:: Deepquest ::

No abstract description available in the upcomings!

No abstract description available in the upcomings!

No abstract description available in the upcomings!

Avira’s free antivirus package installers suffer from a dll hijacking vulnerability.

Joomla JSJobs component version 1.0.7.5 suffers from a remote SQL injection vulnerability.

CactuShop version 7 suffers from a database disclosure vulnerability.

ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘C’ flag (Change) for ‘Everyone’ group, making the entire directory ‘ZKTimeNet3.0’ and its files and sub-dirs world-writable. Version […]

ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘M’ flag (Modify) for ‘Authenticated Users’ group. Version 3.5.3 is affected.

The ZKBioSecurity solution suffers from a use of hard-coded credentials. The application comes bundled with a pre-configured apache tomcat server and an exposed ‘manager’ application that after authenticating with the credentials: username: zkteco, password: zkt123, located in tomcat-users.xml file, it allows malicious WAR archive containing a JSP application to be uploaded, thus giving the attacker […]

ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.