:: Deepquest ::

PivotX version 2.3.11 suffers from a reflective cross site scripting vulnerability.

PivotX version 2.3.11 suffers from a directory traversal vulnerability.

PivotX version 2.3.11 suffers from a remote shell upload vulnerability.

BigTree version 4.2.8 suffers from object injection and improper filename sanitization.

The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app’s Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection […]

Microsoft Internet Explorer has a read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout issue.

The avmplus bytecode verifier misses a control-flow path via op_pushwith throwing an exception allowing crafted bytecode to be incorrectly optimized which can trivially be abused to get code execution.

There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.

There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.

The SecLogon service does not sanitize standard handles when creating a new process leading to duplicating a system service thread pool handle into a user accessible process. This can be used to elevate privileges to Local System.