Apple Security Advisory 2019-7-23-1 - iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Red Hat Security Advisory 2019-1790-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-1942-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-2097-01 - The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2019-2400-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

Debian Linux Security Advisory 4584-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis.

Red Hat Security Advisory 2020-1616-01 - Irssi is a modular IRC client with Perl scripting. Issues addressed include a use-after-free vulnerability.

School ERP System version 1.0 suffers from a cross site request forgery vulnerability.

AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.

Online Job Portal version 1.0 suffers from a cross site request forgery vulnerability.

SOPlanning version 1.45 suffers from a cross site request forgery vulnerability.

Ice HRM version 26.2.0 suffers from a cross site request forgery vulnerability.

Easy2Pilot version 7 suffers from a cross site request forgery vulnerability.

CandidATS version 2.1.0 suffers from a cross site request forgery vulnerability.

Easy2Pilot version 8 suffers from remote SQL injection, backdoor account, and cross site request forgery vulnerabilities.

Business Live Chat Software version 1.0 suffers from a cross site request forgery vulnerability.

WordPress Tutor LMS plugin version 1.5.3 suffers from a cross site request forgery vulnerability.

Wing FTP Server version 2.3 suffers from a cross site request forgery vulnerability.

HRSALE version 1.1.8 suffers from a cross site request forgery vulnerability.

Enhanced Multimedia Router version 3.0.4.27 suffers from a cross site request forgery vulnerability.

Exagate Sysguard 6001 suffers from a cross site request forgery vulnerability.

ECK Hotel version 1.0 suffers from a cross site request forgery vulnerability.

Red Hat Security Advisory 2020-1050-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a cross site request forgery vulnerability.

Edimax EW-7438RPn suffers from a cross site request forgery vulnerability.

Complaint Management System version 4.2 suffers from a cross site request forgery vulnerability.

Maian Support Helpdesk version 4.3 suffers from a cross site request forgery vulnerability.

Apache OFBiz version 17.12.03 suffers from a cross site request forgery vulnerability.

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.

Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.

WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.

Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.

Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability.