:: Deepquest ::

http://aya1.go.th/lo.php notified by KyusaKU [- YumeN0 -]

DiskBoss version 7.7.14 Input Directory local buffer overflow proof of concept exploit.

Oracle Coherence Fusion Middleware remote code execution exploit. Supported versions that are affected are 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0.

MicroStrategy Intelligence Server and Web version 10.4 suffers from remote code execution, cross site scripting, server-side request forgery, and information disclosure vulnerabilities.

This whitepaper documents a walk through that describes the steps taken to identify a remote code execution vulnerability in multiOTP version 5.0.4.4.

AIDA64 Engineer version 6.20.5300 Report File filename SEH buffer overflow exploit.

This Metasploit module exploits a vulnerability in Apache Solr versions 8.3.0 and below which allows remote code execution via a custom Velocity template. Currently, this module only supports Solr basic authentication. From the Tenable advisory: An attacker could target a vulnerable Apache Solr instance by first identifying a list of Solr core names. Once the […]

This Metasploit module exploits an improper use of setuid binaries within VMware Fusion versions 10.1.3 through 11.5.3. The Open VMware USB Arbitrator Service can be launched outside of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, and creating a […]

This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 through 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a “type” attribute to instruct the server which type of object to create on deserialization. The cookie is processed by the application whenever it […]

Pandora FMS 7.0NG – ‘net_tools.php’ Remote Code Execution