:: Deepquest ::

Easy XML Editor 1.7.8 – XML External Entity Injection

A flaw in the implementation of Microsoft’s Troubleshooter technology could lead to remote code execution if a crafted .diagcab file is opened by the victim. The exploit leverages a rogue webdav server to trick MSDT to drop files to attacker controller locations on the file system.

APKF Product Key Finder version 2.5.8.0 suffers from a denial of service vulnerability.

Torrent FLV Converter version 1.51 Build 117 suffers from a stack overflow vulnerability.

WordPress InfiniteWP Client plugin version 1.9.4.5 suffers from an authentication bypass vulnerability.

GTalk Password Finder version 2.2.1 suffers from a denial of service vulnerability.

WordPress Time Capsule plugin version 1.21.16 suffers from an authentication bypass vulnerability.

A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to escalate privileges in a realistic scenario is unlikely.

A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file. Note that Oracle Solaris CDE […]

Trend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM. This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros “Asmp” service “coreServiceShell.exe” which does not allow Administrators […]