:: Deepquest ::

Microsoft Windows 10 – Child Process Restriction Mitigation Bypass

MACCMS 10 – Cross-Site Request Forgery (Add User)

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file.

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. […]

The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c […]

OX App Suite versions 7.8.4 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities.

XiongMai uc-httpd version 1.0.0 suffers from a buffer overflow vulnerability.

WebCTRL suffers from an out-of-band XML external entity injection vulnerability.

SensioLabs Symfony version 3.3.6 suffers from a cross site scripting vulnerability.

Schools Alert Management Script suffers from a remote SQL injection vulnerability.