:: Deepquest ::

Tiki Wiki CMS Groupware versions 24.0 and below suffer from a PHP code injection vulnerability in structlib.php.

Tiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php.

Tiki Wiki CMS Groupware versions 24.1 and below suffer from a PHP object injection vulnerability in tikiimporter_blog_wordpress.php.

Control Web Panel 7 versions prior to 0.9.8.1147 suffer from an unauthenticated remote code execution vulnerability.

Excel Net Computer Institute version 4.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Eatself version 1.1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

A vb2_mmap race with vb2_core_reqbufs leads to a use-after-free vulnerability in the Linux videobuf2 system.

This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in card_scan_decoder.php via the No and door HTTP GET parameter. Successful exploitation results in command execution as the root user.

Oracle Database versions 12.1.0.2, 12.2.0.1, 18c, and 19c suffer from a vault metadata exposure vulnerability.