Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. Date published : 2017-09-27 http://www.securityfocus.com/bid/76670 https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0
The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. Date published : 2017-09-27 http://www.securityfocus.com/bid/76666 https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. Date...
Vulnerability in WordPress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. Date published : 2017-09-27 BackWPup – WordPress Backup & Restore Plugin http://www.vapidlabs.com/advisory.php?v=201
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view...
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. Date published : 2017-09-27 http://www.securityfocus.com/bid/101056 https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. Date published : 2017-09-27 https://www.exploit-db.com/exploits/42805/
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. Date published : 2017-09-27 https://www.exploit-db.com/exploits/42802/
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. Date published : 2017-09-27 https://www.exploit-db.com/exploits/42800/
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. Date published : 2017-09-27 https://www.exploit-db.com/exploits/42801/
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. Date published : 2017-09-27 https://www.exploit-db.com/exploits/42804/
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. Date published : 2017-09-27 https://www.exploit-db.com/exploits/42798/
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. Date published : 2017-09-27 https://www.exploit-db.com/exploits/42799/