>> ARCHIVE: 2020-12

EgavilanMedia My To Do List version 1.0 suffers from a persistent cross site scripting vulnerability.

URVE Software build version 24.03.2020 suffers from an authentication bypass that allows for remote code execution.

Philips Hue hubs suffer from a denial of service vulnerability via simple SYN floods.

URVE Software build version 24.03.2020 suffers from a missing authorization vulnerability.

URVE Software build version 24.03.2020 suffers from an information disclosure vulnerability that leaks passwords.

CHMSC Elearning System version 1.0 suffers from a remote SQL injection vulnerability.

SEOPanel version 4.6.0 suffers from multiple cross site scripting vulnerabilities.

Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it…

HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.