:: Deepquest ::

Apple Security Advisory 2020-09-16-2 – tvOS 14.0 is now available and addresses cross site scripting vulnerabilities.

Apple Security Advisory 2020-09-16-3 – Safari 14.0 is now available and addresses code execution, cross site scripting, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2020-09-16-4 – watchOS 7.0 is now available and addresses cross site scripting vulnerabilities.

Apple Security Advisory 2020-09-16-5 – Xcode 12.0 is now available and addresses a code execution vulnerability.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. Additionally, the target user must have the “Data Loss Prevention” role assigned and an active mailbox. If the user is in the “Compliance Management” or greater “Organization Management” role groups, then they have […]

Microsoft SQL Server Reporting Services 2016 suffers from a remote code execution vulnerability.

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds a permanent elevated backdoor.

Mantis Bug Tracker 2.3.0 – Remote Code Execution (Unauthenticated)

SpamTitan 7.07 – Remote Code Execution (Authenticated)

Proof of concept exploit for the Windows Zerologon vulnerability as noted in CVE-2020-1472. By default, it changes the password of the domain controller account.