:: Deepquest ::

VirTool.Win32.Afix malware suffers from buffer overflow and code execution vulnerabilities.

WordPress WPFront Notification Bar plugin version 1.9.1.04012 suffers from a persistent cross site scripting vulnerability.

Garbage Collection Management System version 1.0 shell upload exploit that leverages a SQL injection vulnerability.

Backdoor.Win32.Surila.j malware suffers from a denial of service vulnerability.

Invoice System version 1.0 suffers from a persistent cross site scripting vulnerability.

VirTool.Win32.Afix malware suffers from buffer overflow and code execution vulnerabilities.

This Metasploit module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and access management solution. The vulnerability arises from a Java deserialization flaw in OpenAM’s implementation of the Jato framework and can be triggered by a simple one-line GET or POST request to a vulnerable endpoint. Successful exploitation yields code execution on […]

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin’s ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Update 3m (Linux appliance

WordPress Plugin Current Book 1.0.1 – ‘Book Title and Author field’ Stored Cross-Site Scripting (XSS)