:: Deepquest ::

>> Inteno IOPSYS 3.16.4 Root Filesystem Access

USER: deepcore // 2021-01-19 // 0 CMT

Inteno IOPSYS version 3.16.4 suffers from a newline injection issue with samba share options that allows an attacker root access to the filesystem.

>> Cisco UCS Manager 2.2(1d) Remote Command Execution

USER: deepcore // 2021-01-19 // 0 CMT

Cisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before…

>> Microsoft Spooler Local Privilege Elevation

USER: deepcore // 2021-01-19 // 0 CMT

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there…

>> [webapps] osTicket 1.14.2 – SSRF

USER: deepcore // 2021-01-19 // 0 CMT

osTicket 1.14.2 – SSRF

>> http://www.raikee.go.th/indonesia.txt

USER: deepcore // 2021-01-18 // 0 CMT

http://www.raikee.go.th/indonesia.txt notified by Xyp3r2667

>> [webapps] Life Insurance Management System 1.0 – File Upload RCE (Authenticated)

USER: deepcore // 2021-01-18 // 0 CMT

Life Insurance Management System 1.0 – File Upload RCE (Authenticated)

>> [webapps] Inteno IOPSYS 3.16.4 – root filesystem access via sambashare (Authenticated)

USER: deepcore // 2021-01-18 // 0 CMT

Inteno IOPSYS 3.16.4 – root filesystem access via sambashare (Authenticated)

>> [webapps] Xwiki CMS 12.10.2 – Cross Site Scripting (XSS)

USER: deepcore // 2021-01-18 // 0 CMT

Xwiki CMS 12.10.2 – Cross Site Scripting (XSS)

>> [webapps] Cisco UCS Manager 2.2(1d) – Remote Command Execution

USER: deepcore // 2021-01-18 // 0 CMT

Cisco UCS Manager 2.2(1d) – Remote Command Execution

>> [webapps] Life Insurance Management System 1.0 – 'client_id' SQL Injection

USER: deepcore // 2021-01-18 // 0 CMT

Life Insurance Management System 1.0 – ‘client_id’ SQL Injection