:: Deepquest ::

Adobe Acrobat Reader DC – Heap-Based Memory Corruption due to Malformed TTF Font

AppXSvc 17763 – Arbitrary File Overwrite (DoS)

Product Key Explorer 4.2.0.0 – ‘Key’ Denial of Service (PoC)

Product Key Explorer 4.2.0.0 – ‘Name’ Denial of Service (POC)

This is a full browser compromise exploit chain targeting Mozilla Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 to trick the parent process into browsing to an arbitrary URL.

Proof of concept exploit that demonstrates a Microsoft Windows 10 UAC bypass for all executable files which are autoelevate true.

SpotAuditor version 5.3.2 Base64 local buffer overflow SEH exploit.

PRO-7070 Hazir Profesyonel Web Sitesi version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Snipe-IT Open Source Asset Management version 4.7.5 suffers from a persistent cross site scripting vulnerability.

Alcatel-Lucent Omnivista 8770 suffers from a remote code execution vulnerability.