:: Deepquest ::

A use-after-free issue exists in Chrome 100 and earlier versions. A malicious extension can achieve arbitrary code execution in the browser process.

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG […]

Showdoc 2.10.3 – Stored Cross-Site Scripting (XSS)

SolarView Compact 6.0 – OS Command Injection

T-Soft E-Commerce 4 – SQLi (Authenticated)

SDT-CW3B1 1.1.0 – OS Command Injection

T-Soft E-Commerce 4 – ‘UrunAdi’ Stored Cross-Site Scripting (XSS)

Survey Sparrow Enterprise Survey Software 2022 – Stored Cross-Site Scripting (XSS)

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG […]

Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities.