Both the bcoos and E-xoops DevTracker modules are susceptible to cross site scripting vulnerabilities. This affects bcoos versions 1.1.11 and below and E-xoops versions 1.0.8 and below.
Multiple security vulnerabilities such as cross site scripting and SQL injection have been discovered in Cacti versions 0.8.7a and below. Full exploitation details provided.
Portcullis Security Advisory - The Cisco Unified CallManager is vulnerable to multiple SQL injections in the user interface as well as in the administration interface. Affected versions include 5.0.4.2000-1, 5.1, 6.0, and 6.1.
Core Security Technologies Advisory - A vulnerability was found in VMware's shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host's file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it. Proof of concept code included.
Core Security Technologies Advisory - The VideoLAN (VLC) media player package is vulnerable to an arbitrary memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. VLC versions 0.8.6d and below and Miro Player versions 1.1 and below are vulnerable. Proof of concept code included.
Exploit for Opium OPI Server versions 4.10.1028 and below along with a large amount of cyanPrintIP products that suffer from a format string vulnerability in ReportSysLogEvent as well as a server crash flaw.