:: Deepquest ::

Huawei ISM Professional suffers from a cross site scripting vulnerability.

Silurus Classifieds version 2.0 suffers from a cross site scripting vulnerability.

WordPress ColorWay theme version 3.4.1 suffers from a cross site scripting vulnerability.

Nusiorung CMS 2016 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Huge IT Joomla Catalog extension version 1.0.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMR_PLGBLT, EMR_BITBLT, EMR_STRETCHBLT, EMR_STRETCHDIBITS etc. The GDI+ implementation supports bitmaps compressed with the BI_RLE8 (8-bit Run-Length Encoding) compression algorithm, and performs the actual decompression in the gdiplus!DecodeCompressedRLEBitmap function. […]

DornCMS version 1.4 suffers from a persistent cross site scripting vulnerability.

Iris ID IrisAccess ICU 7000-2 is prone to multiple reflected cross site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to the ‘HidChannelID’ and ‘HidVerForPHP’ POST parameters in the ‘SetSmarcardSettings.php’ script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user’s browser session. The application also allows […]

Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities.

The Iris ID IrisAccess ICU 7000-2 device suffers from an unauthenticated remote command execution vulnerability. The vulnerability exist due to several POST parameters in the ‘/html/SetSmarcardSettings.php’ script not being sanitized when using the exec() PHP function while updating the Smart Card Settings on the affected device. Calling the ‘$CommandForExe’ variable which is set to call […]