:: Deepquest ::

Wireshark – ascend_seek Static Out-of-Bounds Read

Polycom VVX-Series business media phones suffer from a path traversal vulnerability.

Joomla! MyDynGallery component remote SQL injection exploit that leverages a vulnerability found back in 2008.

Datalife Engine version 9.7 engine/preview.php bindshell exploit that binds a shell to port 4444.

Joomla Shape 5 MP3 Player version 2.0 suffers from a local file disclosure vulnerability.

A reflected cross site scripting vulnerability was found in synnefoclient for Synnefo IMS 2015. The vulnerability has been discovered in the plan_name parameter on the request to fetch the package details for the logged in user. Request method is GET.

SAP NetWeaver J2EE engine version 7.40 suffers from a remote SQL injection vulnerability.

WordPress Admin Management Xtended plugin version 2.4.0 suffers from a privilege escalation vulnerability.

This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to exploit this vulnerability.

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of the value to create a malicious file with an arbitrary […]