Active Directory Cheat Sheet for 2025 | Cyber Codex
本文提供一份2025年Ready的Active Directory战术指南,涵盖网络扫描、枚举、域发现、密码喷射攻击等技术,并结合真实实验室案例演示如何利用工具如nmap、CrackMapExec和BloodHound进行渗透测试与防御。
Aggregator
“Unearthing Digital Gold: A Practical Guide to Finding Bugs in JavaScript Files”
9 months ago
JavaScript文件中隐藏着关键漏洞,如硬编码密钥和未记录API端点。这些常被忽视因代码混淆繁琐。系统方法可高效挖掘。
Submit #644970: 07FLY Customer Management System V1.0 SQL Injection [Accepted]
9 months ago
Submit #644970 / VDB-325000
Zre0x1c
Submit #644969: 07FLY Enterprise Management System S1 Basic Cross Site Scripting [Accepted]
9 months ago
Submit #644969 / VDB-324999
Zre0x1c
Submit #644968: 07FLY Enterprise Management System S1 Basic Cross Site Scripting [Accepted]
9 months ago
Submit #644968 / VDB-324998
Zre0x1c
CVE-2025-10709 | Four-Faith Water Conservancy Informatization Platform 1.0 historyDownload.do;otheruserLogin.do;getfile fileName path traversal
9 months ago
A vulnerability classified as critical was found in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this issue is some unknown functionality of the file /history/historyDownload.do;otheruserLogin.do;getfile. The manipulation of the argument fileName results in path traversal.
This vulnerability is identified as CVE-2025-10709. The attack can be executed remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-10708 | Four-Faith Water Conservancy Informatization Platform 1.0 historyDownload.do;usrlogout.do fileName path traversal
9 months ago
A vulnerability classified as critical has been found in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /history/historyDownload.do;usrlogout.do. The manipulation of the argument fileName leads to path traversal.
This vulnerability is referenced as CVE-2025-10708. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-10707 | JeecgBoot up to 3.8.2 sendMsg improper authorization
9 months ago
A vulnerability described as critical has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization.
The identification of this vulnerability is CVE-2025-10707. The attack may be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Прощай, привычный Chrome. Google выпустила самое крупное обновление в истории браузера
9 months ago
ИИ подскажет на странице, соберёт план из вкладок, вспомнит нужный сайт и ускорит смену взломанных паролей.
Qilin
9 months ago
You must login to view this content
cohenido
Valley (Easy) CTF — TryHackMe Writeup
9 months ago
文章描述了一次渗透测试中的NMAP扫描过程及其结果。通过命令`nmap -sVC -p- -T4 -v `对目标IP进行全端口扫描,并获取了服务版本和默认脚本输出。结果显示开放端口包括22(SSH)、80(HTTP)和37370(FTP),并提供了各服务的详细信息及NSE脚本结果。
Submit #644874: Four-Faith Water Conservancy Informatization Platform V1.0 Path Traversal [Accepted]
9 months ago
Submit #644874 / VDB-324997
abc_123456
Submit #644871: Four-Faith Water Conservancy Informatization Platform V1.0 Path Traversal [Accepted]
9 months ago
Submit #644871 / VDB-324996
abc_123456
My Journey to OSCP/OSCP+ exam
9 months ago
文章描述了一位网络安全爱好者通过系统学习和实践成功获得OSCP认证的经历,分享了备考过程中的策略与心得,强调了实践能力培养的重要性。
LLMs can boost cybersecurity decisions, but not for everyone
9 months ago
LLMs are moving fast from experimentation to daily use in cybersecurity. Teams are starting to use them to sort through threat intelligence, guide incident response, and help analysts handle repetitive work. But adding AI into the decision-making process brings new questions: When do these tools actually improve performance, and when might they create blind spots? A new study takes a closer look at this problem. By observing how people make decisions with and without LLM … More →
The post LLMs can boost cybersecurity decisions, but not for everyone appeared first on Help Net Security.
Mirko Zorz
Submit #644659: jeecgboot JeecgBoot latest broken function level authorization [Accepted]
9 months ago
Submit #644659 / VDB-324995
Study Finds 1.2M Medical Devices Exposed on Internet
9 months ago
Default credentials, weak passwords, misconfigurations and a variety of other security shortcomings are exposing millions of medical devices and their data on the internet, said Soufian El Yadmani, CEO and co-founder of Modat, who shared recent research findings.
OnDemand | Agentic AI Ransomware: What You Need to Know
9 months ago
FileFix Campaign Uses Facebook Suspension as Bait
9 months ago
Users Download Malware in Bid to Placate Meta
A newly surfaced FileFix social engineering campaign puts a new spin on ClickFix attacks by goading users into loading malware under the guise of reporting a wrongful account suspension to social media giant Facebook. Victims likely get sucked into the scam by following a link from a phishing email.
A newly surfaced FileFix social engineering campaign puts a new spin on ClickFix attacks by goading users into loading malware under the guise of reporting a wrongful account suspension to social media giant Facebook. Victims likely get sucked into the scam by following a link from a phishing email.
Breach Roundup: Microsoft, Cloudflare Dismantle RaccoonO365
9 months ago
Also, Colt Services Outage Persists, Finland Charges Americans in Vastaamo Hack
This week, Microsoft hit RaccoonO365, Colt Technology Services, Finland charged a U.S. citizen in Vastaamo hack. RevengeHotels hackers used AI, Meta can't overturn a privacy case verdict. Chinese hackers unleashed spear phishing emails. Prosper confirmed a data breach, as did Kering fashion houses.
This week, Microsoft hit RaccoonO365, Colt Technology Services, Finland charged a U.S. citizen in Vastaamo hack. RevengeHotels hackers used AI, Meta can't overturn a privacy case verdict. Chinese hackers unleashed spear phishing emails. Prosper confirmed a data breach, as did Kering fashion houses.