WordPress Project Theme version 2.0.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
>> CATEGORY: exploit
Thomson router model TWG850-4U suffers from cross site scripting, cross site request forgery, and access bypass vulnerabilities.
Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the digi_acceleport driver.
WordPress SP Projects and Document Manager plugin version 2.5.9.6 suffers from code execution, cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
A crash was discovered due to a use-after-free condition that can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
ClamWin version 0.99 suffers from a DLL hijacking vulnerability.
Malwarebytes setup installer for version 2.2.0.1024 suffers from a DLL hijacking vulnerability.
ATutor LMS versions 2.2.1 and below cross site request forgery remote code execution exploit that leverages install_modules.php.
The vulnerability laboratory research team discovered multiple connected passcode protection bypass vulnerabilities in the iOS v9.0, v9.1, v9.2.1 for Apple iPhone (5,5s,6 & 6s) and the iPad (mini,1 & 2).
An independent vulnerability laboratory researcher discovered a mail spoofing vulnerability in the official Yahoo classic online service web-application.