:: Deepquest ::

Moodle version 3.9 authenticated remote code execution exploit.

GFI Mail Archiver versions 15.1 and below Telerik UI component unauthenticated arbitrary file upload exploit.

GFI Mail Archiver versions 15.1 and below Telerik UI component unauthenticated arbitrary file upload exploit.

Apache OfBiz version 17.12.01 exploit that achieves remote command execution via unsafe deserialization of XMLRPC arguments.

WordPress WP Customize Login plugin version 1.1 suffers from a persistent cross site scripting vulnerability.

Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use.

Client Management System version 1.1 suffers from a persistent cross site scripting vulnerability. This is a variant from the discovery of persistent cross site scripting in this version originally found by Bhavesh Kaul in June of 2021.

qdPM version 9.2 discloses the password and connection string for the database in an internet-accessible file.

GFI Mail Archiver 15.1 – Telerik UI Component Arbitrary File Upload (Unauthenticated)

CMSuno 1.7 – ‘tgo’ Stored Cross-Site Scripting (XSS) (Authenticated)