easyLetters version 1.0 suffers from a remote SQL injection vulnerability.
d40ec02fffa5caa81ccb6b4d4abc353e78198ab0b67d02ac9bb830727e27e2e4
Red Hat Security Advisory 2018-1725-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
34a837e6700cb860342e157f23da394896e4dd95807b390148d9e83b2e7f0e39
Red Hat Security Advisory 2018-1724-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Issues addressed include a deserialization vulnerability.
2e5dd86e7bb7be2ad0379be9bb23b5763cf5029804d3da6d6184572e3beeb0de
mySurvey version 1.0 suffers from a remote SQL injection vulnerability.
9e367e231b02557e14dafedec14bbd7d8a17229e1a3d4574a905f967ec9dc0c1
Ajax Full Featured Calendar version 2.0 suffers from a remote SQL injection vulnerability.
7e4cb4721904b05551a81aedec87cece96197fd63c1c8340e14ad44d6f68d0e9
Red Hat Security Advisory 2018-1723-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Issues addressed include a deserialization vulnerability.
336aa8a03be2a5c8ac78bdbe977acefaf909e808d197a57be5714d9740292384
Red Hat Security Advisory 2018-1722-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Issues addressed include a deserialization vulnerability.
edc73d4ed7139837602c028e2ae9536c4f1081766c634964c910b44a2140e2d2
Red Hat Security Advisory 2018-1721-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Issues addressed include deserialization vulnerabilities.
0272152fff5c50359d88831a1d656b2adf44cce4c367b7458def6c8f94cc9d77
This whitepaper explains deserialization vulnerabilities in Java, Python, PHP, and Ruby.
6093b7b1afd7e2cb2437200d5e7cef8d3ec52ada1f7c203878f7c0778ab52c61
Ruckus (Brocade) ICX7450-48 web application has a reflected cross site scripting vulnerability. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site and allow the attacker to access sensitive browser-based information.
27a7cd8a7a62e0be86fc0d1b264684c922b4883cb9b420bbfe2e830d0dc023e0
Debian Linux Security Advisory 4210-1 - This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly (but your hardware vendor may have issued an update).
e7dea1a2627fbb19e4616f6132a1e36513ef8af16446a94b6535d852641ce04e
Debian Linux Security Advisory 4209-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
8bbe58c3e9149d6a999adfc2a891c12ec7ba1c9b3ae6957237c80f7104c859b5
Microsoft Windows Paint suffers from security feature bypass and unsafe file creation vulnerabilities.
e6fef4e0b9ef146905d8a071b3b29604250562d956ddbfa3221083d5aa8a09c9
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.
bf2758f710f5c4fe5241aa4cde9fdd9079abc1121a02d1ab0b1722bc127d65f2
Oracle WebCenter (Fatwire) Content Server versions prior to 7 suffer from an improper access control vulnerability.
11b66a517d85ae5791cf12834f198989ebf759b0c1b2dbbb348334070c9ccc5f
SAP Internet Transaction Server 6200.x suffers from session fixation and cross site scripting vulnerabilities.
c374e8d14e78e73390da1e10fc4c4271a42c7efb1f8f9b21ddcf6ecbea0a04e7
MyBB Moderator Log Notes plugin version 1.1 suffers from a cross site scripting vulnerability.
646be467fbb3c4182ed953787289ccf1a8af62a09848362c2e7238841160395b
KomSeo Cart version 1.3 suffers from a remote SQL injection vulnerability.
a7e0f57a689ccff05e4bb8917e6265377c6a4da92979d293027baca984aa5555
Symfony versions 2.7.0 up to but not including 4.0.10 suffer from a denial of service vulnerability.
26b7da48a7c27d7fa08e3760dbf6cd9067e7c7cd898165e49aa5ce37faddd8f6
Wchat Fully Responsive PHP AJAX Chat Script version 1.5 suffers from a remote shell upload vulnerability.
0ed4e745c1fab69e002b80f43d15a180c82c3803904e06a035dbb3d0a992e38e
Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device with the screen capture permissions. The vendor (Google) fixed this issue in 2018-02-01 Pixel security update.
419aa59f60c639bf9769fc664825bf713bf20d2a125449f8cf156e98eb09bb86
NewsBee CMS version 1.4 suffers from a cross site scripting vulnerability.
b29734cf2cb29fd89675210cdae2a6a39fc4655c6cb7c839eb7a44375cec5615
Tim Balitbang Depdiknas version 3.5 suffers from a remote SQL injection vulnerability.
3c5492e70aa18863af06b672e9e6820589355ac2400bad9a061e99946538679f
Oracle WebCenter versions 7.x prior to 11gR1 suffer from multiple cross site scripting vulnerabilities.
9c071f03c8c68b6284774cf48b6b05b21b05c5b4ac2ddcf9ac66353a74382ac9
Tim Balitbang Depdiknas version 3.5 suffers from a persistent cross site scripting vulnerability.
10f865ba4c1ea710de4395a5eba58a68f06124679f5c912826e8f575c1199b56