Aggregator

Microsoft 365 “Direct Send” Abused: Phishing Campaign Spoofs Internal Users, Bypasses Security

Penetration Testing Tools - Metepreter.org
7 months 2 weeks ago

Researchers at Varonis Threat Labs have uncovered a new phishing campaign in which attackers exploit a little-known Microsoft 365 feature known as Direct Send. Originally intended for sending emails from internal devices such as...

The post Microsoft 365 “Direct Send” Abused: Phishing Campaign Spoofs Internal Users, Bypasses Security appeared first on Penetration Testing Tools.

ddos

Urgent Cisco ISE/ISE-PIC Alert: Two Critical RCE Flaws (CVSS 10.0) Allow Unauthenticated Root Access

Penetration Testing Tools - Metepreter.org
7 months 2 weeks ago

Cisco has released critical security updates to address two severe vulnerabilities in its network security products. Both issues affect Cisco Identity Services Engine (ISE) and its associated component, the ISE Passive Identity Connector (ISE-PIC)....

The post Urgent Cisco ISE/ISE-PIC Alert: Two Critical RCE Flaws (CVSS 10.0) Allow Unauthenticated Root Access appeared first on Penetration Testing Tools.

ddos

CVE-2024-57590 | TRENDnet TEW-632BRP up to 1.010B31 POST Request ntp_sync.cgi os command injection (EUVD-2024-53634)

Vuldb Updates
7 months 2 weeks ago
A vulnerability, which was classified as critical, was found in TRENDnet TEW-632BRP up to 1.010B31. This affects an unknown part of the file ntp_sync.cgi of the component POST Request Handler. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-57590. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2024-57580 | Tenda AC18 15.03.05.19 formSetDeviceName devName stack-based overflow (EUVD-2024-53629)

Vuldb Updates
7 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Tenda AC18 15.03.05.19. This issue affects the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-57580. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2024-57579 | Tenda AC18 15.03.05.19 formSetClientState limitSpeedUp stack-based overflow (EUVD-2024-53628)

Vuldb Updates
7 months 2 weeks ago
A vulnerability was found in Tenda AC18 15.03.05.19. It has been declared as critical. Affected by this vulnerability is the function formSetClientState. The manipulation of the argument limitSpeedUp leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-57579. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-6841 | code-projects Product Inventory System 1.0 /admin/edit_product.php ID sql injection (EUVD-2025-19469)

Vuldb Updates
7 months 2 weeks ago
A vulnerability has been found in code-projects Product Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-6841. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-57575 | Tenda AC18 15.03.05.19 form_fast_setting_wifi_set ssid stack-based overflow (EUVD-2024-53625)

Vuldb Updates
7 months 2 weeks ago
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.19. This affects the function form_fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-57575. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Managed ad