SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.
View Full Alert
Related Posts
CVE-2018-21255 (mattermost_server)An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel. View Full Alert
CVE-2018-21254 (mattermost_server)An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command. View Full Alert
CVE-2018-17792MDaemon Webmail (formerly WorldClient) has CSRF. View Full Alert
