:: Deepquest ::

Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.

Slim CMS version 0.1 suffers from a cross site request forgery vulnerability.

Json2Html javascript library suffers from a cross site scripting vulnerability.

Several functions in the GPU command buffer service interact with the GPU mailbox manager (gpu/command_buffer/service/mailbox_manager_impl.cc), passing a reference to shared memory as the mailbox argument. MailboxManagerImpl does not expect this mailbox argument to be malleable in this way, and it is in several places copied and passed to various stl functions, resulting in unexpected behavior […]

Multiple ATCOM PBX systems suffer from an authentication bypass vulnerability.

Roxy File Manager versions 1.4.4 and below suffer from a remote shell upload vulnerability.

This Metasploit module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on a system, regsvr32 will request the .sct file and then execute the included PowerShell command. This command then downloads and executes the specified payload (similar […]

This proof of concept triggers a blue screen on Windows 7 with special pool enabled on win32k.sys. A reference to the bitmap object still exists in the device context after it has been deleted.

This proof of concept crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce.

Python’s built-in URL library (“urllib2” in 2.x and “urllib” in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. “smuggling” attacks) via the http scheme.