PoC – Page 8 – WindowsTechs.com

Attackers are attempting to exploit critical F5 BIG-IP RCE

Posted on May 9, 2022 by Zeljka Zorz

Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, in-the-wild exploitation attempts have also been detected. CVE-2022-1388 PoC exploits Security researchers have started sharing evidence of their successful exploitation attempts of CVE-2022-1388 during the weekend: #CVE-2022-1388 successfully exploited. pic.twitter.com/P04K4PJsAN — Matus Bursa #strongertogether (@BursaMatus) May 9, 2022 🔥 We have reproduced the fresh CVE-2022-1388 in F5’s BIG-IP. Successful exploitation could lead to RCE from … More →

The post Attackers are attempting to exploit critical F5 BIG-IP RCE appeared first on Help Net Security.

Continue reading Attackers are attempting to exploit critical F5 BIG-IP RCE→

Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

Posted on April 14, 2022 by Zeljka Zorz

Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. About CVE-2022-22954 CVE-2022-22954 is, in effect, a server-side template injec… Continue reading Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)→

CISA adds Spring4Shell to list of exploited vulnerabilities

Posted on April 5, 2022 by Zeljka Zorz

It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring Framework. There have been reports of scanning, exploit attempts and attempts… Continue reading CISA adds Spring4Shell to list of exploited vulnerabilities→

Spring4Shell: No need to panic, but mitigations are advised

Posted on March 31, 2022 by Zeljka Zorz

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began… Continue reading Spring4Shell: No need to panic, but mitigations are advised→

Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)

Posted on March 8, 2022 by Zeljka Zorz

An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits. Discovered by security researcher Max Kellerma… Continue reading Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)→

Cisco plugs critical flaws in small business routers

Posted on February 3, 2022 by Zeljka Zorz

Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code execution or execute arbitrary commands on the underlying Linux operating system…. Continue reading Cisco plugs critical flaws in small business routers→

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

Posted on November 24, 2021 by Zeljka Zorz

A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged b… Continue reading After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)→

Apple fixes security feature bypass in macOS (CVE-2021-30892)

Posted on October 29, 2021 by Zeljka Zorz

Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection (SIP) bypass in macOS, and CVE-2021-30883, an iOS flaw that’s actively expl… Continue reading Apple fixes security feature bypass in macOS (CVE-2021-30892)→

Nagios XI vulnerabilities open enterprise IT infrastructure to attack

Posted on September 23, 2021 by Zeljka Zorz

Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to allow remote code execution with root privileges on the underlying system. Attack… Continue reading Nagios XI vulnerabilities open enterprise IT infrastructure to attack→

Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)

Posted on September 3, 2021 by Zeljka Zorz

A critical vulnerability (CVE-2021-34746) that affects Cisco Enterprise NFV Infrastructure Software (NFVIS) has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already availa… Continue reading Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)→