Author: Cyberthreat Blog

Gajim through 0.16.7 unconditionally implements the “XEP-0146: Remote Controlling Clients” extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a...

A potential execution of unauthorized code or commands vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.2 and below allows attacker to potentially overwrite an existing file via the...

An escalation of privilege vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.3 and below allows an attacker to gain root privilege via the subproc file.

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.