>> CATEGORY: exploit

libical versions 0.47 and 1.0 suffer from a crash issue.

Armadito suffers from a remote arbitrary file write due to a man-in-the-middle issue.

PspInitializeFullProcessImageName does not correctly handle a NULL pointer being passed to it leading to a dereference at NULL for a file object which might be exploitable on 32 bit systems…

Kagao version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

Untangle NGFW versions 12.1.0 Beta and below execEvil() authentication root command injection exploit.

Riverbed SteelCentral NetProfiler and NetExpress versions 10.8.7 and below suffer from command injection, privilege escalation, local file inclusion, account hijacking, and remote SQL injection vulnerabilities.

iBilling version 3.7.0 suffers from multiple stored and reflective cross site scripting vulnerabilities.

The CloudGate M2M gateway from Option suffers from an insecure direct object reference that allows for authorization bypass as well as cross site scripting vulnerabilities.

Parsijoo Search Engine suffers from a cross site scripting vulnerability.

ASUS DSL-N55U version 3.0.0.4.376_2736 suffers from cross site scripting and information disclosure vulnerabilities.