:: Deepquest ::

>> [webapps] Wavlink WN530HG4 – Password Disclosure

USER: deepcore // 2022-08-01 // 0 CMT

Wavlink WN530HG4 – Password Disclosure

>> [webapps] WordPress Plugin Duplicator 1.4.6 – Unauthenticated Backup Download

USER: deepcore // 2022-08-01 // 0 CMT

WordPress Plugin Duplicator 1.4.6 – Unauthenticated Backup Download

>> [webapps] Webmin 1.996 – Remote Code Execution (RCE) (Authenticated)

USER: deepcore // 2022-08-01 // 0 CMT

Webmin 1.996 – Remote Code Execution (RCE) (Authenticated)

>> [webapps] NanoCMS v0.4 – Remote Code Execution (RCE) (Authenticated)

USER: deepcore // 2022-08-01 // 0 CMT

NanoCMS v0.4 – Remote Code Execution (RCE) (Authenticated)

>> [remote] Omnia MPX 1.5.0+r1 – Path Traversal

USER: deepcore // 2022-08-01 // 0 CMT

Omnia MPX 1.5.0+r1 – Path Traversal

>> [webapps] mPDF 7.0 – Local File Inclusion

USER: deepcore // 2022-08-01 // 0 CMT

mPDF 7.0 – Local File Inclusion

>> [webapps] CuteEditor for PHP 6.6 – Directory Traversal

USER: deepcore // 2022-08-01 // 0 CMT

CuteEditor for PHP 6.6 – Directory Traversal

>> [webapps] WordPress Plugin Duplicator 1.4.7 – Information Disclosure

USER: deepcore // 2022-08-01 // 0 CMT

WordPress Plugin Duplicator 1.4.7 – Information Disclosure

>> WordPress WP-UserOnline 2.87.6 Cross Site Scripting

USER: deepcore // 2022-07-30 // 0 CMT

WordPress WP-UserOnline plugin versions 2.87.6 and below suffer from a persistent cross site scripting vulnerability.

>> Transposh WordPress Translation 1.0.7 Cross Site Scripting

USER: deepcore // 2022-07-30 // 0 CMT

Transposh WordPress Translation versions 1.0.7 and below have an ajax action “tp_tp” that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET…