9 - 2019 - :: Deepquest ::

>> http://healthws.ntwo.moph.go.th

USER: deepcore // 2019-09-17 // 0 CMT

http://healthws.ntwo.moph.go.th notified by Goodzilam

>> Ticket-Booking 1.4 Authentication Bypass

USER: deepcore // 2019-09-17 // 0 CMT

Ticket-Booking version 1.4 suffers from an authentication bypass vulnerability.

>> College-Management-System 1.2 Authentication Bypass

USER: deepcore // 2019-09-17 // 0 CMT

College-Management-System version 1.2 suffers from an authentication bypass vulnerability.

>> Webmin 1.920 Remote Code Execution

USER: deepcore // 2019-09-17 // 0 CMT

Webmin version 1.920 remote code execution exploit that leverages the vulnerability noted in CVE-2019-15107.

>> AppXSvc 17763.1.amd64fre.rs5_release.180914-1434 Privilege Escalation

USER: deepcore // 2019-09-17 // 0 CMT

AppXSvc version 17763.1.amd64fre.rs5_release.180914-1434 suffers from an arbitrary file security descriptor overwrite privilege escalation vulnerability.

>> docPrint Pro 8.0 SEH Buffer Overflow

USER: deepcore // 2019-09-17 // 0 CMT

docPrint Pro version 8.0 suffers from a SEH buffer overflow vulnerability.

>> Inteno IOPSYS Gateway 3DES Key Extraction Improper Access

USER: deepcore // 2019-09-17 // 0 CMT

Inteno EG200 routers with firmware versions EG200-WU7P1U_ADAMO3.16.4-190226_1650 and below have a JUCI ACL misconfiguration that allows the “user” account to extract the 3DES key via JSON commands to ubus. The…

>> LastPass Credential Leak From Previous Site

USER: deepcore // 2019-09-17 // 0 CMT

LastPass suffers from an issue where bypassing do_popupregister() leaks credentials from the previous site.

>> [webapps] Symantec Advanced Secure Gateway (ASG) / ProxySG – Unrestricted File Upload

USER: deepcore // 2019-09-16 // 0 CMT

Symantec Advanced Secure Gateway (ASG) / ProxySG – Unrestricted File Upload

>> [local] AppXSvc – Privilege Escalation

USER: deepcore // 2019-09-16 // 0 CMT

AppXSvc – Privilege Escalation