3 - 2022 - :: Deepquest ::

>> [webapps] Spring Cloud Gateway 3.1.0 – Remote Code Execution (RCE)

USER: deepcore // 2022-03-07 // 0 CMT

Spring Cloud Gateway 3.1.0 – Remote Code Execution (RCE)

>> [webapps] part-db 0.5.11 – Remote Code Execution (RCE)

USER: deepcore // 2022-03-07 // 0 CMT

part-db 0.5.11 – Remote Code Execution (RCE)

>> [local] Malwarebytes 4.5 – Unquoted Service Path

USER: deepcore // 2022-03-07 // 0 CMT

Malwarebytes 4.5 – Unquoted Service Path

>> https://atsamart.go.th

USER: deepcore // 2022-03-06 // 0 CMT

https://atsamart.go.th notified by 1877

>> http://www.yasothon.go.th/index.php

USER: deepcore // 2022-03-06 // 0 CMT

http://www.yasothon.go.th/index.php notified by djebbaranon

>> Backdoor.Win32.Augudor.a Remote File Write / Code Execution

USER: deepcore // 2022-03-05 // 0 CMT

Backdoor.Win32.Augudor.a malware suffers from an unauthenticated remote file write vulnerability that allows for remote code execution.

>> Backdoor.Win32.BNLite Buffer Overflow

USER: deepcore // 2022-03-05 // 0 CMT

Backdoor.Win32.BNLite malware suffers from a buffer overflow vulnerability.

>> Polkit pkexec Privilege Escalation

USER: deepcore // 2022-03-05 // 0 CMT

This is a Metasploit module for the argument processing bug in the polkit pkexec binary that leads to privilege escalation. It leverages the raw C exploit.

>> Backdoor.Win32.FTP.Nuclear.10 Hardcoded Credential

USER: deepcore // 2022-03-05 // 0 CMT

Backdoor.Win32.FTP.Nuclear.10 malware suffers from a hardcoded credential vulnerability.

>> Backdoor.Win32.DirectConnection.103 Weak Hardcoded Password

USER: deepcore // 2022-03-05 // 0 CMT

Backdoor.Win32.DirectConnection.103 malware suffers from a weak hardcoded password vulnerability.