BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an authenticated remote code execution vulnerability.
[webapps] WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated)
WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated)
[webapps] Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated)
Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated)
[webapps] Projectsend r1295 – 'name' Stored XSS
Projectsend r1295 – ‘name’ Stored XSS
[webapps] Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated)
Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated)
[webapps] Strapi 3.0.0-beta – Set Password (Unauthenticated)
Strapi 3.0.0-beta – Set Password (Unauthenticated)
[local] MySQL User-Defined (Linux) x32 / x86_64 – 'sys_exec' Local Privilege Escalation (2)
MySQL User-Defined (Linux) x32 / x86_64 – ‘sys_exec’ Local Privilege Escalation (2)
[webapps] Usermin 1.820 – Remote Code Execution (RCE) (Authenticated)
Usermin 1.820 – Remote Code Execution (RCE) (Authenticated)
[webapps] Bus Pass Management System 1.0 – 'viewid' SQL Injection
Bus Pass Management System 1.0 – ‘viewid’ SQL Injection
[webapps] Strapi CMS 3.0.0-beta.17.4 – Remote Code Execution (RCE) (Unauthenticated)
Strapi CMS 3.0.0-beta.17.4 – Remote Code Execution (RCE) (Unauthenticated)