:: Deepquest ::

LanSend version 3.2 suffers from a buffer overflow vulnerability.

Adobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.

Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.

This Metasploit module exploits unauthenticated access to the runner() and _send_pub() methods in the SaltStack Salt master’s ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager versions 7.5.0 through 8.1.0 are known to be affected […]

This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component’s unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs. Though the advisory lists 6.4.3 […]

Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 […]

Remote Desktop Audit 2.3.0.157 – Buffer Overflow (SEH)

Kartris version 1.6 suffers from an arbitrary file upload vulnerability.

Pi-hole versions 4.4 and below suffer from a remote code execution vulnerability.

Pi-hole versions 4.4 and below remote code execution and privilege escalation exploit.