>> TAG: #0day

SquirrelMail < 1.4.7 – Arbitrary Variable Overwrite

Linux/x86 – zsh TCP Bind Shell Port 9090 (96 bytes)

Nagios Network Analyzer 2.2.1 – Multiple CSRF

Linux/x86 – zsh Reverse TCP Shellcode port 9090 (80 bytes)

Microsoft Office Word 2007,2010,2013,2016 – Out-of-Bounds Read Remote Code Execution (MS16-099)

SAP SAPCAR – Multiple Vulnerabilities

WebNMS Framework Server 5.2 and 5.2 SP1 – Multiple Vulnerabilities

vBulletin 5.2.2 – Preauth Server Side Request Forgery (SSRF)

Navis WebAccess – SQL Injection

phpCollab CMS 2.5 – (emailusers.php) SQL Injection