:: Deepquest ::

mail.local(8) (NetBSD) – Local Root Exploit (NetBSD-SA2016-006)

Apache 2.4.7 & PHP <= 7.0.2 – openssl_seal() Uninitialized Memory Code Execution

WordPress Icegram plugin version 1.9.18 suffers from a cross site request forgery vulnerability.

WordPress Ninja Forms plugin version 2.9.51 suffers from cross site scripting vulnerabilities.

WordPress Video Player plugin version 1.5.16 suffers from multiple remote SQL injection vulnerabilities.

Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘F’ flag (Full) for ‘Everyone’ group. In combination with insecure file permissions the application suffers […]

The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter ‘accessLevel’ to ‘admin’ gaining admin rights and/or setting the parameter ‘advUser’ to ‘true’ and ‘_advUser’ to ‘on’ gaining advanced admin rights. Version 4.5.0 build 18676 is affected.

Wowza Streaming Engine version 4.5.0 build 18676 suffers from a cross site request forgery vulnerability.

Wowza Streaming Engine version 4.5.0 build 18676 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. When the file is modified it is automatically applied into the application with newly created user account. Wowza stores sensitive information such as username and password in cleartext in admin.password file, which […]

Wowza Streaming Engine suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Version 4.5.0 build […]