Collaborate Disseminate
Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Continue reading PoC Exploit Targeting Apache Struts Surfaces on GitHub
The cross-site scripting flaw could enable arbitrary code execution, information disclosure – and even account takeover. Continue reading High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has discovered. The discovery and his publishing of PoC and full exploits spurred attac… Continue reading Exploits for vBulletin zero-day released, attacks are ongoing
A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands with system level privileges on the target Windows host. About ManageEngine AD… Continue reading Critical ManageEngine ADSelfService Plus RCE flaw patched
In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach Labs. A month later, the two researchers found a way to bypass the patch and… Continue reading Researchers flag two zero-days in Windows Print Spooler
An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by attackers in the wild. For the moment, it seems that it is being used just to… Continue reading Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data
Last week, a “wormable” remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, … Continue reading Details and PoC for critical SharePoint RCE flaw released
A security researcher has published a PoC RCE exploit for SMBGhost (CVE-2020-0796), a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions. The PoC exploit is unreliable, but could be used by malicious attackers as a starting… Continue reading PoC RCE exploit for SMBGhost Windows flaw released
Among the vulnerabilities patched by Microsoft on May 2020 Patch Tuesday is CVE-2020-1048, a “lowly” privilege escalation vulnerability in the Windows Print Spooler service. The vulnerability did not initially get much public attention but,… Continue reading Fear the PrintDemon? Upgrade Windows to patch easily exploited flaw
Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS Director and Cisco UCS Director Express for Big Data, its unified infrastruc… Continue reading Using Cisco IP phones? Fix these critical vulnerabilities