:: Deepquest ::

WordPress versions 4.7.0 and 4.7.1 REST API post privilege escalation and defacement exploit. Originally vulnerability discovered by Sucuri’s research team.

Android suffers from an RKP related memory corruption vulnerability in rkp_set_init_page_ro.

This archive contains 229 exploits that were added to Packet Storm in January, 2017.

TrueOnline is a major ISP in Thailand, and it distributes a customised version of the ZyXEL P660HN-T v1 router. This customised version has an unauthenticated command injection vulnerability in the remote log forwarding page. This Metasploit module was tested in an emulated environment, as the author doesn’t have access to the Thai router any more. […]

TrueOnline is a major ISP in Thailand, and it distributes a customized version of the Billion 5200W-T router. This customized version has at least two command injection vulnerabilities, one authenticated and one unauthenticated, on different firmware versions. This Metasploit module will attempt to exploit the unauthenticated injection first, and if that fails, it will attempt […]

TrueOnline is a major ISP in Thailand, and it distributes a customized version of the ZyXEL P660HN-T v2 router. This customized version has an authenticated command injection vulnerability in the remote log forwarding page. This can be exploited using the “supervisor” account that comes with a default password on the device. This Metasploit module was […]

This Metasploit module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system.

Apple WebKit suffers from a HTMLKeygenElement type confusion vulnerability.

Apple WebKit suffers from a type confusion vulnerability in RenderBox with accessibility enabled.

Apple WebKit suffers from a use-after-free vulnerability in HTMLFormElement::reset().