:: Deepquest ::

>> [local] Internet Explorer 11 – Use-After-Free

USER: deepcore // 2020-09-11 // 0 CMT

Internet Explorer 11 – Use-After-Free

>> [webapps] Tea LaTex 1.0 – Remote Code Execution (Unauthenticated)

USER: deepcore // 2020-09-11 // 0 CMT

Tea LaTex 1.0 – Remote Code Execution (Unauthenticated)

>> [webapps] VTENEXT 19 CE – Remote Code Execution

USER: deepcore // 2020-09-11 // 0 CMT

VTENEXT 19 CE – Remote Code Execution

>> [local] Gnome Fonts Viewer 3.34.0 – Heap Corruption

USER: deepcore // 2020-09-11 // 0 CMT

Gnome Fonts Viewer 3.34.0 – Heap Corruption

>> [webapps] ZTE Router F602W – Captcha Bypass

USER: deepcore // 2020-09-10 // 0 CMT

ZTE Router F602W – Captcha Bypass

>> [webapps] CuteNews 2.1.2 – Remote Code Execution

USER: deepcore // 2020-09-10 // 0 CMT

CuteNews 2.1.2 – Remote Code Execution

>> [webapps] Tiandy IPC and NVR 9.12.7 – Credential Disclosure

USER: deepcore // 2020-09-10 // 0 CMT

Tiandy IPC and NVR 9.12.7 – Credential Disclosure

>> Yaws 2.0.7 XML Injection / Command Injection

USER: deepcore // 2020-09-09 // 0 CMT

Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities.

>> Microsoft Windows CloudExperienceHostBroker Privilege Escalation

USER: deepcore // 2020-09-09 // 0 CMT

The CloundExperienceHostBroker hosts unsafe COM objects accessible to a normal user leading to elevation of privilege.

>> Qualcomm Adreno GPU Ringbuffer Corruption / Protected Mode Bypass

USER: deepcore // 2020-09-09 // 0 CMT

The Qualcomm Adreno GPU shares a global mapping called a “scratch” buffer with the Adreno KGSL kernel driver. The contents of the scratch buffer can be overwritten by untrusted GPU…