:: Deepquest ::

Symantec Antivirus includes RAR unpacking memory corruption issues that can lead to remote code execution.

A malicious sftp server may force a client-side relative path traversal in jsch’s implementation for recursive sftp-get allowing the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process. Versions 0.1.53 and below are affected.

This Metasploit module exploits the “diagnostic console” feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an administrator on Metasploit Pro and by an authenticated user on Metasploit Express and Metasploit Community. When enabled, the diagnostic console provides access to msfconsole via […]

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins […]

Silverstripe theme Newedge suffers from a cross site scripting vulnerability.

Microsoft Internet Explorer 11 is not following the CORS specification for local files like Chrome and Firefox. Microsoft does not believe this to be a security issue.

Kerio Control Unified Threat Management versions prior to 9.1.3 suffer from unsafe usage of the PHP unserialize function, code execution, memory corruption, cross site scripting, and various other vulnerabilities.

Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability.

Wise Care 365 4.27 / Wise Disk Cleaner 9.29 – Unquoted Service Path Privilege Escalation

Linux – SELinux W+X Protection Bypass via AIO