New research:

Overview of Serbian banks security vulnerabilities

Input passed via the email subject is not properly sanitised before being used in the WorldClient Summary page. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Details

Input passed to the "value" POST parameter in /sites/all/modules/contrib/datatables/dataTables/m
edia/examples_support/editable_ajax.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Details

 

 

The vulnerability is caused due to a NULL pointer dereference error when handling errors and can be exploited to cause the process to crash via e.g. a large HTTP "Content-Length" header value.

A vulnerability has been discovered in UltraVNC Viewer, which can be exploited by malicious people to compromise a user's system.

Input appended to the URL after admin/components.php, admin/resetpassword.php, admin/settings.php, admin/support.php, admin/theme-edit.php, and admin/theme.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.