PoC Archives - Help Net Security

PoC

Using memory encryption in web applications to help reduce the risk of Spectre attacks

March 25, 2021

There’s nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Röttger and Artur Janc …

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak

March 15, 2021

Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early …

Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!

February 25, 2021

The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly …

Out-of-band Drupal security updates fix bugs with known exploits

November 27, 2020

Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

November 17, 2020

Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive …

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

November 5, 2020

A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code …

Google discloses actively exploited Windows zero-day (CVE-2020-17087)

November 2, 2020

Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw …

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

October 29, 2020

A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle …

Are your domain controllers safe from Zerologon attacks?

September 15, 2020

CVE-2020-1472, a privilege elevation vulnerability in the Netlogon Remote Protocol (MS-NRPC) for which Microsoft released a patch in August, has just become a huge liability …

Potential Apache Struts 2 RCE flaw fixed, PoCs released

August 17, 2020

Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability …

Exploits for vBulletin zero-day released, attacks are ongoing

August 11, 2020

The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has …

Critical ManageEngine ADSelfService Plus RCE flaw patched

August 10, 2020

A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …

PoC

Using memory encryption in web applications to help reduce the risk of Spectre attacks

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak

Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!

Out-of-band Drupal security updates fix bugs with known exploits

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

Google discloses actively exploited Windows zero-day (CVE-2020-17087)

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

Are your domain controllers safe from Zerologon attacks?

Potential Apache Struts 2 RCE flaw fixed, PoCs released

Exploits for vBulletin zero-day released, attacks are ongoing

Critical ManageEngine ADSelfService Plus RCE flaw patched

Don't miss

Protecting the human attack surface from the next ransomware attack

The parallels of pandemic response and IoT security

Infection Monkey: Open source tool allows zero trust assessment of AWS environments

Machine learning-powered cybersecurity depends on good data and experience

The future of touchless visitor management lies with biometrics