:: Deepquest ::

>> [webapps] SuiteCRM 7.11.15 – 'last_name' Remote Code Execution (Authenticated)

USER: deepcore // 2020-11-09 // 0 CMT

SuiteCRM 7.11.15 – ‘last_name’ Remote Code Execution (Authenticated)

>> [local] HP Display Assistant x64 Edition 3.20 – 'DTSRVC' Unquoted Service Path

USER: deepcore // 2020-11-09 // 0 CMT

HP Display Assistant x64 Edition 3.20 – ‘DTSRVC’ Unquoted Service Path

>> SmartBlog 2.0.1 Blind SQL Injection

USER: deepcore // 2020-11-07 // 0 CMT

SmartBlog version 2.0.1 suffers from a remote blind SQL injection vulnerability.

>> BlogEngine 3.3.8 Cross Site Scripting

USER: deepcore // 2020-11-07 // 0 CMT

BlogEngine version 3.3.8 suffers from a persistent cross site scripting vulnerability.

>> git-lfs Remote Code Execution

USER: deepcore // 2020-11-07 // 0 CMT

Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more.

>> Sentrifugo 3.2 Remote Code Execution

USER: deepcore // 2020-11-07 // 0 CMT

Sentrifugo version 3.2 announcements authenticated remote code execution exploit.

>> Sentrifugo 3.2 Remote Code Execution

USER: deepcore // 2020-11-07 // 0 CMT

Sentrifugo version 3.2 assets authenticated remote code execution exploit.

>> CMSUno 1.6.2 Remote Code Execution

USER: deepcore // 2020-11-07 // 0 CMT

CMSUno version 1.6.2 authenticated remote code execution exploit.

>> Asterisk 17.6.0 / 17.5.1 Denial Of Service

USER: deepcore // 2020-11-07 // 0 CMT

Asterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.

>> http://www.rayongpolice.go.th/bc7.html

USER: deepcore // 2020-11-07 // 0 CMT

http://www.rayongpolice.go.th/bc7.html notified by BCA-X666X