:: Deepquest ::

Trend Micro Anti-Threat Toolkit 1.62.0.1218 – Remote Code Execution

winrar 5.80 – XML External Entity Injection

These are notes on further exploitation of the Android Binder use-after-free vulnerability as noted in CVE-2019-2215 and leveraged against Kernel 3.4.x and 3.18.x on Samsung Devices using Samsung Android and LineageOS.

WiKID Systems 2FA Enterprise Server version 4.2.0-b2032 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to create a privileged user on the system using the web application login interface.

A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to bypass authentication and login as a non-existent user but with complete access to the dashboard including additional privileged user creation capabilities.

BlackMoon FTP Server version 3.1.2.1731 suffers from a BMFTP-RELEASE unquoted service path vulnerability.

Web Companion version 5.1.1035.1047 suffers from a WCAssistantService unquoted service path vulnerability.

WorkgroupMail version 7.5.1 suffers from a WorkgroupMail unquoted service path vulnerability.

WordPress FooGallery plugin version 1.8.12 suffers from a persistent cross site scripting vulnerability.