H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. Date published : 2018-04-11 https://www.exploit-db.com/exploits/44422/ http://blog.datomic.com/2018/03/important-security-update.html
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter. Date published : 2018-04-11 https://pastebin.com/aeqYLK9u
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter. Date published : 2018-04-11 https://pastebin.com/aQn3Cr2G
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. Date published : 2018-04-11 https://pastebin.com/UDEsFq3u
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft...
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. Date published : 2018-04-11 https://pastebin.com/QbhRJp4q
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. Date published : 2018-04-11 https://pastebin.com/RVdpLAT8
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet...
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. Date published : 2018-04-11 https://github.com/zxyxx/cmsms_vul
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. Date published : 2018-04-11 https://github.com/zxyxx/cmsms_vul
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. Date published : 2018-04-11 https://github.com/zxyxx/cmsms_vul
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. Date published : 2018-04-11 https://github.com/zxyxx/cmsms_vul
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7,...
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. Date published : 2018-04-11 https://github.com/zxyxx/cmsms_vul