:: Deepquest ::

Rancher Server – Docker Daemon Code Execution (Metasploit)

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to […]

SmartBear SoapUI version 5.3.0 suffers from a remote code execution vulnerability via deserialization.

Unitrends UEB version 9.1 bpserverd remote command execution exploit.

Lansweeper version 6.0.0.63 suffers from a cross site scripting vulnerability.

This is a collection of exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work fine on Windows 10 x64 with Creators Update, build 15063.540 (latest version of Win10 before the release of Microsoft’s September Updates).

WordPress version 4.8.2 fails to have an expiration mechanism tied to activation keys allowing for eternal use.

Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability.

Metasploit Pro, Express, Ultimate, and Community suffer from a cross site request forgery vulnerability.

This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable.