Drupal Module Coder < 7.x-1.3 / 7.x-2.6 – Remote Code Execution Exploit (SA-CONTRIB-2016-039)
>> ARCHIVE: 2016-08
http://www.sepo.go.th notified by Mr.DreamX196
WordPress Activity Log plugin version 2.3.2 suffers from a cross site scripting vulnerability in the search function.
WordPress Landing Pages plugin version 2.2.4 suffers from a cross site scripting vulnerability.
Joomla Video Flow component versions 1.1.3 through 1.1.5 suffer from a remote SQL injection vulnerability.
WordPress Yoast SEO plugin versions prior to 3.4.1 suffer from a stored cross site scripting vulnerability.
FortiAnalyzer and FortiManager suffer from a client-side cross site scripting vulnerability.
FortiManager (Series) suffers from a bookmark script insertion vulnerability.
K2 Joomla! extension versions prior to 2.7.1 suffer from a cross site scripting vulnerability.
NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities.