BEIMS ContractorWeb version 5.18.0.0 suffers from a remote SQL injection vulnerability.
4e9c588be370b4062d5e0613f8a0132ec3ff17ae983e1a82876eaab238383a6f
This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.
453452b6c39fc4137d17372c00e57358247a6b6b2880964c69ec6f1e59572af4
It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.
d98ff684017e5e946a7321065ff44ae71f7be8af943150e911e3bcb6d1916735
Red Hat Security Advisory 2017-3490-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
063aa42d2af5b317a96e97efaea11552d50af6f7771cc01899ff970dc90a99c4
Ability Mail Server version 3.3.2 suffers from a cross site scripting vulnerability.
ca7402f15984a9fbec8de52f641b9a0f24e69d0bbb83ed78265dea987fe28a4e
WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability.
ceebba5fe05822f2aed40f89dcf1eae396edc70cb0cce7c3a2bef71dbd85c27d
WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability.
5ebc96aa13a10adda66518346705b8e9024837bd689de7ed6a5a146a5ade57af
WordPress Concours plugin version 1.1 suffers from a cross site scripting vulnerability.
5139d3b7007de8de1d23c142524608fdb64d444d2503253eff3624ff9362d9d2
TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.
7330f87f7a3667cb6fa598a2593142faa0353408372b85307781681e8b6ed07f
WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.
646173f5e81a1f63cb65e0e58738fb57ac62c8835c609e27e0a0a795b6dbd637
WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.
ae6b1807725083901c6a9501a476db389ad391985032e1b233e714bc82349172
WordPress Top-10 plugin versions 2.4.2 and below suffer from a remote SQL injection vulnerability.
491e52f7852755e7029e0188400d67003a5d9a69543fdd91e42c7ab58563697f
EMC Isilon OneFS requires a security update to address an issue that may potentially allow NFS clients to access certain NFS exports using a weaker authentication flavor when default NFS export settings are modified.
2742a8ffcef95a8e023a78f43f34950ad54b1bba89d6fe49410cccd2cfc50ddf
EMC Data Domain DD OS includes a memory overflow vulnerability in the SMB1 handler. Many versions are affected.
6374f5d7456b80eb09d37970db7dadebea51f50a17d57d392e6ff189cbc5fee8
Vulnerabilities were identified in the iStar Ultra and IP-ACM boards offered by Software House. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.
204786b1402fdbec34ba89ae4fe9ceed678dd3d6096ef0880cd0a2f1ff6cb00d
Genexis GAPS versions up to 7.2 suffers from an access control vulnerability that discloses sensitive data.
655a32ed49ee22745ac8ca02bd5c3c53a21a5bfbaacf074229b041503865e94a