:: Deepquest ::

Ultimate Project Manager CRM PRO versions 2.0.5 and below suffer from a remote SQL injection vulnerability.

WordPress HS Brand Logo Slider plugin version 2.1 suffers from a remote shell upload vulnerability.

User Registration and Login and User Management System with admin panel version 2.1 suffers from a persistent cross site scripting vulnerability.

Visitor Management System in PHP version 1.0 suffers from an authenticated remote SQL injection vulnerability.

This Metasploit module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is created via the specified payload. Because su forces passwords to be passed over stdin, this module attempts to invoke a pseudo-terminal with python, python3, or […]

WordPress Rest Google Maps plugin versions prior to 7.11.18 suffer from a remote SQL injection vulnerability.

WordPress Colorbox Lightbox plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys […]

Stock Management System 1.0 – ‘Brand Name’ Persistent Cross-Site Scripting

Stock Management System 1.0 – ‘Categories Name’ Persistent Cross-Site Scripting