:: Deepquest ::

VX Search Enterprise version 10.1.12 suffers from a buffer overflow vulnerability.

Sync Breeze Enterprise version 10.1.16 GET request SEH overflow exploit.

WordPress Pootie Button plugin version 1.1.1 suffers from a cross site scripting vulnerability.

WordPress PopCash.Net Publisher Code Integration plugin version 1.0 suffers from a cross site scripting vulnerability.

OctoberCMS version 1.0.425 suffers from a stored cross site scripting vulnerability.

X-Cart versions 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 suffer from a PHP code injection vulnerability.

This Metasploit module uploads a jsp payload and executes it.

This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Micro IMSVA product have widget feature which is implemented with PHP. […]

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way “WinSxS” works in Windows systems. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead […]

PHP Melody version 2.7.3 suffers from cross site scripting and SQL injection vulnerabilities.