:: Deepquest ::

>> [webapps] Webrun 3.6.0.42 – 'P_0' SQL Injection

USER: deepcore // 2021-11-23 // 0 CMT

Webrun 3.6.0.42 – ‘P_0’ SQL Injection

>> [local] Linux Kernel 5.1.x – 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)

USER: deepcore // 2021-11-23 // 0 CMT

Linux Kernel 5.1.x – ‘PTRACE_TRACEME’ pkexec Local Privilege Escalation (2)

>> [webapps] WordPress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure

USER: deepcore // 2021-11-23 // 0 CMT

WordPress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure

>> [remote] GNU gdbserver 9.2 – Remote Command Execution (RCE)

USER: deepcore // 2021-11-23 // 0 CMT

GNU gdbserver 9.2 – Remote Command Execution (RCE)

>> [webapps] Aimeos Laravel ecommerce platform 2021.10 LTS – 'sort' SQL injection

USER: deepcore // 2021-11-22 // 0 CMT

Aimeos Laravel ecommerce platform 2021.10 LTS – ‘sort’ SQL injection

>> [dos] Modbus Slave 7.3.1 – Buffer Overflow (DoS)

USER: deepcore // 2021-11-22 // 0 CMT

Modbus Slave 7.3.1 – Buffer Overflow (DoS)

>> [dos] Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC)

USER: deepcore // 2021-11-22 // 0 CMT

Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC)

>> Apache Storm Nimbus 2.2.0 Command Execution

USER: deepcore // 2021-11-20 // 0 CMT

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name…

>> FBI: FatPipe VPN Zero-Day Exploited By APT For 6 Months

USER: deepcore // 2021-11-19 // 0 CMT

>> Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free

USER: deepcore // 2021-11-19 // 0 CMT

Linux suffered from a use-after-free read vulnerability related to an SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()). This has been addressed in stable versions 5.14.10, 5.10.71, 5.4.151, 4.19.209, 4.14.249,…