Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

cR0w @cR0w@infosec.exchange

11/26/2025, 3:28:41 PM

Public

Go hack more radio shit.

https://www.abdulmhsblog.com/posts/webfmvulns/

CVE-2025-66259: Authenticated Root RCE (main_ok.php)
CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
CVE-2025-66250: Unrestricted File Upload (Status)
CVE-2025-66255: Unsigned Firmware Upload
CVE-2025-66256: Unrestricted Patch Upload
CVE-2025-66251: Path Traversal File Deletion
CVE-2025-66254: Arbitrary File Deletion (Upgrade)
CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
CVE-2025-66260: SQL Injection
CVE-2025-66258: Stored XSS via XML Injection
CVE-2025-66257: Arbitrary Patch Deletion
CVE-2025-66252: Infinite Loop Denial of Service

14 Vulnerabilities in broadcasting system used by The United Nations, BBC Radio and others

Quick Intro As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (web management interface version WEBMOZZI-00287), manufactured by DB Broadcast. I have discovered about 14 CVEs and likely more exist in the software as it is rather poorly made and its very concerning that the vendor supplies technology to major organizations like the United Nations, The BBC, CNBC and others.

abdulmhsblog.com · Abduls Blog

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/cR0w/statuses/115616705516119073 on your instance and quote it. (Note that quoting is not supported in Mastodon.)