:: Deepquest ::

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. Proof of concept included.

Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities. Products include but are not limited to CMC III PU Compact, CMC III PU 7030.000 PDU (whole portfolio), LCP-CW, and IoT Interface 3124.300.

Aruba ClearPass Policy Manager 6.7.0 – Unauthenticated Remote Command Execution

Barangay Management System 1.0 – Authentication Bypass

HelloWeb 2.0 – Arbitrary File Download

Savsoft Quiz 5 – Persistent Cross-Site Scripting

WordPress Plugin Powie’s WHOIS Domain Check 0.9.31 – Persistent Cross-Site Scripting

FrootVPN 4.8 – ‘frootvpn’ Unquoted Service Path

Sickbeard version 0.1 suffers from a remote command injection vulnerability.

BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities.