enumerating ZoneMinder version via cache timestamp, exploiting CVE-2024-51482 blind SQLi to dump credentials, then pivoting to sa_mark via motionEye CVE-2025-60787 RCE
enumerating ZoneMinder version via cache timestamp, exploiting CVE-2024-51482 blind SQLi to dump credentials, then pivoting to sa_mark via motionEye CVE-2025-60787 RCE
exploiting CVE-2026-23744 unauthenticated RCE in MCPJAM, pivoting through container bind mounts to leak PrivateBin config, then using Arcane to spin up a root container
exploiting CVE-2025-47812 lua injection in WingFTP for RCE, cracking a salted sha256 hash, then abusing CVE-2025-4138 PATH_MAX overflow to escape tarfile filter and get root