Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 – Remote Code Execution (RCE)
>> AUTHOR: deepcore
Contao 4.13.2 – Cross-Site Scripting (XSS)
Zyxel USG FLEX 5.21 – OS Command Injection
Microweber CMS 1.2.15 – Account Takeover
Telesquare SDT-CW3B1 1.1.0 – OS Command Injection
SolarView Compact 6.00 – Directory Traversal
Real Player versions 16.00.282, 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from external::Import() arbitrary file download and directory traversal vulnerabilities that lead to remote code execution.
The G2 Control component in Real Player version 20.0.8.310 suffer from remote code execution vulnerability.
Real Player versions 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from a DCP:// URI remote code execution vulnerability.
Avantune Genialcloud ProJ version 10 suffers from a cross site scripting vulnerability.