CuteNews version 1.4.6 suffers from an insecure cookie handling vulnerability.

Denapars Shop Script suffers from administrative bypass, shell upload, and insecure cookie handling vulnerabilities.

Open Cart version 0.6.5 suffers from an insecure cookie handling vulnerability.

Symantec Endpoint Protection versions 14.2.5323.2000, 14.2.5569.2100, and 14.2.5587.2100 suffer from a race condition vulnerability.

Microsoft Teams Instant Messenger application on Windows 7 SP1 fully patched is vulnerable to remote DLL hijacking.

9 bytes small Microsoft Windows 7 screen locking shellcode.

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

Enhanced Multimedia Router version 3.0.4.27 suffers from a cross site request forgery vulnerability.

Complaint Management System version 4.2 suffers from a cross site request forgery vulnerability.

Sentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

Centraleyezer suffers from a remote shell upload vulnerability.

WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.

Air Sender version 1.0.2 for iOS suffers from an arbitrary file upload vulnerability.