With MS16-063, Microsoft has patched CVE-2016-0199 which relates to a memory corruption bug in the garbage collector of the JavaScript engine used in Internet Explorer 11.
>> CATEGORY: exploit
Vicidial version 2.11 suffers from a persistent cross site scripting vulnerability.
The configuration page in version 7.1.9 and below of op5 allows the ability to test a system command, which can be abused to run arbitrary code as an unprivileged user.
Gemalto Sentinel License Manager version 18.0.1 suffers from a directory traversal vulnerability.
Papouch TME ethernet thermometer and TME multi: Temperature and humidity via ethernet both suffer from cross site request forgery, hardcoded backdoor super user accounts, and missing access controls.
HP StoreEver MSL6480 Tape Library version 4.10 suffers from cross site request forgery, weak default credentials, and access control vulnerabilities.
Json2Html javascript library suffers from a cross site scripting vulnerability.
Slim CMS version 0.1 suffers from a cross site request forgery vulnerability.
Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.
jbFileManager suffers from a path traversal vulnerability.