:: Deepquest ::

ProShow version 9.0.3797 suffers from a local privilege escalation vulnerability.

WordPress Insert or Embed Articulate Content plugin versions 4.2995 through 4.2997 suffers from a remote code execution vulnerability.

phpMyAdmin version 4.8 suffers from a cross site request forgery vulnerability.

Liferay Portal version 7.1 CE GA4 suffers from cross site scripting vulnerability in the SimpleCaptcha API.

FusionPBX versions 4.4.3 and below suffer from a remote code execution vulnerability via cross site scripting.

Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a credential disclosure vulnerability. An HTTP interface used by wireless extenders to pull the modem’s wifi settings uses DHCP client-provided option values to restrict access to this API. By forging DHCP packets, one can access this interface without any authentication and obtain details such as SSID name, […]

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from both local and remote privilege escalation vulnerabilities.

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot is needed to restart the webserver to make any modification to the device.

Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a serial number information disclosure vulnerability. The wireless extenders use DHCP Option 125 to include device details such as model number, manufacturer, and serial number. By forging a special DHCP packet using Option 125, an attacker can obtain the device serial number. Once he or she has […]

There’s a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.