PoC Archives - Page 3 of 10 - Help Net Security

PoC

Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)

January 12, 2023

Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of …

New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)

December 21, 2022

Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on …

Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)

December 12, 2022

A high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the …

Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

October 14, 2022

Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, …

Attackers are attempting to exploit critical F5 BIG-IP RCE

May 9, 2022

Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, …

Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

April 14, 2022

Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. …

CISA adds Spring4Shell to list of exploited vulnerabilities

April 5, 2022

It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …

Spring4Shell: No need to panic, but mitigations are advised

March 31, 2022

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …

Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)

March 8, 2022

An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking …

Cisco plugs critical holes in small business routers

February 3, 2022

Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code …

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

November 24, 2021

A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …

Apple fixes security feature bypass in macOS (CVE-2021-30892)

October 29, 2021

Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection …

PoC

Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)

New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)

Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)

Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

Attackers are attempting to exploit critical F5 BIG-IP RCE

Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

CISA adds Spring4Shell to list of exploited vulnerabilities

Spring4Shell: No need to panic, but mitigations are advised

Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)

Cisco plugs critical holes in small business routers

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

Apple fixes security feature bypass in macOS (CVE-2021-30892)

Don't miss

Backdoored Android phones, TVs used for ad fraud – and worse!

Qualcomm patches 3 actively exploited zero-days

Google unveils stricter anti-spam rules for bulk email senders

Cybertech Europe 2023 video walkthrough

Amazon: AWS root accounts must have MFA enabled