Author: Cyberthreat Blog

SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.

svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the “Command Shell” menu item while in the directory trunk/$(xeyes).

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not “burn” a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers...