:: Deepquest ::

PaulNews 1.0 – ‘keyword’ SQL Injection / Cross-Site Scripting

Linux/x86 – Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)

Linux/x86 – Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)

Merge PACS version 7.0 suffers from a cross site request forgery vulnerability.

Teradek VidiU Pro version 3.0.3 suffers from a server-side request forgery vulnerability.

GitBucket version 4.23.1 suffers from remote code execution and arbitrary file read vulnerabilities.

Teradek VidiU Pro version 3.0.3 change password cross site request forgery exploit.

ILIAS versions 5.3.2, 5.2.14, and 5.1.25 suffer from a cross site scripting vulnerability.

This Metasploit module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu […]

MySQL Blob Uploader 1.7 – ‘home-filet-edit.php’ SQL Injection