:: Deepquest ::

>> [dos] ColorNote 4.1.9 – Denial of Service (PoC)

USER: deepcore // 2021-06-03 // 0 CMT

ColorNote 4.1.9 – Denial of Service (PoC)

>> [webapps] CHIYU IoT Devices – Denial of Service (DoS)

USER: deepcore // 2021-06-03 // 0 CMT

CHIYU IoT Devices – Denial of Service (DoS)

>> [dos] BasicNote 1.1.9 – Denial of Service (PoC)

USER: deepcore // 2021-06-03 // 0 CMT

BasicNote 1.1.9 – Denial of Service (PoC)

>> [webapps] Seo Panel 4.8.0 – 'from_time' Reflected XSS

USER: deepcore // 2021-06-03 // 0 CMT

Seo Panel 4.8.0 – ‘from_time’ Reflected XSS

>> [remote] CHIYU IoT Devices – 'Telnet' Authentication Bypass

USER: deepcore // 2021-06-03 // 0 CMT

CHIYU IoT Devices – ‘Telnet’ Authentication Bypass

>> [webapps] FUDForum 3.1.0 – 'srch' Reflected XSS

USER: deepcore // 2021-06-03 // 0 CMT

FUDForum 3.1.0 – ‘srch’ Reflected XSS

>> [webapps] PHP 8.1.0-dev – 'User-Agentt' Remote Code Execution

USER: deepcore // 2021-06-03 // 0 CMT

PHP 8.1.0-dev – ‘User-Agentt’ Remote Code Execution

>> Cacti 1.2.12 SQL Injection / Remote Command Execution

USER: deepcore // 2021-06-02 // 0 CMT

This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as…

>> Postbird 0.8.4 XSS / LFI / Insecure Data Storage

USER: deepcore // 2021-06-02 // 0 CMT

Postbird version 0.8.4 suffers from cross site scripting, local file inclusion, and insecure data storage vulnerabilities. Included in this archive is a whitepaper and proof of concept exploit.

>> Packet Storm New Exploits For May, 2021

USER: deepcore // 2021-06-02 // 0 CMT

This archive contains all of the 185 exploits added to Packet Storm in May, 2021.