Dario Clavijo

CVE-2021-21985 NOMISEC CRITICAL WORKING POC

Vmware Vcenter Server < 3.10.2.1 - SSRF

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

2 stars

CVSS 9.8

View Code

CVE-2021-30461 NOMISEC CRITICAL WORKING POC

VoIPmonitor <24.61 - RCE

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.

CVSS 9.8

View Code