deepcore - :: Deepquest ::

>> Chrome MediaElementEventListener::UpdateSources Use-After-Free

USER: deepcore // 2020-10-15 // 0 CMT

Chrome suffers from a MediaElementEventListener::UpdateSources use-after-free vulnerability.

>> NodeBB Forum 1.14.2 Account Takeover

USER: deepcore // 2020-10-15 // 0 CMT

NodeBB Forum versions 1.12.2 through 1.14.2 suffer from an account takeover vulnerability.

>> TimeClock Software 1.01 SQL Injection

USER: deepcore // 2020-10-15 // 0 CMT

TimeClock Software version 1.01 suffers from an authenticated time-based remote SQL injection vulnerability.

>> Guild Wars 2 Insecure Folder Permissions

USER: deepcore // 2020-10-15 // 0 CMT

Guild Wars 2 suffers from an insecure folder permissions vulnerability.

>> [webapps] Vehicle Parking Management System 1.0 – Authentication Bypass

USER: deepcore // 2020-10-15 // 0 CMT

Vehicle Parking Management System 1.0 – Authentication Bypass

>> [webapps] rConfig 3.9.5 – Remote Code Execution (Unauthenticated)

USER: deepcore // 2020-10-15 // 0 CMT

rConfig 3.9.5 – Remote Code Execution (Unauthenticated)

>> berliCRM 1.0.24 SQL Injection

USER: deepcore // 2020-10-14 // 0 CMT

berliCRM version 1.0.24 suffers from a remote SQL injection vulnerability.

>> Battle.Net 1.27.1.12428 Insecure File Permissions

USER: deepcore // 2020-10-14 // 0 CMT

Battle.Net version 1.27.1.12428 suffers from a privilege escalation vulnerability due to insecure file permissions.

>> xls2csv 0.95 Overflow / Memory Leak

USER: deepcore // 2020-10-14 // 0 CMT

xls2csv version 0.95 suffers from three overflow, one malloc fail, one memory leak, and two null pointer dereference vulnerabilities. Proof of concept code and ASAN analysis is included.

>> https://roiet1.go.th/o.htm

USER: deepcore // 2020-10-14 // 0 CMT

https://roiet1.go.th/o.htm notified by chinafans