:: Deepquest ::

AKIPS Network Monitor versions 15.37 through 16.5 suffer from a remote command injection vulnerability.

Core Security Technologies Advisory – An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local […]

Cisco UCS Manager version 2.1(1b) shellshock exploit that spawns a connect-back shell.

ProjectSend version r582 suffers from a persistent cross site scripting vulnerability.

Yahoo’s mail web application suffered from a From: spoofing vulnerability.

OpenSSH versions 7.2p1 and below suffer from a command injection and /bin/false bypass vulnerability via xauth.

WordPress Bulletproof plugin version 0.53.2 suffers from a cross site scripting vulnerability.

Dropbear sshd versions 2015.71 and below suffer from a command injection vulnerability via xauth. An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. The newline acts as a command separator to the xauth binary. This attack requires the server to have […]

Chamilo LMS version 1.10.2 suffers from a cross site scripting vulnerability.

Netwrix Auditor version 7.1.322.0 suffers from a stack-based buffer overflow vulnerability when parsing large amount of bytes to the ‘sourceFile’ string parameter in PackFile() and UnpackFile() functions in ‘Netwrix.Common.CollectEngine.dll’ library, resulting in stack overrun overwriting several registers including the SEH chain. An attacker can gain access to the system of the affected node and execute […]