9 - 2019 - :: Deepquest ::

>> Zero-Day Privilege Escalation Disclosed For Android

USER: deepcore // 2019-09-06 // 0 CMT

>> Cisco Device Hardcoded Credentials / GNU glibc / BusyBox

USER: deepcore // 2019-09-06 // 0 CMT

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known…

>> AwindInc SNMP Service Command Injection

USER: deepcore // 2019-09-06 // 0 CMT

This Metasploit module exploits a vulnerability found in AwindInc and OEM’ed products where untrusted inputs are fed to ftpfw.sh system command, leading to command injection. A valid SNMP read-write community…

>> WordPress API Bearer Auth 20181229 Cross Site Scripting

USER: deepcore // 2019-09-06 // 0 CMT

WordPress API Bearer Auth plugin version 20181229 suffers from a cross site scripting vulnerability.

>> [remote] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Remote Code Execution

USER: deepcore // 2019-09-06 // 0 CMT

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Remote Code Execution

>> FileThingie 2.5.7 Remote Shell Upload

USER: deepcore // 2019-09-05 // 0 CMT

FileThingie version 2.5.7 suffers from a remote shell upload vulnerability.

>> Totaljs CMS 12.0 Path Traversal

USER: deepcore // 2019-09-05 // 0 CMT

Totaljs CMS version 12.0 suffers from a path traversal vulnerability.

>> Totaljs CMS 12.0 Insecure Admin Session Cookie

USER: deepcore // 2019-09-05 // 0 CMT

Totaljs CMS version 12.0 mints an insecure cookie that can be used to crack the administrator password.

>> WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting

USER: deepcore // 2019-09-05 // 0 CMT

WordPress Portrait-Archiv.com Photostore plugin version 5.0.4 suffers from a cross site scripting vulnerability.

>> Totaljs CMS 12.0 Widget Creation Code Injection

USER: deepcore // 2019-09-05 // 0 CMT

Totaljs CMS version 12.0 suffers from an authenticated code injection vulnerability during widget creation.