Impress CMS version 1.4.0 has an issue where an authenticated user can make use of the AutoTask feature to execute php code, allowing for remote SQL injection and remote code…
>> AUTHOR: deepcore
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity…
Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities. Products include but are…
HelloWeb 2.0 – Arbitrary File Download
Barangay Management System 1.0 – Authentication Bypass
Aruba ClearPass Policy Manager 6.7.0 – Unauthenticated Remote Command Execution
FrootVPN 4.8 – ‘frootvpn’ Unquoted Service Path
WordPress Plugin Powie’s WHOIS Domain Check 0.9.31 – Persistent Cross-Site Scripting
Savsoft Quiz 5 – Persistent Cross-Site Scripting
BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command…