:: Deepquest ::

>> Apple Security Advisory 2022-10-10-1

USER: deepcore // 2022-10-18 // 0 CMT

Apple Security Advisory 2022-10-10-1 – iOS 16.0.3 addresses a denial of service vulnerability.

>> Apple Music Android Application 3.10.2 Man-In-The-Middle

USER: deepcore // 2022-10-18 // 0 CMT

Apple Music Android Application versions 3.8.0 through 3.10.2 suffer from a man-in-the-middle vulnerability.

>> [webapps] WordPress Plugin ImageMagick-Engine 1.7.4 – Remote Code Execution (RCE) (Authenticated)

USER: deepcore // 2022-10-17 // 0 CMT

WordPress Plugin ImageMagick-Engine 1.7.4 – Remote Code Execution (RCE) (Authenticated)

>> http://kaokum.go.th/m6.htm

USER: deepcore // 2022-10-13 // 0 CMT

http://kaokum.go.th/m6.htm notified by magelang6etar

>> http://wianglocal.go.th/m6.htm

USER: deepcore // 2022-10-13 // 0 CMT

http://wianglocal.go.th/m6.htm notified by magelang6etar

>> macOS 12.3.1 Local Root

USER: deepcore // 2022-10-11 // 0 CMT

This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.

>> Zentao Project Management System 17.0 Remote Code Execution

USER: deepcore // 2022-10-11 // 0 CMT

Zentao Project Management System version 17.0 suffers from an authenticated remote code execution vulnerability.

>> Crealogix EBICS Cross Site Scripting

USER: deepcore // 2022-10-11 // 0 CMT

During a penetration test of an Electronic Banking Internet Communication Standard (EBICS) environment, Pentagrid observed a cross site scripting vulnerability in the EBICS banking implementation developed by CREALOGIX AG and…

>> Web Based Student Clearance 1.0 Shell Upload

USER: deepcore // 2022-10-11 // 0 CMT

Web Based Student Clearance version 1.0 suffers from a remote shell upload vulnerability.

>> Joomla Vik Rent Car 1.14 Cross Site Scripting

USER: deepcore // 2022-10-11 // 0 CMT

Joomla Vik Rent Car extension version 1.14 suffers from a cross site scripting vulnerability.