:: Deepquest ::

Clinic Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

vCloud Director version 9.7.0.15498291 suffers from a remote code execution vulnerability.

OpenCart version 3.0.3.2 suffers from a persistent cross site scripting vulnerability.

This archive holds Bluetooth Impersonation Attack (BIAS) CVE-2020-10135 proof of concept and reproduction research from multiple researchers.

The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations.

Sabberworm PHP CSS parser suffers from a code injection vulnerability. Many versions are affected.

Apache Tomcat is affected by a Java deserialization vulnerability if the PersistentManager is configured as session manager. Successful exploitation requires the attacker to be able to upload an arbitrary file to the server. This archive includes a write up and proof of concept code from multiple researchers.

Insecure TLS session reuse can lead to a hostname verification bypass in Node.js.

Apple Security Advisory 2020-06-01-1 – iOS 13.5.1 and iPadOS 13.5.1 are now available and address a code execution vulnerability.

Apple Security Advisory 2020-06-01-2 – macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra are now available and address a code execution vulnerability.