Aller au contenu
Skip to CUSTOM_HTML-19
Skip to RECENT-POSTS-2
Skip to SEARCH-2
Skip to CUSTOM_HTML-2
Skip to RSS-5
Skip to RSS-4
Skip to BLOCK-2
Skip to META-2
Skip to AKISMET_WIDGET-2
Skip to CUSTOM_HTML-6
Skip to CUSTOM_HTML-17
Skip to CUSTOM_HTML-16
Skip to CUSTOM_HTML-11
Skip to CUSTOM_HTML-5
Skip to CUSTOM_HTML-7
Skip to CUSTOM_HTML-8
Skip to CUSTOM_HTML-9
Skip to TAG_CLOUD-2
Skip to ARCHIVES-2
Skip to CUSTOM_HTML-13
Skip to CUSTOM_HTML-18
Skip to CUSTOM_HTML-15
Attention à vos informations.
TNT Sécurité
Attention à vos informations.
Shrunk
Expand
Navigation Principale
Open
Liens web
Android
Section Privée Demandez par courriel: tnt@tntsecurite.ca
Open
Archives du Mois
« novembre
août »
décembre
2013
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Attaque sur une clé WPA2 à l'aide de Reaver
2013-12-18 19:21:03
TNT Sécurité
19
20
21
22
23
24
25
26
27
28
29
30
31
TNT Hacking World
Articles récents
Microsoft Office Pro 2024 LTSC
Evil Portal pour envoyer un payload à un client.
Comment contourner Microsoft Defender et établir une session Meterpreter avec persistence.
Téléchargez le ISO de Windows 11
Office 2021 Pro LTSC
Hacking — Crypto monnaies — Forum underground — Informations
Comment accéder sécuritairement votre réseau local à l’aide de PiVPN
Comment exploiter une faille de sécurité à l’aide de Metasploit.
Comment utiliser l’API Shodan avec du Python pour automatiser les recherches des périphériques vulnérables
20 commandes essentielles de Meterpreter
Search for:
Exploit Database
Common Vulnerability Database
CVE-2025-3931
14 mai 2025
High Severity Description A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available […]
CVE-2025-47445
14 mai 2025
High Severity Description Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26. Read more at https://www.tenable.com/cve/CVE-2025-47445
CVE-2025-3769
14 mai 2025
Medium Severity Description The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'view_booking_summary_in_lightbox' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to retrieve appointment details such […]
CVE-2025-4430
14 mai 2025
High Severity Description Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024). Read more at https://www.tenable.com/cve/CVE-2025-4430
CVE-2025-3834
14 mai 2025
High Severity Description Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report. Read more at https://www.tenable.com/cve/CVE-2025-3834
Bugtraq
BeyondTrust PRA connection takeover - CVE-2025-0217
6 mai 2025
Posted by Paul Szabo via Fulldisclosure on May 06=== Details ======================================================== Vendor: BeyondTrust Product: Privileged Remote Access (PRA) Subject: PRA connection takeover CVE ID: CVE-2025-0217 CVSS: 7.8 (high) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Author: Paul Szabo Date: 2025-05-05 === Introduction =================================================== I noticed an issue in BeyondTrust Privileged...
Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing
1 mai 2025
Posted by hyp3rlinx on May 01[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/Microsoft_Windows_xrm-ms_File_NTLM-Hash_Disclosure.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] .xrm-ms File Type [Vulnerability Type] NTLM Hash Disclosure (Spoofing) [Video URL PoC] https://www.youtube.com/watch?v=d5U_krLQbNY [CVE Reference] N/A [Security Issue] The...
[IWCC 2025] CfP: 14th International Workshop on Cyber Crime - Ghent, Belgium, Aug 11-14, 2025
27 avril 2025
Posted by Artur Janicki via Fulldisclosure on Apr 26[APOLOGIES FOR CROSS-POSTING] CALL FOR PAPERS 14th International Workshop on Cyber Crime (IWCC 2025 - https://2025.ares-conference.eu/program/iwcc/) to be held in conjunction with the 20th International Conference on Availability, Reliability and Security (ARES 2025 - http://2025.ares-conference.eu) August 11-14, 2025, Ghent, Belgium IMPORTANT DATES Submission Deadline May 12, 2025 […]
Inedo ProGet Insecure Reflection and CSRF Vulnerabilities
27 avril 2025
Posted by Daniel Owens via Fulldisclosure on Apr 26Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks (among other things) because the information system directly exposes the C# reflection used during the request-action mapping process and fails to properly protect certain pathways. These are amplified by cross-site request […]
Ruby on Rails Cross-Site Request Forgery
27 avril 2025
Posted by Daniel Owens via Fulldisclosure on Apr 26Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery (CSRF) protections continue to be vulnerable to the same attacks as the 2022 implementation. Currently, Rails generates "authenticity tokens" and "csrf tokens" using a random "one time pad" (OTP). […]