:: Deepquest ::

Apple Security Advisory 2016-09-13-1 – iOS 10 is now available and addresses network blocking, information disclosure, and various other vulnerabilities.

Apple Security Advisory 2016-09-13-3 – watchOS 3 is now available and addresses an information disclosure vulnerability.

Bezaat Script version 2 suffers from a remote SQL injection vulnerability.

Bezaat Script version 2 suffers from a remote shell upload vulnerability.

PrivateTunnel client version 2.7.0 on x64 local credential disclosure after sign out exploit.

ASUS RT-N10 routers suffer from code execution, cross site request forgery, open redirection, and cross site scripting vulnerabilities.

Cisco EPC 3925 suffers from cross site request forgery, cross site scripting, HTTP response injection, and denial of service vulnerabilities.

This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 – 7.0.1 (verified on 7.0.1), NetBSD 6.1 – 6.1.5, and NetBSD 6.0 – 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.

Apache Mina 2.0.13 uses the OGNL library in the “IoSessionFinder” class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method “find” is called. This class seems to be only used in the JMX MINA component “IoServiceMBean”. When the IOServiceMBean is exposed trough JMX it is possible to abuse […]

Cisco ASA 9.2(3) – Authentication Bypass (EXTRABACON Module)