:: Deepquest ::

College-Management-System-Php version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Code Blocks version 17.12 File Name SEH unicode local buffer overflow exploit.

OpenCTI version 3.3.1 suffers from cross site scripting and directory traversal vulnerabilities.

This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file’s ntpIp Parameter. The field is limited in size, so repeated requests are made to achieve a larger payload. Cayin CMS-SE is built for Ubuntu 16.04 (20.04 failed to install […]

This Metasploit module exploits a remote SQL injection vulnerability in the “query” parameter found on Gila CMS version 1.1.18.1.

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfinder_meeting_input.jsp file’s wayfinder_seqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and therefore the default settings should work. Results in SYSTEM level access. Only the java/jsp_shell_reverse_tcp and […]

This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018 can be exploited by unauthenticated attackers to gain remote code execution as […]

http://necvep.go.th/1.php notified by -1

Beauty Parlour Management System 1.0 – Authentication Bypass