Aller au contenu
Skip to CUSTOM_HTML-19
Skip to RECENT-POSTS-2
Skip to SEARCH-2
Skip to CUSTOM_HTML-2
Skip to RSS-5
Skip to RSS-4
Skip to BLOCK-2
Skip to META-2
Skip to LISTPACKAGES-2
Skip to CUSTOM_HTML-6
Skip to CUSTOM_HTML-17
Skip to CUSTOM_HTML-16
Skip to CUSTOM_HTML-11
Skip to CUSTOM_HTML-5
Skip to CUSTOM_HTML-7
Skip to CUSTOM_HTML-8
Skip to AKISMET_WIDGET-2
Skip to CUSTOM_HTML-9
Skip to TAG_CLOUD-2
Skip to ARCHIVES-2
Skip to CUSTOM_HTML-13
Skip to CUSTOM_HTML-18
Skip to CUSTOM_HTML-15
Attention à vos informations.
TNT Sécurité
Attention à vos informations.
Shrunk
Expand
Navigation Principale
Open
Contactez-moi
Liens web
Android
Section Privée
Open
Archives du Blog
blog
Dorking E-Book
Posté dans
21 mai 2025 10:04 am
par
TNT Sécurité
Cracking
Document
TNT Hacking World
Articles récents
Comment installer/configurer OpenBullet 2
Comment les hackers créent des combo lists
Burp Suite Pro 2025
Microsoft Office Pro 2024 LTSC
Evil Portal pour envoyer un payload à un client.
Comment contourner Microsoft Defender et établir une session Meterpreter avec persistence.
Téléchargez le ISO de Windows 11
Office 2021 Pro LTSC
Hacking — Crypto monnaies — Forum underground — Informations
Comment accéder sécuritairement votre réseau local à l’aide de PiVPN
Search for:
Exploit Database
Common Vulnerability Database
CVE-2025-49468
13 juin 2025
High Severity Description A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter. Read more at https://www.tenable.com/cve/CVE-2025-49468
CVE-2025-29902
13 juin 2025
Critical Severity Description Remote code execution that allows unauthorized users to execute arbitrary code on the server machine. Read more at https://www.tenable.com/cve/CVE-2025-29902
CVE-2025-36506
13 juin 2025
Medium Severity Description External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data. Read more at https://www.tenable.com/cve/CVE-2025-36506
CVE-2025-46783
13 juin 2025
Critical Severity Description Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product. Read more at https://www.tenable.com/cve/CVE-2025-46783
CVE-2025-48825
13 juin 2025
Low Severity Description RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code. Read more at https://www.tenable.com/cve/CVE-2025-48825
Bugtraq
SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version
10 juin 2025
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09SEC Consult Vulnerability Lab Security Advisory < 20250604-0 > ======================================================================= title: Local Privilege Escalation and Default Credentials product: INDAMED - MEDICAL OFFICE (Medical practice management) Demo version vulnerable version: Revision 18544 (II/2024) fixed version: Q2/2025 (Privilege Escalation, Default Password)...
Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
10 juin 2025
Posted by josephgoyd via Fulldisclosure on Jun 09Hello Full Disclosure, This is a strategic public disclosure of a zero-click iMessage exploit chain that was discovered live on iOS 18.2 and remained unpatched through iOS 18.4. It enabled Secure Enclave key theft, wormable remote code execution, and undetectable crypto wallet exfiltration. Despite responsible disclosure, the research […]
Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection
3 juin 2025
Posted by Stefan Kanthak on Jun 03Hi @ll, user group policies are stored in DACL-protected registry keys [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies] respectively [HKEY_CURRENT_USER\Software\Policies] and below, where only the SYSTEM account and members of the "Administrators" user group are granted write access. At logon the user's registry hive "%USERPROFILE%\ntuser.dat" is loaded with exclusive (read, write and...
CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0
3 juin 2025
Posted by Sanjay Singh on Jun 03Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project: ------------------------------------------------------------------------ CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 ------------------------------------------------------------------------ Product: CloudClassroom PHP Project Vendor:...
ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page
3 juin 2025
Posted by Ron E on Jun 03An authenticated attacker can inject JavaScript into the bio field of their user profile. When the profile is viewed by another user, the injected script executes. *Proof of Concept:* POST /api/method/frappe.desk.page.user_profile.user_profile.update_profile_info HTTP/2 Host: --host-- profile_info={"bio":"\">"}
