:: Deepquest ::

Arunna 1.0.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF)

Croogo 3.0.2 – Unrestricted File Upload

Croogo 3.0.2 – ‘Multiple’ Stored Cross-Site Scripting (XSS)

Cibele Thinfinity VirtualUI 2.5.41.0 – User Enumeration

Apache Log4j2 versions 2.14.1 and below information disclosure exploit.

Booked Scheduler version 2.75 authenticated remote shell upload exploit.

AbanteCart e-commerce platform versions prior to 1.3.2 suffer from cross site scripting and file upload vulnerabilities.

Zucchetti Axess CLOKI Access Control version 1.64 suffers from a cross site request forgery vulnerability.

Ticket Booking version 1.0 suffers from a remote SQL injection vulnerability.

Apache Log4j2 versions 2.0-beta-9 and 2.14.1 remote code execution exploit.