:: Deepquest ::

Zabbix version 3.0.3 suffers from a remote SQL injection vulnerability.

Apache OpenMeetings version 3.1.0 suffers from a cross site scripting vulnerability.

FreePBX versions 13 and 14 remote command execution exploit.

This Metasploit module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an unauthenticated user to upload text files by using a directory traversal attack on the FileUploadServlet servlet. A JSP file can be uploaded that then drops and executes a malicious payload, achieving code execution under the user which the WebNMS server is […]

FreePBX 13 / 14 – Remote Code Execution

Apache + PHP < 5.3.12 / < 5.4.2 – Remote Code Execution (Multithreaded Scanner) (2)

Easy FTP Server – “APPE” Command Buffer Overflow Remote Exploit

SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.

Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cyber criminals to easily run arbitrary code on these routers, rendering it vulnerable as a […]

The NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application are vulnerable to an authenticated remote code execution on the exposed web administration interface. An administrative account is needed to exploit this vulnerability. This results in code execution as root in the NVRmini and the ‘admin’ user in ReadyNAS. This exploit has […]