deepcore - :: Deepquest ::

>> [webapps] FLEX 1085 Web 1.6.0 – HTML Injection

USER: deepcore // 2021-11-23 // 0 CMT

FLEX 1085 Web 1.6.0 – HTML Injection

>> [dos] Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC)

USER: deepcore // 2021-11-22 // 0 CMT

Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC)

>> [dos] Modbus Slave 7.3.1 – Buffer Overflow (DoS)

USER: deepcore // 2021-11-22 // 0 CMT

Modbus Slave 7.3.1 – Buffer Overflow (DoS)

>> [webapps] Aimeos Laravel ecommerce platform 2021.10 LTS – 'sort' SQL injection

USER: deepcore // 2021-11-22 // 0 CMT

Aimeos Laravel ecommerce platform 2021.10 LTS – ‘sort’ SQL injection

>> Apache Storm Nimbus 2.2.0 Command Execution

USER: deepcore // 2021-11-20 // 0 CMT

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name…

>> FBI: FatPipe VPN Zero-Day Exploited By APT For 6 Months

USER: deepcore // 2021-11-19 // 0 CMT

>> Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free

USER: deepcore // 2021-11-19 // 0 CMT

Linux suffered from a use-after-free read vulnerability related to an SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()). This has been addressed in stable versions 5.14.10, 5.10.71, 5.4.151, 4.19.209, 4.14.249,…

>> Bludit 3.13.1 Cross Site Scripting

USER: deepcore // 2021-11-18 // 0 CMT

Bludit version 3.13.1 suffers from a cross site scripting vulnerability.

>> Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting

USER: deepcore // 2021-11-18 // 0 CMT

Quick.CMS version 6.7 suffers from a cross site scripting vulnerability that can allow for cross site request forgery attacks.

>> GitLab 13.10.2 Remote Code Execution

USER: deepcore // 2021-11-18 // 0 CMT

GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.