# Exploit Title: Cisco ISE 3.0 – Authorization Bypass # Exploit Author: @ibrahimsql ibrahimsql.com # Exploit Author’s github: https://github.com/ibrahmsql # Description: Cisco ISE API Authorization Bypass # CVE: CVE-2025-20125 # Vendor Homepage: https://www.cisco.com/ # Requirements: requests>=2.25.0, urllib3>=1.26.0 # Usage: python3 CVE-2025-20125.py –url https://ise.target.com –session TOKEN –read #!/usr/bin/env python3 # -*- coding: utf-8 -*- …
ISC Stormcast For Tuesday, August 12th, 2025 https://isc.sans.edu/podcastdetail/9566, (Tue, Aug 12th) Source link
#!/usr/bin/env python3 # -*- coding: utf-8 -*- “”” # Exploit Title: Ghost CMS 5.59.1 – Arbitrary File Read # Date: 2023-09-20 # Exploit Author: ibrahimsql (https://github.com/ibrahmsql) # Vendor Homepage: https://ghost.org # Software Link: https://github.com/TryGhost/Ghost # Version: < 5.59.1 # Tested on: Ubuntu 20.04 LTS, Windows 10, macOS Big Sur # CVE: CVE-2023-40028 # Category: Web…
#!/usr/bin/env python3 # -*- coding: utf-8 -*- “”” # Exploit Title: Ghost CMS 5.42.1 – Path Traversal # Date: 2023-06-15 # Exploit Author:ibrahimsql (https://github.com/ibrahimsql) # Vendor Homepage: https://ghost.org # Software Link: https://github.com/TryGhost/Ghost # Version: < 5.42.1 # Tested on: Kali Linux 2024.1 Windows 10, macOS Big Sur # CVE: CVE-2023-32235 # Category: Web Application Security …
/* * Title : Belkin F9K1009 F9K1010 2.00.04/2.00.09 – Hard Coded Credentials * Author : Byte Reaper * CVE : CVE-2025-8730 * Description : Exploit demonstrating an authentication bypass vulnerability * in the web interface of Belkin F9K1009 and F9K1010 routers. The flaw resides * in improper session validation logic, allowing remote attackers…
# Exploit Title: Microsoft SharePoint Server 2019 – Remote Code Execution (RCE) # Google Dork: intitle:”Microsoft SharePoint” inurl:”/_layouts/15/ToolPane.aspx” # Date: 2025-08-07 # Exploit Author: Agampreet Singh (RedRoot Tool Maker – https://github.com/Agampreet-Singh/RedRoot) # Vendor Homepage: https://www.microsoft.com # Software Link: https://www.microsoft.com/en-us/microsoft-365/sharepoint/collaboration # Version: SharePoint Server 2019 (16.0.10383.20020) # Tested on: Windows Server 2019 (x64) # CVE: CVE-2025-53770 …
# VMware vSphere Client 8.0.3.0 – Reflected Cross-Site Scripting (XSS) – **Exploit Title**: VMware vSphere Client 8.0.3.0 – Reflected Cross-Site Scripting (XSS) – **Date**: 2025-08-08 – **Exploit Author**: Imraan Khan (Lich-Sec) – **Vendor Homepage**: [https://www.vmware.com](https://www.vmware.com) – **Version**: vSphere Client 8.0.3.0 – **Tested On**: Web interface (Chrome 138) – **CVE**: CVE-2025-41228 – **Category**: WebApps …
# Titles: Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 – Sandbox Escape # Author: nu11secur1ty # Date: 08/07/2025 # Vendor: Microsoft # Software: https://www.microsoft.com/en-us/software-download/windows11 # Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730 # CVE-2025-2783 ## Description This project contains a **proof-of-concept (PoC)** simulation for **CVE-2025-2783**, a sandbox escape and privilege escalation vulnerability affecting the Microsoft Mojo IPC subsystem…
/* * Title : Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 – Command Injection * Author : Byte Reaper * CVE : CVE-2025-7769 */ #include #include #include #include “argparse.h” #include #include #include #define FULL_URL 2500 #define POST_PAYLOAD 5500 const char *baseurl = NULL; const…
# Exploit Title: Citrix NetScaler ADC/Gateway 14.1 – Memory Disclosure # Exploit Author: Yesith Alvarez # Vendor Homepage: hhttps://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 # CVE: CVE-2025-5777 # Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-5777/exploit.py import re import sys import warnings import requests from time import sleep from requests.packages.urllib3.exceptions import InsecureRequestWarning def title(): print(r”’ ______ _______ ____ ___ ____ ____ ____ _____…
