Author: Cyberthreat Blog

ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).

Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when “boot protocol” is set to None, which might allow remote attackers to communicate with a system designated...

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) “by” parameter to...

Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI.