:: Deepquest ::

GetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.

On Microsoft Windows 10 1909, LSASS does not correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user’s credentials.

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows […]

Fuel CMS version 1.4.7 suffers from an authenticated remote SQL injection vulnerability.

SugarCRM versions prior to 10.1.10 suffer from multiple cross site scripting vulnerabilities.

SugarCRM versions prior to 10.1.10 suffer from a remote SQL injection vulnerability.

Avian JVM version 1.2.0 suffers from multiple vm::arrayCopy() integer overflow vulnerabilities.

Avian JVM version 1.2.0 suffers from a silent return issue in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks are performed to prevent out-of-bounds memory read/write. One of these boundary checks makes the code return silently when a negative length is provided instead of throwing an exception.

GetSimple CMS Plugin Multi User 1.8.2 – Cross-Site Request Forgery (Add Admin)

Artica Proxy 4.3.0 – Authentication Bypass