:: Deepquest ::

YouTube Video Grabber version 1.9.9.1 suffers from a SEH buffer overflow vulnerability.

Kingdia CD Extractor version 3.0.2 suffers from a SEH buffer overflow vulnerability.

Codiad version 2.8.4 remote reverse shell upload exploit. Original discovery of code execution in this version is attributed to WangYihang in 2018.

This Metasploit module uses an authentication bypass vulnerability in WordPress Pie Register plugin versions 3.7.1.4 and below to generate a valid cookie. With this cookie, hopefully of the admin, it will generate a plugin, pack the payload into it and upload it to a server running WordPress.

10-Strike Network Inventory Explorer Pro version 9.31 suffers from a buffer overflow vulnerability.

Employee Record Management System version 1.2 suffers from a remote SQL injection vulnerability.

Dynojet Power Core version 2.3.0 suffers from an unquoted service path vulnerability.

This Metasploit module exploits an arbitrary command execution vulnerability in Ericsson Network Location Mobile Positioning Systems. The export feature in various parts of the application is vulnerable. It is a feature made for the information in the tables to be exported to the server and imported later when required. Export operations contain the file_name parameter. […]

This Metasploit module exploits a privilege escalation vulnerability in Ericsson Network Location Mobile Positioning Systems.

i3 International Annexxus Cameras Ax-n version 5.2.0 does not allow creation of more than one administrator account on the system. This also applies for deletion of the administrative account. The logic behind this restriction can be bypassed by parameter manipulation using dangerous verbs like PUT and DELETE and improper server-side validation. Once a normal account […]