>> ARCHIVE: 2017-04

Agorum Core Pro version 7.8.1.4-251 suffers from a reflective cross site scripting vulnerability.

Agorum Core Pro version 7.8.1.4-251 suffers from an XML external entity injection vulnerability.

concrete5 version 8.1.0 suffers from a host header injection vulnerability.

Multiple bugs have been discovered in the implementation of the win32k!NtGdiGetDIBitsInternal system call, which is a part of the graphic subsystem in all modern versions of Windows. The issues can…

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32kfull!SfnINLPUAHDRAWMENUITEM.

uc-httpd is an HTTP daemon used by a wide array of IoT devices and is vulnerable to local file inclusion and directory traversal bugs.

This Metasploit module exploits a buffer overflow vulnerability found in the ACCT command of the PCMAN FTP version 2.0.7 Server. This requires authentication but by default anonymous credentials are enabled.

This Metasploit module exploits a buffer overflow vulnerability found in the GET command of the PCMAN FTP version 2.0.7 Server. This requires authentication but by default anonymous credentials are enabled.

This Metasploit module exploits a buffer overflow vulnerability found in the NLST command of the PCMAN FTP version 2.0.7 Server. This requires authentication but by default anonymous credentials are enabled.