:: Deepquest ::

Instagram Auto Follow – Authentication Bypass

Ruby On Rails – DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)

http://lpa.nfe.go.th/mj.htm notified by M4st3rJ30

Joomla JiFile component version 2.3.1 suffers from an arbitrary file download vulnerability.

Agent Tesla Botnet suffers from an information leakage vulnerability.

This Metasploit module exploits a PHP unserialize() in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with “classes” permission could exploit the vulnerability. The vulnerability exists in the “ClassController.php” class, where the “bulk-commit” method makes it possible to exploit the unserialize function when passing untrusted values in “data” parameter. Tested on Pimcore 5.4.0-5.4.4, […]

This Metasploit module creates a pre-invoke hook for APT in apt.conf.d. The hook name syntax is numeric followed by text.

This Metasploit module will execute an arbitrary payload on an “ESEL” server used by the AIS logistic software. The server typically listens on port 5099 without TLS. There could also be server listening on 5100 with TLS but the port 5099 is usually always open. The login process is vulnerable to an SQL Injection. Usually […]

Linux suffers from a missing locking between ELF coredump code and userfaultfd VMA modification.

Revive Adserver versions prior to 4.2.0 suffers from deserialization and open redirection vulnerabilities.