2019 February

WebKit JSC reifyStaticProperty Attribute Flag Issue

Posted by deepcore under exploit (No Respond)

WebKit JSC has an issue where reifyStaticProperty needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter.

MatrixSSL x.509 Certificate Verification Stack Buffer Overflow

Posted by deepcore under exploit (No Respond)

MatrixSSL suffers from a stack buffer overflow vulnerability when verifying x.509 certificates.

Nuuo Central Management SQL Injection

Posted by deepcore under exploit (No Respond)

The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xp_cmdshell can be enabled and abused to achieve code execution. This module will either use a provided session number […]

[webapps] Teracue ENC-400 – Command Injection / Missing Authentication

Posted by deepcore under Security (No Respond)

Teracue ENC-400 – Command Injection / Missing Authentication

Tags: 0day, remote exploit

[webapps] Quest NetVault Backup Server < 11.4.5 – Process Manager Service SQL Injection / Remote Code Execution

Posted by deepcore under Security (No Respond)

Quest NetVault Backup Server < 11.4.5 – Process Manager Service SQL Injection / Remote Code Execution

Tags: 0day, remote exploit

[webapps] Micro Focus Filr 3.4.0.217 – Path Traversal / Local Privilege Escalation

Posted by deepcore under Security (No Respond)

Micro Focus Filr 3.4.0.217 – Path Traversal / Local Privilege Escalation

Tags: 0day, remote exploit

[remote] Nuuo Central Management – Authenticated SQL Server SQL Injection (Metasploit)

Posted by deepcore under Security (No Respond)

Nuuo Central Management – Authenticated SQL Server SQL Injection (Metasploit)

Tags: 0day, remote exploit

[dos] WebKit JSC – reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

Posted by deepcore under Security (No Respond)

WebKit JSC – reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

Tags: 0day, remote exploit

[papers] Protecting Windows Privilege Accounts

Posted by deepcore under Security (No Respond)

Protecting Windows Privilege Accounts

Tags: 0day, remote exploit

HotelDruid 2.3 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

HotelDruid version 2.3 suffers from a cross site scripting vulnerability.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

WebKit JSC reifyStaticProperty Attribute Flag Issue

MatrixSSL x.509 Certificate Verification Stack Buffer Overflow

Nuuo Central Management SQL Injection

[webapps] Teracue ENC-400 – Command Injection / Missing Authentication

[webapps] Quest NetVault Backup Server < 11.4.5 – Process Manager Service SQL Injection / Remote Code Execution

[webapps] Micro Focus Filr 3.4.0.217 – Path Traversal / Local Privilege Escalation

[remote] Nuuo Central Management – Authenticated SQL Server SQL Injection (Metasploit)

[dos] WebKit JSC – reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

[papers] Protecting Windows Privilege Accounts

HotelDruid 2.3 Cross Site Scripting

Tabs Switcher

Categories

Archives

Meta

BLOGROLL