:: Deepquest ::

Hotel And Lodge Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

WordPress GiveWP plugin version 2.9.7 suffers from a cross site scripting vulnerability.

This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user running iView, which is typically NT AUTHORITYSYSTEM. This issue was demonstrated in the vulnerable version 5.7.02.5992 and fixed in version 5.7.03.6112.

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the RCE (Remote Code Execution). By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects Exchange […]

Ext2Fsd v0.68 – ‘Ext2Srv’ Unquoted Service Path

CMS Made Simple version 2.2.15 suffers from a remote SQL injection vulnerability.

CMS Made Simple version 2.2.15 suffers from a remote shell upload vulnerability.

Winpakpro version 4.8 suffers from multiple unquoted service path vulnerabilities.

SAPSetup Automatic Workstation Update Service 750 suffers from an unquoted service path vulnerability.

Zoom versions 5.4.3 (54779.1115) and 5.5.4 (13142.0301) temporarily shares other application windows not in scope for sharing.