PoC

PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability

PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability 2024-01-24 at 16:31 By Ionut Arghire PoC code exploiting a critical Fortra GoAnywhere MFT vulnerability gets published one day after public disclosure. The post PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original […]

React to this headline:

Loading spinner

PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability Read More »

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) 2024-01-24 at 15:32 By Zeljka Zorz Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution

React to this headline:

Loading spinner

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) Read More »

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164) 14/12/2023 at 13:32 By Zeljka Zorz Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. “Attackers aim to deploy webshells, with some cases targeting the parameter ‘fileFileName’ – a deviation from the original

React to this headline:

Loading spinner

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164) Read More »

“Pool Party” process injection techniques evade EDRs

“Pool Party” process injection techniques evade EDRs 12/12/2023 at 14:01 By Zeljka Zorz SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according to the

React to this headline:

Loading spinner

“Pool Party” process injection techniques evade EDRs Read More »

PoCs for critical Arcserve UDP vulnerabilities released

PoCs for critical Arcserve UDP vulnerabilities released 29/11/2023 at 17:46 By Zeljka Zorz Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been published by Tenable researchers on Monday. The vulnerabilities Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution

React to this headline:

Loading spinner

PoCs for critical Arcserve UDP vulnerabilities released Read More »

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) 27/11/2023 at 13:47 By Zeljka Zorz A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly. About CVE-2023-46214 Splunk Enterprise is a solution

React to this headline:

Loading spinner

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) Read More »

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) 20/11/2023 at 14:47 By Helga Labus CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023. About CVE-2023-1671 CVE-2023-1671 is a pre-auth command injection vulnerability

React to this headline:

Loading spinner

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) Read More »

Atlassian Confluence data-wiping vulnerability exploited

Atlassian Confluence data-wiping vulnerability exploited 06/11/2023 at 13:19 By Zeljka Zorz Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances’ database, Greynoise is observing. The Shadowserver Foundation has also seen 30+ IP addresses testing for the flaw in internet-facing Confluence installations. From security updates

React to this headline:

Loading spinner

Atlassian Confluence data-wiping vulnerability exploited Read More »

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604)

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) 02/11/2023 at 17:01 By Zeljka Zorz Ransomware-wielding attackers are trying to break into servers running outdated versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). “Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two

React to this headline:

Loading spinner

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) Read More »

F5 BIG-IP vulnerabilities leveraged by attackers: What to do?

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? 02/11/2023 at 14:01 By Zeljka Zorz The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has confirmed. “It is important to note that not all exploited systems may show the same indicators,

React to this headline:

Loading spinner

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? Read More »

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) 05/10/2023 at 16:17 By Zeljka Zorz A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability

React to this headline:

Loading spinner

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) Read More »

Fake WinRAR PoC spread VenomRAT malware

Fake WinRAR PoC spread VenomRAT malware 21/09/2023 at 13:01 By Helga Labus An unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread the VenomRAT malware. The fake WinRAR PoC On August 17, 2023, Trend Micro’s Zero Day Initiative

React to this headline:

Loading spinner

Fake WinRAR PoC spread VenomRAT malware Read More »

PoC for no-auth RCE on Juniper firewalls released

PoC for no-auth RCE on Juniper firewalls released 28/08/2023 at 13:32 By Zeljka Zorz Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month,

React to this headline:

Loading spinner

PoC for no-auth RCE on Juniper firewalls released Read More »

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) 17/08/2023 at 14:16 By Zeljka Zorz CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency (CISA)

React to this headline:

Loading spinner

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) Read More »

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) 29/06/2023 at 14:17 By Zeljka Zorz An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found – and

React to this headline:

Loading spinner

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) Read More »

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178)

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178) 23/06/2023 at 17:19 By Helga Labus Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. About the vulnerability Cisco Secure Client Software – previously known as

React to this headline:

Loading spinner

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178) Read More »

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) 15/06/2023 at 13:01 By Helga Labus VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-20887, CVE-2023-20888,CVE-2023-20889) CVE-2023-20887 is a pre-authentication command injection vulnerability

React to this headline:

Loading spinner

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) Read More »

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362) 13/06/2023 at 14:18 By Zeljka Zorz As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. CVE-2023-34362 PoC exploit released Horizon3 security

React to this headline:

Loading spinner

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362) Read More »

Zyxel firewalls under attack by Mirai-like botnet

Zyxel firewalls under attack by Mirai-like botnet 01/06/2023 at 11:52 By Zeljka Zorz CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to execute OS

React to this headline:

Loading spinner

Zyxel firewalls under attack by Mirai-like botnet Read More »

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) 22/05/2023 at 14:05 By Zeljka Zorz A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerability and achieves a

React to this headline:

Loading spinner

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) Read More »

Scroll to Top