Packet Storm

helloGTX Travel Portal CRM version 1.6 suffers from an insecure direct object reference vulnerability.

FlatApp Premium Admin Dashboard version 1.0 suffers from a remote SQL injection vulnerability.

Greeva version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Easy Web Portal version 2.1.1 suffers from a cross site scripting vulnerability.

Easy Password Manager version 1.1 suffers from an administrative information disclosure vulnerability.

Easy Member Pro version 3.0 suffers from an insecure direct object reference vulnerability.

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

The Microsoft Windows Kernel CmDeleteLayeredKey may delete predefined tombstone keys, leading to security descriptor use-after-free.

The Microsoft Windows Kernel may reference rolled-back transacted keys through differencing hives.

The Microsoft Windows Kernel may reference unbacked layered keys through registry virtualization.