:: Deepquest ::

Symantec Endpoint Protection version 12.1.4013 suffers from a denial of service vulnerability.

The o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This enables the attacker to place and receive calls on behalf of the attacked user.

The vulnerability Laboratory Research Team has discovered multiple web validation vulnerabilities in the barracuda Message Archiver v650 Product.

Apple Security Advisory 2016-01-07-1 – QuickTime 7.7.9 is now available and addresses multiple memory corruption issues.

ownCloud versions 8.2.1 and below, 8.1.4 and below, and 8.0.9 and below suffer from an information exposure vulnerability via directory listings.

Emsisoft Anti Malware suffers from a DLL hijacking vulnerability.

ZoneAlarm installers suffer from a DLL hijacking vulnerability.

The firmware upgrade process of the FRITZ!Box 7490 is flawed. Specially crafted firmware images can overwrite critical files. Arbitrary code can get executed if an attempt is made to install such a manipulated firmware. Versions prior to 6.30 are affected.

RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device. Versions prior to 6.30 are affected.

OpenCart version 2.1.0.1 suffers from a cross site scripting vulnerability.