Wieland wieplan version 4.1 suffers from an arbitrary java code execution when parsing WIE documents that uses XMLDecoder, allowing system access to the affected machine. The software is used to generate custom specification order saved in .wie XML file that has to be sent to the vendor offices to be processed.
The Vulnerability Laboratory Core Research Team discovered multiple web vulnerabilities in the HD Video Player v2.5 iOS mobile web-application (wifi).
ManageEngine Network Configuration Management build version 11000 suffers from a privilege escalation vulnerability.
Joomla Subcategory component version 1.2.15 suffers from a remote SQL injection vulnerability.
Joomla Scatalog component version 2.0 suffers from a remote SQL injection vulnerability.
The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present in firmware version 2.01 and fixed by 2.12.
NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers
Tags: 0day, remote exploitThe Vulnerability Laboratory Core Research Team discovered a persistent mail encoding web vulnerability in the official MyScript Memo iOS mobile web-application.