:: Deepquest ::

>> Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution

USER: deepcore // 2021-11-13 // 0 CMT

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the…

>> Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution

USER: deepcore // 2021-11-13 // 0 CMT

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the…

>> [webapps] Mumara Classic 2.93 – 'license' SQL Injection (Unauthenticated)

USER: deepcore // 2021-11-12 // 0 CMT

Mumara Classic 2.93 – ‘license’ SQL Injection (Unauthenticated)

>> [local] Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation

USER: deepcore // 2021-11-12 // 0 CMT

Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation

>> [dos] Xlight FTP 3.9.3.1 – Buffer Overflow (PoC)

USER: deepcore // 2021-11-12 // 0 CMT

Xlight FTP 3.9.3.1 – Buffer Overflow (PoC)

>> [webapps] WordPress Plugin AccessPress Social Icons 1.8.2 – 'icon title' Stored Cross-Site Scripting (XSS)

USER: deepcore // 2021-11-12 // 0 CMT

WordPress Plugin AccessPress Social Icons 1.8.2 – ‘icon title’ Stored Cross-Site Scripting (XSS)

>> [webapps] WordPress Plugin WP Symposium Pro 2021.10 – 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS)

USER: deepcore // 2021-11-12 // 0 CMT

WordPress Plugin WP Symposium Pro 2021.10 – ‘wps_admin_forum_add_name’ Stored Cross-Site Scripting (XSS)

>> Employee And Visitor Gate Pass Logging System 1.0 Cross Site Scripting

USER: deepcore // 2021-11-11 // 0 CMT

Employee and Visitor Gate Pass Logging System version 1.0 suffers from a persistent cross site scripting vulnerability.

>> Employee Daily Task Management System 1.0 Cross Site Scripting

USER: deepcore // 2021-11-11 // 0 CMT

Employee Daily Task Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

>> Dolibarr ERP / CRM 13.0.2 Cross Site Scripting

USER: deepcore // 2021-11-11 // 0 CMT

Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.