4 - 2021 - :: Deepquest ::

>> Backdoor.Win32.Agent.afq Directory Traversal

USER: deepcore // 2021-04-29 // 0 CMT

Backdoor.Win32.Agent.afq malware suffers from a directory traversal vulnerability.

>> Backdoor.Win32.Agent.afq Heap Corruption

USER: deepcore // 2021-04-29 // 0 CMT

Backdoor.Win32.Agent.afq malware suffers from a heap corruption vulnerability.

>> Android NFC Stack Out-Of-Bounds Write

USER: deepcore // 2021-04-29 // 0 CMT

Android suffers from an out-of-bounds write in the NFC stack when handling MIFARE Classic TLVs.

>> PFSense 2.5.0 Cross Site Scripting

USER: deepcore // 2021-04-29 // 0 CMT

PFSense version 2.5.0 suffers from a persistent cross site scripting vulnerability.

>> [webapps] FOGProject 1.5.9 – File Upload RCE (Authenticated)

USER: deepcore // 2021-04-29 // 0 CMT

FOGProject 1.5.9 – File Upload RCE (Authenticated)

>> [webapps] Cacti 1.2.12 – 'filter' SQL Injection / Remote Code Execution

USER: deepcore // 2021-04-29 // 0 CMT

Cacti 1.2.12 – ‘filter’ SQL Injection / Remote Code Execution

>> http://mhkpeo.go.th/er.php

USER: deepcore // 2021-04-28 // 0 CMT

http://mhkpeo.go.th/er.php notified by LahBodoAmat

>> [webapps] Kirby CMS 3.5.3.1 – 'file' Cross-Site Scripting (XSS)

USER: deepcore // 2021-04-28 // 0 CMT

Kirby CMS 3.5.3.1 – ‘file’ Cross-Site Scripting (XSS)

>> Montiorr 1.7.6m Cross Site Scripting

USER: deepcore // 2021-04-27 // 0 CMT

Montiorr version 1.7.6m suffers from a cross site scripting vulnerability via a file upload.

>> Apache Druid 0.20.0 Remote Command Execution

USER: deepcore // 2021-04-27 // 0 CMT

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an…