:: Deepquest ::

Sitecore versions 7.1 and 7.2 suffer from a cross site scripting vulnerability.

Vaadin version 7.7.6 suffers from a cross site scripting vulnerability.

PayPal’s Marketing Online Service suffers from a user enumeration vulnerability.

Blackcat CMS version 1.2 suffers from a cross site scripting vulnerability.

SimpleRisk version 20170416-001 suffers from multiple cross site scripting vulnerabilities.

Cisco Prime Infrastructure versions 1.1 through 3.1.6 suffer from cross site scripting, XML external entity injection, file disclosure, and remote SQL injection vulnerabilities.

WordPress FormCraft Basic plugin version 1.0.5 suffers from multiple remote SQL injection vulnerabilities.

Eltek SmartPack has backdoor accounts that are disclosed via some json files.

This Metasploit module exploits a command injection vulnerability in NETGEAR DGN2200v1/v2/v3/v4 routers by sending a specially crafted post request with valid login details.

This Metasploit module exploits the command injection vulnerability of Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the web server user which is root. backupNow.do endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One […]