Author: Cyberthreat Blog

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.

CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php – for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.

WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.

Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name...

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of...