ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.
>> ARCHIVE: 2020-08
Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation
SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting
Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting
Online Shopping Alphaware 1.0 – ‘id’ SQL Injection
WordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)
ASX to MP3 converter 3.1.3.7.2010.11.05 – ‘.wax’ Local Buffer Overflow (DEP,ASLR Bypass) (PoC)
Mida eFramework 2.9.0 – Remote Code Execution
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that…
LimeSurvey version 4.3.10 suffers from a persistent cross site scripting vulnerability.