:: Deepquest ::

>> [webapps] Trixbox 2.8.0.4 – 'lang' Remote Code Execution (Unauthenticated)

USER: deepcore // 2021-05-28 // 0 CMT

Trixbox 2.8.0.4 – ‘lang’ Remote Code Execution (Unauthenticated)

>> [webapps] PHPFusion 9.03.50 – Remote Code Execution

USER: deepcore // 2021-05-28 // 0 CMT

PHPFusion 9.03.50 – Remote Code Execution

>> [webapps] WordPress Plugin LifterLMS 4.21.0 – Stored Cross-Site Scripting (XSS)

USER: deepcore // 2021-05-28 // 0 CMT

WordPress Plugin LifterLMS 4.21.0 – Stored Cross-Site Scripting (XSS)

>> https://www.doa.go.th/th/luv.htm

USER: deepcore // 2021-05-27 // 0 CMT

https://www.doa.go.th/th/luv.htm notified by Alf404

>> CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account

USER: deepcore // 2021-05-27 // 0 CMT

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).

>> RarmaRadio 2.72.8 Denial Of Service

USER: deepcore // 2021-05-27 // 0 CMT

RarmaRadio version 2.72.8 denial of service proof of concept exploit.

>> Codiad 2.8.4 Shell Upload

USER: deepcore // 2021-05-27 // 0 CMT

Codiad version 2.8.4 suffers from a remote shell upload vulnerability.

>> ProFTPd 1.3.5 Remote Command Execution

USER: deepcore // 2021-05-27 // 0 CMT

ProFTPd version 1.3.5 remote command execution exploit. This is a variant of the original vulnerability discovered in 2015 with credit going to R-73eN.

>> Nagios XI / Fusion Privilege Escalation / Cross Site Scripting / Code Execution

USER: deepcore // 2021-05-27 // 0 CMT

Skylight Cyber has identified a total of 13 vulnerabilities in Nagios XI and Nagios Fusion servers. These include remote code execution, cross site scripting, privilege escalation, and more.

>> Pluck CMS 4.7.13 Remote Shell Upload

USER: deepcore // 2021-05-27 // 0 CMT

Pluck CMS version 4.7.13 suffers from a remote shell upload vulnerability.