:: Deepquest ::

OpenEMR version 5.0.2.1 remote code execution exploit that drops in a reverse shell.

Hasura GraphQL version 1.3.3 suffers from a denial of service vulnerability.

Adtran Personal Phone Manager version 10.8.1 suffers from a DNS exfiltration vulnerability.

This Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system. Next, the USER is targeted to reset their password. Then, a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it, the command injection provides […]

This Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.

This Metasploit module exploits an arbitrary configuration write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an […]

Tenda D151 & D301 – Configuration Download (Unauthenticated)

Discourse 2.7.0 – Rate Limit Bypass leads to 2FA Bypass

BlackCat CMS 1.3.6 – ‘Multiple’ Stored Cross-Site Scripting (XSS)