Hacking

Metasploit Wrap-up 06/06/25 | Rapid7 Blog

Author1 week ago07 mins

Last updated at Fri, 06 Jun 2025 23:25:29 GMT ThinManager Path Traversal (CVE-2023-27855) Arbitrary File Upload Authors: Michael Heinzl and TenableType: AuxiliaryPull request: #20138 contributed by h4x-x0rPath: admin/networking/thinmanager_traversal_uploadAttackerKB reference: CVE-2023-2917 Description: Adds an auxiliary module that targets CVE-2023-27855, a path traversal vulnerability in ThinManager <= v13.0.1 to upload an arbitrary file to the target system…

Microsoft Windows Server 2025 JScript Engine – Remote Code Execution (RCE)

Author1 week ago03 mins

#!/usr/bin/env python3 # Exploit Title: Microsoft Windows Server 2025 JScript Engine – Remote Code Execution (RCE) # Exploit Author: Mohammed Idrees Banyamer # Instagram: @@banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-05-31 # CVE: CVE-2025-30397 # Vendor: Microsoft # Affected Versions: Windows Server 2025 (build 25398 and prior) # Tested on: Windows Server 2025 +…

2nd June – Threat Intelligence Report

Author1 week ago08 mins

For the latest discoveries in cyber research for the week of 2nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES IT management software company ConnectWise confirmed that a sophisticated nation-state cyberattack had compromised its environment, affecting a limited number of customers using its ScreenConnect remote access tool. The company launched a forensic…

Wireshark 4.4.7 Released, (Sun, Jun 8th)

Author1 week ago01 mins

Wireshark release 4.4.7 fixes 1 vulnerability (%%cve:2025-5601%%) and 8 bugs. Source link

CloudClassroom PHP Project 1.0 – SQL Injection

Author1 week ago02 mins

# Exploit Title: CloudClassroom PHP Project 1.0 – SQL Injection # Google Dork: inurl:CloudClassroom-PHP-Project-master # Date: 2025-05-30 # Exploit Author: Sanjay Singh # Vendor Homepage: https://github.com/mathurvishal/CloudClassroom-PHP-Project # Software Link: https://github.com/mathurvishal/CloudClassroom-PHP-Project/archive/refs/heads/master.zip # Version: 1.0 # Tested on: XAMPP on Windows 10 / Ubuntu 22.04 # CVE : CVE-2025-45542 # Description: # A time-based blind SQL…

Extracting With pngdump.py – SANS Internet Storm Center

Author1 week ago01 mins

Inspired by Xavier’s diary entry “A PNG Image With an Embedded Gift“, I updated my pngdump.py program to enable the extraction of chunks and extra data (similar to my other analysis tools, like pngdump.py). Here is the analysis of the trojanized PNG file Xavier discussed: Notice that this PNG file has 11 “items”: 10 valid…