:: Deepquest ::

Apple Security Advisory 2022-03-31-1 – iOS 15.4.1 and iPadOS 15.4.1 addresses code execution and out of bounds write vulnerabilities.

Message System version 1.0 suffers from a persistent cross site scripting vulnerability.

Message System version 1.0 suffers from a remote SQL injection vulnerability that can lead to remote code execution.

Medical Hub Directory Site version 1.0 suffers from a remote blind SQL injection vulnerability. This research was submitted on the same day Packet Storm received similar findings from Saud Alenazi.

Spoofer version 1.4.6 suffers from an unquoted service path vulnerability that can lead to privilege escalation.

EG Free AntiVirus version 2020 suffers from an unquoted service path vulnerability that can lead to privilege escalation.

Chrome has an issue where a malformed message sent to DeserializeFromMessage may trigger deserialization of out-of-bounds data.

IdeaRE RefTree versions prior to 2021.09.17 suffer from a remote shell upload vulnerability.

IdeaRE RefTree versions prior to 2021.09.17 suffer from a path traversal vulnerability.

Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attacker can gain remote code execution. Both patched and unpatched servers will respond with a 500 […]