12 - 2021 - :: Deepquest ::

>> Oracle Database Protection Mechanism Bypass

USER: deepcore // 2021-12-14 // 0 CMT

Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE’s protection against man-in-the-middle attacks and hijack authenticated connections. In some configurations, a full man-in-the-middle attack is possible. Oracle Database…

>> Backdoor.Win32.Phase.11 Code Execution

USER: deepcore // 2021-12-14 // 0 CMT

Backdoor.Win32.Phase.11 malware suffers from a code execution vulnerability.

>> Oracle Database Weak NNE Integrity Key Derivation

USER: deepcore // 2021-12-14 // 0 CMT

NNE’s integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes (MACs). Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected.

>> [local] Microsoft Internet Explorer / ActiveX Control – Security Bypass

USER: deepcore // 2021-12-14 // 0 CMT

Microsoft Internet Explorer / ActiveX Control – Security Bypass

>> [webapps] WordPress Plugin Typebot 1.4.3 – Stored Cross Site Scripting (XSS) (Authenticated)

USER: deepcore // 2021-12-14 // 0 CMT

WordPress Plugin Typebot 1.4.3 – Stored Cross Site Scripting (XSS) (Authenticated)

>> [remote] Apache Log4j 2 – Remote Code Execution (RCE)

USER: deepcore // 2021-12-14 // 0 CMT

Apache Log4j 2 – Remote Code Execution (RCE)

>> [local] Laravel Valet 2.0.3 – Local Privilege Escalation (macOS)

USER: deepcore // 2021-12-14 // 0 CMT

Laravel Valet 2.0.3 – Local Privilege Escalation (macOS)

>> [remote] Apache Log4j2 2.14.1 – Information Disclosure

USER: deepcore // 2021-12-14 // 0 CMT

Apache Log4j2 2.14.1 – Information Disclosure

>> Log4j Zero Day Flaw: What You Need To Know And How To Protect Yourself

USER: deepcore // 2021-12-13 // 0 CMT

>> [webapps] WebHMI 4.0 – Remote Code Execution (RCE) (Authenticated)

USER: deepcore // 2021-12-13 // 0 CMT

WebHMI 4.0 – Remote Code Execution (RCE) (Authenticated)