The default Samsung email client’s email viewer and composer (implemented in SecEmailUI.apk) doesn’t sanitize HTML email content for scripts before rendering the data inside a WebView. This allows an attacker…
>> AUTHOR: deepcore
Mobile Drive Free 1.8 suffers from local file inclusion and remote file upload vulnerabilities.
ThumbDrive version 1.1 suffers from local file inclusion and remote file upload vulnerabilities.
Netgear Pro NMS 300 suffers from code execution and arbitrary file download vulnerabilities.
Apple iOS versions 9.1, 9.2, and 9.2.1 suffer from a pass code bypass vulnerability.
WordPress WooCommerce Store Toolkit Plugin 1.5.5 – Privilege Escalation
WordPress Booking Calendar Contact Form Plugin <= 1.0.23 – Multiple Vulnerabilities
WordPress WP User Frontend Plugin < 2.3.11 – Unrestricted File Upload
WordPress User Meta Manager Plugin 3.4.6 – Information Disclosure
dotDefender Firewall 5.00.12865 / 5.13-13282 – CSRF Vulnerability