:: Deepquest ::

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions 3.0.0 through 3.0.6 and 3.1.0. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL expressions to execute code and take control of the victim machine.

This Metasploit module leverages a remote shell upload vulnerability in pfSense pfBlockerNG plugin versions 2.1.4_26 and below. Note that version 3.x is unaffected.

MiniDVBLinux version 5.4 suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.

Backdoor.Win32.Redkod.d malware suffers from a hardcoded credential vulnerability.

WiFi File Transfer version 1.0.8 suffers from a cross site scripting vulnerability.

MiniDVBLinux version 5.4 suffers from an OS command execution vulnerability. This can be exploited to execute arbitrary commands as root through the command GET parameter in /tpl/commands.sh.

WordPress Photo Gallery plugin version 1.8.0 suffers from a cross site scripting vulnerability.

MiniDVBLinux versions 5.4 and below suffer from an arbitrary file disclosure vulnerability.

Apple Security Advisory 2022-10-10-1 – iOS 16.0.3 addresses a denial of service vulnerability.

Apple Music Android Application versions 3.8.0 through 3.10.2 suffer from a man-in-the-middle vulnerability.