:: Deepquest ::

QEMU version 2.10 suffers from an NBD server long export name stack buffer overflow vulnerability. This was introduced with commit f37708f6b8.

Synology StorageManager version 5.2 suffers from a remote root command execution vulnerability in smart.cgi.

Asterisk version 13.17.2~dfsg-2 suffers from a remote unauthenticated memory exhaustion vulnerability.

This Metasploit module exploits a serious flaw in Mac OS X High Sierra. Any user can login with user “root”, leaving an empty password.

http://www.bantakhospital.go.th notified by The WTJ

macOS High Sierra – Root Privilege Escalation (Metasploit)

Jobs2Careers / Coroflot Clone – SQL Injection

Linux Kernel – ‘The Huge Dirty Cow’ Overwriting The Huge Zero Page

There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gmail app can access.

HikVision Wi-Fi IP cameras come with a default SSID “davinci”, with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won’t be adjusted, and a rogue AP […]