Path Traversal on Yeastar TG400 GSM Gateway - 126.96.36.199
To get firmware decrypting password:
To get /etc/paswd:
Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores the local copy of received message (audio/video) on a custom path even after those messages are deleted/disappeared from the secret chat.
Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores local passcode in plain text.
Apache Shiro very easy to exploit authentication bypass vulnerability.
Use blank characters such as spaces to bypass shiro authentication:
http://127.0.0.1/admin/%20 or http://127.0.0.1/admin/%20/
Exploit of Sudo heap-based buffer overflow privilege escalation CVE-2021-3156:
Live Exploitation of CVE 2020-3452 Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) unauthenticated directory traversal
Abusing XPC Service mechanism to elevate privilege in macOS/iOS
In this blog, I will detail an interesting logic vulnerability I found in launchd process when it is managing the XPC Services. It’s easy be exploited and 100% stable to get high privilege in macOS/iOS. Because launchd is the most fundamental and important component in the OS, the vulnerability would also work even from the most restricted app sandbox. The vulnerability should work before macOS Big Sur and iOS 13.5.
ZyXEL USG and ZyWALL hardcoded (backdoor) credentials: