FreeSWITCH versions 1.10.6 and below fails to authenticate SIP MESSAGE requests, leading to spam and message spoofing vulnerabilities.
>> AUTHOR: deepcore
WordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018.
Gestionale Open version 11.00.00 suffers from a local privilege escalation vulnerability.
FreeSWITCH versions 1.10.5 and below fail to authenticate SIP SUBSCRIBE requests by default.
FreeSWITCH versions 1.10.6 and below suffer from a denial of service vulnerability when handling invalid SRTP packets.
FreeSWITCH versions 1.10.6 and below suffer from a denial of service vulnerability when handling invalid SRTP packets.
WordPress Plugin Filterable Portfolio Gallery 1.0 – ‘title’ Stored Cross-Site Scripting (XSS)
WordPress Plugin Filterable Portfolio Gallery 1.0 – ‘title’ Stored Cross-Site Scripting (XSS)
Hikvision Web Server Build 210702 – Command Injection
Engineers Online Portal 1.0 – File Upload Remote Code Execution (RCE)