:: Deepquest ::

>> Apple Security Advisory 2020-12-14-4

USER: deepcore // 2020-12-17 // 0 CMT

Apple Security Advisory 2020-12-14-4 – macOS Big Sur 11.0.1 addresses buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write,…

[EXPLOIT]

>> GitLab 11.4.7 Remote Code Execution

USER: deepcore // 2020-12-17 // 0 CMT

GitLab version 11.4.7 authenticated remote code execution exploit.

[EXPLOIT]

>> Grav CMS 1.6.30 Cross Site Scripting

USER: deepcore // 2020-12-17 // 0 CMT

Grav CMS version 1.6.30 with Admin plugin version 1.9.18 suffers from a persistent cross site scripting vulnerability.

[EXPLOIT]

>> Raysync 3.3.3.8 Remote Code Execution

USER: deepcore // 2020-12-17 // 0 CMT

Raysync version 3.3.3.8 suffers form a remote code execution vulnerability.

[EXPLOIT]

>> Magic Home Pro 1.5.1 Authentication Bypass

USER: deepcore // 2020-12-17 // 0 CMT

Magic Home Pro version 1.5.1 suffers from an authentication bypass vulnerability.

[EXPLOIT]

>> PrestaShop ProductComments 4.2.0 SQL Injection

USER: deepcore // 2020-12-17 // 0 CMT

PrestaShop ProductComments version 4.2.0 suffers from a remote blind SQL injection vulnerability.

[EXPLOIT]

>> macOS ImageIO Out-Of-Bounds Write

USER: deepcore // 2020-12-17 // 0 CMT

There is an out-of-bounds write vulnerability when decoding a malformed PICT image on macOS. The vulnerability has been confirmed on the latest stable macOS version.