4 - 2018 - :: Deepquest ::

>> [remote] LineageOS 14.1 Blueborne – Remote Code Execution

USER: deepcore // 2018-04-06 // 0 CMT

LineageOS 14.1 Blueborne – Remote Code Execution

>> [webapps] FiberHome VDSL2 Modem HG 150-UB – Authentication Bypass

USER: deepcore // 2018-04-06 // 0 CMT

FiberHome VDSL2 Modem HG 150-UB – Authentication Bypass

>> [local] Sophos Endpoint Protection Control Panel 10.7 – Weak Password Encryption

USER: deepcore // 2018-04-06 // 0 CMT

Sophos Endpoint Protection Control Panel 10.7 – Weak Password Encryption

>> [local] Sophos Endpoint Protection 10.7 – Tamper-Protection Bypass

USER: deepcore // 2018-04-06 // 0 CMT

Sophos Endpoint Protection 10.7 – Tamper-Protection Bypass

>> DuckDuckGo 4.2.0 WebRTC Private IP Leakage

USER: deepcore // 2018-04-05 // 0 CMT

This Metasploit module exploits a vulnerability in browsers using well-known property of WebRTC (Web Real-Time Communications) which enables Web applications and sites to capture or exchange arbitrary data between browsers…

>> Chrome V8 ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion

USER: deepcore // 2018-04-05 // 0 CMT

Chrome V8 suffers from a type confusion vulnerability in ElementsAccessorBase::CollectValuesOrEntriesImpl.

>> Chrome V8 Genesis::InitializeGlobal Bugs

USER: deepcore // 2018-04-05 // 0 CMT

Chrome V8 has multiple bugs in Genesis::InitializeGlobal.

>> Microsoft Edge Charka JIT Incomplete Fix For Issue 1420

USER: deepcore // 2018-04-05 // 0 CMT

A security fix applied for Microsoft Edge Chakra JIT is incomplete.

>> Microsoft Edge Charka JIT Incomplete Fix For Issue 1420 #2

USER: deepcore // 2018-04-05 // 0 CMT

A security fix applied for Microsoft Edge Chakra JIT is incomplete.

>> ProcessMaker Plugin Code Execution

USER: deepcore // 2018-04-05 // 0 CMT

This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator…