OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from XML external entity injection vulnerabilities.
WordPress Church extension suffers from a remote SQL injection vulnerability.
AMC Master suffers from a remote file upload vulnerability.
The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 are affected.
WordPress Content Audit plugin version 1.9.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
Apple Security Advisory 2017-09-25-1 – macOS High Sierra 10.13 is now available and addresses denial of service, insecure transit, and various other vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2017-09-25-2 – iCloud for Windows 7 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2017-09-25-3 – Safari 11 addresses address bar spoofing, code execution, and various other vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2017-09-25-4 – iOS 11 addresses denial of service, service impersonation, and various other vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2017-09-25-5 – watchOS 4 addresses denial of service, memory corruption, and various other vulnerabilities.
Tags:
Apple,
ios,
osx