:: Deepquest ::

Enhanced Multimedia Router version 3.0.4.27 suffers from a cross site request forgery vulnerability.

MiladWorkShop VIP System version 1.0 suffers from a remote SQL injection vulnerability.

PHPKB Multi-Language 9 suffers from an authenticated remote code execution vulnerability.

PHPKB Multi-Language 9 suffers from an authenticated directory traversal vulnerability.

PHPKB Multi-Language 9 suffers from an image-upload.php remote authenticated code execution vulnerability.

The shared ShaderCache directory can be exploited to create an arbitrary file on the file system leading to elevation of privilege.

This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this module can bypass authentication via SQL injection.

ManageEngine Desktop Central – Java Deserialization (Metasploit)

Rconfig 3.x – Chained Remote Code Execution (Metasploit)

CoronaBlue aka SMBGhost proof of concept exploit for Microsoft Windows 10 (1903/1909) SMB version 3.1.1. This script connects to the target host, and compresses the authentication request with a bad offset field set in the transformation header, causing the decompresser to buffer overflow and crash the target.