SPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.
>> ARCHIVE: 2019-03
PCMan FTP Server version 2.0 CDUP remote buffer overflow exploit.
DASAN H660RM allows for unauthenticated ping access, has a hardcoded key for encryption, and logs sensitive information into /tmp.
WordPress article2pdf plugin versions 0.24 and above suffer from resource exhaustion, arbitrary file download, and file deletion vulnerabilities.
RedTeam Pentesting discovered that the shell function “getopt_simple”, as presented in the “Advanced Bash-Scripting Guide”, allows execution of attacker-controlled commands.
Spidermonkey – IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
Microsoft Windows 7/2008 – ‘Win32k’ Denial of Service (PoC)
SJS Simple Job Script – SQL Injection / Cross-Site Scripting
Titan FTP Server Version 2019 Build 3505 – Directory Traversal / Local File Inclusion
XooDigital – ‘p’ SQL Injection