# Exploit Title: Apache ActiveMQ 6.1.6 – Denial of Service (DOS) # Date: 2025-05-9 # Exploit Author: [Abdualhadi khalifa (https://x.com/absholi7ly/) # Github: https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ # CVE: CVE-2025-27533 import socket import struct import time import datetime import threading import requests import argparse import random from colorama import init, Fore from tabulate import tabulate from tqdm…
# Exploit Title: VirtualBox 7.0.16 – Privilege Escalation # Date: 2025-05-06 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Tested on: Win x64 # CVE : CVE-2024-21111 #include #include #include #include #include #include #include #include “resource.h” #include “def.h” #include “FileOplock.h” #pragma…
# Exploit Title: SureTriggers OttoKit Plugin 1.0.82 – Privilege Escalation # Date: 2025-05-7 # Exploit Author: [Abdualhadi khalifa (https://x.com/absholi7ly/) # Affected: Versions All versions of OttoKit (SureTriggers) ≤ 1.0.82. Conditions for Exploitation The vulnerability can be exploited under the following circumstances: 1. OttoKit must be installed and activated on the…
# Exploit Title: WordPress Depicter Plugin 3.6.1 – SQL Injection # Google Dork: inurl:/wp-content/plugins/depicter/ # Date: 2025-05-06 # Exploit Author: Andrew Long (datagoboom) # Vendor Homepage: https://wordpress.org/plugins/depicter/ # Software Link: https://downloads.wordpress.org/plugin/depicter.3.6.1.zip # Version: <= 3.6.1 # Tested on: WordPress 6.x # CVE: CVE-2025-2011 # Description: # The Slider & Popup Builder by Depicter plugin…
# Exploit Title: Microsoft Windows 11 Pro 23H2 – Ancillary Function Driver for WinSock Privilege Escalation # Date: 2025-05-05 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Tested on: Win x64 # CVE : CVE-2024-38193 #pragma once #include “ntstatus.h” #include “Windows.h” #include #pragma comment(lib, “ntdll.lib”) …
/* * Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021) – DHCP Stack Buffer Overflow * Date: 10/20/2024 * Exploit Author: Mohamed Maatallah * Vendor Homepage: https://www.tp-link.com * Version: TT_V6.2.1021 (VN020-F3v(T)) * Tested on: VN020-F3v(T) Router (Hardware Version 1.0) * CVE: CVE-2024-11237 * Category: Remote * Technical Details: * —————– * – Triggers multiple memory corruption…
# Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation # Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ # Date: 2025-05-12 # Exploit Author: Md Shoriful Islam (RootHarpy) # Vendor Homepage: https://wordpress.org/plugins/frontend-login-and-registration-blocks/ # Software Link: https://downloads.wordpress.org/plugin/frontend-login-and-registration-blocks.1.0.7.zip # Version: <= 1.0.7 # Tested on: Ubuntu 22.04 + WordPress 6.5.2 # CVE : CVE-2025-3605 import requests …
# Exploit Title: Kentico Xperience 13.0.178 – Cross Site Scripting (XSS) # Date: 2025-05-09 # Version: Kentico Xperience before 13.0.178 # Exploit Author: Alex Messham # Contact: ramessham@gmail.com # Source: https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178—XSS-POC/ # CVE: CVE-2025-32370 import requests import subprocess import os import argparse def create_svg_payload(svg_filename: str): print(f”[*] Writing malicious SVG to: {svg_filename}”) svg_payload =…
[This is a Guest Diary by William Constantino, an ISC intern as part of the SANS.edu BACS program] In the beginning of my Internet Storm Center (ISC) internship, I wasted too much time trying to build my SIEM from an old computer I had lying around, or a new Raspberry Pi I purchased. I keep…
Check Point Research uncovered an active malware campaign exploiting expired and released Discord invite links. Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers. The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld…
