:: Deepquest ::

4images versions 1.7.13 and below suffer from a remote SQL injection vulnerability.

A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is able to get any application that uses WININET to make a request to a server under his/her control […]

MyBB version 1.8.6 suffers from multiple cross site scripting vulnerabilities.

Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially […]

vBulletin versions 4.2.3 and below suffer from a remote SQL injection vulnerability in the forumrunner add-on.

A vulnerability in the validation of Amazon SNS messages was found in the W3 Total Cache plugin. This issue allows an attacker to perform a variety of actions concerning the server’s cache, which may result in a denial of service attack. Version 0.9.4.1 is affected.

Teradata Virtual Machine Community Edition version 15.10 suffers from an insecure file permission vulnerability.

WordPress Google Maps plugin version 6.3.14 suffers from a cross site request forgery vulnerability.

An information disclosure vulnerability was found in the W3 Total Cache plugin. This issue allows an attacker to hijack sensitive information, such as the administrator’s session cookie. Exploiting the vulnerability is possible during a short period of time when an administrator submits the support form. Version 0.9.4.1 is affected.

WordPress W3 Total Cache plugin version 0.9.4.1 suffers from a cross site scripting vulnerability.