:: Deepquest ::

Online Diagnostic Lab Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Online Diagnostic Lab Management System version 1.0 suffers from a remote SQL injection vulnerability.

WordPress Frontend Uploader plugin version 1.3.2 suffers from a persistent cross site scripting vulnerability.

Libstagefright, the media framework on Android, suffers from an out-of-bounds write vulnerability on the heap.

Crestron HD-MD4X2-4K-E version 1.0.0.2159 suffers from a credential disclosure vulnerability. When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface.

This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an HTTP server in addition to the LDAP server […]

WordPress Core 5.8.2 – ‘WP_Query’ SQL Injection

Online Diagnostic Lab Management System 1.0 – Stored Cross Site Scripting (XSS)

Online Diagnostic Lab Management System 1.0 – Account Takeover (Unauthenticated)