:: Deepquest ::

A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.

This Metasploit module exploits a command injection vulnerability in the tdpServer daemon (/usr/bin/tdpServer), running on the router TP-Link Archer A7/C7 (AC1750), hardware version 5, MIPS Architecture, firmware version 190726. The vulnerability can only be exploited by an attacker on the LAN side of the router, but the attacker does not need any authentication to abuse […]

The vulnerability laboratory core research team discovered multiple vulnerabilities in the official Playable v9.18 apple…

The vulnerability laboratory core research team discovered multiple cross site vulnerabilities in the TAO Open Source As…

Apache Solr – Remote Code Execution via Velocity Template (Metasploit)

DotNetNuke – Cookie Deserialization Remote Code Execution (Metasploit)

PlaySMS – index.php Unauthenticated Template Injection Code Execution (Metasploit)

Pandora FMS – Ping Authenticated Remote Code Execution (Metasploit)

Liferay Portal – Java Unmarshalling via JSONWS RCE (Metasploit)