:: Deepquest ::

GNU Netcat version 0.7.1 suffers from an out-of-bounds array write.

Apache CouchDB sets weak file permissions potentially allowing ‘Standard’ Windows users to elevate privileges. The “nssm.exe” (Apache CouchDB) executable can be replaced by a ‘Standard’ non administrator user, allowing them to add a backdoor Administrator account once the “Apache CouchDB” service is restarted or system rebooted. As Apache CouchDB runs as LOCALSYSTEM, standard users can […]

Microsoft Event Viewer version 1.0 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

Alcatel Lucent Omnivista 8770 suffers from a remote code execution vulnerability.

Microsoft Authorization Manager version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance’s OS, web interface and sql server. Versions 4.5.1.35 […]

http://www.namkeaw.go.th/index.php notified by Tamil_Pasanga_Hackers

The code in IOMXNodeInstance.cpp that handles enableNativeBuffers uses port_index without validation, leading to writing the dword value 0 or 1 at an attacker controlled offset from the IOMXNodeInstance structure.

Xfinity Gateway suffers from a remote code execution vulnerability.

Apache ActiveMQ versions 5.11.1 and 5.13.2 suffer from command execution and directory traversal vulnerabilities.