:: Deepquest ::

Homematic CCU2 version 2.29.23 suffers from an arbitrary file write vulnerability.

The DNNarticle module in DotNetNuke version 11 suffers from a directory traversal vulnerability.

VideoFlow Digital Video Protection DVP 10 version 2.10 suffers from an authenticated arbitrary file disclosure vulnerability including no session expiration. Input passed via the ‘ID’ parameter in several Perl scripts is not properly verified before being used to download system files. This can be exploited to disclose the contents of arbitrary files via directory traversal […]

VideoFlow Digital Video Protection DVP 10 version 2.10 suffers from authenticated remote code execution vulnerability. Including a cross site request forgery vulnerability, a remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.

D-Link DIR-601 suffers from an administrative password disclosure vulnerability.

IBM Virtual Security Operations Center (VSOC) suffers from a cross site scripting vulnerability.

WebLog Expert Enterprise version 9.4 suffers from a privilege escalation vulnerability.

WampServer version 3.1.2 suffers from a cross site request forgery vulnerability.

Secutech RiS-11/RiS-22/RiS-33 version 5.07.52_es_FRI01 remote DNS changer proof of concept exploit.

This archive contains all of the 149 exploits added to Packet Storm in March, 2018.