:: Deepquest ::

Joomla! J-BusinessDirectory component version 4.9.7 suffers from a remote SQL injection vulnerability.

Joomla! Easy Shop component version 1.2.3 suffers from a local file inclusion vulnerability.

Microsoft Windows has a flaw where a contact file can be leveraged with a malicious mailto: link to achieve code execution.

DNN version 9.1 suffers from a cross site scripting issue that can be achieved via an XML vulnerability.

Abantecart version 1.2.12 suffers from a cross site scripting vulnerability.

Coppermine version 1.5.46 suffers from multiple cross site scripting vulnerabilities.

Ghostscript has an issue with pseudo-operators that can lead to remote code execution. Version 9.26 is affected.

This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The log_path option can be set using the ASAN_OPTIONS environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. […]

Apple Security Advisory 2019-1-22-1 – iOS 12.1.3 is now available and addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.

Apple Security Advisory 2019-1-22-6 – iCloud for Windows 7.10 is now available and addresses code execution and cross site scripting vulnerabilities.