October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.
>> ARCHIVE: 2020-08
Daily Expenses Management System 1.0 – ‘username’ SQL Injection
RTSP for iOS 1.0 – ‘IP Address’ Denial of Service (PoC)
Mocha Telnet Lite for iOS 4.2 – ‘User’ Denial of Service (PoC)
Pi-hole 4.3.2 – Remote Code Execution (Authenticated)
Setup UGEEK UPS3 HAT on Raspberry.
Daily Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Daily Tracker System version 1.0 suffers from a cross site scripting vulnerability.
Online Bike Rental version 1.0 suffers from a remote shell upload vulnerability.
Online Shopping Alphaware version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.