PoC Week 2024-10-07


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-45519 Severity: 9.8 CRITICAL Impacted Products: Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.…
Read more ⟶

PoC Week 2024-09-30


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Incredibly, the CVEs that came from EvilSocket’s research on the CUPS RCE aren’t explicitly mentioned in the newsletters this week. Here’s the PoC for CVE-2024-47176 and a scanner that simply causes an HTTP pingback if a host is listening.…
Read more ⟶

PoC Week 2024-09-23


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-8190 Severity: Awaiting analysis. Impacted Products: Ivanti Cloud Services Appliance versions 4.6 <= Patch 518 Description: An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.…
Read more ⟶

PoC Week 2024-09-16


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-44849 Severity: Awaiting analysis. Impacted Products: Qualitor up to 8.24 Description: Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.…
Read more ⟶

PoC Week 2024-09-09


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-6670 Severity: 9.8 CRITICAL Impacted Products: WhatsUp Gold < 2024.0.0 Description: SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.…
Read more ⟶

PoC Week 2024-09-02


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-7954 Severity: 9.8 CRITICAL Impacted Products: porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 Description: Arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.…
Read more ⟶

PoC Week 2024-08-26


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-38189 Severity: 8.8 HIGH Impacted Products: Various Microsoft products including Windows 10, Server 2019, Office 365. Description: An attacker could exploit this vulnerability to execute arbitrary code. An attacker would need to craft a malicious Microsoft Office Project file and lure a user to open it on a system with a specific configuration.…
Read more ⟶

PoC Week 2024-08-19


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-6782 Severity: 9.8 CRITICAL Impacted Products: Calibre 6.9.0 ~ 7.14.0 Description: Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. Remediation: Follow developer guidance. More Info: CVE-2024-6782 PoC: https://starlabs.…
Read more ⟶

PoC Week 2024-08-12


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. N.B. this week, there were a few prototype pollution vulns on open source projects that basically nobody uses. I’ve compiled them this time but in future, if an impacted product has no users, you won’t see it here.…
Read more ⟶

PoC Week 2024-08-05


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3273 Severity: 9.8: CRITICAL Impacted Products: D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Description: Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection.…
Read more ⟶