:: Deepquest ::

ManageEngine Network Configuration Manager version 12.2 suffers from a remote SQL injection vulnerability in apiKey.

This is a proof of concept for CVE-2018-8413 where the Microsoft Windows Theme API had a file parsing vulnerability.

Park Ticketing Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

This application, known as the SolarWinds n-Central Dumpster Diver, utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured […]

ECTouch ECShop version 2.7.3 suffers from a remote SQL injection vulnerability.

KeePass version 2.44 suffers from a denial of service vulnerability.

An insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still is not atomic.

Citrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability.

Employee Leaves Management System version 2.0 suffers from a cross site request forgery vulnerability.

ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.