12 - 2015 - :: Deepquest ::

>> OpenMRS 2.3 (1.11.4) XXE Injection

USER: deepcore // 2015-12-09 // 0 CMT

OpenMRS version 2.3 (1.11.4) suffers from an XML external entity processing vulnerability. The vulnerability is caused due to an error when parsing XML entities within ZIP archives and can be…

[EXPLOIT]

>> phpFileManager 0.9.8 Remote Code Execution

USER: deepcore // 2015-12-09 // 0 CMT

This Metasploit module exploits a remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.

[EXPLOIT]

>> ASP Dynamika 2.5 Cross Site Scripting

USER: deepcore // 2015-12-09 // 0 CMT

ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.

[EXPLOIT]

>> dotCMS 3.2.4 CSRF / XSS / Open Redirect

USER: deepcore // 2015-12-09 // 0 CMT

dotCMS version 3.2.4 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

[EXPLOIT]

>> Microsoft Office / COM Object DLL Planting With Els.dll

USER: deepcore // 2015-12-09 // 0 CMT

It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7 x64 virtual…