:: Deepquest ::

Master Data Online version 2.0 suffers from a cross site scripting vulnerability.

Mitel 6869i Voip Deskphone version 4.2.2032 suffer from an unauthenticated command injection vulnerability.

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to […]

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This […]

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead […]

VxWorks 6.8 – TCP Urgent Pointer = 0 Integer Underflow

BSI Advance Hotel Booking System 2.0 – ‘booking_details.php Persistent Cross-Site Scripting

Joomla! Component JS Jobs (com_jsjobs) 1.2.5 – ‘cities.php’ SQL Injection

Cisco Adaptive Security Appliance – Path Traversal (Metasploit)

UNA 10.0.0 RC1 – ‘polyglot.php’ Persistent Cross-Site Scripting