:: Deepquest ::

OpenMRS version 2.3 (1.11.4) suffers from an XML external entity processing vulnerability. The vulnerability is caused due to an error when parsing XML entities within ZIP archives and can be exploited to e.g. disclose data from local resources or cause a DoS condition (billion laughs) via a specially crafted XML file including external entity references.

This Metasploit module exploits a remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.

ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.

dotCMS version 3.2.4 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7 x64 virtual machine with Office 2013 installed and the latest updates applied. Proof of concept included.

Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability.

WIMAX LX350P(WIXFMR-108) – Multiple Vulnerabilities

Microsoft Windows Media Center Link File Incorrectly Resolved Reference

WordPress Plugin WP Easy Poll 1.1.3 – XSS and CSRF

WIMAX MT711x – Multiple Vulnerabilities