:: Deepquest ::

ICE HRM version 23.0 suffers from remote SQL injection and iframe injection vulnerabilities.

Mail Carrier version 2.5.1 suffers from a MAIL FROM buffer overflow vulnerability.

Moodle version 3.4.1 remote code execution exploit.

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a […]

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the “Upload and Download” module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can […]

This is a write up detailing the root cause of the kernel privilege escalation vulnerabilities Microsoft patched on March 12, 2019.

FTPGetter Standard version 5.97.0.177 suffers from a remote code execution vulnerability.

Pegasus CMS version 1.0 suffers from a code execution vulnerability in extra_fields.php.

Apache UNO with LibreOffice version 6.1.2 and OpenOffice version 4.1.6 API remote code execution exploit.