:: Deepquest ::

Vuze Bittorrent Client version 5.7.6.0 suffers from an XML external entity injection vulnerability in SSDP processing.

Plex Media Server version 1.13.2.5154 suffers from an XML external entity injection vulnerability in SSDP processing.

Basic B2B Script version 2.0.0 suffers from a cross site scripting vulnerability.

PHP Template Store Script version 3.0.6 suffers from persistent cross site scripting vulnerabilities.

Wedding Slideshow Studio version 1.36 suffers from a buffer overflow vulnerability.

Fortinet FortiClient version 5.2.3 (Windows 10 x64 Creators) suffers from a local privilege escalation vulnerability.

Subrion CMS version 4.2.1 suffers from a cross site scripting vulnerability.

Rufus versions 3.0 and 3.1 suffers from dll hijacking vulnerabilities.

OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.

QNap QVR Client 5.0.3.23100 – Denial of Service (PoC)