:: Deepquest ::

miniMySQLAdmin version 1.1.3 suffers from a cross site request forgery vulnerability.

There’s an integer overflow issue in get_node_path_locked in /system/bin/sdcard on Android, which results in a buffer overflow.

This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.

IPFire, a free linux based open source firewall distribution, versions 2.15 Update Core 82 and below contain an authenticated remote command execution vulnerability via shellshock in the request headers.

IPFire, a free linux based open source firewall distribution, versions prior to 2.19 Update Core 101 contain a remote command execution vulnerability in the proxy.cgi page.

This Metasploit module exploits a stack buffer overflow in the Poison Ivy 2.1.x C&C server. The exploit does not need to know the password chosen for the bot/server communication.

phpMyFAQ version 2.9.0 suffers from a persistent cross site scripting vulnerability.

The OS X kernel suffers from a use-after-free vulnerability due to bad locking in IOAcceleratorFamily2.

There is an OS X exploitable kernel NULL dereference in IOAccelSharedUserClient2::page_off_resource.

There’s an OS X kernel stack buffer overflow in the GeForce gpu driver.