ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.
[webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation
Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation
[webapps] SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting
SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting
[webapps] Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting
Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting
[webapps] Online Shopping Alphaware 1.0 – 'id' SQL Injection
Online Shopping Alphaware 1.0 – ‘id’ SQL Injection
[webapps] WordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)
WordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)
[local] ASX to MP3 converter 3.1.3.7.2010.11.05 – '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC)
ASX to MP3 converter 3.1.3.7.2010.11.05 – ‘.wax’ Local Buffer Overflow (DEP,ASLR Bypass) (PoC)
[webapps] Mida eFramework 2.9.0 – Remote Code Execution
Mida eFramework 2.9.0 – Remote Code Execution
Ericom Access Server 9.2.0 Server-Side Request Forgery
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is […]
LimeSurvey 4.3.10 Cross Site Scripting
LimeSurvey version 4.3.10 suffers from a persistent cross site scripting vulnerability.