>> CATEGORY: exploit

Graphite2 suffers from a heap-based buffer overflow in GlyphCache::GlyphCache.

VMWare vSphere web client versions 5.1 through 6.0 suffer from a flash cross site scripting vulnerability.

Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of…

Micro Focus Rumba+ version 9.4 suffers from multiple stack buffer overflow vulnerabilities.

An independent vulnerability laboratory researcher discovered multiple client-side web vulnerabilities in the official Avast Shop online service web-application.

The vulnerability laboratory core research team discovered an application-side mail encoding web vulnerability in the official Bashi v1.6 iOS mobile application.

An independent vulnerability laboratory researcher discovered an application-side input validation web vulnerability in the official Avast Business and Shop online service web-application.

AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.

XenAPI for XenForo version 1.4.1 suffers from a remote SQL injection vulnerability.

MediaLink router MWN-WAPR300N suffers from multiple session related issues such as not being able to logout and sessions do not time out. Insecure transport is another issue.