:: Deepquest ::

Easy!Appointments version 1.2.1 suffers from multiple cross site scripting vulnerabilities.

NetWin SurgeFTP version 23f2 suffers from multiple persistent cross site scripting vulnerabilities.

NetTransport Download Manager version 2.96L suffers from a buffer overflow vulnerability.

Xerox DC260 EFI Fiery Controller Webtools version 2.0 suffers from an arbitrary file disclosure vulnerability.

pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3.

This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials – admin/admin, installer/installer, home/home – to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.

This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials – admin/admin, installer/installer, home/home – to set up a reverse netcat shell.

Joomla! JEXTN FAQ Pro component version 4.0.0 suffers from a remote SQL injection vulnerability.

http://www.investigation.inst.police.go.th/download/ notified by Iran Security Team

http://bkh.moph.go.th/ton_mdgbk/newfile.php notified by Iran Security Team