Forwarded from GO-TO CVE
CVE-2025-44148-Week-67.pdf
340.7 KB
🎯 CVE-2025-44148 Review – MailEnable Webmail goes boom with Reflected XSS!
Hello hackers, bug hunters, and curious minds! Welcome to another episode of the GO-TO CVE series!
This week we’re looking at a juicy Reflected Cross-Site Scripting (XSS) in MailEnable Webmail, a widely used Windows-based mail server platform. 📬✨
🔹 Week: 67
🔹 CVE: CVE-2025-44148
🔹 Type: Reflected XSS
🔹 Target: MailEnable (Webmail < v10)
📌 What’s the story?
MailEnable’s failure.aspx page doesn’t properly sanitize user input in the state parameter. That means attackers can inject JavaScript directly into the page response. Once clicked, the payload reflects back into the victim’s browser — executing code in their session. 🚨
📬 Stay tuned with GO-TO CVE for a fresh bug every week:
👉 https://news.1rj.ru/str/GOTOCVE
#week_67
Hello hackers, bug hunters, and curious minds! Welcome to another episode of the GO-TO CVE series!
This week we’re looking at a juicy Reflected Cross-Site Scripting (XSS) in MailEnable Webmail, a widely used Windows-based mail server platform. 📬✨
🔹 Week: 67
🔹 CVE: CVE-2025-44148
🔹 Type: Reflected XSS
🔹 Target: MailEnable (Webmail < v10)
📌 What’s the story?
MailEnable’s failure.aspx page doesn’t properly sanitize user input in the state parameter. That means attackers can inject JavaScript directly into the page response. Once clicked, the payload reflects back into the victim’s browser — executing code in their session. 🚨
📬 Stay tuned with GO-TO CVE for a fresh bug every week:
👉 https://news.1rj.ru/str/GOTOCVE
#week_67
🔥11❤2☃1🕊1💯1
اگه میخواید وارد فیلد اوسینت بشید یا حتی وارد شدید، پیشنهاد میکنم این پست رو حتما بخونید که اوسینت رو با چیز دیگه ای اشتباه نگیرید و دید درستی نسبت بهش داشته باشید
Stop Calling It OSINT
https://www.dutchosintguy.com/post/stop-calling-it-osint
➖➖➖➖➖
CHANNEL
GROUP
DISCORD
Stop Calling It OSINT
https://www.dutchosintguy.com/post/stop-calling-it-osint
➖➖➖➖➖
CHANNEL
GROUP
DISCORD
Nico Dekens | Dutch_OSINTguy
Stop Calling It OSINT
A field rant about shortcuts, ego, and other creative ways to waste everyone’s timeLet’s just say the quiet part out loud: most of what’s sold as “OSINT” online is cosplay. It’s people screenshotting shiny dashboards, speed-running Google like a speed-runner…
❤12☃1🔥1🕊1🐳1
Forwarded from The Chaos
Top 10 Most Dangerous Active Directory Attack Methods.pdf
1.4 MB
✏️ مقاله تالیف شده
Top 10 Most Dangerous Active Directory Attack Methods
📚برخی از سرفصل ها
📗بخش اول: Active Directory (AD)
📕بخش دوم: توضیح ۱۰ مورد از خطرناکترین روش حمله به Active Directory
به همراه معرفی ابزار های هر مورد
📘بخش سوم : راهبردهای جامع برای افزایش امنیت Active Directory
🔖بخش چهارم : ساخت یک دفاع مقاوم در برابر حملات Active Directory
✍️نویسنده
@TryHackBox | The Chaos
#AC #Acrive_Directory #Cybersecurity
Top 10 Most Dangerous Active Directory Attack Methods
📚برخی از سرفصل ها
📗بخش اول: Active Directory (AD)
📕بخش دوم: توضیح ۱۰ مورد از خطرناکترین روش حمله به Active Directory
به همراه معرفی ابزار های هر مورد
📘بخش سوم : راهبردهای جامع برای افزایش امنیت Active Directory
🔖بخش چهارم : ساخت یک دفاع مقاوم در برابر حملات Active Directory
✍️نویسنده
@TryHackBox | The Chaos
#AC #Acrive_Directory #Cybersecurity
❤16☃1🕊1🐳1
Have you pre-registered for The Gauntlet: Echo Response?
👉 https://offs.ec/45UMmGH
💥 8 missions
🏆 $100,000 in prizes
🎮 Free to enter
🎯 Bonus points for first PWN
👉 https://offs.ec/45UMmGH
💥 8 missions
🏆 $100,000 in prizes
🎮 Free to enter
🎯 Bonus points for first PWN
OffSec
The Gauntlet: Capture Flags, Climb Leaderboards, Win Big | OffSec
Enter The Gauntlet, our new quarterly Proving Grounds challenge. Compete for free with weekly machine drops, leaderboards, First PWN bonuses, and exclusive prizes.
⚡10❤1☃1🔥1🐳1
FREE Caido beats expensive Burp Suite!
Master HTTP interception, replay attacks & HTTPQL filtering without breaking the bank.
https://hackers-arise.com/web-app-hacking-getting-started-with-caido/
@three_cube <——- X.com
Master HTTP interception, replay attacks & HTTPQL filtering without breaking the bank.
https://hackers-arise.com/web-app-hacking-getting-started-with-caido/
@three_cube <——- X.com
🔥13☃1❤1🕊1🐳1
واقعا مقاله خوبیه تو بحث اوسینت کردن از طریق ایمیل نه فقط معرفی ابزار ،از تجربیات عملی خودش مثال میزنه و تکنیک هایی رو میگه که واقعا جالب هستن حتی اگه تو این فیلد فعال نیستید پیشنهاد میدم بخونیدش و روی خودتون تست کنید ببینید چخبره 😁
Электронная почта в OSINT: как по адресу найти всю цифровую жизнь
➖➖➖➖➖
CHANNEL
GROUP
DISCORD
Электронная почта в OSINT: как по адресу найти всю цифровую жизнь
➖➖➖➖➖
CHANNEL
GROUP
DISCORD
SecurityLab.ru
Электронная почта в OSINT: как по адресу найти всю цифровую жизнь
Вчера разбирал очередное дело и внезапно осознал — электронная почта превратилась в настоящую золотую жилу информации
🔥10❤1☃1😁1🐳1