PoC Archives - Page 4 of 9 - Help Net Security

PoC

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

October 29, 2020

A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle …

Are your domain controllers safe from Zerologon attacks?

September 15, 2020

CVE-2020-1472, a privilege elevation vulnerability in the Netlogon Remote Protocol (MS-NRPC) for which Microsoft released a patch in August, has just become a huge liability …

Potential Apache Struts 2 RCE flaw fixed, PoCs released

August 17, 2020

Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability …

Exploits for vBulletin zero-day released, attacks are ongoing

August 11, 2020

The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has …

Critical ManageEngine ADSelfService Plus RCE flaw patched

August 10, 2020

A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …

Researchers flag two zero-days in Windows Print Spooler

August 7, 2020

In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach …

Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data

July 27, 2020

An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by …

Details and PoC for critical SharePoint RCE flaw released

July 21, 2020

Last week, a “wormable” remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July …

PoC RCE exploit for SMBGhost Windows flaw released

June 8, 2020

A security researcher has published a PoC RCE exploit for SMBGhost (CVE-2020-0796), a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions. The PoC …

Fear the PrintDemon? Upgrade Windows to patch easily exploited flaw

May 14, 2020

Among the vulnerabilities patched by Microsoft on May 2020 Patch Tuesday is CVE-2020-1048, a “lowly” privilege escalation vulnerability in the Windows Print …

Using Cisco IP phones? Fix these critical vulnerabilities

April 16, 2020

Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS …

Microsoft releases patch for leaked SMBv3 RCE flaw

March 12, 2020

After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw (CVE-2020-0796) on Tuesday, Microsoft has rushed to release a patch (i.e., security updates). …

PoC

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

Are your domain controllers safe from Zerologon attacks?

Potential Apache Struts 2 RCE flaw fixed, PoCs released

Exploits for vBulletin zero-day released, attacks are ongoing

Critical ManageEngine ADSelfService Plus RCE flaw patched

Researchers flag two zero-days in Windows Print Spooler

Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data

Details and PoC for critical SharePoint RCE flaw released

PoC RCE exploit for SMBGhost Windows flaw released

Fear the PrintDemon? Upgrade Windows to patch easily exploited flaw

Using Cisco IP phones? Fix these critical vulnerabilities

Microsoft releases patch for leaked SMBv3 RCE flaw

Don't miss

Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529)

Europol details ChatGPT’s potential for criminal abuse

What you need before the next vulnerability hits

Running a security program before your first security hire

What the food and building industry can teach us about securing embedded systems