10 - 2016 - :: Deepquest ::

>> Kaspersky – File Manager Cross Site Scripting Vulnerability

USER: deepcore // 2016-10-13 // 0 CMT

…

>> Kaspersky – Response Subject Persistent XSS Vulnerability

USER: deepcore // 2016-10-13 // 0 CMT

…

>> OpenSSL x509 Parsing Double-Free / Invalid-Free

USER: deepcore // 2016-10-13 // 0 CMT

Double-free and invalid-free vulnerabilities in x509 parsing were found in the latest OpenSSL (1.1.0b).

>> Limny 2.2 Expression Language Injection

USER: deepcore // 2016-10-13 // 0 CMT

Limny version 2.2 suffers from an expression language injection vulnerability.

>> iWisoft Video Converter 1.2 DLL Hijacking

USER: deepcore // 2016-10-13 // 0 CMT

iWisoft Video Converter version 1.2 suffers from a dll hijacking vulnerability.

>> Limny 3.0.2 Local File Inclusion

USER: deepcore // 2016-10-13 // 0 CMT

Limny version 3.0.2 suffers from a local file inclusion vulnerability.

>> Limny 3.2.2 Local File Inclusion

USER: deepcore // 2016-10-13 // 0 CMT

Limny version 3.2.2 suffers from a local file inclusion vulnerability.

>> Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection

USER: deepcore // 2016-10-13 // 0 CMT

Plone CMS versions 4.3.11 and below and versions 5.0.6 and below suffer from cross site scripting, open redirection, and path traversal vulnerabilities.

>> Android Binder Information Disclosure

USER: deepcore // 2016-10-13 // 0 CMT

The interaction between the kernel /dev/binder and the usermode Parcel.cpp mean that when a binder object is passed as BINDER_TYPE_BINDER or BINDER_TYPE_WEAK_BINDER, a pointer to that object (in the server…

>> Windows Object Manager Pathological Lookup EoP

USER: deepcore // 2016-10-13 // 0 CMT

When performing an object name lookup it’s possible exercise the worst case look up time for the object leading to a single lookup taking multiple minutes. This can prevent a…