Month: October 2021

[webapps] WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated)

[local] Netgear Genie 2.4.64 – Unquoted Service Path

[webapps] Engineers Online Portal 1.0 – 'id' SQL Injection

[webapps] Engineers Online Portal 1.0 – 'multiple' Authentication Bypass

[webapps] Engineers Online Portal 1.0 – 'multiple' Stored Cross-Site Scripting (XSS)

[local] Gestionale Open 11.00.00 – Local Privilege Escalation

[webapps] Online Event Booking and Reservation System 1.0 – 'reason' Stored Cross-Site Scripting (XSS)

[webapps] Balbooa Joomla Forms Builder 2.0.6 – SQL Injection (Unauthenticated)

[local] OpenClinic GA 5.194.18 – Local Privilege Escalation

[webapps] Build Smart ERP 21.0817 – 'eidValue' SQL Injection (Unauthenticated)