Aller au contenu
Skip to CUSTOM_HTML-19
Skip to RECENT-POSTS-2
Skip to SEARCH-2
Skip to CUSTOM_HTML-2
Skip to RSS-5
Skip to RSS-4
Skip to BLOCK-2
Skip to META-2
Skip to LISTPACKAGES-2
Skip to CUSTOM_HTML-6
Skip to CUSTOM_HTML-17
Skip to CUSTOM_HTML-16
Skip to CUSTOM_HTML-11
Skip to CUSTOM_HTML-5
Skip to CUSTOM_HTML-7
Skip to CUSTOM_HTML-8
Skip to AKISMET_WIDGET-2
Skip to CUSTOM_HTML-9
Skip to TAG_CLOUD-2
Skip to ARCHIVES-2
Skip to CUSTOM_HTML-13
Skip to CUSTOM_HTML-18
Skip to CUSTOM_HTML-15
Attention à vos informations.
TNT Sécurité
Attention à vos informations.
Shrunk
Expand
Navigation Principale
Open
Contactez-moi
Page de maintenance
Section Privée
Open
Archives de l'Année
Link to Year Archives
2019
Link to Year Archives
2023
Link to Year Archives
2024
1
4 Articles archivés
2
3
4
5
6
7
8
9
10
11
12
TNT Hacking World
Articles récents
Comment installer SilverBullet Pro 1.5.8
Comment les Hackers utilisent OpenBullet 2 pour accéder vos comptes.
Comment installer/configurer OpenBullet 2
Comment les hackers créent des combo lists
Burp Suite Pro 2025
Microsoft Office Pro 2024 LTSC
Evil Portal pour envoyer un payload à un client.
Comment contourner Microsoft Defender et établir une session Meterpreter avec persistence.
Téléchargez le ISO de Windows 11
Office 2021 Pro LTSC
Search for:
Exploit Database
Common Vulnerability Database
CVE-2026-8919
15 juillet 2026
High Severity Description Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in information disclosure or […]
CVE-2026-8920
15 juillet 2026
High Severity Description Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause […]
CVE-2026-15029
15 juillet 2026
High Severity Description Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections. Refer to the ' Security Update for ASUS System Control Interface […]
CVE-2026-15030
15 juillet 2026
Medium Severity Description Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security Update for ASUS System Control Interface ' section […]
CVE-2026-13385
15 juillet 2026
Critical Severity Description An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware ' section on the ASUS Security Advisory for […]
Bugtraq
[REVIVE-SA-2026-003] Revive Adserver Vulnerabilities
9 juillet 2026
Posted by Matteo Beccati on Jul 08======================================================================== Revive Adserver Security Advisory REVIVE-SA-2026-003 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2026-003 ------------------------------------------------------------------------ Date: 2026-06-25 Risk Level: Medium to High Applications affected: Revive Adserver Versions...
OPNsense XPATH Injection (CVE-2026-53582)
7 juillet 2026
Posted by evan on Jul 06SUMMARY: a stored XPATH injection allows any user with just ca manager/certificate manager perms to leak any secret key/any value in config.xml, thus achieving privilege escalation and potentially remote code execution. this can also likely be chained via csrf and some clever hiding. see https://github.com/opnsense/core/security/advisories/GHSA-xww7-76m6-mh2r == VULN == the primary […]
SCHUTZWERK-SA-2025-001: Authentication Bypass for SafeLine SL6 and SL6+
7 juillet 2026
Posted by Jan Hüber via Fulldisclosure on Jul 06Authentication Bypass for SafeLine SL6 and SL6+ =============================================== The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. […]
Whistleblowersoftware.com: confidentiality and anonymity leakage to third parties
2 juillet 2026
Posted by Red Nanaki via Fulldisclosure on Jul 02Whistleblowersoftware.com: confidentiality and anonymity leakage to third parties ## Summary The anonymous reporting flow on `whistleblowersoftware.com` encrypts report text end-to-end in the browser but does not extend the same guarantee to attachments and exposes the reporter's network identity and timing to a US-based third party. Together these […]
OpenBlow Multiple Deanonymization Vulnerabilities
2 juillet 2026
Posted by Red Nanaki via Fulldisclosure on Jul 02OpenBlow Multiple Deanonymization Vulnerabilities Summary A production deployment was observed (HTTP archive of a full, real whistleblower submission) to route its anonymous reporting flow through Google. The intake CAPTCHA is Google reCAPTCHA, enforced as a mandatory, server-validated gate on report submission, and the UI additionally pulls a […]