:: Deepquest ::

OXATIS 2017 suffers from a cross site scripting vulnerability.

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because […]

Dell Customer Connect (DCCService.exe) version 1.3.28.0 suffers from a local privilege escalation vulnerability.

http://www.wiangnuer.go.th/icon notified by NmR.Hacker

Western Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.

SquirrelMail versions 1.4.22 and below suffer from a remote code execution vulnerability.

The gnome-keyring-daemon is vulnerable to local credential disclosure as it leaves credentials accessible in memory.

This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise version 9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.