>> ARCHIVE: 2015-10

Joomla Komento versions prior to 2.0.5 suffer from a persistent cross site scripting vulnerability.

ManageEngine ServiceDesk allows for remote code execution via an arbitrary file upload vulnerability. Builds prior to 9103 are affected.

ZTE GPON F427 and possibly the F460/F600 models suffer from authorization bypass and cleartext password storage vulnerabilities.

The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by abusing the drive letter symbolic…

This is a small python script that will enumerate through a list of targets and test their user agent for the shellshock vulnerability.

Callisto 821+R3 suffers from multiple cross site request forgery vulnerabilities.

ZTE ZXHN H108N version 3.3.0_MU suffers from a CWMP configuration disclosure vulnerability.

Cisco AnyConnect Secure Mobility Client version 3.1.08009 suffers from a privilege escalation vulnerability. The fix for CVE-2015-4211 is insufficient which allows a local application to elevate to local system through…

ManageEngine ServiceDesk Plus versions 9.1 build 9110 and below suffer from a path traversal vulnerability.

SourceBans version 1.4.11 suffers from a cross site scripting vulnerability.