:: Deepquest ::

Adobe Flash Player – DeleteRangeTimelineOperation Type Confusion (Metasploit)

Coship Wireless Router 4.0.0.x/5.0.0.x – WiFi Password Reset

AirDroid 4.2.1.6 – Denial of Service

OpenText Documentum Webtop version 5.3.SP2 suffers from an open redirection vulnerability.

Amazon FireOS version 5.3.6.3 suffers from a content injection vulnerability via man-in-the-middle attacks.

Ericsson Active Library Explorer (ALEX) version 14.3 suffers from a cross site scripting vulnerability.

SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities.

Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities.

IPFire version 2.21 suffers from multiple cross site scripting vulnerabilities.

This Metasploit module exploits a type confusion on Adobe Flash Player, which was originally found being successfully exploited in the wild. This module has been tested successfully on: macOS Sierra 10.12.3, Safari and Adobe Flash Player 21.0.0.182, Firefox and Adobe Flash Player 21.0.0.182.