12 - 2019 - :: Deepquest ::

>> Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting

USER: deepcore // 2019-12-17 // 0 CMT

Serv-U FTP Server version 15.1.7 suffers from a persistent cross site scripting vulnerability.

>> Serv-U FTP Server 15.1.7 CSV Injection

USER: deepcore // 2019-12-17 // 0 CMT

Serv-U FTP Server version 15.1.7 suffers from a CSV injection vulnerability.

>> Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure

USER: deepcore // 2019-12-17 // 0 CMT

Control Web Panel versions 0.9.8.856 through 0.9.8.864 suffer from a phpMyAdmin password disclosure vulnerability.

>> Microsoft Teams Instant Messenger DLL Hijacking

USER: deepcore // 2019-12-17 // 0 CMT

Microsoft Teams Instant Messenger application on Windows 7 SP1 fully patched is vulnerable to remote DLL hijacking.

>> Bash Profile Persistence

USER: deepcore // 2019-12-17 // 0 CMT

This Metasploit module writes an execution trigger to the target’s Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler…

>> Apple Security Advisory 2019-12-10-1

USER: deepcore // 2019-12-17 // 0 CMT

Apple Security Advisory 2019-12-10-1 – iOS 13.3 and iPadOS 13.3 is now available and addresses code execution and information leakage vulnerabilities.

>> [webapps] NopCommerce 4.2.0 – Privilege Escalation

USER: deepcore // 2019-12-17 // 0 CMT

NopCommerce 4.2.0 – Privilege Escalation

>> [webapps] Netgear R6400 – Remote Code Execution

USER: deepcore // 2019-12-17 // 0 CMT

Netgear R6400 – Remote Code Execution

>> [webapps] Zendesk App SweetHawk Survey 1.6 – Persistent Cross-Site Scripting

USER: deepcore // 2019-12-17 // 0 CMT

Zendesk App SweetHawk Survey 1.6 – Persistent Cross-Site Scripting

>> https://www.sme.go.th/readme.htm

USER: deepcore // 2019-12-16 // 0 CMT

https://www.sme.go.th/readme.htm notified by Dijehaji