Zero Day Initiative - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 - No Argument ConstructorThe PowerShell Remoting ConvertViaNoArgumentConstructor mechanism led to the discovery of three vulnerabilities in Exchange despite hardening efforts.
Zero Day Initiative - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and CloudSharePoint had an XXE vulnerability (CVE-2024-30043) allowing file reading, SSRF attacks, and NTLM relaying, affecting on-prem and cloud instances.