:: Deepquest ::

dotProject version 2.1.9 suffers from multiple remote SQL injection vulnerabilities.

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.UsrMgr.php.

SeedDMS versions prior to 5.1.11 suffers from a remote shell upload vulnerability.

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.GroupMgr.php.

Fortinet’s FortiCam FCM-MB40 product suffers from root code execution, privilege escalation, hardcoded key, and various other vulnerabilities.

The IDAL HTTP server is vulnerable to a stack-based buffer overflow when receiving a large host header in a HTTP request. The host header value overflows a buffer and overwrites the Structured Exception Handler (SEH) address with a larger buffer. An unauthenticated attacker can send a Host header value of 2047 bytes or more to […]

The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server. The IDAL HTTP server does not safely handle username or cookie strings during the authentication process. Attempting to authenticate with the username “%25s%25p%25x%25n” […]

Microsoft Windows suffers from a CmpAddRemoveContainerToCLFSLog arbitrary file and directory creation vulnerability that allows for elevation of privilege.

The Windows Font Cache Service exposes section objects insecurely to low privileged users resulting in elevation of privilege.

Apple Security Advisory 2019-6-20-1 – AirPort Base Station Firmware Update 7.8.1 is now available and addresses denial of service and null pointer vulnerabilities.