Hacking

# Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure # Date: 19-MAR-2025 # Exploit Author: Giorgi Dograshvili [DRAGOWN] # Vendor Homepage: https://www.geovision.com.tw/ # Software Link: https://www.geovision.com.tw/download/product/ # Version: 6.1.2.0 or less # Tested on: Windows 10 | Kali Linux # CVE : CVE-2025-26263 # PoC: https://github.com/DRAGOWN/CVE-2025-26263 GeoVision ASManager Windows desktop application with…

# Exploit Title: StoryChief WordPress Plugin 1.0.42 – Arbitrary File Upload # Exploit Author: xpl0dec # Vendor Homepage: https://www.storychief.io/wordpress-content-scheduler # Software Link: https://github.com/Story-Chief/wordpress/ # Version: <= 1.0.42 # Tested on: Linux # CVE : CVE-2025-7441 # CVSS Score : 9.8 # Step to reproduce : # 1. Create a file with the .php…

#!/usr/bin/env python3 # Exploit Title: Ivanti Endpoint Manager Mobile 12.5.0.0 – Authentication Bypass # Google Dork: inurl:/mifs “Ivanti” OR “EPM” OR “Endpoint Manager” # Date: 2025-01-21 # Exploit Author: [Your Name] (https://github.com/[your-username]) # Vendor Homepage: https://www.ivanti.com/ # Software Link: https://www.ivanti.com/products/endpoint-manager # Version: < 2025.1 # Tested on: Ubuntu 22.04 LTS, Python 3.10 # CVE:…

# Exploit Title: Lingdang CRM 8.6.4.7 – SQL Injection # Google Dork: N/A # Date: 2025-08-19 # Exploit Author: Beatriz Fresno Naumova # Vendor: Shanghai Lingdang Information Technology) # Software Link: (N/A – commercial product) # Version: <= 8.6.4.7 (fixed in 8.6.5.x per vendor advisory) # Tested on: Generic LAMP stack, PHP 7/8 (PoC uses…

/* * Exploit Title : Birth Chart Compatibility WordPress Plugin 2.0 – Full Path Disclosure * Author : Byte Reaper * Telegram : @ByteReaper0 * CVE : CVE-2025-6082 * Software Link : https://frp.wordpress.org/plugins/birth-chart-compatibility/ * Description : Proof‑of‑Concept exploits the Full Path Disclosure bug in the * “Birth Chart Compatibility” WordPress plugin (<=v2.0). It sends *…

ISC Stormcast For Tuesday, August 26th, 2025 https://isc.sans.edu/podcastdetail/9586, (Tue, Aug 26th) Source link

Navigating your cybersecurity platform should be easy. That is why we have reimagined the way users access Qualys applications with the brand-new Qualys App Picker, a streamlined, intuitive navigation panel designed to make access faster, easier, and smarter in the Qualys Enterprise TruRisk™ Platform! Whether you’re managing vulnerabilities through VMDR, ensuring file integrity using FIM,…

For the latest discoveries in cyber research for the week of 25th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES US pharmaceutical company Inotiv has experienced a ransomware attack that resulted in the unauthorized access and encryption of certain systems and data. The Qilin ransomware gang claimed responsibility and alleged the theft…

ISC Stormcast For Monday, August 25th, 2025 https://isc.sans.edu/podcastdetail/9584, (Mon, Aug 25th) Source link

While studying for the GX-FE [1], I started exploring the “Position” value in the registry that helps to tell Microsoft Word where you “left off”. It’s a feature many people that use Word have seen on numerous occasions and is explored in FOR500: Windows Forensic Analysis [2].  Figure 1: Word pop-up offering to continue…