:: Deepquest ::

AVS Audio Converter version 10.3 suffers from a stack overflow vulnerability.

This Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell.

This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.

Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.

Joomla OSG Courts Reservation extension version 1.4.9 suffers from a remote SQL injection vulnerability.

Knap Advanced PHP Login version 3.1.3 suffers from a cross site scripting vulnerability.

Vicidial version 2.14-783a suffers from multiple cross site scripting vulnerabilities.

Garage Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Stripe Green Downloads version 2.03 suffers from a cross site scripting vulnerability.

WordPress ImageMagick-Engine plugin versions 1.7.4 and below suffer from a remote code execution vulnerability.