:: Deepquest ::

MensaMax version 4.3 performs unencrypted transmission and usage of a hardcoded encryption key.

It was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1.

It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0.

The Debian/Ubuntu AppArmor policy for evince in bypassable.

H2 Database version 1.4.196 suffers from a remote code execution vulnerability.

Hotel Booking Engine version 1.0 suffers from a remote SQL injection vulnerability.

Education Website version 1.0 suffers from a remote SQL injection vulnerability.

Singleleg MLM Software version 1.0 suffers from a remote SQL injection vulnerability.

Binary MLM Software version 1.0 suffers from a remote SQL injection vulnerability.

Flippa Marketplace Clone version 1.0 suffers from a remote SQL injection vulnerability.