exploit – Page 692 – :: Deepquest ::

>> Exim 4.91 Local Privilege Escalation

USER: deepcore // 2019-08-25 // 0 CMT

This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to command execution with root…

>> Valve Says Turning Away Researcher Was A Mistake

USER: deepcore // 2019-08-24 // 0 CMT

>> Snapforce CRM 8.3.0 Cross Site Scripting

USER: deepcore // 2019-08-24 // 0 CMT

Snapforce CRM version 8.3.0 suffers from multiple cross site scripting vulnerabilities.

>> Endian Firewall 3.3.0 Cross Site Scripting

USER: deepcore // 2019-08-24 // 0 CMT

Endian Firewall version 3.3.0 suffers from a cross site scripting vulnerability.

>> Wikindx 5.8.2 SQL Injection

USER: deepcore // 2019-08-24 // 0 CMT

Wikindx version 5.8.2 suffers from a remote SQL injection vulnerability.

>> Microsoft Windows SET_REPARSE_POINT_EX Mount Point Security Feature Bypass

USER: deepcore // 2019-08-24 // 0 CMT

The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn’t support allowing a sandboxed application to set an arbitrary mount…

>> Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure

USER: deepcore // 2019-08-23 // 0 CMT

Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability.

>> Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure

USER: deepcore // 2019-08-23 // 0 CMT

This Metasploit module exploits Pulse Secure SSL VPN versions 8.1R15.1, 8.2, 8.3, and 9.0 which suffer from an arbitrary file disclosure vulnerability.

>> KBPublisher 6.0.2.1 SQL Injection

USER: deepcore // 2019-08-23 // 0 CMT

KBPublisher version 6.0.2.1 suffers from multiple remote SQL injection vulnerabilities.

>> Researcher Publishes Second Steam Zero Day

USER: deepcore // 2019-08-22 // 0 CMT