:: Deepquest ::

>> Oracle WebLogic Server 12.2.1.0 Remote Code Execution

USER: deepcore // 2021-01-27 // 0 CMT

Oracle WebLogic Server 12.2.1.0 unauthenticated remote code execution exploit.

>> Former LulzSec Hacker Releases SonicWall VPN Zero-Day

USER: deepcore // 2021-01-27 // 0 CMT

>> [webapps] Openlitespeed Web Server 1.7.8 – Command Injection (Authenticated)

USER: deepcore // 2021-01-27 // 0 CMT

Openlitespeed Web Server 1.7.8 – Command Injection (Authenticated)

>> [webapps] STVS ProVision 5.9.10 – Cross-Site Request Forgery (Add Admin)

USER: deepcore // 2021-01-27 // 0 CMT

STVS ProVision 5.9.10 – Cross-Site Request Forgery (Add Admin)

>> [webapps] STVS ProVision 5.9.10 – File Disclosure (Authenticated)

USER: deepcore // 2021-01-27 // 0 CMT

STVS ProVision 5.9.10 – File Disclosure (Authenticated)

>> MyBB Timeline 1.0 Cross Site Request Forgery / Cross Site Scripting

USER: deepcore // 2021-01-26 // 0 CMT

MyBB Timeline plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

>> Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect

USER: deepcore // 2021-01-26 // 0 CMT

Revive Adserver versions 5.0.5 and below suffer from persistent and reflective cross site scripting and open redirection vulnerabilities.

>> Collabtive 3.1 Cross Site Scripting

USER: deepcore // 2021-01-26 // 0 CMT

Collabtive version 3.1 suffers from a persistent cross site scripting vulnerability.

>> Backdoor.Win32.Kraimer.11 Missing Authentication

USER: deepcore // 2021-01-26 // 0 CMT

Backdoor.Win32.Kraimer.11 malware has a backdoor on TCP/6668 that does not require any authentication.

>> Backdoor.Win32.Noknok.60 Insecure Permissions

USER: deepcore // 2021-01-26 // 0 CMT

Backdoor.Win32.Noknok.60 malware suffers from an insecure permissions vulnerability.