3 - 2016 - :: Deepquest ::

>> Linux digi_acceleport Null Pointer Dereference

USER: deepcore // 2016-03-10 // 0 CMT

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the digi_acceleport driver.

>> [webapps] – WordPress Best Web Soft Captcha Plugin <= 4.1.5 – Multiple Vulnerabilities

USER: deepcore // 2016-03-10 // 0 CMT

WordPress Best Web Soft Captcha Plugin <= 4.1.5 – Multiple Vulnerabilities

>> [dos] – Putty pscp <= 0.66 – Stack Buffer Overwrite

USER: deepcore // 2016-03-10 // 0 CMT

Putty pscp <= 0.66 – Stack Buffer Overwrite

>> [local] – Exim < 4.86.2 – Local Root Privilege Escalation

USER: deepcore // 2016-03-10 // 0 CMT

Exim < 4.86.2 – Local Root Privilege Escalation

>> [dos] – Nitro Pro <= 10.5.7.32 & Nitro Reader <= 5.5.3.1 – Heap Memory Corruption

USER: deepcore // 2016-03-10 // 0 CMT

Nitro Pro <= 10.5.7.32 & Nitro Reader <= 5.5.3.1 – Heap Memory Corruption

>> [dos] – libotr <= 4.1.0 – Memory Corruption

USER: deepcore // 2016-03-10 // 0 CMT

libotr <= 4.1.0 – Memory Corruption

>> [webapps] – WordPress WP Advanced Comment Plugin 0.10 – Persistent XSS

USER: deepcore // 2016-03-10 // 0 CMT

WordPress WP Advanced Comment Plugin 0.10 – Persistent XSS

>> Malwarebytes 2.2.0.1024 DLL Hijacking

USER: deepcore // 2016-03-09 // 0 CMT

Malwarebytes setup installer for version 2.2.0.1024 suffers from a DLL hijacking vulnerability.

>> ClamWin 0.99 DLL Hijacking

USER: deepcore // 2016-03-09 // 0 CMT

ClamWin version 0.99 suffers from a DLL hijacking vulnerability.

>> Wireshark Wtap_optionblock_free Use-After-Free

USER: deepcore // 2016-03-09 // 0 CMT

A crash was discovered due to a use-after-free condition that can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.