:: Deepquest ::

WordPress Picture Gallery plugin version 1.4.2 suffers from a persistent cross site scripting vulnerability.

Simple Library Management System version 1.0 suffers from a remote SQL injection vulnerability.

RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this advisory shows the compromise of the server’s […]

RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this advisory shows the compromise of the server’s […]

OneNav Beta version 0.9.12 suffers from a persistent cross site scripting vulnerability.

Microsoft Windows suffers from unsafe temporary directory use with the Malicious Software Removal Tool that can lead to elevation of privilege.

Cockpit CMS 0.11.1 – ‘Username Enumeration & Password Reset’ NoSQL Injection

Amica Prodigy 1.7 – Privilege Escalation

IPCop 2.1.9 – Remote Code Execution (RCE) (Authenticated)

Microsoft Windows suffers from unsafe temporary directory use with the Malicious Software Removal Tool that can lead to elevation of privilege.