Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-36434

Published: 10/10/2023 Updated: 12/10/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Windows Server 2008

Vulnerability Summary

Windows IIS Server Elevation of Privilege Vulnerability

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008 r2

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2008 -

microsoft windows server 2012 -

microsoft windows server 2019 -

microsoft windows server 2022 -

microsoft windows 10 21h2

microsoft windows 10 1809

microsoft windows 11 21h2

microsoft windows 11 22h2

microsoft windows 10 1507

microsoft windows 10 22h2

microsoft windows 10 1607

Github Repositories

https://github.com/netlas-io/netlas-scripts

Several scripts are based on the Netlas.io search engine. They will allow you to carry out the reconnaissance phase before the pen test in a semi-automatic mode: collect all the domains and IP addresses associated with the target and save the responses received after contacting these hosts in HTML format. Over time, new scripts will appear here.

Netlas scripts About In this repository, you can find some scripts that use Netlasio search engine Some of them may be of interest to pen testers or bug bounters, and some to enthusiasts in the field of information security And some will simply allow you to spend time with interest, studying various objects on the vast Internet Installing Note: Guide for Debian/Ubuntu only

Recent Articles

It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Happy Halloween! Security bugs under attack squashed, more flaws fixed Farewell WordPad, we hardly knew ye

Patch Tuesday Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are already under active attack, as well as addressing an HTTP/2 weakness that has also been exploited in the wild. That last one – tracked as CVE-2023-44487 aka Rapid Reset – is an HTTP/2 protocol vulnerability that has been abused since August to launch massive distributed denial of service (DDoS) attacks. Microsoft, Amazon, Google, and Cloudflare all released miti...

Read more...

References

NVD-CWE-noinfohttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434https://nvd.nist.govhttps://github.com/netlas-io/netlas-scriptshttps://www.theregister.co.uk/2023/10/10/october_2023_patch_tuesday/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook