10 - 2018 - :: Deepquest ::

>> PHP-SHOP Master 1.0 Cross Site Request Forgery

USER: deepcore // 2018-10-19 // 0 CMT

PHP-SHOP Master version 1.0 suffers from a cross site request forgery vulnerability.

>> OwnTicket 1.0 SQL Injection

USER: deepcore // 2018-10-19 // 0 CMT

OwnTicket version 1.0 suffers from a remote SQL injection vulnerability.

>> http://leaves.eppo.go.th/security/lang.tmp

USER: deepcore // 2018-10-18 // 0 CMT

http://leaves.eppo.go.th/security/lang.tmp notified by VenoM

>> Any Sound Recorder 2.93 Buffer Overflow

USER: deepcore // 2018-10-18 // 0 CMT

Any Sound Recorder version 2.93 SEH buffer overflow proof of concept exploit.

>> Time And Expense Management System 3.0 Cross Site Request Forgery

USER: deepcore // 2018-10-18 // 0 CMT

Time and Expense Management System version 3.0 suffers from a cross site request forgery vulnerability.

>> Git Submodule Arbitrary Code Execution

USER: deepcore // 2018-10-18 // 0 CMT

This write up provides a proof of concept with technical details for the git submodule arbitrary code execution vulnerability.

>> LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting

USER: deepcore // 2018-10-18 // 0 CMT

LANGO Codeigniter Multilingual Script version 1.0 suffers from html injection and cross site scripting vulnerabilities.

>> Ekushey Project Manager CRM 3.1 Cross Site Scripting

USER: deepcore // 2018-10-18 // 0 CMT

Ekushey Project Manager CRM version 3.1 suffers from a persistent cross site scripting vulnerability.

>> TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure

USER: deepcore // 2018-10-18 // 0 CMT

TP-Link TL-SC3130 version 1.6.18 suffers from an unauthenticated and unauthorized live RTSP stream disclosure.

>> D-Link Plain-Text Password Storage / Code Execution / Directory Traversal

USER: deepcore // 2018-10-18 // 0 CMT

Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities.