Aggregator

声明：文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由用户承担全部

Почему BOSS Linux стала мишенью Transparent Tribe? Разбираемся в новой волне кибершпионажа.

A vulnerability was found in Tenda CH22 1.0.0.1. It has been classified as critical. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing manipulation of the argument page results in buffer overflow. This vulnerability is identified as CVE-2025-12232. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Tenda CH22 1.0.0.1. It has been declared as critical. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing manipulation of the argument page can lead to buffer overflow. This vulnerability is tracked as CVE-2025-12233. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Tenda CH22 1.0.0.1. It has been rated as critical. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. This vulnerability is listed as CVE-2025-12234. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. This vulnerability is cataloged as CVE-2025-12235. The attack must originate from the local network. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. This vulnerability is registered as CVE-2025-12236. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. This vulnerability is documented as CVE-2025-12237. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. This vulnerability is reported as CVE-2025-12238. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability described as critical has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. This vulnerability appears as CVE-2025-12239. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability classified as critical has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. This vulnerability is traded as CVE-2025-12240. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. This vulnerability is known as CVE-2025-12241. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in adivaha Flights & Hotels Booking WP Plugin up to 3.1 on WordPress and classified as critical. This vulnerability affects unknown code. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-62916. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Clifton Griffin Simple Content Templates for Blog Posts & Pages Plugin up to 2.2.61 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2025-62958. Remote exploitation of the attack is possible. No exploit is available.

After a brief period of dormancy, the operator of the LockBit ransomware has returned to full-scale activity, unveiling

The post LockBit Rises: New Cross-Platform 5.0 Ransomware Eclipses Former Self appeared first on Penetration Testing Tools.

A vulnerability was found in Seattle Lab Software SLmail 3.0.2421 and classified as critical. This issue affects some unknown processing of the component FROM Handler. The manipulation results in memory corruption. This vulnerability is reported as CVE-1999-0102. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Eric Allman Sendmail 8.8/8.8.1/8.8.2/8.8.3 and classified as problematic. This affects an unknown function of the component Forward File Handler. Executing manipulation can lead to improper privilege management. This vulnerability is registered as CVE-1999-0129. The attack needs to be launched locally. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in finger. Affected by this vulnerability is an unknown functionality of the component Redirect Handler. The manipulation results in denial of service. This vulnerability is known as CVE-1999-0106. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Echo and Chargen. Impacted is an unknown function of the component UDP Packet Handler. The manipulation results in denial of service (Storm). This vulnerability is reported as CVE-1999-0103. The attack can be launched remotely. Moreover, an exploit is present. This vulnerability has historical importance owing to its background and reception. Disabling the affected component is suggested.