Microsoft Windows – TNT Sécurité

KMSpico-10.2.0-install.zip

Posté dans 17 janvier 2023 8:09 pm par

Microsoft Office Microsoft Windows

Outils

Dork Searcher V3 | 64.46 MB

Télécharger

Magic Dork V3.4.5 | 14.59 MB

Télécharger

SQLi Dorks Generator | 1.62 MB

Télécharger

SQLi Dumper 10.5 | 31.46 KB

Télécharger

Scan Now UPnP | 5.91 MB

ScanNowUPnP

CVE-2025-49468 13 juin 2025

High Severity Description A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter. Read more at https://www.tenable.com/cve/CVE-2025-49468

CVE-2025-29902 13 juin 2025

Critical Severity Description Remote code execution that allows unauthorized users to execute arbitrary code on the server machine. Read more at https://www.tenable.com/cve/CVE-2025-29902

CVE-2025-36506 13 juin 2025

Medium Severity Description External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data. Read more at https://www.tenable.com/cve/CVE-2025-36506

CVE-2025-46783 13 juin 2025

Critical Severity Description Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product. Read more at https://www.tenable.com/cve/CVE-2025-46783

CVE-2025-48825 13 juin 2025

Low Severity Description RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code. Read more at https://www.tenable.com/cve/CVE-2025-48825

SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version 10 juin 2025

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09SEC Consult Vulnerability Lab Security Advisory < 20250604-0 > ======================================================================= title: Local Privilege Escalation and Default Credentials product: INDAMED - MEDICAL OFFICE (Medical practice management) Demo version vulnerable version: Revision 18544 (II/2024) fixed version: Q2/2025 (Privilege Escalation, Default Password)...

Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft 10 juin 2025

Posted by josephgoyd via Fulldisclosure on Jun 09Hello Full Disclosure, This is a strategic public disclosure of a zero-click iMessage exploit chain that was discovered live on iOS 18.2 and remained unpatched through iOS 18.4. It enabled Secure Enclave key theft, wormable remote code execution, and undetectable crypto wallet exfiltration. Despite responsible disclosure, the research […]

Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection 3 juin 2025

Posted by Stefan Kanthak on Jun 03Hi @ll, user group policies are stored in DACL-protected registry keys [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies] respectively [HKEY_CURRENT_USER\Software\Policies] and below, where only the SYSTEM account and members of the "Administrators" user group are granted write access. At logon the user's registry hive "%USERPROFILE%\ntuser.dat" is loaded with exclusive (read, write and...

CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 3 juin 2025

Posted by Sanjay Singh on Jun 03Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project: ------------------------------------------------------------------------ CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 ------------------------------------------------------------------------ Product: CloudClassroom PHP Project Vendor:...

ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page 3 juin 2025

Posted by Ron E on Jun 03An authenticated attacker can inject JavaScript into the bio field of their user profile. When the profile is viewed by another user, the injected script executes. *Proof of Concept:* POST /api/method/frappe.desk.page.user_profile.user_profile.update_profile_info HTTP/2 Host: --host-- profile_info={"bio":"\">"}