>> ARCHIVE: 2020-05

i-doit Open Source CMDB version 1.14.1 suffers from an arbitrary file deletion vulnerability.

Booked Scheduler version 2.7.7 suffers from an authenticated directory traversal vulnerability.

MPC Sharj version 3.11.1 suffers from an arbitrary file download vulnerability.

Pisay Online E-Learning System version 1.0 suffers from remote SQL Injection and code execution vulnerabilities.

YesWiki cercopitheque version 2020.04.18.1 suffers from a remote SQL injection vulnerability.

webTareas version 2.0.p8 suffers from an arbitrary file deletion vulnerability.

Online Clothing Store version 1.0 suffers from a remote SQL injection vulnerability.

Online Clothing Store version 1.0 suffers from a persistent cross site scripting vulnerability.

Extreme Networks Aerohive HiveOS versions 11.x and below remote denial of service exploit. An unauthenticated malicious user can trigger a denial of service (DoS) attack when sending specific application layer…

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface…