Open in app

Sign In

Write

Sign In

Meareg | ማዕረግ | 𐩧𐩴oמארג | 𐩣
Meareg | ማዕረግ | 𐩧𐩴oמארג | 𐩣

49 Followers

Home

About

Oct 7, 2022

Insecure Comments

Hi All, This is my blog regarding to impersonating and publishing a comment on behalf of any Microsoft Word and PowerPoint users. Interestingly, Excel and Visio are secure, they handle the comments in a different way (secure way). I report the vulnerability to Microsoft but it is classified as ‘by-design’…

Microsoft

5 min read

Insecure Comments
Insecure Comments
Microsoft

5 min read


Jul 28, 2022

Reading Message from Microsoft’s Private Yammer Group

Hi All, I returned with another blog about a vulnerability I found in Microsoft’s business application. This time we will try to read some messages/posts from Microsoft’s private Yammer group. To summarize, what Microsoft employees were discussing in these Yammer groups: Covid19+ Vaccine, discussion about customers, competitors & business strategies. …

Microsoft

3 min read

Reading Message from Microsoft’s Private Yammer Group
Reading Message from Microsoft’s Private Yammer Group
Microsoft

3 min read


Mar 18, 2022

Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software Vendors

Hi Everyone, This is my continued responsible disclosure blog on Microsoft products. If you didn’t read my previous blog, you can get it from here. Today, I will share how I discover IDOR vulnerability in Microsoft Partner application which exposes all Microsoft Azure Independent Software Vendors. Introduction What is Insecure…

Idor

5 min read

Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software Vendors
Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software Vendors
Idor

5 min read


Dec 15, 2021

Broken Access Control

Part 0x01 | Improper Authorization could allow access to more than 100,000 Microsoft Dynamics 365 for Partner Users — Introduction As a part of Microsoft coordinated vulnerability disclosures, I would like to share a critical vulnerability within the dynamics portal which could allow an attacker to access personally identifiable information (first name, last name, email address, MPN ID etc.) of users of the Microsoft Dynamics for 365 Partner website.

Cybersecurity

3 min read

Broken Access Control
Broken Access Control
Cybersecurity

3 min read

Meareg | ማዕረግ | 𐩧𐩴oמארג | 𐩣

Meareg | ማዕረግ | 𐩧𐩴oמארג | 𐩣

49 Followers

Security Researcher

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams