This paper documents deeper dive details of the security implications noted in CVE-2017-3241. Coupled with the JtaTransactionManager flaw from 2016, it demonstrates being able to achieve remote code execution.
>> ARCHIVE: 2017-02
OpenText Documentum D2 version 4.x contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialized data from untrusted sources, which leads to remote code execution.
Coppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.
http://www.nptedu.go.th notified by Ashiyane Digital Security Team
http://www3.djop.moj.go.th notified by Ashiyane Digital Security Team
http://khokchang.go.th notified by Dark_Ghost
Joomla GeoContent component version 4.5 suffers from a cross site scripting vulnerability.
CentOS7 suffers from a kernel crashing denial of service issue triggered by an rsyslog daemon vulnerability.
Joomla Fastball component version 3.2.8 suffers from a remote SQL injection vulnerability.
Joomla GameServer! component version 3.4 suffers from a remote SQL injection vulnerability.