:: Deepquest ::

LogicalDOC Enterprise version 7.7.4 suffers from a post-authentication command execution vulnerability via binary path manipulation.

CloudMe Sync versions 1.10.9 and below suffer from an unauthenticated remote buffer overflow vulnerability.

CloudMe Sync < 1.11.0 – Buffer Overflow

TypeSetter CMS 5.1 – ‘Host’ Header Injection

TypeSetter CMS 5.1 – Cross-Site Request Forgery

News Website Script 2.0.4 – ‘search’ SQL Injection

http://www.omkoi.go.th/readme.htm notified by Dijehaji

SoapUI suffers from an arbitrary code execution vulnerability via a maliciously imported project.

This Metasploit module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software (“units”) without setting appropriate permissions, allowing unprivileged local users to execute arbitrary commands […]

glibc – ‘$ORIGIN’ Expansion Privilege Escalation (Metasploit)