PoC Archives - Page 5 of 10 - Help Net Security

PoC

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

November 17, 2020

Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive …

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

November 5, 2020

A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code …

Google discloses actively exploited Windows zero-day (CVE-2020-17087)

November 2, 2020

Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw …

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

October 29, 2020

A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle …

Are your domain controllers safe from Zerologon attacks?

September 15, 2020

CVE-2020-1472, a privilege elevation vulnerability in the Netlogon Remote Protocol (MS-NRPC) for which Microsoft released a patch in August, has just become a huge liability …

Potential Apache Struts 2 RCE flaw fixed, PoCs released

August 17, 2020

Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability …

Exploits for vBulletin zero-day released, attacks are ongoing

August 11, 2020

The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has …

Critical ManageEngine ADSelfService Plus RCE flaw patched

August 10, 2020

A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …

Researchers flag two zero-days in Windows Print Spooler

August 7, 2020

In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach …

Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data

July 27, 2020

An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by …

Details and PoC for critical SharePoint RCE flaw released

July 21, 2020

Last week, a “wormable” remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July …

PoC RCE exploit for SMBGhost Windows flaw released

June 8, 2020

A security researcher has published a PoC RCE exploit for SMBGhost (CVE-2020-0796), a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions. The PoC …

PoC

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

Google discloses actively exploited Windows zero-day (CVE-2020-17087)

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

Are your domain controllers safe from Zerologon attacks?

Potential Apache Struts 2 RCE flaw fixed, PoCs released

Exploits for vBulletin zero-day released, attacks are ongoing

Critical ManageEngine ADSelfService Plus RCE flaw patched

Researchers flag two zero-days in Windows Print Spooler

Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data

Details and PoC for critical SharePoint RCE flaw released

PoC RCE exploit for SMBGhost Windows flaw released

Don't miss

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones

Why more security doesn’t mean more effective compliance

Code alterations more prevalent in Android apps than iOS

Signal takes a quantum leap with E2EE protocol upgrade