:: Deepquest ::

Simple Payroll System 1.0 – SQLi Authentication Bypass

This Metasploit module will generate a plugin which can receive a malicious payload request and upload it to a server running Moodle provided valid admin credentials are used. Then the payload is sent for execution, and the plugin uninstalled. You must have an admin account to exploit this vulnerability. Successfully tested against versions 3.6.3, 3.8.0, […]

Aviatrix Controller versions 6.x prior to 6.5-1804.1922 shell upload exploit that leverages a directory traversal vulnerability.

Cypress Solutions CTM-200/CTM-ONE suffers from a hard-coded credential remote root vulnerability via telnet and ssh.

Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the ‘ctm-config-upgrade.sh’ script leveraging the ‘fw_url’ POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and […]

Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the ‘ctm-config-upgrade.sh’ script leveraging the ‘fw_url’ POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and […]

https://www.spr.go.th/er.php notified by LahBodoAmat

Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Simple Online College Entrance Exam System version 1.0 suffers from an unauthenticated admin creation vulnerability.

django-unicorn versions 0.35.3 and below suffer from persistent cross site scripting vulnerability.