>> ARCHIVE: 2020-02

SprintWork version 2.3.1 suffers from a local privilege escalation vulnerability.

SweynTooth captures a family of 12 vulnerabilities (more under non-disclosure) across different Bluetooth Low Energy (BLE) software development kits (SDKs) of six major system-on-a-chip (SoC) vendors. The vulnerabilities expose flaws…

WordPress Ultimate-Member plugin version 2.1.3 suffers from a local file inclusion vulnerability.

SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.

SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.

Pandora FMS version 7.0 suffers from an authenticated remote code execution vulnerability.

SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.

OpenTFTP version 1.66 suffers from a local privilege escalation vulnerability.

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.