:: Deepquest ::

HiSilicon Video Encoder allows for full administrative access via a backdoor password. Versions affected are vendor specific.

ReQuest Serious Play F3 Media Server version 7.0.3 suffers from a denial of service vulnerability. The device can be shutdown or rebooted by an unauthenticated attacker when issuing one HTTP GET request.

Jenkins version 2.63 suffers from a sandbox bypass vulnerability.

HiSilicon Video Encoder suffers from an unauthenticated RTSP buffer overflow vulnerability that can cause a denial of service condition.

FRITZ!Box versions 7.20 and below suffer from a DNS rebinding protection bypass vulnerability.

ReQuest Serious Play F3 Media Server version 7.0.3 suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker can exploit the Quick File Uploader (/tools/upload.html) page and upload PHP executable files that results in remote code execution as the web server user.

Mocha for Android suffers from an issue where a call can cause the callee device to send audio without user interaction.

Chrome suffers from a use-after-free vulnerability in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList.

Chrome suffers from a use-after-free vulnerability in USB::OnServiceConnectionError.

This Metasploit module exploits a server-side include (SSI) in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The web.config file will be stored in loot once retrieved, and […]