[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Microsoft Exchange Multiple Vulnerabilities

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Microsoft Exchange Multiple Vulnerabilities
From: Nathan Power <np@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 4 Aug 2014 13:26:03 -0400

Exchange Multiple Internal IP Disclosures
------------------------------------------
Advisory:
http://foofus.net/?p=758
http://www.securitypentest.com/2014/08/exchange-multiple-internal-ip.html


Autodiscover Enumeration Vulnerability
------------------------------------------
Advisory:
http://foofus.net/?p=793
http://www.securitypentest.com/2014/08/autodiscover-enumeration-vulnerab
ility.html


CAS Authentication Timing Attack
------------------------------------------
Advisory:
http://foofus.net/?p=784
http://www.securitypentest.com/2014/08/cas-authentication-timing-attack.
html


POC video:
http://www.securitypentest.com/2014/08/owa-timing-attack-poc.html


Tools
------------------------------------------
http://foofus.net/?p=804

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] HybridAuth <= 2.1.2 Remote Code Execution
Next by Date: Re: [FD] XXE Injection in HP Release Control
Previous by thread: [FD] HybridAuth <= 2.1.2 Remote Code Execution
Next by thread: [FD] Outdated Software on Huffington Post
Index(es):
- Date
- Thread