:: Deepquest ::

Backdoor.Win32.DRA.c malware suffers from a weak hardcoded password vulnerability.

CosaNostra Builder malware suffers from an insecure permissions vulnerability.

Xerox Versalink printers suffer from a remote denial of service vulnerability using a specially crafted TIFF payload.

CosaNostra Builder WebPanel malware only uses straight MD5 to store passwords without any salt.

Land Software’s FAUST iServer versions 9.0.017.017.1-3 through 9.0.018.018.4 suffer from a local file inclusion vulnerability.

uBidAuction version 2.0.1 suffers from a cross site scripting vulnerability.

CosaNostra Builder WebPanel malware suffers from a cross site request forgery vulnerability.

Ethercreative Logs plugin versions 3.0.3 and below for Craft CMS suffer from a path traversal vulnerability.

This Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root.

The XNU kernel suffers from a use-after-free vulnerability in mach_msg.