Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities.
Core Security Technologies Advisory – SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.
Microsoft MsMpEng suffers from an issue where the UIF decoder will spin forever processing sparse blocks.
This archive contains numerous TDS streams that cause segmentation faults in the FreeTDS library. The ‘tsql’ binary was used for the fuzzing, so these most likely only affect client-side functionality. These have been resolved on master and the 1.0 branch.
BanManager WebUI version 1.5.8 suffers from PHP code injection and cross site scripting vulnerabilities.
Gongwalker API Manager version 1.1 suffers from a remote blind SQL injection vulnerability.
Gongwalker API Manager version 1.1 suffers from cross site request forgery vulnerabilities.
QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang […]
http://lpa.nfe.go.th notified by AnoaGhost
Tags: defacement