7 - 2016 - :: Deepquest ::

>> [papers] – Exploiting Apache James Server 2.3.2

USER: deepcore // 2016-07-19 // 0 CMT

Exploiting Apache James Server 2.3.2

>> [webapps] – NewsP Free News Script 1.4.7 – User Credentials Disclosure

USER: deepcore // 2016-07-19 // 0 CMT

NewsP Free News Script 1.4.7 – User Credentials Disclosure

>> [webapps] – newsp.eu PHP Calendar Script 1.0 – User Credentials Disclosure

USER: deepcore // 2016-07-19 // 0 CMT

newsp.eu PHP Calendar Script 1.0 – User Credentials Disclosure

>> [remote] – Axis Communications MPQT/PACS 5.20.x – Server Side Include (SSI) Daemon Remote Format String Exploit

USER: deepcore // 2016-07-19 // 0 CMT

Axis Communications MPQT/PACS 5.20.x – Server Side Include (SSI) Daemon Remote Format String Exploit

>> [WebApps] – vBulletin 5.x/4.x – Persistent XSS in AdminCP/ApiLog via xmlrpc API (Post-Auth)

USER: deepcore // 2016-07-18 // 0 CMT

vBulletin 5.x/4.x – Persistent XSS in AdminCP/ApiLog via xmlrpc API (Post-Auth)

>> [Local] – Internet Explorer 11 (on Windows 10) – VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)

USER: deepcore // 2016-07-18 // 0 CMT

Internet Explorer 11 (on Windows 10) – VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)

>> [Remote] – DropBearSSHD <= 2015.71 – Command Injection

USER: deepcore // 2016-07-18 // 0 CMT

DropBearSSHD <= 2015.71 – Command Injection

>> [WebApps] – vBulletin 4.x – SQLi in breadcrumbs via xmlrpc API (Post-Auth)

USER: deepcore // 2016-07-18 // 0 CMT

vBulletin 4.x – SQLi in breadcrumbs via xmlrpc API (Post-Auth)

>> [remote] – OpenSSHD <= 7.2p2 – User Enumeration

USER: deepcore // 2016-07-18 // 0 CMT

OpenSSHD <= 7.2p2 – User Enumeration

>> http://provisgis.ntwo.moph.go.th/hunter.html

USER: deepcore // 2016-07-17 // 0 CMT

http://provisgis.ntwo.moph.go.th/hunter.html notified by HUNT3RXM