:: Deepquest ::

Multiple DrayTek Products – Pre-authentication Remote Root Code Execution

Joomla! com_fabrik 3.9.11 – Directory Traversal

Odin Secure FTP Expert 7.6.3 – ‘Site Info’ Denial of Service (PoC)

Webexcels Ecommerce CMS version 2.x suffers from cross site scripting and remote SQL injection vulnerabilities.

FreeCommander XE 2020 Build 810a 32-bit suffers from a pathname buffer overflow vulnerability.

rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.

codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities.

This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.

IBM Cognos TM1 Server / Planning Analytics Server (TM1) suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module.

Micro Focus Vibe version 4.0.6 suffers from an html injection vulnerability.