:: Deepquest ::

TeamPass Passwords Management System versions 2.1.26 and below suffer from an unauthenticated arbitrary file download vulnerability.

Rapid7 AppSpider version 6.12 web application vulnerability scanner suffers from an unquoted search path issue impacting the services ‘AppSpider REST Server’, ‘AppSpider REST Service’ and ‘AppSpiderUpgradeService’ for Windows deployed as part of AppSpider solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A […]

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Spam and Virus firewall firmware versions 5.1.3.007 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it’s possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware version 8.0.1.007 and below and Load Balancer Firmware versions 5.4.0.004 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it’s possible to inject system commands while escalating to root do to […]

NetBSD mail.local(8) local root exploit that leverages a race condition as noted in NetBSD-SA2016-006.

TFTP server version 1.4 WRQ buffer overflow exploit with egghunter shellcode.

http://www.maethacity.go.th/eg.htm notified by Dr.SiLnT HilL

http://www.rungkayai.go.th notified by ErrOr SquaD

OpenSSHD versions 7.2p2 and below remote username enumeration exploit.

The default SSID and passphrase on the Cisco EPC3925 are derived from the MAC address and the DOCSIS serial number. Since the MAC address of the device is broadcasted via WiFi and the typical serial number is within the range 200.000.000 and 260.000.000, the default password can be brute-forced within minutes. Proof of concept included.