Author: Cyberthreat Blog

Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.

Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The ‘filter’ field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary...

The mad_decoder_run function in decoder.c in libmad 0.15.1b allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.

The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.