:: Deepquest ::

OpenWGA Content Manager version 7.1.9 suffers from a cross site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

ChitaSoft CMS version 3 suffers from a cross site scripting vulnerability.

The Adobe Type Manager Font Driver (ATMFD.DLL) suffers from a NamedEscape out-of-bounds read.

PHPmongoDB version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

Django CMS version 3.2.3 suffers from filter bypass and malicious script insertion vulnerabilities.

Brickcom Network Cameras suffer from insecure direct object reference, hard-coded credentials, information disclosure, cross site request forgery, and cross site scripting vulnerabilities.

This Metasploit module exploits a Perl injection vulnerability in Exim versions prior to 4.86.2 given the presence of the “perl_startup” configuration parameter.

http://pvlo-aty.dld.go.th notified by HighTech

Exim “perl_startup” Privilege Escalation

Internet Explorer 11 – MSHTML!CMarkupPointer::UnEmbed Use After Free