:: Deepquest ::

QNAP myQNAPcloud Connect 1.3.4.0317 – ‘Username/Password’ Denial of Service

QNAP myQNAPcloud Connect version 1.3.4.0317 suffers from a username / password denial of service vulnerability.

Oracle Business Intelligence and XML Publisher versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from an XML external entity injection vulnerability.

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from a directory traversal vulnerability.

http://bantham.go.th/vz.txt notified by aDriv4

Evernote version 4.9 suffers from a path traversal that can allow for code execution.

This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of “system” on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written […]

Netwide Assembler (NASM) version 2.14rc15 null pointer dereference proof of concept exploit.

Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A _template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not required to exploit this vulnerability. By default, Java payload […]

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting in arbitrary command execution with root privileges. This […]