:: Deepquest ::

NewsBee CMS version 1.4 suffers from a cross site scripting vulnerability.

Symfony versions 2.7.0 up to but not including 4.0.10 suffer from a denial of service vulnerability.

Wchat Fully Responsive PHP AJAX Chat Script version 1.5 suffers from a remote shell upload vulnerability.

KomSeo Cart version 1.3 suffers from a remote SQL injection vulnerability.

MyBB Moderator Log Notes plugin version 1.1 suffers from a cross site scripting vulnerability.

SAP Internet Transaction Server 6200.x suffers from session fixation and cross site scripting vulnerabilities.

Oracle WebCenter (Fatwire) Content Server versions prior to 7 suffer from an improper access control vulnerability.

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.pipeWindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing […]

Microsoft Windows Paint suffers from security feature bypass and unsafe file creation vulnerabilities.

Ruckus (Brocade) ICX7450-48 web application has a reflected cross site scripting vulnerability. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site and allow the attacker to access sensitive browser-based information.