:: Deepquest ::

Anchor CMS version 0.9.2 suffers from cross site scripting and open redirect vulnerabilities.

Kirby CMS versions 2.1.0 and below suffer from cross site request forgery and remote shell upload vulnerabilities.

ZeusCart version 4.0 suffers from a remote code execution vulnerability.

Kirby CMS versions 2.1.0 and below suffer from an authentication bypass vulnerability via path traversal.

Zen Cart version 1.5.4 suffers from code execution and information leakage vulnerabilities.

Microsoft released a security bulletin (MS15-101) describing a .NET MVC denial of service vulnerability. This post analyzes the vulnerability in detail, starting from the theory and then providing a PoC exploit against a MVC web application developed with Visual Studio 2013.

This Metasploit module exploits a pool based buffer overflow in the atmfd.dll driver when parsing a malformed font. The vulnerability was exploited by the hacking team and disclosed on the july data leak. This Metasploit module has been tested successfully on vulnerable builds of Windows 8.1 x64.

This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account “IntegrationUser” with administrator privileges exists. The account has a default password of “plugin” which can not be reset through the user interface. By log-in and abusing the default administrator’s SQL query functionality, it’s possible to write a WAR payload […]

Wireshark 1.12.7 – Division by Zero Crash PoC

Pligg CMS 2.0.2 – (load_data_for_search.php) SQL Injection