DuckieTV CMS version 1.1.5 suffers from a local file inclusion vulnerability.
E-Sic Software livre CMS version 1.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker can embed malicious script code in the title of the faq.
There exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. The SEH record is overwritten with a "POP,POP,RET" pointer from the application library libspp.dll. This exploit has been successfully tested on Windows XP, 7 and 10 (x86->x64). It should work against all versions of Windows and service packs.
Typo3 Restler extension version 1.7.0 suffers from a local file disclosure vulnerability.
Lors de ce premier sommet, la fondation à but non lucratif Cloud Foundry a notamment annoncé des progrès sur les conteneurs et l’ouverture (...)
Nicolas Leblanc vient d’intégrer le fournisseur de systèmes hyperconvergés Nutanix en tant que directeur senior pour les marchés (...)
The BouquetEditor plugin for Dreambox 2.0.0 suffers from a cross site scripting vulnerability.
PHP Melody version 2.7.3 suffers from cross site scripting and SQL injection vulnerabilities.
This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way "WinSxS" works in Windows systems. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also).