:: Deepquest ::

Joomla Music Collection component version 3.0.3 suffers from a remote SQL injection vulnerability.

WordPress Easy Table plugin version 1.6 suffers from persistent cross site scripting vulnerabilities.

Riverbed RiOS suffers from an insecure cryptographic storage vulnerability.

ShadeYouVPN.com client for Windows version 2.0.1.11 suffers from a local privilege escalation vulnerability due to executing any file path sent through a socket without verification as the SYSTEM user.

This Metasploit module will generate a plugin, pack the payload into it and upload it to a server running Piwik. Superuser Credentials are required to run this module. This Metasploit module does not work against Piwik 1 as there is no option to upload custom plugins. Tested with Piwik 2.14.0, 2.16.0, 2.17.1 and 3.0.1.

Itech B2B script version 4.29 suffers from cross site scripting and remote SQL injection vulnerabilities.

NVIDIA suffers from an out-of-bounds read / write vulnerability in escape 0x100008b.

Microsoft Windows gdi32.dll suffers from a heap-based out-of-bounds reads / memory disclosure in EMR_SETDIBITSTODEVICE and possibly other records.

NVIDIA suffers from a buffer overflow vulnerability in the command buffer submission.

MailEnable suffers from multiple local privilege escalation vulnerabilities.