:: Deepquest ::

Trojan-Dropper.Win32.Scrop.dyi malware suffers from an insecure permissions vulnerability.

Netgear WNAP320 version 2.0.3 suffers from an unauthenticated remote code execution vulnerability.

Personnel Record Management System version 1.0 unauthenticated administrator addition exploit that also adds a stored cross site scripting payload.

WordPress YOP Polls plugin version 6.2.7 suffers from a persistent cross site scripting vulnerability.

Constructor.Win32.Bifrose.asc malware suffers from buffer overflow and heap corruption vulnerabilities.

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

ES File Explorer 4.1.9.7.4 – Arbitrary File Read

Android version 2.0 exploit for FreeCIV versions 2.2 before 2.2.1 and 2.3 before 2.3.0 that achieves root.

Netgear WNAP320 2.0.3 – ‘macAddress’ Remote Code Execution (RCE) (Unauthenticated)

SAS Environment Manager 2.5 – ‘name’ Stored Cross-Site Scripting (XSS)