dhtmlxFileExplorer 8.4.6 Directory Traversal Vulnerability

Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Exploit Author: Nutchaya Augkanavitayakul, Nattachai Wanmak, Pongtorn Angsuchotmetee Vendor Homepage: https://dhtmlx.com Software Link: https://dhtmlx.com Version: 8.4.6 Tested on: macOS...

dhtmlxFileExplorer 8.4.6 Local File Inclusion / Traversal

dhtmlxFileExplorer version 8.4.6 suffers from a local file inclusion vulnerability in the Download Function of File Explorer. Exploit Title: dhtmlxFileExplorer 8.4.6 - Local File Inclusion in the Download Function of File Explorer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

By Chetan Raghuprasad, Asheer Malhotra and Vitor Ventura, with contributions from Matt Thaxton. Cisco Talos discovered a new attack framework including a command and control C2 tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. The Alchimist has a web...

Metasploit Wrap-Up

Windows Local Privilege Escalation for standard users In this week’s release, we have an exciting new module that has been added by our very own Grant Willcox which exploits CVE-2022-26904, and allows for normal users to execute code as NT AUTHORITY/SYSTEM on Windows machines from Windows 7 up to...

ACI 4D WebServer Directory traversal.

vendor: http://www.4d.com/ current version: 6.7 tested version: 6.57 , others? This directory transversal hole seems to work on ACI 4d webserver running on the NT platform. I would imagine exploitation on a macos box would be similar but would require the proper mac filesystem path to the file yo...