:: Deepquest ::

Redis has eloquently explained how it can be used for remote command execution if not securely configured to mitigate arbitrary access.

FreeType 2.6.1 TrueType tt_cmap14_validate Parsing Heap-Based Out-of-Bounds Reads

Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each instance of ‘%’. After finding a ‘%’, it continues to search two characters ahead, assuming that each instance is the beginning of a well formed […]

Cisco’s tools site suffered from multiple cross site scripting vulnerabilities.

Python versions 3.4 and 3.5 suffer from a vulnerability caused by the behavior of the xmlparse_setattro() function. When called, the function uses the provided name argument in several conditional statements which assume that the name argument is a string. However, if a name argument is provided that is not a string, this logic will make […]

Sam Spade version 1.14 local buffer overflow exploit.

Python versions 3.3 through 3.5 suffer from a vulnerability caused by the behavior of the product_setstate() function. When called, the function loops over the state tuple provided and clamps each given index to a value within a range from 0 up to the max number of pools. Then, it loops over the pools and gets […]

Zeuscart version 4.0 suffers from a cross site scripting vulnerability in the search functionality.

Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a remote SQL injection vulnerability.

Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a cross site scripting vulnerability.