4 - 2020 - :: Deepquest ::

>> Zen Load Balancer 3.10.1 Directory Traversal

USER: deepcore // 2020-04-11 // 0 CMT

Zen Load Balancer version 3.10.1 suffers from a directory traversal vulnerability.

>> Windscribe 1.83 Build 20 Unquoted Service Path

USER: deepcore // 2020-04-11 // 0 CMT

Windscribe version 1.83 Build 20 suffers from an unquoted service path vulnerability.

>> Xeroneit Library Management System 3.0 SQL Injection

USER: deepcore // 2020-04-11 // 0 CMT

Xeroneit Library Management System version 3.0 suffers from a remote SQL injection vulnerability.

>> Linux 5.3 Insecure Root Path Handling

USER: deepcore // 2020-04-11 // 0 CMT

Linux versions 5.3 and above appear to have an issue where io_uring suffers from insecure handling of the root directory for path lookups.

>> Linux Omitted TID Increment

USER: deepcore // 2020-04-11 // 0 CMT

Linux has an issue where the SLUB bulk allocation slowpath omits a required TID increment.

>> NagiosXI 5.6.11 address Remote Code Execution

USER: deepcore // 2020-04-10 // 0 CMT

NagiosXI version 5.6.11 post authentication address parameter remote code execution exploit.

>> Symantec Web Gateway 5.0.2.8 Remote Code Execution

USER: deepcore // 2020-04-10 // 0 CMT

Symantec Web Gateway version 5.0.2.8 post authentication remote code execution exploit.

>> NagiosXI 5.6.11 start / end / step Remote Code Execution

USER: deepcore // 2020-04-10 // 0 CMT

NagiosXI version 5.6.11 post authentication start, end, and step parameter remote code execution exploit.

>> Centreon 19.11 SQL Injection

USER: deepcore // 2020-04-10 // 0 CMT

Centreon version 19.11 post authentication acl_res_name parameter remote SQL injection vulnerability.

>> NagiosXL 5.6.11 orderby SQL Injection

USER: deepcore // 2020-04-10 // 0 CMT

NagiosXL version 5.6.11 post authentication orderby parameter remote SQL injection exploit.