>> ARCHIVE: 2015-11

ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature.

This Metasploit module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla….

SHAREit WebShare version 2.3.80 suffers from a cross site request forgery vulnerability.

The Help Forum on LinkedIn suffered from a cross site scripting vulnerability.

Netwin SurgeFTP server version 23d6 suffers from multiple stored cross site scripting vulnerabilities.

SuperScan version 4.1 suffers from multiple buffer overflow vulnerabilities. Three exploits included.

There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane…

Cambium ePMP 1000 suffers from a remote OS command injection and privilege escalation vulnerabilities.

Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. WfsDelay is set to 24h, since this is how often a chkrootkit scan is…