:: Deepquest ::

>> [webapps] Simple Employee Records System 1.0 – File Upload RCE (Unauthenticated)

USER: deepcore // 2021-02-26 // 0 CMT

Simple Employee Records System 1.0 – File Upload RCE (Unauthenticated)

>> http://sahathat.go.th/obec/web1/file_editor/logs.txt

USER: deepcore // 2021-02-25 // 0 CMT

http://sahathat.go.th/obec/web1/file_editor/logs.txt notified by SeRaVo BlackHaT

>> SpotAuditor 5.3.5 Denial Of Service

USER: deepcore // 2021-02-25 // 0 CMT

SpotAuditor version 5.3.5 suffers from a denial of service vulnerability.

>> Backdoor.Win32.Agent.xs Insecure Permissions

USER: deepcore // 2021-02-25 // 0 CMT

Backdoor.Win32.Agent.xs malware suffers from an insecure permissions vulnerability.

>> LogonExpert 8.1 Unquoted Service Path

USER: deepcore // 2021-02-25 // 0 CMT

LogonExpert version 8.1 suffers from an unquoted service path vulnerability.

>> Softros LAN Messenger 9.6.4 Unquoted Service Path

USER: deepcore // 2021-02-25 // 0 CMT

Softros LAN Messenger version 9.6.4 suffers from an unquoted service path vulnerability.

>> SLMail 5.1.0.4420 Remote Code Execution

USER: deepcore // 2021-02-25 // 0 CMT

SLMail version 5.1.0.4420 remote code execution exploit.

>> Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation

USER: deepcore // 2021-02-25 // 0 CMT

Microsoft Exchange Server has a flaw that exists within the HasValidCanary function inside of the Canary15 class. The issue results in an insecure generation of cross site request forgery tokens…

>> VMware vCenter 6.5 / 7.0 Remote Code Execution Proof Of Concept

USER: deepcore // 2021-02-25 // 0 CMT

VMware vCenter version 6.5 and 7.0 remote code execution proof of concept exploit.

>> Backdoor.Win32.Agent.xw Denial Of Service / Null Pointer

USER: deepcore // 2021-02-25 // 0 CMT

Backdoor.Win32.Agent.xw malware suffers from denial of service and null pointer vulnerabilities.