>> ARCHIVE: 2017-12

Joomla! JBuildozer component version 1.4.1 suffers from a remote SQL injection vulnerability.

Accesspress Anonymous Post Pro versions prior to 3.2.0 suffers from an arbitrary file upload vulnerability.

Zivif PR115-204-P-RS cameras version 2.3.4.2103 suffer from authentication bypass, command injection, and hardcoded password vulnerabilities.

Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file read vulnerability.

Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file upload vulnerability.

Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an authentication bypass vulnerability.

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).

Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on PAN-OS versions 6.1.18 and earlier, PAN-OS versions 7.0.18 and…

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since…

This Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI…