:: Deepquest ::

http://samor.go.th/media/ notified by sy.t

SoftMaker Office 201x suffers from a local privilege escalation vulnerability due to an unprotected directory.

InstallTinyPDF.exe suffers from dll hijacking and unsafe temp directory vulnerabilities.

Tempest Security Intelligence Advisory ADV-3/2016 – Atlassian Confluence version 5.9.12 is vulnerable to persistent cross site scripting because it fails to securely validate user controlled data, thus making it possible for an attacker to supply crafted input in order to harm users. The bug occurs at pages carrying attached files, even though the attached file […]

WordPress Stop User Enumeration plugin version 1.3.4 fails to stop user enumeration.

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the ‘NewNTPServer’ value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on affected DSL modems. This exploit was originally tested on firmware versions up […]

PDFAdd version 1.2 suffers from a dll hijacking vulnerability.

My Click Counter version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Internet Download Accelerator version 6.10.1.1527 SEH FTP buffer overflow exploit.

As a part of the KNOX extensions available on Samsung devices, Samsung provides a new service which allows the generation of OTP tokens and suffers from a heap overflow vulnerability.