>> ARCHIVE: 2017-03

Just Another Video Script version 1.4.3 suffers from a remote SQL injection vulnerability.

PHP Real Estate Property Script suffers from a remote SQL injection vulnerability.

Hotel Booking Script version 1.0 suffers from a remote SQL injection vulnerability.

Tour Package Booking version 1.0 suffers from a remote SQL injection vulnerability.

Microsoft Visual Studio 2015 update 3 suffers from a denial of service vulnerability.

Parcel Delivery Booking Script version 1.0 suffers from a remote SQL injection vulnerability.

Farmer’s Fridge Kiosk version 2.0.0 suffers from an unprotected event log information disclosure vulnerability as well as unauthenticated request issues.

inoERP version 0.6.1 suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.

Samba suffers from a symlink race that permits opening files outside of the share directory.

This Metasploit module exploits two security issues in Github Enterprise, version 2.8.0 – 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused…