:: Deepquest ::

WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.

This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product has a widget feature which is implemented […]

ASX to MP3 3.1.3.7 – ‘.m3u’ Buffer Overflow

Trend Micro InterScan Messaging Security (Virtual Appliance) – Remote Code Execution (Metasploit)

Trend Micro OfficeScan 11.0/XG (12.0) – Remote Code Execution (Metasploit)

PyroBatchFTP version 3.17 suffers from a local buffer overflow vulnerability.

Complain Management System – Hard-Coded Credentials / Blind SQL injection

Utilizing Rancher Server, an attacker can create a docker container with the ‘/’ path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This […]

QNAP HelpDesk < 1.1.12 – SQL Injection

OrientDB 2.2.2 – 2.2.22 – Remote Code Execution (Metasploit)