8 - 2020 - :: Deepquest ::

[EXPLOIT]

>> XenForo 2.1.10 Patch 2 Cross Site Scripting

USER: deepcore // 2020-08-18 // 0 CMT

XenForo version 2.1.0 Patch 2 suffers from a cross site scripting vulnerability.

[EXPLOIT]

>> WordPress Fancybox Lightbox 1.0.1 Cross Site Scripting

USER: deepcore // 2020-08-18 // 0 CMT

WordPress Fancybox Lightbox plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.

[EXPLOIT]

>> Samsung Android Skia Qmage Image Codec Heap Buffer Overflow

USER: deepcore // 2020-08-18 // 0 CMT

Samsung Android suffers from a heap buffer overflow vulnerability and other issues in the Skia Qmage image codec.

[EXPLOIT]

>> Apache OFBiz XML-RPC Java Deserialization

USER: deepcore // 2020-08-18 // 0 CMT

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz’s unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.

[EXPLOIT]

>> Geutebruck testaction.cgi Remote Command Execution

USER: deepcore // 2020-08-18 // 0 CMT

This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the ‘server’ GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx…