>> TAG: #0day

AppXSvc – Privilege Escalation

Symantec Advanced Secure Gateway (ASG) / ProxySG – Unrestricted File Upload

Ticket-Booking 1.4 – Authentication Bypass

College-Management-System 1.2 – Authentication Bypass

Folder Lock 7.7.9 – Denial of Service

Dolibarr ERP-CRM 10.0.1 – ‘User-Agent’ Cross-Site Scripting

phpMyAdmin 4.9.0.1 – Cross-Site Request Forgery

LimeSurvey 3.17.13 – Cross-Site Scripting

Microsoft DirectWrite – Invalid Read in SplicePixel While Processing OTF Fonts

Microsoft DirectWrite – Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts