Cisco Adaptive Security Appliance (ASA) XSS POC:
POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1
QNAP NAS HBS 3 Hybrid Backup Syn Hard-Coded Credentials
QLocker Ransomware is using this vulnerability to encrypt files of QNAP customers.
Write-up of CVE-2021-30481 Source engine remote code execution via game invites
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
Exploit of CVE-2020-16040 Google Chrome <= 87.0.4280.88 vulnerability
Zoom Unintended Screen Sharing Vulnerability POC:
heap overflow vulnerability in Sudo leads attackers to gain root privileges.
Sudo is affected by this vulnerability for ten years (since July 2011).
This vulnerability has been found by Qualys Research Team.
Details are here: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
This post is a story on how I found and exploited CVE-2020-16875, a remote code execution vulnerability in Exchange Online and bypassed two different patches for the vulnerability.