Hacking

ISC Stormcast For Thursday, July 24th, 2025 https://isc.sans.edu/podcastdetail/9540, (Thu, Jul 24th) Source link

As I mention every time I teach FOR577, I have been a big fan of file integrity monitoring tools (FIM) since Gene Kim first released Tripwire well over 30 years ago. I’ve used quite a few of them over the years including tripwire, OSSEC, samhain, and aide, just to name a few. For many years,…

A few days after the exploit originally became widely known, there are now many different SharePoint exploit attempts in circulation. We do see some scans by researchers to identify vulnerable systems (or to scan for common artifacts of compromise), and a few variations of the “ToolPane.aspx” URL being hit. Even for our “random” honeypots, the…

Tor Browser 14.5.5 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. Full changelog The full changelog…

ISC Stormcast For Wednesday, July 23rd, 2025 https://isc.sans.edu/podcastdetail/9538, (Wed, Jul 23rd) Source link

# Exploit Title: LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via the Chat Transfer Function # Date: 09/06/2025 # Exploit Author: Manojkumar J (TheWhiteEvil) # Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ # Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ # Software Link: https://github.com/LiveHelperChat/livehelperchat/ # Version: <=4.61 # Patched Version: 4.61 # Category: Web Application # Tested on: Mac OS Sequoia 15.5, Firefox …

# Exploit Title: LiveHelperChat <=4.61 – Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field # Date: 09/06/2025 # Exploit Author: Manojkumar J (TheWhiteEvil) # Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ # Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ # Software Link: https://github.com/LiveHelperChat/livehelperchat/ # Version: <=4.61 # Patched Version: 4.61 # Category: Web Application # Tested on: Mac OS Sequoia 15.5,…

# Exploit Title: Pie Register WordPress Plugin 3.7.1.4 – Authentication Bypass to RCE # Google Dork: inurl:/wp-content/plugins/pie-register/ # Date: 2025-07-09 # Exploit Author: Md Amanat Ullah (xSwads) # Vendor Homepage: https://wordpress.org/plugins/pie-register/ # Software Link: https://downloads.wordpress.org/plugin/pie-register.3.7.1.4.zip # Version: <= 3.7.1.4 # Tested on: Ubuntu 22.04 # CVE: CVE-2025-34077 #!/usr/bin/env python3 import requests import zipfile import…

# Exploit Title: Simple File List WordPress Plugin 4.2.2 – File Upload to RCE # Google Dork: inurl:/wp-content/plugins/simple-file-list/ # Date: 2025-07-15 # Exploit Author: Md Amanat Ullah (xSwads) # Vendor Homepage: https://wordpress.org/plugins/simple-file-list/ # Software Link: https://downloads.wordpress.org/plugin/simple-file-list.4.2.2.zip # Version: <= 4.2.2 # Tested on: Ubuntu 22.04 # CVE: CVE-2020-36847 #!/usr/bin/env python3 import requests import sys,…

# Exploit Title: LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via Personal Canned Messages # Date: 09/06/2025 # Exploit Author: Manojkumar J (TheWhiteEvil) # Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ # Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ # Software Link: https://github.com/LiveHelperChat/livehelperchat/ # Version: <=4.61 # Patched Version: 4.61 # Category: Web Application # Tested on: Mac OS Sequoia 15.5, Firefox #…