9 - 2022 - :: Deepquest ::

>> Multix 2.4 Cross Site Scripting

USER: deepcore // 2022-09-23 // 0 CMT

Multix version 2.4 suffers from a cross site scripting vulnerability.

>> Multix 2.4 Cross Site Request Forgery

USER: deepcore // 2022-09-23 // 0 CMT

Multix version 2.4 suffers from a cross site request forgery vulnerability.

>> WorkOrder CMS 0.1.0 SQL Injection

USER: deepcore // 2022-09-23 // 0 CMT

WorkOrder CMS version 0.1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

>> WorkOrder CMS 0.1.0 Cross Site Scripting

USER: deepcore // 2022-09-23 // 0 CMT

WorkOrder CMS version 0.1.0 suffers from a cross site scripting vulnerability.

>> Linux Stable 5.4 / 5.10 Use-After-Free / Race Condition

USER: deepcore // 2022-09-23 // 0 CMT

Linux stable versions 5.4 and 5.10 suffers from a page use-after-free via stale TLB caused by an rmap lock not held during PUD move.

>> Bitbucket Git Command Injection

USER: deepcore // 2022-09-23 // 0 CMT

Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/archive endpoint creates an archive of the repository, leveraging…

>> [webapps] Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)

USER: deepcore // 2022-09-23 // 0 CMT

Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)

>> [webapps] Aero CMS v0.0.1 – SQLi

USER: deepcore // 2022-09-23 // 0 CMT

Aero CMS v0.0.1 – SQLi

>> [webapps] WordPress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS)

USER: deepcore // 2022-09-23 // 0 CMT

WordPress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS)

>> [webapps] WordPress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS)

USER: deepcore // 2022-09-23 // 0 CMT

WordPress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS)