>> TAG: #0day

Ubiquiti Administration Portal – CSRF to Remote Command Execution

Symantec Antivirus – Missing Bounds Checks in dec2zip ALPkOldFormatDecompressor::UnShrink

Cuckoo Sandbox Guest 2.0.1 – XMLRPC Privileged Remote Code Execution

Lenovo ThinkPad – System Management Mode Arbitrary Code Execution Exploit

WordPress Ultimate Membership Pro Plugin 3.3 – SQL Injection

Symantec Antivirus – PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow

Symantec Endpoint Protection Manager 12.1 – Multiple Vulnerabilities

Symantec Antivirus – Integer Overflow in TNEF Decoder

Untangle NGFW 12.1.0 beta – execEvil() Command Injection

Linux x86_64 /etc/passwd File Sender Shellcode