:: Deepquest ::

BlogEngine version 3.3 suffers from an XML external entity injection vulnerability.

osTicket version 1.14.1 suffers from a persistent cross site scripting vulnerability.

Fishing Reservation System suffers from multiple remote SQL injection vulnerabilities.

BoltWire version 6.03 suffers from a local file inclusion vulnerability.

This Metasploit module is an exploit that takes advantage of xglance-bin, part of HP’s Glance (or Performance Monitoring) version 11 and subsequent, which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating libraries in this location will result in an escalation […]

This Metasploit module exploits a .NET deserialization vulnerability in the Veeam ONE Agent before the hotfix versions 9.5.5.4587 and 10.0.1.750 in the 9 and 10 release lines. Specifically, the module targets the HandshakeResult() method used by the Agent. By inducing a failure in the handshake, the Agent will deserialize untrusted data. Tested against the pre-patched […]

Outline Service version 1.3.3 suffers from an unquoted service path vulnerability.

Frigate version 3.36 SEH buffer overflow exploit that pops a calculator.

addressbook version 9.0.0.1 suffers from a remote SQL injection vulnerability.

File Explorer for iOS version 1.4 suffers from an access bypass vulnerability.