Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php page, as well as on the list.php page (a pop-up…
Joker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers. A farewell message posted by Joker’s…
Xwiki CMS version 12.10.2 suffers from a cross site scripting vulnerability.
MaskPE by yzkzero is a tool for implanting backdoors in existing PE files. The backdoor tool does not properly check the files it loads and falls victim to a file based local buffer overflow.
ZynOS scanning script that exploits an unauthenticated rom-o file disclosure containing the router password.
Backdoor.Win32.Mnets malware suffers from a remote stack buffer overflow vulnerability.
Backdoor.Win32.Whgrx malware suffers from a remote host header stack buffer overflow vulnerability.
Red Hat Security Advisory 2021-0164-01 – PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
Life Insurance Management System version 1.0 suffers from a remote shell upload vulnerability.