Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
6 résultats taggé Proof-of-Concept  ✕
Cisco warns of ISE and CCP flaws with public exploit code https://www.bleepingcomputer.com/news/security/cisco-warns-of-ise-and-ccp-flaws-with-public-exploit-code/
04/06/2025 21:44:09
QRCode
archive.org
thumbnail

Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions.

The most severe of the three is a critical static credential vulnerability tracked as CVE-2025-20286, found by GMO Cybersecurity's Kentaro Kawane in Cisco ISE. This identity-based policy enforcement software provides endpoint access control and network device administration in enterprise environments.

The vulnerability is due to improperly generated credentials when deploying Cisco ISE on cloud platforms, resulting in shared credentials across different deployments.

Unauthenticated attackers can exploit it by extracting user credentials from Cisco ISE cloud deployments and using them to access installations in other cloud environments. However, as Cisco explained, threat actors can exploit this flaw successfully only if the Primary Administration node is deployed in the cloud.

"A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems," the company explained.

bleepingcomputer EN 2025 CVE-2025-20286, Cisco Cisco-Customer-Collaboration-Platform Credentials Exploit Hotfix Identity-Services-Engine Patch Proof-of-Concept Vulnerability
D-Link won’t fix critical flaw affecting 60,000 older NAS devices https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/
11/11/2024 12:03:58
QRCode
archive.org
thumbnail

More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.

bleepingcomputer EN 2024 Command-Injection D-Link Exploit Hardware NAS PoC Proof-of-Concept Security InfoSec Computer-Security
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/
15/05/2024 00:24:02
QRCode
archive.org
thumbnail

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.

bleepingcomputer EN 2024 Authentication-Bypass D-Link Exploit Proof-of-Concept Remote-Command-Execution Router Vulnerability Zero-Day Security InfoSec Computer-Security
Exploit released for Fortinet RCE bug used in attacks, patch now https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/
21/03/2024 16:51:25
QRCode
archive.org
thumbnail

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.

bleepingcomputer EN 2024 Actively-Exploited Exploit Fortinet PoC Proof-of-Concept RCE Remote-Code-Execution SQL-Injection CVE-2023-48788
Hackers are exploiting critical Apache Struts flaw using public PoC https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/
13/12/2023 17:21:24
QRCode
archive.org
thumbnail

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.

bleepingcomputer EN 2023 Actively-Exploited Apache-Struts PoC Proof-of-Concept RCE Remote-Code-Execution CVE-2023-50164
Exploit released for actively abused ProxyNotShell Exchange bug https://www.bleepingcomputer.com/news/security/exploit-released-for-actively-abused-proxynotshell-exchange-bug/
21/11/2022 09:11:59
QRCode
archive.org
thumbnail

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.

bleepingcomputer EN 2022 CVE-2022-41082 CVE-2022-41040 Exploit Microsoft-Exchange Privilege-Escalation Proof-of-Concept ProxyNotShell RCE Remote-Code-Execution
4395 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio