>> AUTHOR: deepcore

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This…

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to restart the device with an HTTP GET request to /goform/RestartDevice page.

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or session IDs for…

FastStone Image Viewer version 7.5 stack-based buffer overflow exploit with ASLR and DEP bypass.

VestaCP version 0.9.8 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting was discovered in this version in February of 2016 by Necmettin COSKUN.

Sony Playstation 4 (PS4) versions prior to 7.55 webkit jailbreak exploit.

Microsoft Exchange 2019 proxylogon server-side request forgery to arbitrary file write exploit.

VFS for Git version 1.0.21014.1 suffers from an unquoted service path vulnerability.

rConfig version 3.9.6 suffers from a remote shell upload vulnerability.