:: Deepquest ::

Employee Management System 1.0 – Authentication Bypass

Chrome suffers from a MediaElementEventListener::UpdateSources use-after-free vulnerability.

TimeClock Software version 1.01 suffers from an authenticated time-based remote SQL injection vulnerability.

NodeBB Forum versions 1.12.2 through 1.14.2 suffer from an account takeover vulnerability.

Guild Wars 2 suffers from an insecure folder permissions vulnerability.

rConfig 3.9.5 – Remote Code Execution (Unauthenticated)

Vehicle Parking Management System 1.0 – Authentication Bypass

berliCRM version 1.0.24 suffers from a remote SQL injection vulnerability.

Battle.Net version 1.27.1.12428 suffers from a privilege escalation vulnerability due to insecure file permissions.

xls2csv version 0.95 suffers from three overflow, one malloc fail, one memory leak, and two null pointer dereference vulnerabilities. Proof of concept code and ASAN analysis is included.