:: Deepquest ::

Clear Voyager Hotspot IMW-C910W – Arbitrary File Disclosure

WordPress Email Users plugin version 4.8.2 suffers from a cross site scripting vulnerability.

WordPress Master Slider – Responsive Touch Slider plugin version 2.7.1 suffers from a cross site scripting vulnerability.

WordPress Profile Builder plugin version 2.4.0 suffers from a cross site scripting vulnerability.

WordPress WP Fastest Cache plugin version 0.8.5.9 suffers from a local file inclusion vulnerability.

WordPress Easy Forms for MailChimp plugin version 6.0.5.5 suffers from a local file inclusion vulnerability.

This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components […]

This Metasploit module exploits the lack of sanitization of standard handles in Windows’ Secondary Logon Service. The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12 32 and 64 bit. This Metasploit module will only work against those versions of Windows with Powershell 2.0 or later and systems with two or more CPU […]

C.COM Events CMS version 0.1.02 suffers from a remote SQL injection vulnerability that allows for login bypass.

GSX Analyzer versions 10.12 and 11 appear to have a hard-coded backdoor account in Main.swf.