[local] Gnome Fonts Viewer 3.34.0 – Heap Corruption
Posted by deepcore under Security (No Respond)
Archive for September, 2020
[webapps] ZTE Router F602W – Captcha Bypass
Posted by deepcore under Security (No Respond)
[webapps] CuteNews 2.1.2 – Remote Code Execution
Posted by deepcore under Security (No Respond)
[webapps] Tiandy IPC and NVR 9.12.7 – Credential Disclosure
Posted by deepcore under Security (No Respond)
Yaws 2.0.7 XML Injection / Command Injection
Posted by deepcore under exploit (No Respond)
Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities.
Microsoft Windows CloudExperienceHostBroker Privilege Escalation
Posted by deepcore under exploit (No Respond)
The CloundExperienceHostBroker hosts unsafe COM objects accessible to a normal user leading to elevation of privilege.
Qualcomm Adreno GPU Ringbuffer Corruption / Protected Mode Bypass
Posted by deepcore under exploit (No Respond)
The Qualcomm Adreno GPU shares a global mapping called a “scratch” buffer with the Adreno KGSL kernel driver. The contents of the scratch buffer can be overwritten by untrusted GPU commands. This results in a logic error in the Adreno driver’s ringbuffer allocation code, which can be used to corrupt ringbuffer data. A race condition […]
Microsoft Windows StorageFolder Marshaled Object Access Check Bypass / Privilege Escalation
Posted by deepcore under exploit (No Respond)
The StorageFolder class when used out of process can bypass security checks to read and write files not allowed to an AppContainer.
http://thepsathit.go.th/doc/ghi.html
Posted by deepcore under defacement (No Respond)
http://thepsathit.go.th/doc/ghi.html notified by Ghost Hunter Illusion
Tags: defacementhttp://abtnongyang.go.th/doc/ghi.html
Posted by deepcore under defacement (No Respond)
http://abtnongyang.go.th/doc/ghi.html notified by Ghost Hunter Illusion
Tags: defacement