:: Deepquest ::

Vianeos OctoPUS version 5 suffers from a remote time-based SQL injection vulnerability.

Online Voting System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Online Voting System version 1.0 suffers from an authenticated remote code execution vulnerability.

WinWaste.NET version 1.0.6183.16475 allows a local unprivileged user to replace the executable with a malicious file that will be executed with LocalSystem privileges.

WordPress XCloner plugin version 4.2.12 authenticated remote code execution exploit.

This Metasploit module leverages a flaw in runc to escape a Docker container and get command execution on the host as root. This vulnerability is identified as CVE-2019-5736. It overwrites the runc binary with the payload and waits for someone to use docker exec to get into the container. This will trigger the payload execution. […]

This archive contains all of the 217 exploits added to Packet Storm in June, 2021.

WinWaste.NET 1.0.6183.16475 – Privilege Escalation due Incorrect Access Control

b2evolution 7.2.2 – ‘edit account details’ Cross-Site Request Forgery (CSRF)

AKCP sensorProbe SPX476 – ‘Multiple’ Cross-Site Scripting (XSS)