:: Deepquest ::

Parity versions 1.6.10 (stable) and below suffer from a same origin policy bypass vulnerability via a webproxy token reuse issue.

Many TP-Link products suffer from multiple authenticated remote command injection vulnerabilities.

Jungo Windriver version 12.5.1 suffers from a privilege escalation vulnerability.

Joomla! Easydiscuss component versions prior to 4.0.21 suffer from a cross site scripting vulnerability.

WordPress MQ ReLinks plugin version 1.8 suffers from cross site scripting and open redirection vulnerabilities.

WordPress Dbox 3D Slide Lite plugin versions 1.2.2 and below suffer from multiple remote SQL injection vulnerabilities.

WordPress Smooth Slider plugin versions 2.8.6 and below suffer from a remote SQL injection vulnerability.

WordPress Testimonial Slider plugin versions 1.2.4 and below suffer from a remote SQL injection vulnerability.

This Metasploit module exploits a file upload vulnerability in phpCollab version 2.5.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The exploit has been tested on Ubuntu 16.04.3 64-bit

This Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate […]