:: Deepquest ::

TP-Link Archer VR300 version 1 suffers from a persistent cross site scripting vulnerability.

Raritan CommandCenter Secure Gateway versions prior to 8.0.0 suffer from a cross site scripting vulnerability.

FreeRadius versions 3.0.19 and below suffer from a privilege escalation vulnerability via insecure logrotate use.

http://chainat.nfe.go.th/vz.txt notified by aDriv4

SMPlayer version 19.5.0 suffers from a buffer overflow vulnerability that can trigger a denial of service condition.

oXygen XML Editor version 21.1.1 suffers from an XML external entity injection vulnerability.

Xfilesharing versions 2.5.1 and below suffer from local file inclusion and remote shell upload vulnerabilities.

Ubuntu suffers from refcount underflow and type confusion vulnerabilities in shiftfs.

This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions: 1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine; 1.8.4~64bit on Ubuntu 19.04 […]

This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with exec_view permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).