12 - 2021 - :: Deepquest ::

>> Exponent CMS 2.6 Cross Site Scripting / Brute Force

USER: deepcore // 2021-12-22 // 0 CMT

Exponent CMS version 2.6 suffers from cross site scripting and brute forcing vulnerabilities.

>> Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

USER: deepcore // 2021-12-22 // 0 CMT

Aver EVC300 firmware version 00.10.16.36 suffers from having multiple hard-coded secrets that can allow for access bypass.

>> Alfa Team Shell Tesla 4.1 Remote Code Execution

USER: deepcore // 2021-12-21 // 0 CMT

Alfa Team Shell Tesla version 4.1 suffers from a remote code execution vulnerability.

>> Signup PHP Portal 2.1 Shell Upload

USER: deepcore // 2021-12-21 // 0 CMT

Signup PHP Portal version 2.1 suffers from a remote shell upload vulnerability.

>> Video Sharing Website 1.0 SQL Injection

USER: deepcore // 2021-12-21 // 0 CMT

Video Sharing Website version 1.0 appears to suffer from a remote SQL injection vulnerability.

>> Bazaar Web PHP Social Listings Shell Upload

USER: deepcore // 2021-12-21 // 0 CMT

Bazaar Web PHP Social Listings suffers from a remote shell upload vulnerability.

>> WordPress Popular Posts 5.3.2 Remote Code Execution

USER: deepcore // 2021-12-21 // 0 CMT

This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to…

>> [webapps] Exponent CMS 2.6 – Multiple Vulnerabilities

USER: deepcore // 2021-12-20 // 0 CMT

Exponent CMS 2.6 – Multiple Vulnerabilities

>> [webapps] phpKF CMS 3.00 Beta y6 – Remote Code Execution (RCE) (Unauthenticated)

USER: deepcore // 2021-12-20 // 0 CMT

phpKF CMS 3.00 Beta y6 – Remote Code Execution (RCE) (Unauthenticated)

>> [webapps] WBCE CMS 1.5.1 – Admin Password Reset

USER: deepcore // 2021-12-20 // 0 CMT

WBCE CMS 1.5.1 – Admin Password Reset