:: Deepquest ::

Microsoft Edge Chakra JIT – Out-of-Bounds Reads/Writes

VLC Media Player version 2.2.8 use-after-free arbitrary code execution proof of concept exploit.

WolfSight CMS version 3.2 suffers from a remote SQL injection vulnerability.

D-Link DIR601 version 2.02 suffers from a credential disclosure vulnerability.

ELO (Elektronischer Leitz-Ordner) versions 9 and 10 suffer from a remote time-based blind SQL injection vulnerability.

Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS 3.0.4.

IBM QRadar SIEM has three vulnerabilities in the Forensics web application that when chained together allow an attacker to achieve unauthenticated remote code execution. The first stage bypasses authentication by fixating session cookies. The second stage uses those authenticated sessions cookies to write a file to disk and execute that file as the “nobody” user. […]

Barracuda ADC versions 5.x suffer from filter bypass and cross site scripting vulnerabilities.

Barracuda ADC versions 5.x suffer from a client-side script insertion vulnerability.

Instagram Clone Script version 2.0 suffers from a cross site scripting vulnerability.