PoC Archives - Help Net Security

PoC

Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)

January 26, 2023

Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker …

Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)

January 18, 2023

Two vulnerabilities (CVE-2022-4873, CVE-2022-4874) found in three NetComm router models could be exploited to achieve remote code execution on vulnerable devices, and …

PoC for critical ManageEngine bug to be released, so get patching! (CVE-2022-47966)

January 17, 2023

If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they’ve been updated to a non-vulnerable version because …

Cacti servers under attack by attackers exploiting CVE-2022-46169

January 16, 2023

If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now is the time to do it to foil attackers exploiting a …

Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)

January 12, 2023

Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of …

New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)

December 21, 2022

Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on …

Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)

December 12, 2022

A high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the …

Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

October 14, 2022

Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, …

Attackers are attempting to exploit critical F5 BIG-IP RCE

May 9, 2022

Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, …

Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

April 14, 2022

Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. …

CISA adds Spring4Shell to list of exploited vulnerabilities

April 5, 2022

It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …

Spring4Shell: No need to panic, but mitigations are advised

March 31, 2022

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …

PoC

Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)

Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)

PoC for critical ManageEngine bug to be released, so get patching! (CVE-2022-47966)

Cacti servers under attack by attackers exploiting CVE-2022-46169

Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)

New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)

Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)

Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

Attackers are attempting to exploit critical F5 BIG-IP RCE

Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

CISA adds Spring4Shell to list of exploited vulnerabilities

Spring4Shell: No need to panic, but mitigations are advised

Don't miss

Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)

We can’t rely on goodwill to protect our critical infrastructure

The emergence of trinity attacks on APIs

Hybrid cloud storage security challenges

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)