Author: Cyberthreat Blog

Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be...

Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an ‘xxx.php[space]’ file, they could bypass a safety check and execute any code.

In libsamplerate before 1.0.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.

A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.