6 - 2020 - :: Deepquest ::

>> MJML 4.6.2 Path Traversal

USER: deepcore // 2020-06-17 // 0 CMT

MJML versions 4.6.2 and below suffer from a path traversal vulnerability.

>> SOS JobScheduler 1.13.3 Stored Password Decryption

USER: deepcore // 2020-06-17 // 0 CMT

SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt.

>> Gila CMS 1.11.8 SQL Injection

USER: deepcore // 2020-06-17 // 0 CMT

Gila CMS version 1.11.8 suffers from a remote SQL injection vulnerability.

>> TP-LINK Cloud Cameras NCXXX Stack Overflow

USER: deepcore // 2020-06-17 // 0 CMT

TP-LINK Cloud Cameras NCXXX suffer from a DelMultiUser stack overflow vulnerability.

>> Netgear R7000 Router Remote Code Execution

USER: deepcore // 2020-06-17 // 0 CMT

Netgear R7000 router remote code execution exploit that leverages a pre-authentication memcpy-based stack buffer overflow vulnerability.

>> Arista Restricted Shell Escape / Privilege Escalation

USER: deepcore // 2020-06-17 // 0 CMT

This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista’s bash shell, and a TACACS+ read-only account to achieve privilege escalation.

>> Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution

USER: deepcore // 2020-06-17 // 0 CMT

This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including 2.3.4.2103.

>> Theft Of CIA's Vault 7 Secrets Tied To Woefully Lax Security

USER: deepcore // 2020-06-17 // 0 CMT

>> [webapps] College-Management-System-Php 1.0 – Authentication Bypass

USER: deepcore // 2020-06-17 // 0 CMT

College-Management-System-Php 1.0 – Authentication Bypass

>> http://reo10.moe.go.th/vz.txt

USER: deepcore // 2020-06-16 // 0 CMT

http://reo10.moe.go.th/vz.txt notified by aDriv4