:: Deepquest ::

ObjectPlanet Opinio version 7.12 suffers from reflective and persistent cross site scripting vulnerabilities.

Denver IP Camera SHO-110 suffers from an unauthenticated disclosure of a snapshot.

Longjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.

Oracle Fatwire version 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.

The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.

http://secondary33.go.th/vuln.gif notified by MiSh

TripSpark VEO Transportation suffers from a remote blind SQL injection vulnerability.

eGain Chat version 15.5.5 suffers from a cross site scripting vulnerability.

Denver Smart Wifi Camera SHC-150 has a hardcoded backdoor login vulnerability available via telnet that gives a shell.