:: Deepquest ::

webERP version 4.15.1 suffers from an unauthenticated backup file disclosure vulnerability.

ATutor LMS version 2.2.4 suffers from having a weak password reset hash.

This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system as the asterisk user. Users can easily elevate their privileges to the root user however […]

This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as a3user has sudo access with the default password. At the time of disclosure, […]

IBM Data Risk Manager (IDRM) contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed by a command injection as the server user, and finally abuse of an insecure default password. This module exploits all three vulnerabilities, giving the attacker […]

http://www.laoluang101.go.th/datafile/JT.html notified by Mr.GonzX

GitLab 12.9.0 – Arbitrary File Read

webTareas 2.0.p8 – Arbitrary File Deletion

Online Clothing Store 1.0 – ‘username’ SQL Injection

Booked Scheduler 2.7.7 – Authenticated Directory Traversal