:: Deepquest ::

>> [webapps] 4images v1.7.11 – 'Profile Image' Stored Cross-Site Scripting

USER: deepcore // 2021-01-04 // 0 CMT

4images v1.7.11 – ‘Profile Image’ Stored Cross-Site Scripting

>> [webapps] Mantis Bug Tracker 2.24.3 – 'access' SQL Injection

USER: deepcore // 2021-01-04 // 0 CMT

Mantis Bug Tracker 2.24.3 – ‘access’ SQL Injection

>> [webapps] WordPress Core 5.2.2 – 'post previews' XSS

USER: deepcore // 2021-01-04 // 0 CMT

WordPress Core 5.2.2 – ‘post previews’ XSS

>> [webapps] sar2html 3.2.1 – 'plot' Remote Code Execution

USER: deepcore // 2021-01-04 // 0 CMT

sar2html 3.2.1 – ‘plot’ Remote Code Execution

>> [dos] Easy CD & DVD Cover Creator 4.13 – Denial of Service (PoC)

USER: deepcore // 2021-01-04 // 0 CMT

Easy CD & DVD Cover Creator 4.13 – Denial of Service (PoC)

>> [local] MiniTool ShadowMaker 3.2 – 'MTAgentService' Unquoted Service Path

USER: deepcore // 2021-01-04 // 0 CMT

MiniTool ShadowMaker 3.2 – ‘MTAgentService’ Unquoted Service Path

>> Packet Storm New Exploits For December, 2020

USER: deepcore // 2021-01-02 // 0 CMT

This archive contains all of the 225 exploits added to Packet Storm in December, 2020.

>> Packet Storm New Exploits For 2020

USER: deepcore // 2021-01-02 // 0 CMT

Complete comprehensive archive of all 1,949 exploits added to Packet Storm in 2020.

>> qdPM 9.1 PHP Object Injection

USER: deepcore // 2021-01-01 // 0 CMT

qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.

>> Openpilot Default SSH Key Scanner

USER: deepcore // 2021-01-01 // 0 CMT

Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default…