[webapps] HPE VAN SDN 2.7.18.0503 – Remote Root
Posted by deepcore under Security (No Respond)
Archive for June, 2018
[remote] Quest KACE Systems Management – Command Injection (Metasploit)
Posted by deepcore under Security (No Respond)
[papers] UAC Bypass & Research with UAC-A-Mola
Posted by deepcore under Security (No Respond)
KVM Nest Virtualization L1 Guest Privilege Escalation
Posted by deepcore under exploit (No Respond)
When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0.
AsusWRT RT-AC750GF Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
AsusWRT RT-AC750GF suffers from a cross site request forgery vulnerability in the change admin password flow.
Intex Router N-150 Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
Intex Router N-150 suffers from a remote arbitrary file upload vulnerability.
WordPress Comments Import And Export CSV Injection
Posted by deepcore under exploit (No Respond)
WordPress Comments Import and Export plugin versions prior to 2.0.4 suffer from a CSV injection vulnerability.
WordPress iThemes Security SQL Injection
Posted by deepcore under exploit (No Respond)
WordPress iThemes Security plugin versions prior to 7.0.3 suffer from a remote SQL injection vulnerability.
Foxit Reader 9.0.1.1049 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Foxit Reader version 9.0.1.1049 suffers from a remote code execution vulnerability.
Digisol DG-BR4000NG Buffer Overflow
Posted by deepcore under exploit (No Respond)
Digisol DG-BR4000NG buffer overflow proof of concept exploit.