:: Deepquest ::

Joomla J-BusinessDirectory extension version 4.7.3 suffers from a remote SQL injection vulnerability.

Joomla JMultipleHotelReservation extension version 6.0.5 suffers from a remote SQL injection vulnerability.

Joomla JUX Real Estate extension version 3.3.0 suffers from a remote SQL injection vulnerability.

Doma version 3.0.6 suffers from a cross site scripting vulnerability.

SonicWall SonicOS NSA suffers from a filter bypass vulnerability.

D-Link DNS-320L ShareCenter contains a backdoor account that allows for remote root command execution.

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within WDMyCloud devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. A root shell will be spawned upon successful exploitation.

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within DNS-320L devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. Root shell will be spawned upon successful exploitation. Firmware versions 1.0 (2012/6/15) to 6.0 (2015/07/28) are vulnerable.

WDMyCloud versions 2.30.165 and below suffer from file upload, hard coded backdoor, command injection, cross site request forgery, denial of service, and information disclosure vulnerabilities.

Icyphoenix version 2.2.0.105 suffers from multiple remote SQL injection vulnerabilities.