Shadowsocks-libev version 3.1.0 suffers from a remote command execution vulnerability.
>> CATEGORY: exploit
The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
Microsoft Edge Chakra JIT compiler creates incorrect GenerateBailOut calling patterns.
The “String.prototype.replace” method can be inlined in the JIT process. So in the method, all the calls which may break the JIT assumptions must be invoked with updating “ImplicitCallFlags”. But…
Microsoft Edge Chakra accesses uninitialized pointers in StackScriptFunction::BoxState::Box.
The BouquetEditor plugin for Dreambox 2.0.0 suffers from a cross site scripting vulnerability.
Typo3 Restler extension version 1.7.0 suffers from a local file disclosure vulnerability.
phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker can embed malicious script code in the title of the faq.
There exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for…
E-Sic Software livre CMS version 1.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.