Ektron CMS version 8.5.0 suffers from unauthenticated file upload and XXE injection vulnerabilities.
aec2ac7f32fa1685fd5e487de3e2ea551d1c03b5a65c07c2695b12fd0654d18eElcom Community Manager versions 7.4.10 from Elcom CMS suffers from a remote shell upload vulnerability.
401ff74fdfc536a8f3c29661cb406b10fe55203d159972a2634931d9a52b3349QNAP Turbo NAS with firmware versions 3.6.1 Build 0302T and below suffer from a command injection vulnerability that allows for remote code execution.
bcec74851c024f2e1466935f495fd1687810e39d50b44f12aa001bc14964e143The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. Any application written in Symfony2 that parses user supplied XML is affected.
41c5e9ed24bcfedc86e11b0fbb5e857209c2e898342bd3b498a8707a5985fdadWordPress plugin BackWPup version 2.1.4 suffers from a remote code execution vulnerability.
e8922fa4c7addf7e093d643ed4e3247a3aeeba16d61549f286d287b09cde8758PHPCaptcha / Securimage versions 1.0.4 through 2.0.2 suffer from an authentication bypass vulnerability. Proof of concept code included.
241cf163dd08c5ba7d4da72cdecbbb268ce65adffc9dc6337e5656dedb08a513The WordPress BackWPup plugin version 1.6.1 suffers from a vulnerability that allows for local or remote code to be executed.
9d1296daa3ec8fb23564f12b35f8a9259718b647bc906c9344ec6687a2bdcfa6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed