:: Deepquest ::

SpamTitan 7.07 – Unauthenticated Remote Code Execution

MOVEit Transfer 11.1.1 – ‘token’ Unauthenticated SQL Injection

MedDream PACS Server versions 6.8.3.751 suffers from an authenticated remote code execution vulnerability.

Photo Share Website version 1.0 suffers from a persistent cross site scripting vulnerability.

Checkmk version 1.6.0p16 suffers from a local privilege escalation vulnerability.

Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.

MailDepot version 2032 SP2 (2.2.1242) suffers from an improper authorization vulnerability. The REDDOXX MailDepot web service does not correctly verify whether a user has the proper rights to access specified mailboxes in a corresponding web service request. The web service request will only be processed if it contains a valid authentication token (usual REST web […]

Platinum Mobile version 1.0.4.850 has a broken access control. The mobile application connects to the company-specific server, which does not properly restrict the access to confidential data. Thus, an authenticated attacker can disclose the company’s payroll, personal information of other employees without having appropriate privileges to do so.

udisks and the Linux kernel have an issue where udisks permits users to mount romfs and romfs leaks uninitialized memory to userspace.

This archive contains all of the 97 exploits added to Packet Storm in September, 2020.