:: Deepquest ::

Sahi Pro version 8.x suffers from a cross site scripting vulnerability.

BlogEngine.NET versions 3.3.7 and earlier are vulnerable to two separate directory traversal issues that can lead to remote code execution.

BlogEngine.NET 3.3.6/3.3.7 – ‘theme Cookie’ Directory Traversal / Remote Code Execution

BlogEngine.NET 3.3.6/3.3.7 – ‘dirPath’ Directory Traversal / Remote Code Execution

Clever Dog Smart Camera types DOG-2W and DOG-2W-V4 suffer from file disclosure, default telnet backdoor credential, and insecure transit vulnerabilities.

RedwoodHQ version 2.5.5 suffers from an authentication bypass vulnerability.

This script is a proof of concept to bypass the Microsoft Windows User Access Control (UAC) via SluiFileHandlerHijackLPE.

Spring Security OAuth versions 2.3 prior to 2.3.6 suffer from open redirection vulnerabilities.

When a Microsoft Word “.docx” File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another “empty” file of the same […]

The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program […]