Category Archives: PoC

Magento sites under attack through easily exploitable SQLi flaw

Posted on by

A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it. Magento devs, if you haven’t patched already, do it ASAP. We’ve already seen attempts at two of our shops using the published POC. We’re safe because we already patched every shop on Wednesday. https://t.co/5nZjMGBEUu — Peter Jaap Blaakmeer … More

The post Magento sites under attack through easily exploitable SQLi flaw appeared first on Help Net Security.

Continue reading Magento sites under attack through easily exploitable SQLi flaw

5 Things to Consider for Your ICS Security Proof of Concept

Posted on by

The post 5 Things to Consider for Your ICS Security Proof of Concept appeared first on Nozomi Networks.
The post 5 Things to Consider for Your ICS Security Proof of Concept appeared first on Security Boulevard.
Continue reading 5 Things to Consider for Your ICS Security Proof of Concept

500,000+ WinRAR users open to compromise via a 19-year-old flaw

Posted on by

A vulnerability affecting all versions of WinRAR, the popular file archiver utility for Windows, could be exploited by attackers to deliver malware via specially crafted ACE archives. About the flaw The vulnerability was unearthed by Check Point resear… Continue reading 500,000+ WinRAR users open to compromise via a 19-year-old flaw

Rockwell Automation industrial energy meter vulnerable to public exploits

Posted on by

A low-skilled, remote attacker could use publicly available exploits to gain access to and mess with a power monitor by Rockwell Automation that is used by energy companies worldwide, ICS-CERT warns. All versions of Rockwell Automation’s Allen-Br… Continue reading Rockwell Automation industrial energy meter vulnerable to public exploits

Snapd flaw gives attackers root access on Linux systems

Posted on by

A vulnerability affecting Snapd – a package installed by default in Ubuntu and used by other Linux distributions such as Debian, OpenSUSE, Arch Linux, Fedora and Solus – may allow a local attacker to obtain administrator privileges, i.e., r… Continue reading Snapd flaw gives attackers root access on Linux systems

Malicious macros can trigger RCE in LibreOffice, OpenOffice

Posted on by

Achieving remote code execution on systems running LibreOffice or Apache OpenOffice might be as easy as tricking users into opening a malicious ODT (OpenDocument) file and moving their mouse over it, a security researcher has found. About CVE-2018-1685… Continue reading Malicious macros can trigger RCE in LibreOffice, OpenOffice

The problem with vulnerable IoT companion apps

Posted on by

There’s no shortage of exploitable security holes in widely used Internet of Things devices, so it shouldn’t come as a surprise that the communication between many of those devices and their companion apps is not encrypted. The research A g… Continue reading The problem with vulnerable IoT companion apps

Researcher Releases Jailbreak PoC for iOS 12 on iPhone X

Posted on by

After tinkering with the latest iteration of Apple’s mobile operating system, a Chinese researcher has published a proof-of-concept of what he claims is a working exploit that can jailbreak iOS 12 on an iPhone X – and remotely, at that. Cri… Continue reading Researcher Releases Jailbreak PoC for iOS 12 on iPhone X

Researcher releases PoC for Windows VCF file RCE vulnerability

Posted on by

A vulnerability that exists in the way Windows processes VCard files (.vcf) can be exploited by remote attackers to achieve execute arbitrary code on vulnerable systems, security researcher John Page has shared. What’s a VCard? VCF is a standard … Continue reading Researcher releases PoC for Windows VCF file RCE vulnerability