:: Deepquest ::

Facturation System 1.0 – ‘modid’ SQL Injection

HeidiSQL 9.5.0.5196 – Denial of Service (PoC)

Data Center Audit 2.6.2 – ‘username’ SQL Injection

TufinOS 2.17 Build 1193 – XML External Entity Injection

The Everus.org Android application version 1.0.7 has a fundamental design flaw where the client can send a random phone number during the second factor flow and the server will update the number on file.

The Everus.org Android application version1.0.7 has a fundamental design flaw where the server provides the second factor to the client for comparison instead of properly validating it server-side.

Microsoft Windows 10 Build 17134 local privilege escalation exploit with UAC bypass.

OpenSLP version 2.0.0 suffers from multiple out-of-bounds vulnerabilities.

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due […]

The FTP Server component of the D-LINK Central WifiManager can be used as a man-in-the-middle machine allowing PORT Command bounce scan attacks. This vulnerability allows remote attackers to abuse your network and discreetly conduct network port scanning. Victims will then think these scans are originating from the D-LINK network running the afflicted FTP Server and […]