GitHub

0x09AL/CVE-2017-11882-metasploit

This module is a quick port to Metasploit and uses mshta.exe to execute the payload. There are better ways to implement this module and exploit but will update it as soon as I have the time.

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

Researcher reported the vuln in March. Maintainers haven't responded to his messages since ...
The Hacker News

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...
CSO Online

HP Poly VoIP vulnerability sets the stage for executive voice deepfakes

The remote code execution flaw enables root access and voice attacks on HP Poly VoIP phones, including eavesdropping and the ...

Root Evidence Research Finds Only 1.4% of Vulnerabilities Are Known to Be Exploited in Real ...

Root Evidence, the cybersecurity startup championing evidence-based security, today released new research showing that the ...
SecurityWeek

Gogs Zero-Day Exposes Servers to Remote Code Execution

The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The popular ...