:: Deepquest ::

Gila CMS 1.11.8 – ‘query’ SQL Injection

Bandwidth Monitor 3.9 – ‘Svc10StrikeBandMontitor’ Unquoted Service Path

Netgear R7000 Router – Remote Code Execution

SOS JobScheduler 1.13.3 – Stored Password Decryption

Frigate Professional version 3.36.0.9 Find Computer local SEH buffer overflow proof of concept exploit.

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This tool checks for the vulnerability.

This proof of concept exploits a pre-authentication remote code execution vulnerability by combining SMBleed with SMBGhost.

This is a proof of concept exploit that demonstrates the SMBleed remote kernel memory read vulnerability.

This Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service (BITS), to overwrite C:WindowsSystem32WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker’s payload. To achieve code execution as the SYSTEM user, the Update Session Orchestrator service is then started, which will result in the malicious WindowsCoreDeviceInfo.dll being […]

Sysax MultiServer 6.90 – Reflected Cross Site Scripting