:: Deepquest ::

ObjectPlanet Opinio versions 7.13 and 7.14 suffer from an XML external entity injection vulnerability.

ObjectPlanet Opinio version 7.13 suffers from an expression language injection vulnerability.

ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.

Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privileges if a logged-in user visits a malicious web site.

Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.

http://korat7.go.th/hi.htm notified by YIIX103

Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.

IntelliChoice eFORCE Software Suite version 2.5.9 allows for username enumeration.

Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.

CloverDX version 5.9.0 cross site request forgery to remote code execution exploit.