>> ARCHIVE: 2020-08

GetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.

On Microsoft Windows 10 1909, LSASS does not correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user’s credentials.

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also…

Fuel CMS version 1.4.7 suffers from an authenticated remote SQL injection vulnerability.

SugarCRM versions prior to 10.1.10 suffer from multiple cross site scripting vulnerabilities.

SugarCRM versions prior to 10.1.10 suffer from a remote SQL injection vulnerability.

Avian JVM version 1.2.0 suffers from multiple vm::arrayCopy() integer overflow vulnerabilities.

Avian JVM version 1.2.0 suffers from a silent return issue in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks are performed to prevent out-of-bounds memory read/write. One of…