:: Deepquest ::

SmarterMail 16 – Arbitrary File Upload

Sistem Informasi Pengumuman Kelulusan Online version 1.0 suffers from a cross site request forgery vulnerability.

This Metasploit module exploits a vulnerability in LinuxKI Toolset versions 6.01 and below which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in the security vulnerability.

This research discusses two different vulnerabilities addressed in the June 2020 Microsoft Patch Tuesday. An integer overflow in OLE marshalling and a race condition with arbitrary file deletion are described in detail.

Frigate Professional 3.36.0.9 – ‘Find Computer’ Local Buffer Overflow (SEH) (PoC)

Virtual Airlines Manager version 2.6.2 suffers from a remote SQL injection vulnerability.

Bludit version 3.9.12 suffers from a directory traversal vulnerability.

Bandwidth Monitor version 3.9 full ROP buffer overflow exploit with SEH, DEP, and ASLR taken into consideration.

WebUntis versions 2020.12.1 and below suffer from a persistent cross site scripting vulnerability.

Joomla J2 Store version 3.3.11 suffers from an authenticated remote SQL injection vulnerability.