:: Deepquest ::

Microsoft Windows 10 BasicRender.sys – Denial of Service (PoC)

XnView version 2.49.1 suffers from a denial of service vulnerability.

AVS Audio Converter version 9.1 suffers from a buffer overflow vulnerability.

Rumpus FTP Web File Manager version 8.2.9.1 suffers from a cross site scripting vulnerability.

The Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software’s underlying host.

In the macOS kernel, the XNU function wait_for_namespace_event() in bsd/vfs/vfs_syscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fp_free(), which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could manipulate those objects while they’re being freed. Exploitation requires […]

This Metasploit module exploits two vulnerabilities to execute a command as an elevated user. The first (CVE-2019-1405) uses the UPnP Device Host Service to elevate to NT AUTHORITYLOCAL SERVICE. The second (CVE-2019-1322) leverages the Update Orchestrator Service to elevate from NT AUTHORITYLOCAL SERVICE to NT AUTHORITYSYSTEM.

FTP Navigator 8.03 – ‘Custom Command’ Denial of Service (SEH)

Deutsche Bahn Ticket Vending Machine Local Kiosk – Privilege Escalation

This Metasploit exploit module illustrates how a vulnerability could be exploited in a linux command for privilege escalation.