Exploit Archives - Securezoo

CISA adds 2 Microsoft vulnerabilities to Known Exploited Vulnerabilities Catalog (to include 1 Windows zero-day)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / January 12, 2023 / CISA, CVE-2022-41080, CVE-2023-21674, Exchange, Exploit, Windows

The Cybersecurity and Infrastructure Security Agency (CISA) has added one Microsoft Exchange and one Windows zero-day vulnerability to its Known Exploited Vulnerabilities Catalog.

CISA adds 2 TIBCO vulnerabilities to Known Exploited Vulnerabilities Catalog

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 29, 2022 / CISA, CVE-2018-18809, CVE-2018-5430, Exploit, TIBCO

The Cybersecurity and Infrastructure Security Agency (CISA) has added two TIBCO vulnerabilities to its Known Exploited Vulnerabilities Catalog.

ProxyNotShell POC exploit code released

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 20, 2022 / CVE-2021-34473, CVE-2022-41040, CVE-2022-41082, Exploit, POC, ProxyNotShell, ProxyShell

A security researcher has released proof-of-concept (PoC) exploit code for Microsoft Exchange ProxyNotShell vulnerabilities (CVE-2022-41040 and CVE-2022-41082).

Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update)

Cybersecurity Attacks, Messaging Security, Vulnerabilities & Exploits / By Frank Crast / November 12, 2022 / CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, CVE-2022-30333, CVE-2022-37042, Exploit, Vulnerabilities, ZCS, Zimbra, Zimbra Collaboration Suite

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have published a joint security alert for multiple vulnerabilities against Zimbra Collaboration Suite (ZCS).

Apple fixes zero-day vulnerability (CVE-2022-32893) in iOS 12.5.6 exploited in the wild

Mobile Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 2, 2022 / Apple, CVE-2022-32893, Exploit, iOS, Vulnerabilities, Webkit, Zero-day

Apple has fixed a zero-day vulnerability (CVE-2022-32893) in iOS 12.5.6 under attack in the wild.

CISA adds Critical VMware Workspace ONE Access and Identity Manager vulnerability to Catalog of exploited vulnerabilities

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / April 14, 2022 / CISA, CVE-2022-22954, Exploit, VMware, Workspace ONE

The Cybersecurity and Infrastructure Security Agency (CISA) has added a Critical VMware Workspace ONE Access and Identity Manager vulnerability to its Known Exploited Vulnerabilities Catalog. VMware also confirmed known exploits in the wild have been detected for CVE-2022-22954.

CISA adds another vulnerability (CVE-2022-21882) to Known Exploited Vulnerabilities Catalog

Vulnerabilities & Exploits / By Frank Crast / February 6, 2022 / CISA, CVE-2022-21882, Exploit, Win32K, Windows

The Cybersecurity and Infrastructure Security Agency (CISA) has added another vulnerability (a Microsoft Win32k vulnerability CVE-2022-21882) to its Known Exploited Vulnerabilities Catalog.

Cisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Cybersecurity Attacks, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / June 29, 2021 / Adaptive, ASA, Cisco, CVE-2020-3580, Exploit, Firepower, FTD, POC

Cisco issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.

Google fixes Chrome zero-day (CVE-2021-30551) exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / June 10, 2021 / browser, Chrome, CVE-2021-30551, Exploit, Zero-day

Google has released Chrome 91 security update 91.0.4472.101 for Windows, Mac and Linux with fixes for multiple Critical or High severity vulnerabilities, one of those a zero-day vulnerability CVE-2021-30551 exploited in the wild.

Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)

Cybersecurity Attacks, Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / March 8, 2021 / CVE-2021-26855, Cybersecurity, Cybersecurity Threat Center, Exchange, Exchange Server, Exploit, Microsoft, Vulnerabilities

Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019, collectively known as “ProxyLogon.” The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.