5 - 2018 - :: Deepquest ::

[SECURITY]

>> [webapps] MyBB Admin Notes Plugin 1.1 – Cross-Site Request Forgery

USER: deepcore // 2018-05-16 // 0 CMT

MyBB Admin Notes Plugin 1.1 – Cross-Site Request Forgery

[SECURITY]

>> [webapps] VirtueMart 3.1.14 – Persistent Cross-Site Scripting

USER: deepcore // 2018-05-16 // 0 CMT

VirtueMart 3.1.14 – Persistent Cross-Site Scripting

[SECURITY]

>> [webapps] Rockwell Scada System 27.011 – Cross-Site Scripting

USER: deepcore // 2018-05-16 // 0 CMT

Rockwell Scada System 27.011 – Cross-Site Scripting

[EXPLOIT]

>> IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure

USER: deepcore // 2018-05-15 // 0 CMT

Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities.

[EXPLOIT]

>> Calamp.com Incorrect Privilege Assignment

USER: deepcore // 2018-05-15 // 0 CMT

Calamp.com suffers from an incorrect privilege assignment that could lead to full user compromise.

[EXPLOIT]

>> ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI

USER: deepcore // 2018-05-15 // 0 CMT

ProjectPier versions 0.8.8 and below suffer from remote file inclusion, authentication bypass, remote shell upload, and remote SQL injection vulnerabilities.