A chain of vulnerabilities in Arcserve Unified Data Protection allows unauthenticated remote attackers to execute system commands.

An Authentication bypass and a .NET deserialization vulnerability allows unauthenticated remote attackers to execute system commands in Progress Telerik Report Server.

An authentication bypass vulnerability in Jetbrains TeamCity allows unauthenticated remote attackers to execute OS system commands.

Hard-coded credentials for the diagnostics user can be used to authenticate in the UCMDB component.

Then a java deserialization vulnerability present in several endpoints of the UCMDB service can be used to execute OS commands.

This module uses an authentication bypass and a SQL injection vulnerability in order to upload and execute a JSP file in the Wildfly virtual file system webapps directory.



This update fixes OS detection when detecting DCNM version.

This module uses an authentication bypass and a SQL injection vulnerability in order to upload and execute a JSP file in the Wildfly virtual file system webapps directory.

Apache CouchDB contains an Authentication Bypass vulnerability and a OS Command Injection vulnerability, which allows attackers to gain arbitrary code execution on the affected system.

Dell EMC Data Protection Advisor contains an Authentication Bypass vulnerability and a OS Command Injection vulnerability, which allows attackers to gain arbitrary code execution on the affected system.

Tp-link EAP Controller does not handle privilege management correctly so a non privileged user can execute privileged actions. This module will try to change the device's settings and enable ssh in order to take control of the managed Access Points.

This module uses an unauthenticated deserialization vulnerability in Magento eCommerce Web Sites to perform an arbitrary write file to gain arbitrary PHP code execution on the affected system.