D-Link DIR-850L,firmware versions 1.14B07,2.07.B05,and possibly others,contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected.
Flash Seats Mobile App for Android,version 1.7.9 and earlier,and for iOS,version 1.9.51 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.
PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types.
According to the reporter,ACTi devices including D,B,I,and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues.
The dotCMS administration panel is vulnerable to cross-site request forgery,and the"Push Publishing"feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected.
Sage XRT Treasury,version 3,fails to properly restrict database access to authorized users,which may enable any authenticated user to gain full access to privileged database functions.
Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured.
VU#745607: Accellion FTP server contains information exposure and cross-site scripting vulnerabilities
The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting and information exposure.
Microsoft Windows contains a memory corruption bug in the handling of SMB traffic,which may allow a remote,unauthenticated attacker to cause a denial of service on a vulnerable system.
SHDesigns' Resident Download Manager(as well as the Ethernet Download Manager)does not authenticate firmware downloads before executing code and deploying them to devices.
The Cisco WebEx extensions for Chrome,Firefox,and Internet Explorer allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable Windows system.
CodeLathe FileCloud,version 188.8.131.52841 and earlier,is vulnerable to cross-site request forgery(CSRF).