:: Deepquest ::

This Metasploit module exploits a command injection vulnerability in Ajenti versions 2.1.31 and below. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.

WMV to AVI MPEG DVD WMV Converter version 4.6.1217 suffers from a denial of service vulnerability.

Citrix StoreFront Server version 7.15 suffers from an XML external entity injection vulnerability.

JavaScriptCore (JSC) GetterSetter suffers from a type confusion vulnerability during DFG compilation.

iSeeQ Hybrid DVR WH-H4 versions 1.03R and 2.0.0.P suffer from an unauthenticated and unauthorized live stream disclosure vulnerability when get_jpeg script is called.

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Buffer OverFlow (SEH)

WordPress Plugin Google Review Slider 6.1 – ‘tid’ SQL Injection

MikroTik RouterOS 6.45.6 – DNS Cache Poisoning

Intelligent Security System SecurOS Enterprise version 10.2 suffers from a SecurosCtrlService unquoted service path vulnerability.