D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43101/ https://packetstormsecurity.com/files/144430/D-Park-Pro-Domain-Parking-Script-1.0-SQL-Injection.html
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43102/ https://packetstormsecurity.com/files/144431/Ingenious-School-Management-System-2.3.0-Arbitrary-File-Upload.html
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. Date published : 2017-10-29 https://packetstormsecurity.com/files/144456/ConverTo-Video-Downloader-And-Converter-1.4.1-Arbitrary-File-Download.html
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. Date published : 2017-10-28 https://github.com/hessu/bchunk/issues/2 https://www.debian.org/security/2017/dsa-4026
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. Date published : 2017-10-28 https://github.com/hessu/bchunk/issues/1 https://www.debian.org/security/2017/dsa-4026
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. Date published : 2017-10-28 https://github.com/hessu/bchunk/issues/1 https://www.debian.org/security/2017/dsa-4026
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. Date published : 2017-10-27 http://www.securityfocus.com/bid/72510...
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. Date published : 2017-10-27...
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL....
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element. Date published : 2017-10-27 http://www.securityfocus.com/bid/91736 http://www.securityfocus.com/bid/91738
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. Date published...
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. Date published : 2017-10-27 http://www.securityfocus.com/bid/101563 https://fortiguard.com/psirt/FG-IR-17-113
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or...
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may...