:: Deepquest ::

Posty version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Easy RM RMVB to DVD Burner version 18.11 buffer overflow exploit.

Matrimony version 2.7 suffers from a cross site request forgery vulnerability.

NethServer version 7.3.1611 suffers from a cross site request forgery script insertion vulnerability in Upload.json.

NethServer version 7.3.1611 suffers from a cross site request forgery vulnerability that allows you to create a user and enable SSH access.

Microsoft Windows suffers from an issue where it is possible to inject code into a PPL protected process by hijacking COM objects leading to accessing PPL processes such as Lsa and AntiMalware from an administrator.

This Metasploit module exploits an unauthenticated remote command injection vulnerability in QNAP NAS devices. The transcoding server listens on port 9251 by default and is vulnerable to command injection using the ‘rmfile’ command. This Metasploit module was tested successfully on a QNAP TS-431 with firmware version 4.3.3.0262 (20170727).

The Next Generation of Genealogy Sitebuilding versions prior to 11.1.1 suffer from a remote SQL injection vulnerability.

Apple iOS versions prior to 10.3.1 kernel exploit that demonstrates a sandbox escape.

http://www.tranghos.go.th/media/ind3x.html notified by MOLOTOV-Dz