:: Deepquest ::

WordPress Extredj plugin suffers from an open redirection vulnerability.

CakePHP versions 3.2.0 and below suffer from a _method cross site request forgery protection bypass vulnerability.

SeaWell Networks Spectrum SDC version 02.05.00 suffers from weak default credentials, path traversal, and privilege escalation vulnerabilities.

Samsung KNOX version 1.0 suffers from a weak eCryptFS implementation.

SuperDrive suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘C’ flag (Change) for ‘Authenticated Users’ group.

Advanced Electron Forum version 1.0.9 suffers from a cross site request forgery vulnerability.

Advanced Electron Forum version 1.0.9 suffers from cross site request forgery and remote file inclusion vulnerabilities.

Joomla Fsave component version 2.0 suffers from a local file disclosure vulnerability.

FluidDraw suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (siappdll.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application files (.PRJ, .CIRC, .CT, .DXF, .SYM) located on a remote WebDAV or SMB share.

Advanced Electron Forum version 1.0.9 suffers from a cross site scripting vulnerability.