By abusing document's event feature in LibreOffice and the LibreLogo script, an attacker can execute arbitrary python code from within a malicious document silently, without user warning.

This module performs a bypass of CVE-2019-9848 by using global script events.

Adobe ColdFusion is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JNBridge protocol.

By abusing document's event feature in LibreOffice and the LibreLogo script, an attacker can execute arbitrary python code from within a malicious document silently, without user warning.

By abusing document's event feature in LibreOffice and the LibreLogo script, an attacker can execute arbitrary python code from within a malicious document silently, without user warning.

Server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions.



If an SMTP server has been configured, then an unauthenticated user can execute code on vulnerable systems using the ContactAdministrators action if the "Contact Administrators Form" is enabled; or an authenticated user can execute code on vulnerable systems using the SendBulkMail action if the user has "JIRA Administrators" access.

Cisco Data Center Network Manager is vulnerable to an authenticated arbitrary file upload, which allows to upload a WAR file to the Apache Tomcat webapps directory.



The Apache Tomcat webapps directory can be determined using a information disclosure vulnerability.



Authentication can be bypassed on versions 10.4(2) and below.

The pdkinstall development plugin is incorrectly enabled in release builds of Atlassian Crowd and Crowd Data Center. An attacker can leverage this vulnerability to install a malicious plugin and execute code in the system.

An unauthenticated attacker can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.

The attacker must have network access to the Oracle Weblogic Server T3 interface.

The TarArchive class blindly extracts tar archives without checking for directory traversals. An attacker can leverage this vulnerability to execute code in the system.

The Widget Connector macro in Atlassian Confluence Server allows remote attackers to achieve path traversal and remote code execution via server-side template injection.



This update adds support to control the FTP Server port number and socket timeout.