:: Deepquest ::

>> runc / libcontainer Bind Mount Sources Insecure Handling

USER: deepcore // 2021-12-07 // 0 CMT

The recent commit #9c4440 introduces two vulnerabilities to libcontainer that can be exploited by an attacker with partial control over the bind mount sources of a new container.

>> Auerswald COMpact 8.0B Arbitrary File Disclosure

USER: deepcore // 2021-12-07 // 0 CMT

RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows users with the “sub-admin” privilege to access any files on the PBX’s…

>> Auerswald COMpact 8.0B Backdoors

USER: deepcore // 2021-12-07 // 0 CMT

RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers who are able to access the web-based management application full administrative access…

>> [webapps] Croogo 3.0.2 – Remote Code Execution (Authenticated)

USER: deepcore // 2021-12-06 // 0 CMT

Croogo 3.0.2 – Remote Code Execution (Authenticated)

>> [remote] Auerswald COMpact 8.0B – Multiple Backdoors

USER: deepcore // 2021-12-06 // 0 CMT

Auerswald COMpact 8.0B – Multiple Backdoors

>> [remote] Auerswald COMpact 8.0B – Arbitrary File Disclosure

USER: deepcore // 2021-12-06 // 0 CMT

Auerswald COMpact 8.0B – Arbitrary File Disclosure

>> [remote] Auerswald COMfortel 2.8F – Authentication Bypass

USER: deepcore // 2021-12-06 // 0 CMT

Auerswald COMfortel 2.8F – Authentication Bypass

>> [remote] Auerswald COMpact 8.0B – Privilege Escalation

USER: deepcore // 2021-12-06 // 0 CMT

Auerswald COMpact 8.0B – Privilege Escalation

>> [local] HCL Lotus Notes V12 – Unquoted Service Path

USER: deepcore // 2021-12-06 // 0 CMT

HCL Lotus Notes V12 – Unquoted Service Path

>> DuckDuckGo 7.64.4 Address Bar Spoofing

USER: deepcore // 2021-12-04 // 0 CMT

DuckDuckGo version 7.64.4 suffers from an address bar spoofing vulnerability.