:: Deepquest ::

VX Search version 13.5.28 suffers from an unquoted service path vulnerability.

VeryFitPro version 3.2.8 sends unencrypted cleartext transmission of sensitive information.

Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds write vulnerability in npu_session_format.

Unified Office Total Connect Now version 1.0 suffers from a remote SQL injection vulnerability.

Trojan.Win32.Alien.erf malware suffers from a buffer overflow vulnerability.

Dup Scout version 13.5.28 suffers from an unquoted service path vulnerability.

This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform’s /upload endpoint to upload and execute a payload as the Tomcat user.

The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution when deserialized. Tested against SharePoint 2019 and SharePoint 2016, […]

Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS.

Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS.