>> ARCHIVE: 2018-05

Flexense DiskBoss versions 7.4.28 through 9.1.16 suffer from a cross site scripting vulnerability.

Flexense Disksavvy versions 10.4 through 10.7 suffer from a cross site scripting vulnerability.

LibreOffice version 6.0.3 and OpenOffice version 4.1.5 suffers from a .odt information disclosure vulnerability.

Exim versions prior to 4.90.1 suffer from a base64d remote code execution vulnerability.

Flexense DupScout versions 10.0.18 through 10.7 suffer from a cross site scripting vulnerability.

Flexense VX Search versions 10.1.12 through 10.7 suffer from a cross site scripting vulnerability.

Flexense DiskSorter versions 9.5.12 through 10.7 suffer from a cross site scripting vulnerability.

Arastta version 1.6.2 suffers from a cross site scripting vulnerability.

Trovebox versions 4.0.0-rc6 and below suffer from authentication bypass, server-side request forgery, unsafe token generation, nd remote SQL injection vulnerabilities.

If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the “install_4.php” script, which will create the configuration file for the installation. This allows…