2021-04-20 16:33:32

Pulse Connect Secure remote code execution through authentication bypass. CVSS V3.1 risk score is 10/10. The vulnerability has been exploited in the wild by the threat actor UNC2630. According to Fireeye UNC2630 may have ties with APT5 and the Chinese government.

2021-04-13 11:45:28

Valve Steam remote code execution. This vulnerability works for all Source Engine games. Exploitation video:

2021-04-10 10:35:24

POC and analysis of Windows IPv6 Fragmentation Vulnerability (CVE-2021-24086): Another POC is here:

2021-04-03 08:35:03

CVE-2019-8761 is an interesting macOS bug that lets attackers execute HTML within a TXT file, leak files, and do all sorts of other funky things

2021-02-19 13:16:31

Path Traversal on Yeastar TG400 GSM Gateway - To get firmware decrypting password: To get /etc/paswd:

2021-02-12 14:24:11

Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores the local copy of received message (audio/video) on a custom path even after those messages are deleted/disappeared from the secret chat.

2021-02-12 14:23:58

Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores local passcode in plain text.

2021-02-07 07:57:05

Apache Shiro very easy to exploit authentication bypass vulnerability. Use blank characters such as spaces to bypass shiro authentication: or

2021-02-03 12:31:25

Exploit of Sudo heap-based buffer overflow privilege escalation CVE-2021-3156:

2021-02-03 08:37:57

Live Exploitation of CVE 2020-3452 Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) unauthenticated directory traversal