The Exploit Archives

Drupalgeddon 2: When Hackers Went Beyond the Database - CVE-2018-7600

CVE-2018-7600 - a crafted request turned thousands of websites into attacker control panels. In this episode of The Exploit Archives, we break down how Drupal was compromised again, how it worked and why RCE is still one of the worst outcomes for web platforms. Support the show: ⁠⁠⁠⁠⁠⁠The Exploit Archives⁠⁠⁠⁠ [https://buymeacoffee.com/theexploitarchives] Youtube: ⁠⁠⁠⁠⁠⁠The Exploit Archives - Youtube [https://www.youtube.com/@TheExploitArchives] Weekly episodes! Tags: CVE breakdown, cybersecurity, drupal, drupalgeddon 2,rce, ethical hacking, remote code execution, cms vulnerability

Drupalgeddon: How One Bug Hacked Thousands of Sites: CVE-2014-3704

CVE-2014-3704 - a single vulnerability in Drupal, one of the web's biggest content management. In this episode of The Exploit Archives, we break down how this silent bug in Drupal's code turned into global exploitation within hours, why thousands of sites were compromised, and what lessons it left behind. Stay tuned for Part Two. Support the show: The Exploit Archives [https://buymeacoffee.com/theexploitarchives] Youtube: ⁠⁠⁠⁠⁠The Exploit Archives - YouTube⁠⁠⁠⁠ [https://www.youtube.com/@TheExploitArchives] Weekly Episodes! Tags: CVE breakdown, cybersecurity, drupal, drupalgeddon, sql injection, ethical hacking, remote code execution, cms vulnerability

The Backdoor That Almost Broke Linux: CVE-2024-3094

CVE-2024-3094 - a backdoor hidden inside XZ Utils, the tiny compression library bundled into millions of Linux systems. In this episode of The Exploit Archives, we break down how a trusted maintainer slipped in the malicious code, how close it came to being unleashed, and what this betrayal means for the future of open-source security. Support the show: ⁠⁠⁠⁠The Exploit Archives⁠⁠⁠⁠ [https://buymeacoffee.com/theexploitarchives] Youtube: ⁠⁠⁠⁠The Exploit Archives - YouTube⁠⁠⁠ [https://www.youtube.com/@theexploitarchives] Weekly Episodes! Tags: CVE breakdown, cybersecurity, linux , xz utils, linux security, supply chain attack, ssh vulnerability, hacking, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking

The Triple Threat in NVIDIA Triton: CVE-2025-23334/23320/23319

CVE-2025-23334, CVE 2025-23320, CVE-2025-23319 - three vulnerabilities in NVIDIA's Triton Inference Server that chain together, getting more critical each time. In this episode of The Exploit Archives, we break down this "Triple Threat", how these flaws work, why they matter for AI security, and what lessons they hold for protecting machine learning infrastructure. Support the show: ⁠⁠⁠The Exploit Archives⁠⁠⁠ [https://buymeacoffee.com/theexploitarchives] Youtube: ⁠⁠⁠The Exploit Archives - YouTube⁠⁠ [https://www.youtube.com/@theexploitarchives] Weekly Episodes! Tags: CVE breakdown, cybersecurity, ai, nvidia, ai security, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking

How Weak Cryptography Made Rucky Vulnerable - CVE-2021-41096

CVE-2021-41096 - a flaw in Rucky, the open-source Android app that turns your phone into a “Rubber Ducky” style hacking tool. It exposed just how dangerous weak cryptography can be. In this episode of The Exploit Archives, we break down how the flaw worked, why it mattered, and how a simple cryptographic misstep turned a pentesting tool into a potential attack vector. Support the show: ⁠⁠The Exploit Archives⁠⁠ [https://buymeacoffee.com/theexploitarchives] Youtube: ⁠⁠The Exploit Archives - YouTube⁠ [https://www.youtube.com/@theexploitarchives] Weekly Episodes! Tags: CVE breakdown, Rucky app, USB HID exploit, cybersecurity, hacking, weak encryption, RSA vulnerability, Rubber Ducky, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking