Author: Cyberthreat Blog

A directory traversal vulnerability exists in coreadminajaxdeveloperextensionsfile-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via .. sequences in the directory...

A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.

Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system’s embedded controller, which could cause a denial of service attack on the system or the ability to...