:: Deepquest ::

ECSIMAGING PACS version 6.21.5 suffers from a remote SQL injection vulnerability.

dnsrecon version 0.10.0 suffers from a CSV injection vulnerability.

Online Doctor Appointment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

Backdoor.Win32.Agent.dcbh malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.

Cockpit version 234 suffers from an unauthenticated server-side request forgery vulnerability.

Backdoor.Win32.Xtreme.yvp malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

Backdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named “cmd.dll” under C:WINDOWS which listens on both TCP ports 2003 and 2004. By sending consecutive HTTP PUT requests with large payloads of characters, we can cause buffer overflow.

PaperStream IP (TWAIN) version 1.42.0.5685 suffers from a local privilege escalation vulnerability.

Gitea version 1.7.5 suffers from a remote code execution vulnerability.