>> CATEGORY: exploit

Cacti versions 0.8.8g and below remote SQL injection exploit.

An independent vulnerability laboratory research team discovered multiple remote sql injection vulnerabilities in the Techsoft Content Management System.

The Vulnerability Laboratory Core Research Team discovered a persistent web validation vulnerability in the official Fotinet FortiManager and FortiAnalyzer appliance product series.

An independent vulnerability laboratory researcher discovered a cross site scripting vulnerabilities in the WordPress Scoreme Theme.

PHP version 5.5.33 suffers from an invalid memory write condition in phar on filename with in the name.

Axil CMS version 0.1 suffers from a remote SQL injection vulnerability that allows for login bypass.

Axil CMS version 3.0 suffers from a cross site scripting vulnerability.

A crash was identified due to a heap-based out-of-bounds read in dissect_pktc_rekey in an ASAN build of Wireshark (current git master).

Python 2.7 iOS application version 1.5.4 suffers from a filter bypass issue that allows malicious script code to get inserted client-side.

TrendMicro’s SSO suffers from a redirection and session theft vulnerability.