waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 – ‘description’ Cross-Site Scripting
>> AUTHOR: deepcore
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 – ‘description’ Cross-Site Scripting
JumpStart 0.6.0.0 – ‘jswpbapi’ Unquoted Service Path
delpino73 Blue-Smiley-Organizer 1.32 – ‘datetime’ SQL Injection
ChaosPro 2.0 – Buffer Overflow (SEH)
WebKit – Universal XSS in HTMLFrameElementBase::isURLAllowed
This is a newer method to exploit php-fpm to achieve remote code execution when certain nginx with php-fpm configurations exist.
AUO SunVeillance Monitoring System version 1.1.9e suffers from an incorrect access control vulnerability.
AUO SunVeillance Monitoring System version 1.1.9e suffers from a remote SQL injection vulnerability.
ClonOs WEB UI 19.09 – Improper Access Control
Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities.