[whem]-UPLoad version 7.0 suffers from an insecure cookie handling vulnerability.

Open Cart version 0.6.5 suffers from an insecure cookie handling vulnerability.

Tornado version 1.0 suffers from an insecure cookie vulnerability.

PHP Hosting Directory version 2.0 suffers from an insecure cookie vulnerability that allows for administrative bypass.

WikiWebHelp version 0.3.3 suffers from an insecure cookie handling vulnerability.

PHPDirector version 0.30 suffers from an insecure cookie handling vulnerability that allows for privilege escalation.

Totaljs CMS version 12.0 mints an insecure cookie that can be used to crack the administrator password.

Red Hat Security Advisory 2020-1975-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1979-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1980-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1422-01 - This release of Red Hat build of Eclipse Vert.x 3.9.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.

The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10.

Apple Security Advisory 2019-7-23-1 - iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.

Microsoft Windows 7 Build 7601 (x86) local privilege escalation exploit.

Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Red Hat Security Advisory 2019-1790-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-1942-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-2097-01 - The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2019-2400-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

Red Hat Security Advisory 2020-1616-01 - Irssi is a modular IRC client with Perl scripting. Issues addressed include a use-after-free vulnerability.

School ERP System version 1.0 suffers from a cross site request forgery vulnerability.

Online Job Portal version 1.0 suffers from a cross site request forgery vulnerability.

Ice HRM version 26.2.0 suffers from a cross site request forgery vulnerability.

CandidATS version 2.1.0 suffers from a cross site request forgery vulnerability.

Business Live Chat Software version 1.0 suffers from a cross site request forgery vulnerability.

Enhanced Multimedia Router version 3.0.4.27 suffers from a cross site request forgery vulnerability.

Exagate Sysguard 6001 suffers from a cross site request forgery vulnerability.

ECK Hotel version 1.0 suffers from a cross site request forgery vulnerability.

Red Hat Security Advisory 2020-1050-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a cross site request forgery vulnerability.

Apache OFBiz version 17.12.03 suffers from a cross site request forgery vulnerability.

Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution.

Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.

Optergy versions 2.3.0a and below authenticated file upload remote root code execution exploit.

Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.

Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.

Air Sender version 1.0.2 for iOS suffers from an arbitrary file upload vulnerability.

Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.

Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability.