:: Deepquest ::

Online Course Registration version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Castel NextGen DVR version 1.0.0 suffers from authorization bypass, credential disclosure, and cross site request forgery vulnerabilities.

This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator’s REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality […]

Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure.

WinGate version 9.4.1.5998 suffers from an insecure permissions vulnerability that allows for privilege escalation.

http://www.lerdsin.go.th notified by saeed0511

AirControl version 1.4.2 suffers from a pre-authentication remote code execution vulnerability.

IObit Uninstaller version 9.5.0.15 suffers from an IObit Uninstaller Service unquoted service path vulnerability.

Clinic Management System version 1.0 suffers from an unauthenticated remote code execution vulnerability.

Navigate CMS version 2.8.7 suffers from an authenticated remote SQL injection vulnerability.