:: Deepquest ::

i-doit Open Source CMDB version 1.14.1 suffers from an arbitrary file deletion vulnerability.

Booked Scheduler version 2.7.7 suffers from an authenticated directory traversal vulnerability.

MPC Sharj version 3.11.1 suffers from an arbitrary file download vulnerability.

Pisay Online E-Learning System version 1.0 suffers from remote SQL Injection and code execution vulnerabilities.

YesWiki cercopitheque version 2020.04.18.1 suffers from a remote SQL injection vulnerability.

webTareas version 2.0.p8 suffers from an arbitrary file deletion vulnerability.

Online Clothing Store version 1.0 suffers from a remote SQL injection vulnerability.

Online Clothing Store version 1.0 suffers from a persistent cross site scripting vulnerability.

Extreme Networks Aerohive HiveOS versions 11.x and below remote denial of service exploit. An unauthenticated malicious user can trigger a denial of service (DoS) attack when sending specific application layer packets towards the Aerohive NetConfig UI. This proof of concept exploit renders the application unusable for 305 seconds or 5 minutes with a single HTTP […]

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.