:: Deepquest ::

OpenCats version 0.9.4 suffers from an XML external entity injection vulnerability.

An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote attacker to execute OS commands in the context of the OpManager application. This vulnerability is also present in other products that are built on top […]

Filerun 2021.03.26 – Remote Code Execution (RCE) (Authenticated)

Simple Attendance System 1.0 – Unauthenticated Blind SQLi

An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote attacker to execute OS commands in the context of the OpManager application. This vulnerability is also present in other products that are built on top […]

Positive Technologies Maxpatrol 8 and Xspider appears to suffer from a denial of service vulnerability.

WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.

Church Management System version 1.0 remote shell upload exploit.

Online Food Ordering System version 2.0 remote shell upload exploit.

Budget and Expense Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.