>> ARCHIVE: 2019-08

ATutor version 2.2.4 suffers from a backup functionality remote command execution vulnerability.

Opencart versions 2.3.0.2 and below suffer from an insecure OCMod generation remote command execution vulnerability.

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class. When a .desktop or .directory file is instantiated, it unsafely evaluates environment variables and shell expansions using…

iMessage suffers from a heap overflow vulnerability when deserializing a URL. This affects Macs only.

CentOS Control Web Panel (CWP) version 0.9.8.836 suffers from a remote command execution vulnerability.

CentOS Control Web Panel (CWP) versions 0.9.8.836 through 0.9.8.840 suffer from a user enumeration vulnerability.

CentOS Control Web Panel (CWP) version 0.9.8.846 suffers from a reflective cross site scripting vulnerability.

Active PHP Bookmarks version 1.3 suffer from a cookie_auth error-based remote SQL injection vulnerability.