>> ARCHIVE: 2020-04

CSZ CMS version 1.2.7 suffers from a persistent cross site scripting vulnerability.

CSZ CMS version 1.2.7 suffers from an html injection vulnerability.

IQrouter firmware version 3.3.1 suffers from a remote code execution vulnerability.

NSClient++ version 0.5.2.35 suffers from an authenticated remote code execution vulnerability.

Spiderman2 version 2.1.1 suffers from a buffer overflow vulnerability.

jizhi CMS version 1.6.7 suffers from an arbitrary file download vulnerability.

Sysaid version 20.1.11 b26 suffers from an AJP13 remote command execution vulnerability.

PMB version 5.6 suffers from a remote SQL injection vulnerability.

P5 FNIP-8x16A / FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from cross site request forgery and cross site scripting vulnerabilities.

Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.