:: Deepquest ::

>> Firejail TOCTOU Race Condition

USER: deepcore // 2021-02-20 // 0 CMT

This program demonstrates a time-of-check-time-of-use TOCTOU vulnerability in Firejail. Winning it causes Firejail to create an insecure overlayfs layout, that is then used to escalate privileges by making /etc/ld.so.preload user…

>> Gitea 1.12.5 Remote Code Execution

USER: deepcore // 2021-02-19 // 0 CMT

Gitea version 1.12.5 suffers from a remote code execution vulnerability.

>> Backdoor.Win32.Agent.aak Hardcoded Credentials

USER: deepcore // 2021-02-19 // 0 CMT

Backdoor.Win32.Agent.aak malware suffers from a hardcoded credential vulnerability.

>> Backdoor.Win32.Agent.aak Code Execution / Cross Site Request Forgery

USER: deepcore // 2021-02-19 // 0 CMT

Backdoor.Win32.Agent.aak malware suffers from code execution and cross site request forgery vulnerabilities.

>> Apport 2.20 Privilege Escalation

USER: deepcore // 2021-02-19 // 0 CMT

Apport version 2.20 suffers from a local privilege escalation vulnerability.

>> Batflat CMS 1.3.6 Remote Code Execution

USER: deepcore // 2021-02-19 // 0 CMT

Batflat CMS versions 1.3.6 and below suffer from a remote code execution vulnerability.

>> Backdoor.Win32.Agent.aak Buffer Overflow

USER: deepcore // 2021-02-19 // 0 CMT

Backdoor.Win32.Agent.aak malware suffers from a buffer overflow vulnerability.

>> [local] dataSIMS Avionics ARINC 664-1 – Local Buffer Overflow (PoC)

USER: deepcore // 2021-02-19 // 0 CMT

dataSIMS Avionics ARINC 664-1 – Local Buffer Overflow (PoC)

>> [webapps] Online Exam System With Timer 1.0 – 'email' SQL injection Auth Bypass

USER: deepcore // 2021-02-19 // 0 CMT

Online Exam System With Timer 1.0 – ’email’ SQL injection Auth Bypass

>> [webapps] Comment System 1.0 – 'multiple' Stored Cross-Site Scripting

USER: deepcore // 2021-02-19 // 0 CMT

Comment System 1.0 – ‘multiple’ Stored Cross-Site Scripting