>> ARCHIVE: 2018-09

Intel Extreme Tuning Utility version 6.4.1.23 suffers from code execution, privilege escalation, and denial of service vulnerabilities.

Seqrite End Point Security version 7.4 suffers from a weak file permission privilege escalation vulnerability.

A cross site scripting vulnerability has been discovered in the AIR5343v2 modem of the AirTies manufacturer. AirTies Air 5343v2 devices have XSS via the top.html productboardtype parameter.

A cross site scripting vulnerability has been discovered in the AIR5443v2 modem of the AirTies manufacturer. AirTies Air 5443v2 devices have XSS via the top.html productboardtype parameter.

A cross site scripting vulnerability has been discovered in the AIR5442 modem of the AirTies manufacturer. AirTies Air 5442 devices have XSS via the top.html productboardtype parameter.

A cross site scripting vulnerability has been discovered in the AIR5453 modem of the AirTies manufacturer. AirTies Air 5453 devices have XSS via the top.html productboardtype parameter.

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.

A cross site scripting vulnerability has been discovered in the AIR5342 modem of the AirTies manufacturer. AirTies Air 5750 devices have XSS via the top.html productboardtype parameter.

A cross site scripting vulnerability has been discovered in the AIR5650 modem of the AirTies manufacturer. AirTies Air 5650 devices have XSS via the top.html productboardtype parameter.