:: Deepquest ::

Smart Hospital version 3.1 suffers from a persistent cross site scripting vulnerability.

Alumni Management System version 1.0 suffers from a remote SQL injection vulnerability. SQL injection was originally discovered in this version in October of 2020 by Ankita Pal.

SyncBreeze version 10.0.28 suffers from a denial of service vulnerability.

Jenkins versions 2.251 and below and LTS 2.235.3 and below suffer from a persistent cross site scripting vulnerability.

Alumni Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of cross scripting vulnerability in this version is attributed to Valerio Alessandroni in December of 2020.

This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.

The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation.

Xeroneit Library Management System version 3.1 suffers from a persistent cross site scripting vulnerability.

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.

http://sakarat.go.th notified by 1K4lL_*