon SMTP Server mail client (chain of 4 vulnerabilities) - exploited through email message.
Demos
-
SSRF in Microsoft Exchange OWA: link
-
Microsoft Exchange - Remote Code Execution (CVE-2023-32031): link
-
SolarWinds Orion Platform - Remote Code Execution through Serialization: link
-
Inductive Automation Ignition - Remote Code Execution through custom deserialization: link
-
Apache Batik - Remote Code Execution and SSRF: link
-
Ivanti Avalanche - Race Condition leading to Authentication Bypass: link
-
MDaemon SMTP Server - one click RCE (email message URL): link
Vulnerabilities (updated on 18 May, 2024)
CVE-2024-28075: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2024-23473: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability
CVSS:8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVE-2024-30043: Microsoft SharePoint BaseXmlDataSource XML External Entity Processing Information Disclosure Vulnerability
CVSS:7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
ZDI-24-447: (0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-27984: Ivanti Avalanche WLInfoRailService DELKEY Directory Traversal Arbitrary File Deletion Vulnerability
CVSS:7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2024-27978: Ivanti Avalanche WLAvalancheService Null Pointer Dereference Denial-of-Service Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2024-27977: Ivanti Avalanche WLAvalancheService Directory Traversal Arbitrary File Deletion Vulnerability
CVSS:7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2024-27976: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-27975: Ivanti Avalanche WLAvalancheService Use-After-Free Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-25000: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-24999: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-24998: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-24997: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-24996: Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-24995: Ivanti Avalanche doInTransaction Time-Of-Check Time-Of-Use Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-24994: Ivanti Avalanche extractZipEntry Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-24993: Ivanti Avalanche InstallPackageThread Time-Of-Check Time-Of-Use Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-24992: Ivanti Avalanche getAdhocFilePath Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-24991: Ivanti Avalanche WLAvalancheService Null Pointer Dereference Denial-of-Service Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2024-23535: Ivanti Avalanche copyFile Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-23534: Ivanti Avalanche getMasterAdhocCollectionsPath Unrestricted File Upload Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-23532: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Remote Code Execution Vulnerability
CVSS:7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-23533: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
CVSS:4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2024-23531: Ivanti Avalanche WLInfoRailService Integer Overflow Information Disclosure Vulnerability
CVSS:7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2024-23530: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
CVSS:5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2024-23529: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
CVSS:5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2024-23528: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
CVSS:5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2024-23527: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
CVSS:5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2024-23526: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
CVSS:5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2024-22061: Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-23478: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2023-50233: Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-50232: Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-50395: SolarWinds Orion Platform AppendUpdate SQL Injection Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-35188: SolarWinds Orion Platform AppendCreatePrimary SQL Injection Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46804: Ivanti Avalanche WLAvalancheService Integer Underflow Denial-of-Service Vulnerability
CVSS:7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-46223: Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46222: Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46221: Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46803: Ivanti Avalanche WLAvalancheService Divide By Zero Denial-of-Service Vulnerability
CVSS:7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-46220: Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46258: Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46257: Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46225: Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46224: Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46264: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-50222: Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-41726: Ivanti Avalanche Incorrect Default Permissions Local Privilege Escalation Vulnerability
CVSS:7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-47279: Delta Electronics InfraSuite Device Master PlayWaveFile Directory Traversal Information Disclosure Vulnerability
CVSS:7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2023-47207: Delta Electronics InfraSuite Device Master Device-DataCollect Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-46690: Delta Electronics InfraSuite Device Master UploadMedia Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-38181: Microsoft Exchange GsmWriter Deserialization of Untrusted Data NTLM Relay Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-36039: Microsoft Exchange FederationTrust Deserialization of Untrusted Data NTLM Relay Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-36050: Microsoft Exchange TransportConfigContainer Deserialization of Untrusted Data Information Disclosure Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection Arbitrary File Write and Deletion Vulnerability
CVSS:7.6 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
CVE-2023-36035: Microsoft Exchange IsUNCPath Improper Input Validation NTLM Relay Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-33227: SolarWinds Network Configuration Manager SaveResultsToFile Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-33226: SolarWinds Network Configuration Manager ExportConfigs Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-40062: SolarWinds Orion Platform BlacklistedFilesChecker Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ZDI-23-1581: (0Day) Microsoft Exchange CreateAttachmentFromUri Server-Side Request Forgery Information Disclosure Vulnerability
CVSS:7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
ZDI-23-1580: (0Day) Microsoft Exchange DownloadDataFromOfficeMarketPlace Server-Side Request Forgery Information Disclosure Vulnerability
CVSS:7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
ZDI-23-1579: (0Day) Microsoft Exchange DownloadDataFromUri Server-Side Request Forgery Information Disclosure Vulnerability
CVSS:7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
ZDI-23-1578: (0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-35186: SolarWinds Access Rights Manager GetParameterFormTemplateWithSelectionState Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-35184: SolarWinds Access Rights Manager ExecuteAction Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-35183: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
CVSS:7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-35181: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
