# Exploit Title: unzip-stream 0.3.1 – Arbitrary File Write # Date: 18th April, 2024 # Exploit Author: Ardayfio Samuel Nii Aryee # Software link: https://github.com/mhr3/unzip-stream # Version: unzip-stream 0.3.1 # Tested on: Ubuntu # CVE: CVE-2024-42471 # NB: Python’s built-in `zipfile` module has limitations on the `arcname` parameter. # To bypass…
# Exploit title: Microsoft – NTLM Hash Disclosure Spoofing (library-ms) # Exploit Author: John Page (aka hyp3rlinx) # x.com/hyp3rlinx # ISR: ApparitionSec Back in 2018, I reported a “.library-ms” File NTLM information disclosure vulnerability to MSRC and was told “it was not severe enough”, that being said I post it anyways. Seven years passed,…
# Exploit Title: ZTE ZXV10 H201L – RCE via authentication bypass # Exploit Author: l34n (tasos meletlidis) # https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client, requests, os, argparse, struct, zlib from io import BytesIO from os import stat from Crypto.Cipher import AES def login(session, host, port, username, password): login_token = session.get(f”http://{host}:{port}/”).text.split(“getObj(\”Frm_Logintoken\”).value = \””)[1].split(“\””)[0] headers = { …
# Daikin Security Gateway 214 – Remote Password Reset # Vendor: Daikin Industries, Ltd. # Product web page: https://www.daikin.com # https://www.daikin.eu/en_us/products/product.html/DRGATEWAYAA.html # Affected version: App: 100, Frm: 214 # # Summary: The Security gateway allows the iTM and LC8 controllers # to connect through the Security gateway to the Daikin Cloud Service. # Instead of…
# Exploit Author: John Page (aka hyp3rlinx) # Website: hyp3rlinx.altervista.org # Source: https://hyp3rlinx.altervista.org/advisories/Microsoft_Windows_xrm-ms_File_NTLM-Hash_Disclosure.txt # x.com/hyp3rlinx # ISR: ApparitionSec [Vendor] www.microsoft.com [Product] .xrm-ms File Type [Vulnerability Type] NTLM Hash Disclosure (Spoofing) [Video URL PoC] [CVE Reference] N/A [Security Issue] The Windows XRM-MS…
# Exploit Title: Casdoor 1.901.0 – Cross-Site Request Forgery (CSRF) # Application: Casdoor # Version: 1.901.0 # Date: 03/07/2024 # Exploit Author: Van Lam Nguyen # Vendor Homepage: https://casdoor.org/ # Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v1.901.0.zip # Tested on: Windows # CVE : N/A Overview ================================================== Casdoor v1.901.0 and below was discovered to contain a Cross-Site…
ISC Stormcast For Friday, June 13th, 2025 https://isc.sans.edu/podcastdetail/9492, (Fri, Jun 13th) Source link
# Exploit Title: ERPNext 14.82.1 – Account Takeover via Cross-Site Request Forgery (CSRF) # Google Dork: inurl:”/api/method/frappe” # Date: 2025-04-29 # Exploit Author: Ahmed Thaiban (Thvt0ne) # Vendor Homepage: https://erpnext.com # Software Link: https://github.com/frappe/erpnext # Version: <= 14.82.1, 14.74.3 (Tested) # Tested on: Linux (Ubuntu 20.04), Chrome, Firefox. # CVE : CVE-2025-28062 # Category: WebApps …
[This is a Guest Diary by Michal Ambrozkiewicz, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1].] On April 29, 2025, my Raspberry Pi-based Cowrie SSH honeypot captured a sophisticated attack campaign targeting Linux systems. This wasn’t just another automated scanner – the logs reveal a multi-stage attack…
# Exploit Title: Grokability Snipe-IT 8.0.4 – Insecure Direct Object Reference (IDOR) # Google Dork: N/A # Date: 2025-05-02 # Exploit Author: Sn1p3r-H4ck3r (Siripong Jintung) # Vendor Homepage: https://snipeitapp.com # Software Link: https://github.com/grokability/snipe-it # Version: <= 8.0.4 # Tested on: Ubuntu 22.04 LTS, Apache2 + MySQL + PHP 8.1 # CVE: CVE-2025-47226 # Vulnerability…
