>> ARCHIVE: 2017-08

Backdrop CMS versions 1.7.1 and below suffer from a persistent cross site scripting vulnerability.

WebClientPrint Processor version 2.0.15.109 suffers from a remote code execution vulnerability via print jobs.

RedTeam Pentesting discovered that WebClientPrint Processor (WCPP) does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may…

RedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor (WCPP). These updates may be distributed through specially crafted websites and are processed without any…

RedTeam Pentesting discovered that attackers can configure a proxy host and port to be used when fetching print jobs with WebClientPrint Processor (WCPP). This proxy setting may be distributed via…

Progress Sitefinity version 9.1 suffers from cross site scripting, broken session management, and open redirection vulnerabilities.

Automated Logic WebCTRL version 6.5 suffers from an insecure file permission privilege escalation vulnerability.

Automated Logic WebCTRL version 6.1 suffers from path traversal and arbitrary file write vulnerabilities.

Automated Logic WebCTRL version 6.5 suffers from an unrestricted file upload vulnerability that allows for remote code execution.

eCardMAX version 10.5 suffers from a remote SQL injection vulnerability.