:: Deepquest ::

>> WordPress Coru LFMember 1.0.2 Cross Site Scripting

USER: deepcore // 2022-04-26 // 0 CMT

WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.

>> http://phutthaisonglocal.go.th/pentest.php

USER: deepcore // 2022-04-26 // 0 CMT

http://phutthaisonglocal.go.th/pentest.php notified by AnonCoders

>> WordPress ScrollReveal.js Effects 1.1.1 Cross Site Scripting

USER: deepcore // 2022-04-26 // 0 CMT

WordPress ScrollReveal.js Effects plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

>> Joomla Sexy Polling 2.1.7 SQL Injection

USER: deepcore // 2022-04-26 // 0 CMT

Joomla Sexy Polling extension versions 2.1.7 and below suffer from a remote SQL injection vulnerability.

>> Hackers Are Exploiting Zero Days More Than Ever

USER: deepcore // 2022-04-26 // 0 CMT

>> [webapps] GitLab 14.9 – Stored Cross-Site Scripting (XSS)

USER: deepcore // 2022-04-26 // 0 CMT

GitLab 14.9 – Stored Cross-Site Scripting (XSS)

>> [webapps] Gitlab 14.9 – Authentication Bypass

USER: deepcore // 2022-04-26 // 0 CMT

Gitlab 14.9 – Authentication Bypass

>> Joomla Sexy Polling 2.1.7 SQL Injection

USER: deepcore // 2022-04-25 // 0 CMT

Joomla Sexy Polling extension versions 2.1.7 and below suffer from a remote SQL injection vulnerability.

>> USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor

USER: deepcore // 2022-04-22 // 0 CMT

The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through…

>> Watch Queue Out-Of-Bounds Write

USER: deepcore // 2022-04-22 // 0 CMT

This Metasploit module exploits a vulnerability in the Linux Kernel’s watch_queue event notification system. It relies on a heap out-of-bounds write in kernel memory. The exploit may fail on the…