CVE-2017-11742
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an...
Read MoreAuthor: Cyberthreat Blog
CVE-2017-11744
In MODX Revolution 2.5.7, the “key” and “name” parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they...
Read MoreSMBLoris – the new SMB flaw, (Sun, Jul 30th)
While studying the infamous EternalBlue exploit about 2 months ago, researchers Sean Dillon (zerosum0x0) and Zach Harding (Aleph-Naught-) found a new flaw in the Server Message Block (SMB) protocol that could allow an adversary...
Read MoreCVE-2017-11736
SQL injection vulnerability in coreadminauto-modulesformsprocess.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
Read MoreCVE-2017-11737
interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.
Read More