:: Deepquest ::

>> PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection

USER: deepcore // 2020-06-16 // 0 CMT

PHP-Fusion version 9.03.60 PHP object injection to SQL injection pre-authentication exploit.

>> GOG GalaxyClientService Privilege Escalation

USER: deepcore // 2020-06-16 // 0 CMT

This Metasploit module will send arbitrary file_paths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges (verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also…

>> 10-Strike Bandwidth Monitor 3.9 Unquoted Service Path

USER: deepcore // 2020-06-16 // 0 CMT

10-Strike Bandwidth Monitor version 3.9 services Svc10StrikeBandMontitor, Svc10StrikeBMWD, and Svc10StrikeBMAgent suffer from unquoted service path vulnerabilities.

>> Documalis Free PDF Editor Buffer Overflow

USER: deepcore // 2020-06-16 // 0 CMT

This Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Editor.

>> Documalis Free PDF Scanner Buffer Overflow

USER: deepcore // 2020-06-16 // 0 CMT

This Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Scanner.

>> Neon LMS Shell Upload

USER: deepcore // 2020-06-16 // 0 CMT

This Metasploit module exploits a shell upload vulnerability in Neon LMS versions prior to 4.9.1.

>> [webapps] Gila CMS 1.11.8 – 'query' SQL Injection

USER: deepcore // 2020-06-16 // 0 CMT

Gila CMS 1.11.8 – ‘query’ SQL Injection

>> [local] Bandwidth Monitor 3.9 – 'Svc10StrikeBandMontitor' Unquoted Service Path

USER: deepcore // 2020-06-16 // 0 CMT

Bandwidth Monitor 3.9 – ‘Svc10StrikeBandMontitor’ Unquoted Service Path

>> [webapps] Netgear R7000 Router – Remote Code Execution

USER: deepcore // 2020-06-15 // 0 CMT

Netgear R7000 Router – Remote Code Execution

>> [remote] SOS JobScheduler 1.13.3 – Stored Password Decryption

USER: deepcore // 2020-06-15 // 0 CMT

SOS JobScheduler 1.13.3 – Stored Password Decryption