:: Deepquest ::

http://healthws.ntwo.moph.go.th notified by Goodzilam

Ticket-Booking version 1.4 suffers from an authentication bypass vulnerability.

College-Management-System version 1.2 suffers from an authentication bypass vulnerability.

Webmin version 1.920 remote code execution exploit that leverages the vulnerability noted in CVE-2019-15107.

AppXSvc version 17763.1.amd64fre.rs5_release.180914-1434 suffers from an arbitrary file security descriptor overwrite privilege escalation vulnerability.

docPrint Pro version 8.0 suffers from a SEH buffer overflow vulnerability.

Inteno EG200 routers with firmware versions EG200-WU7P1U_ADAMO3.16.4-190226_1650 and below have a JUCI ACL misconfiguration that allows the “user” account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.

LastPass suffers from an issue where bypassing do_popupregister() leaks credentials from the previous site.

Symantec Advanced Secure Gateway (ASG) / ProxySG – Unrestricted File Upload

AppXSvc – Privilege Escalation