:: Deepquest ::

iSmartAlarm CubeOne suffers from a remote command execution vulnerability that allows disabling the alarm and setting it off.

This exploit module illustrates how a vulnerability could be exploited in an TCP server that has a parsing bug. This is an example Metasploit module to be used for exploit development.

This template covers IE8/9/10, and uses the user-agent HTTP header to detect the browser version. Please note IE8 and newer may emulate an older IE version in compatibility mode, in that case the module won’t be able to detect the browser correctly. This is an example Metasploit module to be used for exploit development.

Geneko Routers – Unauthenticated Path Traversal

PyCharm 2-0 / 2017 suffers from a command-line buffer overflow vulnerability.

Sitecore CMS version 8.2 suffers from cross site scripting and file disclosure vulnerabilities.

Dasan Networks GPON ONT WiFi Router H64X Series does not properly perform authentication and authorization, allowing it to be bypassed through cookie manipulation. Setting the Cookie ‘Grant’ with value 1 (user) or 2 (admin) will bypass security controls in place enabling the attacker to take full control of the device management interface.

Dasan Networks GPON ONT WiFi Router H64X Series suffers from a cross site request forgery vulnerability.

Vodafone Italia’s webmail system suffers from a cross site scripting vulnerability that can be leveraged via an incoming email.

Dasan Networks GPON ONT WiFi Router H64X Series suffers from a privilege escalation vulnerability.