:: Deepquest ::

Yasir Portal version 5.0 suffers from a database disclosure vulnerability.

XhP CMS version 0.5.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

NtLoadKeyEx takes a flag to open a registry hive read only, if one of the hive files cannot be opened for read access it will revert to write mode and also impersonate the calling process. This can leading to elevation of privilege if a user controlled hive is opened in a system service.

The isolated private namespace created by ierutils has an insecure boundary descriptor which allows any non-appcontainer sandbox process (such as chrome) or other users on the same system to gain elevated permissions on the namespace directory which could lead to elevation of privilege.

The isolated private namespace created by ierutils has a insecure DACL which allows any appcontainer process to gain elevated permissions on the namespace directory which could lead to elevation of privilege.

SPIP versions 3.1.2 and below suffer from a cross site request forgery vulnerability.

SPIP versions 3.1.2 and below suffer from a cross site scripting vulnerability.

SPIP versions 3.1.2 and below suffer from file enumeration and path traversal vulnerabilities.

ManageEngine ServiceDesk Plus version 9.2 build 9207 suffers from an unauthorized information disclosure vulnerability.

WineBottler versions 1.8-rc4 and below suffer from a man-in-the-middle vulnerability that can allow for remote code execution.