>> ARCHIVE: 2016-04

Totemomail versions 4.x and 5.x suffer from filter bypass and script insertion vulnerabilities.

Cyberoam Central Console version 02.03.1 suffers from cross site scripting vulnerabilities.

CompuSource Systems Real Time Home Banking suffers from a local privilege escalation vulnerability.

i-Tech Nepal Radio CMS version 2.0 suffers from a remote SQL injection vulnerability.

IrIran Shopping Script version 4.1 suffers from a cross site scripting vulnerability.

NationBuilder suffers from multiple persistent cross site scripting vulnerabilities.

Yasr console screen reader version 0.6.9-5 proof of concept buffer overflow exploit.

A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 which allows unauthenticated remote attackers to retrieve a valid Administrative SID.

A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 exposing Iperf tool to unauthenticated users. Injecting a command in the perf_measure_server_ip parameter, an attacker can execute arbitrary commands. Since the…