:: Deepquest ::

This Metasploit module exploits a command injection vulnerability in Apache Tika versions 1.15 through 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic byte checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at command line to allow for arbitrary JScript to […]

http://www.dongluang.go.th/dongluang/file_editor/db.txt notified by SeRaVo BlackHaT

http://www.obtbanjarn.go.th/obtbanjarn/file_editor/db.txt notified by SeRaVo BlackHaT

http://chiangkhwan.go.th/chiangkhwan/file_editor/db.txt notified by SeRaVo BlackHaT

WebIncorp ERP suffers from a remote SQL injection vulnerability. All versions as of 08/01/2019 are supposedly affected.

Cisco Catalyst 3850 Series Device Manager version 3.6.10E suffers from a cross site request forgery vulnerability.

Ultimate Loan Manager version 2.0 suffers from a persistent cross site scripting vulnerability.

This archive contains all of the 146 exploits added to Packet Storm in July, 2019.

1CRM On-Premise Software 8.5.7 – Persistent Cross-Site Scripting

Rest – Cafe and Restaurant Website CMS – ‘slug’ SQL Injection