A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.
a9945cf5a3532305e46699a157c53b03bab386f744bdea713fee52330aadad85
VTech DigiGo with firmware version 83.60630 fails to perform certificate pinning in some flows.
fbc2e5441ec18dd6ee8c571c38633af18aa0a410698dad29af738dc875633979
pfSense version 2.4.1 suffers from a clickjacking vulnerability in the cross site request forgery error page.
10c7dc2c68ccd6c02f31d9c84567ea38b74de4d3783d8156444595cf6c74cee8
Xamarin Studio for Mac versions 6.2.1 (build 3) and 6.3 (build 863) suffer from a local privilege escalation vulnerability.
a2f41032628fcb3233d26bea6d30e9def54faf5fca09f48714b2342e3c33ceb0
Virtuozzo Power Panel (VZPP) and Automator version 6.1.2 suffers from a buffer over-read vulnerability.
7be26c32161b9c5bdd16002cd161843f760e5431f129b4470ea901ed6ebe8986
A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.
50546f158305a6607d2ea38624dad8d3ab66ba8a94154dea7e2eb2e025f51253
Western Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.
c88ab660fa85b41bb542f8f2b6aed37318c1e0f94c9900423143b3b9734eae97
The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.
b97c1f2af9252a37cfcaefbd0f9425ff1c4e40ba1332f9a406279cdaac8df4db
Scriptler Jenkins version 2.9 suffers from a cross site scripting vulnerability.
484f0c9f4c2dce6057d71b5b1848deaed56ea83958b0a2b4f3e86290b3c68a16
Microsoft Office OneNote 2007 suffers from a dll hijacking vulnerability.
92ffa7b1c72b8b00b7d451ccb6b8cdfe74e1354ccb747dd69a8f8d17fd7b77bf
It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).
7ea35a8a06080eee5024f0b3b4e9bbcc165e5e2914c82abb99135ab97e6e12f7
Western Digital My Cloud suffers from a cross site request forgery vulnerability.
f1e32d8e968407585ee06292217c02999f1e2895ad2428169eed455bb97ada76
Western Digital My Cloud suffers from a buffer overflow vulnerability that allows for remote code execution.
ef3db28b5d65198fc1596ad5bd1da3b198bc041b628b4020a65fe4abaae4f4fe
Western Digital My Cloud suffers from multiple command injection vulnerabilities.
9d9db6ddc52d6fbe5d8a6f1251995090267e44bb3456666b4cd1502963749ddc
WordPress version 4.5.3 Press This Function suffers from a cross site request forgery vulnerability that can cause a denial of service condition.
de145ef3bc873acf8a99d1111a4fd9c6935562c58f6699d854cbf9913dc87e88
WordPress version 4.5.3 Audio Playlist suffers from a cross site scripting vulnerability.
5cc091745546ab8480da313fab64c7a103eba0bafc790d9e14a9171c0134e222
WordPress Contact Form plugin version 4.0.0 suffers from a cross site scripting vulnerability.
584dc6e15f6a3d8fd4dd2df04a59176bf53f2fe05a39c7749e9ccb90cecf014d
WordPress Contact Form Manager plugin suffers from cross site request forgery and cross site scripting vulnerabilities.
de609d4292dcc9ecec778d67effe9ec246ff8261422bac22eb7abbd0ad762702
WordPress Popup by Supsystic plugin 1.7.6 suffers from a cross site request forgery vulnerability.
c44f0d7c29e05b7d57e8ef6eaec37a3a1b7d438d1d471473d6154da47e3616ea
WordPress Google Analytics Dashboard plugin version 2.1.1 suffers from a cross site scripting vulnerability.
bc9ec119f0a226470311e249f41eb959a98b3b4353374203f0b337db3a302b54
WordPress Magic Fields 1 plugin version 1.7.1 suffers from a cross site scripting vulnerability.
aedb2e37c089832d32e0904ab02df9464d1d572fcc56386d16a6ba7140d5a684
WordPress Gwolle Guestbook plugin version 1.7.4 suffers from a cross site request forgery vulnerability.
1bd1bc2e04a3905b8fa5ebc638456a3f3b21685782c8f763c38784cf56a21eac
WordPress Download Manager plugin version 2.8.99 suffers from a cross site request forgery vulnerability.
20bf543d02c87fe299a9790ac36a738bfe591d5a554f77dc7a8ec09706a75ea8
WordPress Simple Ads Manager plugin version 2.9.8.125 suffers from a PHP object injection vulnerability.
ec6251fd0911f4668303757918ecfa10fdca19a8702e8709cfa291d4df22cd8b
WordPress Gwolle Guestbook plugin version 1.7.4 suffers from a cross site scripting vulnerability.
ebfdbd9ea0fb21e0483b11584b0d7ff939644db899b28ce795beb44e465e2635