:: Deepquest ::

Remote Mouse 4.002 – Unquoted Service Path

This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 1.12.0.27 and below as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful […]

Telegram Desktop version 2.9.2 suffers from a denial of service vulnerability.

COVID-19 Contact Tracing System web app with QR Code Scanning version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Whitepaper called HiveNightmare AKA SeriousSAM. It details an overview of CVE-2021-36934 and provides exploitation details.

WordPress GetPaid payments plugin version 2.4.6 suffers from an html injection vulnerability.

Fabasoft cloud website versions prior to 18.0.17 suffer from a cross site scripting vulnerability.

Traffic Offense Management System version 1.0 remote code execution exploit that leverages a remote SQL vulnerability.

OpenEMR version 6.0.0 suffers from an insecure direct object reference vulnerability.

Confluence Server version 7.12.4 unauthenticated OGNL injection remote code execution exploit.