10 - 2016 - :: Deepquest ::

>> Ubiquiti UniFi AP AC Lite 5.2.7 Improper Access Control

USER: deepcore // 2016-10-03 // 0 CMT

Ubiquiti UniFi AP AC Lite version 5.2.7 allows for direct modification of the database with no authentication.

>> CompTIA Information Disclosure

USER: deepcore // 2016-10-03 // 0 CMT

The CompTIA ticketing system allows for personal information disclosure via just knowing someone’s email address.

>> Joomla DVFolderContent 1.0.2 Local File Disclosure

USER: deepcore // 2016-10-03 // 0 CMT

Joomla DVFolderContent module version 1.0.2 suffers from a local file disclosure vulnerability.

>> Android Pointer Leak

USER: deepcore // 2016-10-03 // 0 CMT

Android suffers from a pointer leak via insufficient binder message verification.

>> Adobe Flash MP4 Processing Overflow

USER: deepcore // 2016-10-03 // 0 CMT

Adobe Flash suffers from an overflow vulnerability when processing MP4 files.

>> Adobe Flash AVC Slice Decoding Crash

USER: deepcore // 2016-10-03 // 0 CMT

Adobe Flash suffers from an AVC slice decoding crash.

>> Ghostscript -dSAFER Not Working

USER: deepcore // 2016-10-03 // 0 CMT

The ghostscript -dSAFER parameter that is used when handling untrusted documents appears broken on multiple distributions. This could result in arbitrary file disclosure on systems that process pdf, ps, use…

>> Packet Storm New Exploits For September, 2016

USER: deepcore // 2016-10-03 // 0 CMT

This archive contains all of the 178 exploits added to Packet Storm in September, 2016.

>> Windows Capcom.sys Kernel Execution Exploit (x64 only)

USER: deepcore // 2016-10-03 // 0 CMT

This Metasploit module abuses the Capcom.sys kernel driver’s function that allows for an arbitrary function to be executed in the kernel from user land. This function purposely disables SMEP prior…