:: Deepquest ::

PCHelpWare 2 version 1.0.0.5 SC denial of service exploit.

AdminExpress version 1.2.5 suffers from a Folder Path denial of service vulnerability.

PCHelpWare 2 version 1.0.0.5 Group denial of service exploit.

ZyWall 310, ZyWall 110, USG1900, ATP500, and USG40 devices suffer from a cross site scripting vulnerability.

Zoho ManageEngine ADManager Plus version 6.6 builds prior to 6659 suffer from a privilege escalation vulnerability.

Joomla versions 1.5.0 through 3.9.4 suffer from arbitrary file deletion and directory traversal vulnerabilities.

MailCarrier version 2.51 POP3 RETR command remote SEH buffer overflow exploit.

On Microsoft Windows, the SxS manifest cache in CSRSS uses a weak key allowing an attacker to fill a cache entry for a system binary leading to elevation of privilege.

On Microsoft Windows, the LUAFV driver reuses the file’s create request DesiredAccess parameter, which can include MAXIMUM_ACCESS, when virtualizing a file resulting in elevation of privilege.

On Microsoft Windows, the LUAFV driver doesn’t take into account a virtualized handle being duplicated to a more privileged process resulting in elevation of privilege.