:: Deepquest ::

The WePay Chat SDK suffers from an XML external entity injection vulnerability.

ntop-ng versions prior to 3.4.180617 suffer from a deterministic session ID vulnerability.

NuCom NC-WR644GACV with software versions STA 005 and below suffer from a configuration file download vulnerability that allows for extraction of the administrative credentials.

An issue was found in openslp version 2.0.0 that can be used to induce a double free bug or memory corruption by corrupting glibc’s doubly-linked memory chunk list. An exploit in included in the advisory.

OX App Suite version 7.8.5 suffers from XML external entity injection, information disclosure, and cross site scripting vulnerabilities.

This Metasploit module exploits a stack buffer overflow in Boxoft WAV to MP3 Converter versions 1.0 and 1.1. By constructing a specially crafted WAV file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.

ModSecurity 3.0.0 – Cross-Site Scripting

Nagios XI 5.2.6-5.4.12 – Chained Remote Code Execution (Metasploit)

FTPShell client 6.70 (Enterprise edition) – Stack Buffer Overflow (Metasploit)

VMware NSX SD-WAN Edge < 3.1.0 – Command Injection