#!/usr/bin/env python3 # Exploit Title: Microsoft Windows Server 2025 JScript Engine – Remote Code Execution (RCE) # Exploit Author: Mohammed Idrees Banyamer # Instagram: @@banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-05-31 # CVE: CVE-2025-30397 # Vendor: Microsoft # Affected Versions: Windows Server 2025 (build 25398 and prior) # Tested on: Windows Server 2025 +…
For the latest discoveries in cyber research for the week of 2nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES IT management software company ConnectWise confirmed that a sophisticated nation-state cyberattack had compromised its environment, affecting a limited number of customers using its ScreenConnect remote access tool. The company launched a forensic…
Wireshark release 4.4.7 fixes 1 vulnerability (%%cve:2025-5601%%) and 8 bugs. Source link
# Exploit Title: CloudClassroom PHP Project 1.0 – SQL Injection # Google Dork: inurl:CloudClassroom-PHP-Project-master # Date: 2025-05-30 # Exploit Author: Sanjay Singh # Vendor Homepage: https://github.com/mathurvishal/CloudClassroom-PHP-Project # Software Link: https://github.com/mathurvishal/CloudClassroom-PHP-Project/archive/refs/heads/master.zip # Version: 1.0 # Tested on: XAMPP on Windows 10 / Ubuntu 22.04 # CVE : CVE-2025-45542 # Description: # A time-based blind SQL…
Inspired by Xavier’s diary entry “A PNG Image With an Embedded Gift“, I updated my pngdump.py program to enable the extraction of chunks and extra data (similar to my other analysis tools, like pngdump.py). Here is the analysis of the trojanized PNG file Xavier discussed: Notice that this PNG file has 11 “items”: 10 valid…
