:: Deepquest ::

>> osTicket 1.14.1 Cross Site Scripting

USER: deepcore // 2020-05-29 // 0 CMT

osTicket version 1.14.1 has been found to be susceptible to multiple additional persistent cross site scripting vulnerabilities.

>> NOKIA VitalSuite SPM 2020 SQL Injection

USER: deepcore // 2020-05-29 // 0 CMT

NOKIA VitalSuite SPM 2020 suffers from a remote SQL injection vulnerability.

>> EyouCMS 1.4.6 Cross Site Scripting

USER: deepcore // 2020-05-29 // 0 CMT

EyouCMS version 1.4.6 suffers from a persistent cross site scripting vulnerability.

>> Online-Exam-System 2015 SQL Injection

USER: deepcore // 2020-05-29 // 0 CMT

Online-Exam-System 2015 suffers from a remote SQL injection vulnerability.

>> QNAP QTS And Photo Station 6.0.3 Remote Command Execution

USER: deepcore // 2020-05-29 // 0 CMT

QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability.

>> Firefox Default Content Process DACL Sandbox Escape

USER: deepcore // 2020-05-29 // 0 CMT

The Firefox content processes do not sufficiently lockdown access control which can result in a sandbox escape.

>> Pi-Hole 4.3.2 DHCP MAC OS Command Execution

USER: deepcore // 2020-05-29 // 0 CMT

This Metasploit module exploits a command execution in Pi-Hole versions 4.3.2 and below. A new DHCP static lease is added with a MAC address which includes a remote code execution…

>> [webapps] Crystal Shard http-protection 0.2.0 – IP Spoofing Bypass

USER: deepcore // 2020-05-29 // 0 CMT

Crystal Shard http-protection 0.2.0 – IP Spoofing Bypass

>> [webapps] WordPress Plugin Multi-Scheduler 1.0.0 – Cross-Site Request Forgery (Delete User)

USER: deepcore // 2020-05-29 // 0 CMT

WordPress Plugin Multi-Scheduler 1.0.0 – Cross-Site Request Forgery (Delete User)

>> BIND TSIG Denial Of Service

USER: deepcore // 2020-05-28 // 0 CMT

BIND TSIG denial of service exploit.