:: Deepquest ::

Xerte 3.9 – Remote Code Execution (RCE) (Authenticated)

Xerte 3.10.3 – Directory Traversal (Authenticated)

Cobian Reflector version 0.9.93 RC1 suffers from a denial of service vulnerability.

Cobian Backup 11 Gravity version 11.2.0.582 suffers from a denial of service vulnerability.

Cobian Backup Gravity version 11.2.0.582 suffers from an unquoted service path vulnerability.

WAGO 750-8212 PFC200 G2 2ETH RS suffers from a privilege escalation vulnerability.

Cipi Control Panel version 3.1.15 suffers from a cross site scripting vulnerability.

Casdoor version 1.13.0 suffers from a remote SQL injection vulnerability.

This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras (CVE-2021-36260). The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module specifically attempts to exploit the blind variant of the […]

This Metasploit module exploits the “Apps” feature in Axis IP cameras. The feature allows third party developers to upload and execute eap applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary code. The issue has no CVE, although the […]