>> ARCHIVE: 2021-07

PHP version 7.3.15-3 suffers from a PHP_SESSION_UPLOAD_PROGRESS session data injection vulnerability.

Zabbix versions 1.x through 5.x suffer from persistent cross site scripting and remote blind SQL injection vulnerabilities.

Elasticsearch ECE version 7.13.3 anonymous database dumping exploit.

Backdoor.Win32.Hupigon.aaur malware suffers from an unauthenticated open proxy vulnerability.

Backdoor.Win32.Mazben.me malware suffers from an unauthenticated open proxy vulnerability.

Leawo Prof. Media version 11.0.0.1 suffers from a denial of service vulnerability.

Backdoor.Win32.Agent.cu malware suffers from an authentication bypass vulnerability that can lead to code execution.

XOS Shop version 1.0.9 suffers from an authenticated arbitrary file deletion vulnerability.

Backdoor.Win32.Agent.cu malware suffers from a man-in-the-middle vulnerability.