PCMan FTP Server version 2.0.7 suffers from a directory traversal vulnerability.

Centreon version 2.6.1 suffers from a stored cross site scripting vulnerability.

This is a short write-up of the Ubuntu Apport kernel_crashdump symlink vulnerabilities along with some proof of concept code.

Telegram version 3.2 suffers from a denial of service vulnerability.

ssh-agent.exe in Git version 1.9.5 suffers from a buffer overflow vulnerability.

Mango Automation version 2.6.0 suffers from a user enumeration weakness vulnerability.

Mango Automation version 2.6.0 is prone to a reflected cross site scripting vulnerability due to a failure to properly sanitize user-supplied input to the ‘username’ POST parameter in the ‘login.htm’ script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user’s browser session.

The encryption scheme used by Mikrotik’s Webfig terminal software as seen on the RB750GL running RouterOS version 6.18 is susceptible to offline brute force attacks that allow a third party to recover login credentials (username and password) as well as full decryption of the terminal session. Full write up and proof of concept tools are […]

NodeBB version 0.8.2 suffers from a cross site scripting vulnerability.

Flowdock API suffers from a malicious script insertion vulnerability.