:: Deepquest ::

SAP Lumira 1.31 – Stored Cross-Site Scripting

Wondershare Driver Install Service Help version 10.7.1.321 suffers from an unquoted service path vulnerability.

osCommerce version 2.3.4.1 suffers from a persistent cross site scripting vulnerability.

SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.

This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php […]

This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the “sortfield” POST parameter of the rpc.php page, because “json_encode_safe()” is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.

Pure-FTPd 1.0.48 – Remote Denial of Service

Apache OpenMeetings version 5.0.0 suffers from a denial of service vulnerability.

nopCommerce Store version 4.30 suffers from a persistent cross site scripting vulnerability.