:: Deepquest ::

Fastly suffers from the poor practice of sending a temporary password in plaintext.

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2.

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2.

Purchase Order Management version 1.0 suffers a remote shell upload vulnerability. Flow details to achieve this are shown in the video link provided.

Wondershare Dr Fone version 12.9.6 suffers from a weak service permission vulnerability that can allow for privilege escalation.

Webpower UPS version 5.53 suffers from an HTTP denial of service vulnerability.

Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability.

Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability.

OpenBSD version 7.2 suffers from an overflow vulnerability. ip_dooptions() will allow IPOPT_SSRR with optlen = 2. save_rte() will set isr_nhops to very large value, which will cause an overflow in the next ip_srcroute() call.

ZwiiCMS version 12.2.04 suffers from an authenticated remote code execution vulnerability.