:: Deepquest ::

>> [local] ShareMouse 5.0.43 – 'ShareMouse Service' Unquoted Service Path

USER: deepcore // 2020-09-08 // 0 CMT

ShareMouse 5.0.43 – ‘ShareMouse Service’ Unquoted Service Path

>> [webapps] ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)

USER: deepcore // 2020-09-07 // 0 CMT

ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)

>> [webapps] grocy 2.7.1 – Persistent Cross-Site Scripting

USER: deepcore // 2020-09-07 // 0 CMT

grocy 2.7.1 – Persistent Cross-Site Scripting

>> [webapps] Cabot 0.11.12 – Persistent Cross-Site Scripting

USER: deepcore // 2020-09-07 // 0 CMT

Cabot 0.11.12 – Persistent Cross-Site Scripting

>> https://www.pattawee.go.th/U72.html

USER: deepcore // 2020-09-06 // 0 CMT

https://www.pattawee.go.th/U72.html notified by Unravel72

>> http://www.roiet.go.th

USER: deepcore // 2020-09-05 // 0 CMT

http://www.roiet.go.th notified by TAHU PETIS

>> COVR 3902 1.01B0 Hardcoded Credentials

USER: deepcore // 2020-09-05 // 0 CMT

The COVR 3902 REVA router with firmware 1.01B0 has hardcoded telnet credentials.

>> Hyland OnBase SQL Injection

USER: deepcore // 2020-09-05 // 0 CMT

All versions up to and prior to OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a multitude of remote SQL injection vulnerabilities.

>> Nord VPN 6.31.13.0 Unquoted Service Path

USER: deepcore // 2020-09-05 // 0 CMT

Nord VPN version 6.31.13.0 suffers from an unquoted service path vulnerability.

>> SiteMagic CMS 4.4.2 Shell Upload

USER: deepcore // 2020-09-05 // 0 CMT

SiteMagic CMS version 4.4.2 suffers from a remote shell upload vulnerability.