:: Deepquest ::

>> http://tambolsamrong.go.th/doc/ghi.html

USER: deepcore // 2020-09-09 // 0 CMT

http://tambolsamrong.go.th/doc/ghi.html notified by Ghost Hunter Illusion

>> [webapps] Scopia XT Desktop 8.3.915.4 – Cross-Site Request Forgery (change admin password)

USER: deepcore // 2020-09-09 // 0 CMT

Scopia XT Desktop 8.3.915.4 – Cross-Site Request Forgery (change admin password)

>> [local] Audio Playback Recorder 3.2.2 – Local Buffer Overflow (SEH)

USER: deepcore // 2020-09-09 // 0 CMT

Audio Playback Recorder 3.2.2 – Local Buffer Overflow (SEH)

>> [webapps] Tailor Management System – 'id' SQL Injection

USER: deepcore // 2020-09-09 // 0 CMT

Tailor Management System – ‘id’ SQL Injection

>> [local] Input Director 1.4.3 – 'Input Director' Unquoted Service Path

USER: deepcore // 2020-09-09 // 0 CMT

Input Director 1.4.3 – ‘Input Director’ Unquoted Service Path

>> Cabot 0.11.12 Cross Site Scripting

USER: deepcore // 2020-09-08 // 0 CMT

Cabot version 0.11.12 suffers from a persistent cross site scripting vulnerability.

>> Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload

USER: deepcore // 2020-09-08 // 0 CMT

Joomla GMapFP component versions J3.5 and J3.5F suffer from an unauthenticated arbitrary file upload vulnerability.

>> Grocy 2.7.1 Cross Site Scripting

USER: deepcore // 2020-09-08 // 0 CMT

Grocy version 2.7.1 suffers from a persistent cross site scripting vulnerability.

>> Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation

USER: deepcore // 2020-09-08 // 0 CMT

Rapid7 Nexpose Installer version 6.6.39 suffers from a local privilege escalation vulnerability.

>> macOS cfprefsd Arbitrary File Write / Local Privilege Escalation

USER: deepcore // 2020-09-08 // 0 CMT

This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable…