Security News

Unpatched Citrix Flaw Now Has PoC Exploits
2020-01-13 15:32

Proof-of-concept exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products. The vulnerability, which Threatpost reported on in December, already packs a double-punch in terms of severity: Researchers say it is extremely easy to exploit, and affects all supported versions of Citrix Gateway products and Citrix ADC, a purpose-built networking appliance meant to improve the performance and security of applications delivered over the web.

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability
2020-01-11 02:22

Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets. Just before the last Christmas and year-end holidays, Citrix announced that its Citrix Application Delivery Controller and Citrix Gateway are vulnerable to a critical path traversal flaw that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers.

Week in review: The data skills gap, new Kali Linux release, Apache Solr RCEs with public PoCs
2019-12-01 16:30

Here’s an overview of some of last week’s most interesting news and articles: The overlooked part of an infosec strategy: Cyber insurance underwriting When a data breach or cyber attack hits the...

Apache Solr RCEs with public PoCs could soon be exploited
2019-11-25 10:33

Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has already been patched, while the other...

PoC Exploits Published for Unpatched RCE Bugs in rConfig
2019-11-05 10:22

A security researcher has published proof of concept exploits for two remote code execution vulnerabilities in rConfig that haven’t been patched yet. read more

Researcher Publishes PoC Exploit for Recent Android Zero-Day
2019-10-18 07:04

A security researcher has published a proof-of-concept (PoC) exploit for the recently addressed Android zero-day vulnerability that impacts Pixel 2 devices. read more

Researcher releases PoC rooting app that exploits recent Android zero-day
2019-10-17 13:19

Late last month Google Project Zero researcher Maddie Stone detailed a zero-day Android privilege escalation vulnerability (CVE-2019-2215) and revealed that it is actively being exploited in...

Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws
2019-07-30 11:34

Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS...

Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways
2019-07-22 10:46

Palo Alto Networks has silently patched a critical remote code execution vulnerability in its enterprise GlobalProtect SSL VPN, which runs on Palo Alto Networks’ firewall devices. Administrators...

Researcher releases PoC code for critical Atlassian Crowd RCE flaw
2019-07-16 09:41

A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution providing single sign-on...