10 - 2018 - :: Deepquest ::

>> MensaMax 4.3 Hardcoded Encryption Key Disclosure

USER: deepcore // 2018-10-02 // 0 CMT

MensaMax version 4.3 performs unencrypted transmission and usage of a hardcoded encryption key.

>> Ivanti Workspace Control Application PowerGrid RWS Whitelist Bypass

USER: deepcore // 2018-10-02 // 0 CMT

It was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue…

>> Ivanti Workspace Control Application PowerGrid SEE Whitelist Bypass

USER: deepcore // 2018-10-02 // 0 CMT

It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting…

>> Debian/Ubuntu AppArmor evince Policy Bypass

USER: deepcore // 2018-10-02 // 0 CMT

The Debian/Ubuntu AppArmor policy for evince in bypassable.

>> H2 Database 1.4.196 Remote Code Execution

USER: deepcore // 2018-10-02 // 0 CMT

H2 Database version 1.4.196 suffers from a remote code execution vulnerability.

>> Hotel Booking Engine 1.0 SQL Injection

USER: deepcore // 2018-10-02 // 0 CMT

Hotel Booking Engine version 1.0 suffers from a remote SQL injection vulnerability.

>> Education Website 1.0 SQL Injection

USER: deepcore // 2018-10-02 // 0 CMT

Education Website version 1.0 suffers from a remote SQL injection vulnerability.

>> Singleleg MLM Software 1.0 SQL Injection

USER: deepcore // 2018-10-02 // 0 CMT

Singleleg MLM Software version 1.0 suffers from a remote SQL injection vulnerability.

>> Binary MLM Software 1.0 SQL Injection

USER: deepcore // 2018-10-02 // 0 CMT

Binary MLM Software version 1.0 suffers from a remote SQL injection vulnerability.

>> Flippa Marketplace Clone 1.0 SQL Injection

USER: deepcore // 2018-10-02 // 0 CMT

Flippa Marketplace Clone version 1.0 suffers from a remote SQL injection vulnerability.