CVSS:7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-35180: SolarWinds Access Rights Manager IFormTemplate Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-42130: A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability
CVSS:8.3 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
CVE-2023-42129: A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-36745: Microsoft Exchange SharedTypeResolver Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-36757: Microsoft Exchange ExFileLog Deserialization of Untrusted Data Denial-of-Service Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-23840: SolarWinds Orion Platform UpdateAction Exposed Dangerous Method Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23845: SolarWinds Orion Platform UpdateActionsProperties Exposed Dangerous Method Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-36744: Microsoft Exchange DumpDataReader Deserialization of Untrusted Data Arbitrary File Write Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE-2023-36756: Microsoft Exchange ApprovedApplicationCollection Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-36777: Microsoft Exchange ProjectInstance Deserialization of Untrusted Data Information Disclosure Vulnerability
CVSS:7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
ZDI-23-1281: Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-40516: (0Day) LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVSS:7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-32562: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-39472: (0Day) Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-39473: (0Day) Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-33225: SolarWinds Orion Platform SendHttpRequest Missing Authorization Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-33224: SolarWinds Orion Platform UpdateActionsProperties Incorrect Behavior Order Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23844: SolarWinds Orion Platform BlacklistedFilesChecker Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23843: SolarWinds Orion Platform UpdateActionsProperties Incorrect Comparison Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23842: SolarWinds Network Configuration Manager VulnDownloader Directory Traversal Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-34347: Delta Electronics InfraSuite Device Master Device-Gateway Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-30765: Delta Electronics InfraSuite Device Master modifyusergroup Improper Access Control Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-32031: Microsoft Exchange Command Class Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-32169: D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-1135: Delta Electronics InfraSuite Device Master Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVSS:7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-1137: Delta Electronics InfraSuite Device Master APRunning Improper Access Control Information Disclosure Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-1141: Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode Command Injection Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-1145: Delta Electronics InfraSuite Device Master Device-DataCollect Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-1139: Delta Electronics InfraSuite Device Master Device-Gateway Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-1136: Delta Electronics InfraSuite Device Master CheckgRPCAuthentication Authentication Bypass Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-1134: Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_ReportFileOperation Directory Traversal Denial-of-Service Vulnerability
CVSS:7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2023-1143: Delta Electronics InfraSuite Device Master ActionExeScriptString Exposed Dangerous Function Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-1144: Delta Electronics InfraSuite Device Master Improper Access Control Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-1140: Delta Electronics InfraSuite Device Master Missing Authentication Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42972: Schneider Electric APC Easy UPS Online Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVSS:7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-24950: Microsoft SharePoint AdRotator Improper Input Validation NTLM Relay Vulnerability
CVSS:8.0 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-47505: SolarWinds Network Performance Monitor TFTP Link Following Local Privilege Escalation Vulnerability
CVSS:7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36963: SolarWinds Network Performance Monitor ExecuteExternalProgram Command Injection Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-28128: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-28127: Ivanti Avalanche getLogFile Directory Traversal Information Disclosure Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-28126: Ivanti Avalanche EnterpriseServer GetSettings Exposed Dangerous Method Authentication Bypass Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-28125: Ivanti Avalanche InfoRail Authentication Bypass Vulnerability
CVSS:8.0 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2023-28288: Microsoft SharePoint WSSXmlUrlResolver Server-Side Request Forgery Vulnerability
CVSS:7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2023-27351: PaperCut NG SecurityRequestFilter Authentication Bypass Vulnerability
CVSS:8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVE-2023-26601: ManageEngine ServiceDesk Plus ImageUploadServlet Improper Input Validation Denial-of-Service Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-26600: ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-47503: SolarWinds Network Performance Monitor WorkerControllerWCFProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23836: SolarWinds Network Performance Monitor CredentialInitializer Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-47507: SolarWinds Network Performance Monitor WorkerProcessWCFProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-47506: SolarWinds Network Performance Monitor sshd_SftpRename Directory Traversal Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-38111: SolarWinds Orion Platform BytesToMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-47504: SolarWinds Network Performance Monitor SqlFileScript Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-21529: Microsoft Exchange MultiValuedProperty Exposed Dangerous Function Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41657: Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Opcode 512 Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-40202: Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode Exposed Dangerous Function Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-21764: Microsoft Exchange GetTorusCmdletConfigurationEntries Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVSS:7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-21763: Microsoft Exchange TorusUpdateInitialSessionState Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVSS:7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-21745: Microsoft Exchange PowerShell Unsafe Reflection Information Disclosure Vulnerability
CVSS:4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-36964: SolarWinds Network Performance Monitor DeserializeFromStrippedXml Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36962: SolarWinds Network Performance Monitor GetPdf Command Injection Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36960: SolarWinds Network Performance Monitor WebUserSettingsCrudHandler Improper Input Validation Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-40772: ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-40771: ManageEngine ServiceDesk Plus getAsDoc XML External Entity Processing Information Disclosure Vulnerability
