>> ARCHIVE: 2019-04

Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. The exploitation requires the Turba subcomponent to be installed. This module was tested…

Jobgator suffers from a remote SQL injection vulnerability. Affects the latest version available as of March 5, 2019.

ShoreTel Connect ONSITE versions prior to 19.49.1500.0 suffer from cross site scripting and session fixation vulnerabilities.

FlexHEX version 2.71 SEH buffer overflow exploit.

Bolt CMS version 3.6.6 suffers from cross site request forgery and code execution vulnerabilities.

River Past Cam Do version 3.7.6 suffers from an activation code local buffer overflow vulnerability.

WordPress Limit Login Attempts Reloaded plugin version 2.7.4 suffers from a login limit bypass vulnerability.

AllPlayer version 7.4 SEH unicode buffer overflow exploit.

CentOS Web Panel versions 0.9.8.793 (Free) and 0.9.8.753 (Pro) suffer from an email field persistent cross site scripting vulnerability.

Apache versions 2.4.17 up to 2.4.38 apache2ctl graceful logrotate local privilege escalation exploit.