Recent Vulmon Research Posts

Exploit of CVE-2020-16040 Google Chrome <= 87.0.4280.88 vulnerability

CVE-2019-8761 is an interesting macOS bug that lets attackers execute HTML within a TXT file, leak files, and do all sorts of other funky things

Zoom Unintended Screen Sharing Vulnerability POC:

This looks like a false positive, because: * obtaining the MS AJAX framework script is not a security vulnerability - it is a publicly available script that can also be served from the standard webresource handler * the presence of code that contains the `true` keyword (which is a reserved word in JavaScript as well) does not prove a command was executed on the server * the Telerik WebResource handler is supposed to combine scripts based on server settings and the fact that requesting the handler returns Telerik code is not a vulnerability by itself - this is also code that is publicly avaialble (for example, from the Telerik CDN) and it is a JavaScript code that is not generated based on

I. VULNERABILITY ------------------------- Data Manipulation with X-Forwarded-For header at WordPress II. CVE REFERENCE ------------------------- CVE-2020-35539 III. VENDOR ------------------------- IV. TIMELINE ------------------------- 20/12/2020 Vulnerability discovered 21/12/2020 Vendor contacted 09/03/2021 CVE Assigned V. CREDIT ------------------------- Alphan Yavas VI. DESCRIPTION ------------------------- "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X

CVE-2021-21327 recently found in GLPI by Iterasec allows remote PHP objects instantiation Technical writeup and exploit included for research purposes:

Shodan dork of CVE-2021-21972 VMware vCenter Server vSphere Client Remote Code Execution:

VMware vCenter Server vSphere Client remote code execution Attackers can gain root privilege by exploiting CVE-2021-21972. This is an easy to exploit vulnerability. Therefore future exploitation is likely. Also, this vulnerability exists in all default installations. Apply workarounds urgently:

Path Traversal on Yeastar TG400 GSM Gateway - To get firmware decrypting password: To get /etc/paswd: