OpenEMR 5.0.0 – Remote Code Execution (Authenticated)
>> ARCHIVE: 2021-06
OpenEMR 5.0.0 – Remote Code Execution (Authenticated)
Microsoft SharePoint Server 16.0.10372.20060 – ‘GetXmlDataFromDataSource’ Server-Side Request Forgery (SSRF)
Cerberus FTP Web Service 11 – ‘svg’ Stored Cross-Site Scripting (XSS)
Accela Civic Platform 21.1 – ‘servProvCode’ Cross-Site-Scripting (XSS)
n+otes version 1.6.2 suffers from a denial of service vulnerability.
Sticky Notes Widget version 3.0.6 suffers from a denial of service vulnerability.
EasyFTP Server version 1.7.0.11 XRMD denial of service proof of concept exploit.
memono Notepad 4.2 denial of service proof of concept exploit.
TextPattern CMS version 4.8.7 suffers from a persistent cross site scripting vulnerability.
Student Result Management System version 1.0 remote SQL injection exploit. This is a variant of the original discovery of SQL injection in this version by Ritesh Gohil.