enumerating ZoneMinder version via cache timestamp, exploiting CVE-2024-51482 blind SQLi to dump credentials, then pivoting to sa_mark via motionEye CVE-2025-60787 RCE
enumerating ZoneMinder version via cache timestamp, exploiting CVE-2024-51482 blind SQLi to dump credentials, then pivoting to sa_mark via motionEye CVE-2025-60787 RCE
exploiting CVE-2026-23744 unauthenticated RCE in MCPJAM, pivoting through container bind mounts to leak PrivateBin config, then using Arcane to spin up a root container
exploiting CVE-2025-47812 lua injection in WingFTP for RCE, cracking a salted sha256 hash, then abusing CVE-2025-4138 PATH_MAX overflow to escape tarfile filter and get root
exploiting a Pterodactyl game panel via path traversal, PAM environment poisoning, and a udisks2 XFS resize bug to get root
Chaining PLT calls with a multi-argument ROP gadget to invoke three functions in sequence
Classic buffer overflow exploiting a vulnerable read() to redirect execution to a win function