Latest PoC news

KeePass exploit helps retrieve cleartext master password, fix coming soon

The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked.
- Bill Toulas
- May 18, 2023
- 04:26 PM
- 8
Hackers target Wordpress plugin flaw after PoC exploit released

Hackers are actively exploiting a recently fixed vulnerability in the WordPress Advanced Custom Fields plugin roughly 24 hours after a proof-of-concept (PoC) exploit was made public.
- Bill Toulas
- May 14, 2023
- 11:14 AM
- 1
New PaperCut RCE exploit created that bypasses existing detections

A new proof-of-concept (PoC) exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules.
- Bill Toulas
- May 06, 2023
- 10:11 AM
- 0
New sandbox escape PoC exploit available for VM2 library, patch now

Security researchers have released yet another sandbox escape proof of concept (PoC) exploit that makes it possible to execute unsafe code on the host running the VM2 sandbox.
- Bill Toulas
- April 18, 2023
- 10:39 AM
- 0
Proof-of-Concept released for critical Microsoft Word RCE bug

A proof-of-concept for CVE-2023-21716, a critical vulnerability in Microsoft Word that allows remote code execution, has been published over the weekend.
- Ionut Ilascu
- March 06, 2023
- 03:55 PM
- 0
Exploit released for critical Fortinet RCE flaw, patch now

Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in Fortinet's FortiNAC network access control suite.
- Bill Toulas
- February 21, 2023
- 01:21 PM
- 0
Exploit released for critical VMware vRealize RCE vulnerability

Horizon3 security researchers have released proof-of-concept (PoC) code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances.
- Sergiu Gatlan
- January 31, 2023
- 11:14 AM
- 0
Exploit released for critical ManageEngine RCE bug, patch now

Proof-of-concept exploit code is now available for a remote code execution (RCE) vulnerability in multiple Zoho ManageEngine products.
- Sergiu Gatlan
- January 19, 2023
- 12:07 PM
- 0
Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now

Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several Zoho ManageEngine products.
- Sergiu Gatlan
- January 16, 2023
- 06:10 PM
- 3
Exploit released for critical VMware RCE vulnerability, patch now

Proof-of-concept exploit code is now available for a pre-authentication remote code execution (RCE) vulnerability allowing attackers to execute arbitrary code remotely with root privileges on unpatched Cloud Foundation and NSX Manager appliances.
- Sergiu Gatlan
- October 28, 2022
- 11:34 AM
- 1
Thousands of GitHub repositories deliver fake PoC exploits with malware

Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.
- Bill Toulas
- October 23, 2022
- 11:15 AM
- 1
Exploit available for critical Fortinet auth bypass bug, patch now

Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager appliances.
- Sergiu Gatlan
- October 13, 2022
- 02:10 PM
- 2
VMware warns of public exploit for critical auth bypass vulnerability

Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges.
- Sergiu Gatlan
- August 09, 2022
- 12:15 PM
- 0
Zoho ManageEngine ADAudit Plus bug gets public RCE exploit

Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory.
- Ionut Ilascu
- July 01, 2022
- 03:45 PM
- 0
New DFSCoerce NTLM Relay attack allows Windows domain takeover

A new Windows NTLM relay attack called DFSCoerce has been discovered that uses MS-DFSNM, Microsoft's Distributed File System, to completely take over a Windows domain.
- Lawrence Abrams
- June 20, 2022
- 04:35 PM
- 0
Exploit released for Atlassian Confluence RCE bug, patch now

Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend.
- Lawrence Abrams
- June 05, 2022
- 12:41 PM
- 0
Exploit released for critical VMware auth bypass bug, patch now

Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges.
- Sergiu Gatlan
- May 26, 2022
- 02:21 PM
- 0
Darknet market Versus shuts down after hacker leaks security flaw

The Versus Market, one of the most popular English-speaking criminal darknet markets, is shutting down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers.
- Bill Toulas
- May 25, 2022
- 11:54 AM
- 0
Researchers to release exploit for new VMware auth bypass, patch now

Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products.
- Ionut Ilascu
- May 24, 2022
- 10:16 AM
- 0
Fake Windows exploits target infosec community with Cobalt Strike

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor.
- Lawrence Abrams
- May 23, 2022
- 04:12 PM
- 1