:: Deepquest ::

This archive contains all of the 156 exploits added to Packet Storm in June, 2018.

VMware NSX SD-WAN Edge versions prior to 3.1.2 suffer from a code execution vulnerability.

This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.12.0.19 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.12.0.4 firmware.

Delta Industrial Automation COMMGR version 1.08 stack buffer overflow proof of concept exploit.

SIPp version 3.6 suffers from a local buffer overflow vulnerability.

Core FTP LE version 2.2 buffer overflow proof of concept exploit.

Dolibarr ERP CRM versions 7.0.3 and below suffers from a remote PHP code injection vulnerability.

DAMICMS version 6.0.0 suffers from an add administrator cross site request forgery vulnerability.

Axis Cameras suffer from authorization bypass, unrestricted dbus access, command injection, denial of service, and information disclosure vulnerabilities.

Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.