Pachev FTP Server version 1.0 suffers from a path traversal vulnerability.

Lotus Core CMS version 1.0.1 suffers from a local file inclusion vulnerability.

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

FIBARO System Home Center version 5.021 suffers from cross site scripting and remote file inclusion vulnerabilities.

Jinfornet Jreport version 15.6 suffers from an unauthenticated directory traversal vulnerability.

Joomla Fabrik component version 3.9.11 suffers from a directory traversal vulnerability.

LimeSurvey version 4.1.11 suffers from a File Manager path traversal vulnerability.

Zen Load Balancer version 3.10.1 suffers from a directory traversal vulnerability. This finding was originally discovered by Cody Sixteen.

TVT NVMS 1000 suffers from a directory traversal vulnerability.

QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.

Ac4p.com Gallery version 1.0 suffers from cross site scripting, phpinfo disclosure, shell upload, and insecure cookie handling vulnerabilities.

CuteNews version 1.4.6 suffers from an insecure cookie handling vulnerability.

velBox version 1.2 suffers from an insecure cookie handling vulnerability.

Tornado version 1.0 suffers from an insecure cookie vulnerability.

Aleza Portal version 1.6 suffers from an insecure cookie handling vulnerability that allows for SQL injection.

Totaljs CMS version 12.0 mints an insecure cookie that can be used to crack the administrator password.

Red Hat Security Advisory 2020-1975-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1979-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1980-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1422-01 - This release of Red Hat build of Eclipse Vert.x 3.9.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.

The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10.

Apple Security Advisory 2019-7-23-1 - iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.

Microsoft Windows 7 Build 7601 (x86) local privilege escalation exploit.

Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

This Metasploit module exploits a stack buffer overflow in ASX to MP3 converter 3.1.3.7. By constructing a specially crafted ASX file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode. Tested on: Microsoft Windows 7 Enterprise, 6.1.7601 Service Pack 1 Build 7601, x64-based PC Microsoft Windows 10 Pro, 10.0.18362 N/A Build 18362, x64-based PC.

Red Hat Security Advisory 2019-1790-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-1942-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-2097-01 - The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2019-2400-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

Debian Linux Security Advisory 4584-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis.

Red Hat Security Advisory 2020-1616-01 - Irssi is a modular IRC client with Perl scripting. Issues addressed include a use-after-free vulnerability.

School ERP System version 1.0 suffers from a cross site request forgery vulnerability.

AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.

Online Job Portal version 1.0 suffers from a cross site request forgery vulnerability.

SOPlanning version 1.45 suffers from a cross site request forgery vulnerability.

CandidATS version 2.1.0 suffers from a cross site request forgery vulnerability.

Business Live Chat Software version 1.0 suffers from a cross site request forgery vulnerability.

WordPress Tutor LMS plugin version 1.5.3 suffers from a cross site request forgery vulnerability.

HRSALE version 1.1.8 suffers from a cross site request forgery vulnerability.

Exagate Sysguard 6001 suffers from a cross site request forgery vulnerability.