Fortinet FortiOS Path Traversal Retrieving plaintext credentials:
Getting passwd content with Pulse Secure unauthenticated path traversal:
If you have permission to modify the configuration file, then you already got the machine. How can it be a vulnerability?
POC of Liferay Portal RCE:
A fake CVE.
VMware vCenter Server file upload vulnerability POC
If below command response with anything other than 404, the application is vulnerable:
curl -X POST "http://HOST:PORT/analytics/telemetry/ph/api/hyper/send?_c&_i=test" -d "Test_Workaround" -H "Content-Type: application/json" -v 2>&1 | grep HTTP
POCs for Atlassian Confluence Server Arbitrary File Read:
VMware vCenter Server vSphere Client remote code execution
Attackers can gain root privilege by exploiting CVE-2021-21972. This is an easy to exploit vulnerability. Therefore future exploitation is likely.
Also, this vulnerability exists in all default installations.
Apply workarounds urgently: https://kb.vmware.com/s/article/82374