:: Deepquest ::

Spidermonkey IonMonkey incorrectly predicts return type of Array.prototype.pop, leading to type confusion vulnerabilities.

SuperDoctor5 implemented a remote command execution plugin in their implementation of NRPE that can be leveraged without authentication.

SAPIDO RB-1732 version 2.0.43 suffers from a remote command execution vulnerability.

WordPress iLive plugin version 1.0.4 suffers from a cross site scripting vulnerability.

WordPress Live Chat Unlimited plugin version 2.8.3 suffers from a persistent cross site scripting vulnerability.

Fortinet FCM-MB40 suffers from remote command execution and cross site request forgery vulnerabilities.

BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from a path directory traversal vulnerability.

This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell.

Nagios XI 5.5.6 – Magpie_debug.php Root Remote Code Execution (Metasploit)

Mozilla Spidermonkey – IonMonkey ‘Array.prototype.pop’ Type Confusion