:: Deepquest ::

The document in this archive illustrates using the included proof of concept exploit to achieve root on Ubuntu systems using a flaw in the OverlayFS file system. The exploit itself does not have author attribution as the proof of concept came through SSD Disclosures.

Backdoor.Win32.WinShell.a malware suffers from a code execution vulnerability.

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPScmsmodulesfrontpages_builder::previewBlock() method allows to pass arbitrary content to the IPS_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation […]

http://watluanglocal.go.th notified by Dhen Bhocil

ProjeQtOr Project Management 9.1.4 – Remote Code Execution

CHIYU TCP/IP Converter devices – CRLF injection

CHIYU IoT devices – ‘Multiple’ Cross-Site Scripting (XSS)

WordPress Plugin WP Prayer version 1.6.1 – ‘prayer_messages’ Stored Cross-Site Scripting (XSS) (Authenticated)

Ubee EVW327 – ‘Enable Remote Access’ Cross-Site Request Forgery (CSRF)

DupTerminator 1.4.5639.37199 – Denial of Service (PoC)