:: Deepquest ::

Fire Web Server Pre-Alpha version suffers from a denial of service vulnerability.

KiteService version 1.2020.618.0 suffers from an unquoted service path vulnerability.

OpenEMR version 5.0.1 suffers from a remote code execution vulnerability.

Windscribe version 1.83 suffers from an unquoted service path vulnerability.

NetPCLinker version 1.0.0.0 SEH with egghunter shellcode buffer overflow exploit.

This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7.

Reside Property Management 3.0 – ‘profile’ SQL Injection

Victor CMS 1.0 – ‘user_firstname’ Persistent Cross-Site Scripting

BSA Radar version 1.6.7234.24750 suffers from a persistent cross site scripting vulnerability.

This document describes a stack overflow vulnerability that was found in October, 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the UPNP daemon (/usr/sbin/upnpd), running on NETGEAR R6700v3 router with firmware versions V1.0.4.82_10.0.57 and V1.0.4.84_10.0.58. It allows for an unauthenticated reset of the root password and […]