CVSS:5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
CVE-2022-40770: ManageEngine ServiceDesk Plus invokeDataUploadTool Command Injection Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41079: Microsoft Exchange SerializationTypeConverter Deserialization of Untrusted Data Information Disclosure Vulnerability
CVSS:4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-41123: Microsoft Exchange GetTorusCmdletConfigurationEntries Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVSS:7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41078: Microsoft Exchange ApprovedApplication Exposed Dangerous Function Information Disclosure Vulnerability
CVSS:4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-40773: ManageEngine ServiceDesk Plus MSP exportMickeyList Improper Input Validation Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-38108: SolarWinds Network Performance Monitor BytesToMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36957: SolarWinds Network Performance Monitor PropertyBagJsonConverter Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36958: SolarWinds Network Performance Monitor DeserializeFromStrippedXml Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-38398: Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability
CVSS:7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-40146: Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability
CVSS:8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36961: SolarWinds Network Performance Monitor UpdateActionsDescriptions SQL Injection Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-38772: ManageEngine OpManager getNmapInitialOption Command Injection Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36969: AVEVA Edge LoadImportedLibraries XML External Entity Processing Information Disclosure Vulnerability
CVSS:5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28686: (Pwn2Own) AVEVA Edge Uncontrolled Search Path Element Remote Code Execution Vulnerability
CVSS:7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-35872: (Pwn2Own) Inductive Automation Ignition Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-36983: Ivanti Avalanche SetSettings Exposed Dangerous Function Authentication Bypass Vulnerability
CVSS:7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-36982: Ivanti Avalanche AgentTaskHandler Directory Traversal Information Disclosure Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-36981: Ivanti Avalanche DeviceLogResource Directory Traversal Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36980: Ivanti Avalanche EnterpriseServer Service Race Condition Authentication Bypass Vulnerability
CVSS:9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CVE-2022-36979: Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability
CVSS:7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-36978: Ivanti Avalanche Notification Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36977: Ivanti Avalanche Certificate Management Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36976: Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability
CVSS:9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-36975: Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability
CVSS:9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-36974: Ivanti Avalanche Web File Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36973: Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability
CVSS:9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-36972: Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability
CVSS:9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-36971: Ivanti Avalanche JwtTokenUtility Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27258: SolarWinds Orion Platform NCM SCM IPAM SaveUserSetting Improper Access Control Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42132: Ivanti Avalanche PrinterDeviceServer Service Command Injection Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42130: Ivanti Avalanche DataRepository Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42129: Ivanti Avalanche MapShare Service Command Injection Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42128: Ivanti Avalanche EnterpriseServer Service Exposed Dangerous Function Authentication Bypass Vulnerability
CVSS:7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-42127: Ivanti Avalanche StatServer Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42131: Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability
CVSS:9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-42133: Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42126: Ivanti Avalanche User Management Improper Authentication Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42125: Ivanti Avalanche Filestore Management Arbitrary File Upload Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42124: Ivanti Avalanche JNLP File Improper Access Control Authentication Bypass Vulnerability
CVSS:8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-35213: SolarWinds Orion Platform NCM SCM IPAM SaveUserSetting Improper Access Control Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-35212: SolarWinds Orion Network Performance Monitor DisableNOCView SQL Injection Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-31474: SolarWinds Network Performance Monitor FromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS:9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-27871: SolarWinds Orion Platform NCM VulnerabilitySettings Directory Traversal Arbitrary File Creation Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2020-27870: SolarWinds Orion Platform ExportToPDF Directory Traversal Information Disclosure Vulnerability
CVSS:7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-14005: SolarWinds Network Performance Monitor ExecuteVBScript Command Injection Remote Code Execution Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-27869: SolarWinds Network Performance Monitor WriteToFile SQL Injection Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-40500: SAP Crystal Reports XML External Entity Processing Information Disclosure Vulnerability
CVSS:6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2021-27183: MDaemon SMTP Server Directory Traversal Remote Code Execution Vulnerability
CVSS:7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27182: MDaemon SMTP Server Iframe Injection Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-27181: MDaemon SMTP Server Cross-Site Request Forgery Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-27180: MDaemon SMTP Server Cross-Site Scripting Authentication Bypass Vulnerability
CVSS:8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-13169: SolarWinds Orion Platform Multiple Cross-Site Scripting Privilege Escalation Vulnerability
CVSS:8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-21488: SAP Netweaver Deserialization of Untrusted Data Denial-of-Service Vulnerability
CVSS:6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-6370: SAP Netweaver Cross-Site Scripting Privilege Escalation Vulnerability
CVSS:8.0 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2020-6371: SAP Netweaver Exposed Dangerous Method Information Disclosure Vulnerability
CVSS:4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2020-26819: SAP Netweaver Exposed Dangerous Method Information Disclosure Vulnerability
CVSS:4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2020-26818: SAP Netweaver Exposed Dangerous Method Information Disclosure Vulnerability
CVSS:4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2020-6310: SAP Netweaver Exposed Dangerous Method Information Disclosure Vulnerability
CVSS:4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2020-6299: SAP Netweaver Exposed Dangerous Method Information Disclosure Vulnerability
CVSS:4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N