Enghouse Interactive’s CCSP version 7.2.5 suffers from API related XML external entity injection server-side request forgery vulnerabilities.
>> ARCHIVE: 2019-05
SpotMSN version 2.4.6 denial of service proof of concept exploit.
DNSS Domain Name Search Software version 2.1.8 denial of service proof of concept exploit.
WordPress Form Maker plugin version 1.13.3 suffers from a remote SQL injection vulnerability.
Firefly CMS version 1.0 suffers from a remote command execution vulnerability.
XOOPS CMS version 2.5.9 suffers from a remote SQL injection vulnerability.
SalesERP version 8.1 suffers from a remote SQL injection vulnerability.
SOCA Access Control System version 180612 suffers from insecure direct object reference vulnerabilities that leak information like password hashes.
SOCA Access Control System version 180612 suffers from a cross site scripting vulnerability.
SOCA Access Control System version 180612 suffers from remote SQL injection vulnerabilities that allow for authentication bypass.