Pulse Connect Secure remote code execution through authentication bypass.
CVSS V3.1 risk score is 10/10.
The vulnerability has been exploited in the wild by the threat actor UNC2630. According to Fireeye UNC2630 may have ties with APT5 and the Chinese government.
Valve Steam remote code execution. This vulnerability works for all Source Engine games.
POC and analysis of Windows IPv6 Fragmentation Vulnerability (CVE-2021-24086):
Another POC is here: https://github.com/0vercl0k/CVE-2021-24086
CVE-2019-8761 is an interesting macOS bug that lets attackers execute HTML within a TXT file, leak files, and do all sorts of other funky things
Path Traversal on Yeastar TG400 GSM Gateway - 188.8.131.52
To get firmware decrypting password:
To get /etc/paswd:
Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores the local copy of received message (audio/video) on a custom path even after those messages are deleted/disappeared from the secret chat.
Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores local passcode in plain text.
Apache Shiro very easy to exploit authentication bypass vulnerability.
Use blank characters such as spaces to bypass shiro authentication:
http://127.0.0.1/admin/%20 or http://127.0.0.1/admin/%20/
Exploit of Sudo heap-based buffer overflow privilege escalation CVE-2021-3156:
Live Exploitation of CVE 2020-3452 Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) unauthenticated directory traversal