PoC Archives - Help Net Security

PoC

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

November 24, 2021

A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …

Apple fixes security feature bypass in macOS (CVE-2021-30892)

October 29, 2021

Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection …

Nagios XI vulnerabilities open enterprise IT infrastructure to attack

September 23, 2021

Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to …

Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)

September 3, 2021

A critical vulnerability (CVE-2021-34746) that affects Cisco Enterprise NFV Infrastructure Software (NFVIS) has been patched and Cisco is urging enterprise admins to quickly …

Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958)

August 13, 2021

A day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability …

Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)

July 20, 2021

A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been …

There are new unpatched bugs in Windows Print Spooler

July 19, 2021

Security researchers have unearthed new elevation of privilege (EoP) bugs in Windows Print Spooler, one of the oldest Windows components. Scarce details have been shared about …

PoC for critical Windows Print Spooler flaw leaked (CVE-2021-1675)

June 30, 2021

CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, presents a much greater danger than initially thought: researchers have proved that …

Cisco security devices targeted with CVE-2020-3580 PoC exploit

June 29, 2021

Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently …

Is it OK to publish PoC exploits for vulnerabilities and patches?

May 5, 2021

In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof …

Using memory encryption in web applications to help reduce the risk of Spectre attacks

March 25, 2021

There’s nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Röttger and Artur Janc …

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak

March 15, 2021

Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early …

PoC

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

Apple fixes security feature bypass in macOS (CVE-2021-30892)

Nagios XI vulnerabilities open enterprise IT infrastructure to attack

Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)

Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958)

Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)

There are new unpatched bugs in Windows Print Spooler

PoC for critical Windows Print Spooler flaw leaked (CVE-2021-1675)

Cisco security devices targeted with CVE-2020-3580 PoC exploit

Is it OK to publish PoC exploits for vulnerabilities and patches?

Using memory encryption in web applications to help reduce the risk of Spectre attacks

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak

Don't miss

A 2022 priority: Automated mobile application security testing

Fraud detection is great, but you also need prevention

Stealthy firmware bootkit leveraged by APT in targeted attacks

Google Drive starts warning users about suspicious files

New infosec products of the week: January 21, 2022