PoC Week 2024-11-11


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-39332 Severity: Awaiting analysis Impacted Products: Webswing 23.2.2 Description: Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server.…
Read more ⟶

PoC Week 2024-11-04


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-46538 Severity: 9.3 CRITICAL Impacted Products: pfsense v2.5.2 Description: A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.…
Read more ⟶

PoC Week 2024-10-28


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-9264 Severity: 9.9 CRITICAL Impacted Products: Grafana Description: The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input.…
Read more ⟶

PoC Week 2024-10-21


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-9680 Severity: 9.8 CRITICAL Impacted Products: Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.…
Read more ⟶

PoC Week 2024-10-14


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-41276 Severity: 9.8 CRITICAL Impacted Products: Kaiten version 57.131.12 Description: The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials.…
Read more ⟶

PoC Week 2024-10-07


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-45519 Severity: 9.8 CRITICAL Impacted Products: Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.…
Read more ⟶

PoC Week 2024-09-30


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Incredibly, the CVEs that came from EvilSocket’s research on the CUPS RCE aren’t explicitly mentioned in the newsletters this week. Here’s the PoC for CVE-2024-47176 and a scanner that simply causes an HTTP pingback if a host is listening.…
Read more ⟶

PoC Week 2024-09-23


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-8190 Severity: Awaiting analysis. Impacted Products: Ivanti Cloud Services Appliance versions 4.6 <= Patch 518 Description: An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.…
Read more ⟶

PoC Week 2024-09-16


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-44849 Severity: Awaiting analysis. Impacted Products: Qualitor up to 8.24 Description: Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.…
Read more ⟶

PoC Week 2024-09-09


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-6670 Severity: 9.8 CRITICAL Impacted Products: WhatsUp Gold < 2024.0.0 Description: SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.…
Read more ⟶