Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.

Joomla! version 3.9.1 suffers from a persistent cross site scripting vulnerability in the global configuration textfilter settings.

phpTransformer version 2016.9 suffers from a directory traversal vulnerability.

phpTransformer version 2016.9 suffers from a remote SQL injection vulnerability.

SeoToaster Ecommerce version 3.0.0 suffers from a local file inclusion vulnerability.

DotNetNuke Events Calendar module version 1.x suffers from a file download vulnerability.

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.

SCP clients have an issue where additional files can be copied over without your knowledge.

FastTube version 1.0.1.0 suffers from a denial of service vulnerability.

Eco Search version 1.0.2.0 suffers from a denial of service vulnerability.

One Search version 1.1.0.0 suffers from a denial of service vulnerability.

VPN Browser+ version 1.1.0.0 suffers from a denial of service vulnerability.

7 Tik version 1.0.1.0 suffers from a denial of service vulnerability.

Watchr version 1.1.0.0 suffers from a denial of service vulnerability.

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.

Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.

Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.

Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.

100 bytes small Linux/x86 TCP/4444 bindshell shellcode.

Ubuntu Security Notice 3862-1 - It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.

Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.

Joomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.

In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.