Microsoft Edge 44.17763.1.0 – NULL Pointer Dereference
>> ARCHIVE: 2019-01
Microsoft Edge 44.17763.1.0 – NULL Pointer Dereference
All in One Video Downloader 1.2 – Authenticated SQL Injection
Mailcleaner – Authenticated Remote Code Execution (Metasploit)
Embed Video Scripts – Persistent Cross-Site Scripting
MyBB OUGC Awards Plugin 1.8.3 – Persistent Cross-Site Scripting
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $_POST[‘base_module’] parameter to the “Save” action of…
Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the “__externalobjid” GET parameter…
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the ‘labels_’ parameters is not properly sanitized before…
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the “trigger_event” parameter is not properly sanitized before being used to…
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the “webhook_target_module” parameter is not properly sanitized before being used to save…