PoC Archives - Help Net Security

PoC

Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)

July 20, 2021

A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been …

There are new unpatched bugs in Windows Print Spooler

July 19, 2021

Security researchers have unearthed new elevation of privilege (EoP) bugs in Windows Print Spooler, one of the oldest Windows components. Scarce details have been shared about …

PoC for critical Windows Print Spooler flaw leaked (CVE-2021-1675)

June 30, 2021

CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, presents a much greater danger than initially thought: researchers have proved that …

Cisco security devices targeted with CVE-2020-3580 PoC exploit

June 29, 2021

Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently …

Is it OK to publish PoC exploits for vulnerabilities and patches?

May 5, 2021

In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof …

Using memory encryption in web applications to help reduce the risk of Spectre attacks

March 25, 2021

There’s nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Röttger and Artur Janc …

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak

March 15, 2021

Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early …

Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!

February 25, 2021

The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly …

Out-of-band Drupal security updates fix bugs with known exploits

November 27, 2020

Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

November 17, 2020

Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive …

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

November 5, 2020

A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code …

Google discloses actively exploited Windows zero-day (CVE-2020-17087)

November 2, 2020

Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw …

PoC

Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)

There are new unpatched bugs in Windows Print Spooler

PoC for critical Windows Print Spooler flaw leaked (CVE-2021-1675)

Cisco security devices targeted with CVE-2020-3580 PoC exploit

Is it OK to publish PoC exploits for vulnerabilities and patches?

Using memory encryption in web applications to help reduce the risk of Spectre attacks

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak

Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!

Out-of-band Drupal security updates fix bugs with known exploits

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

Google discloses actively exploited Windows zero-day (CVE-2020-17087)

Don't miss

The destructive power of supply chain attacks and how to secure your code

RIP guest access, long live shared channels!

How to build a zero-trust cloud data architecture

Vulnerable TCP/IP stack is used by almost 200 device vendors

A clever phishing campaign is targeting Office 365 users