Patient Appointment Scheduler System 1.0 – Unauthenticated File Upload & Remote Code Execution (RCE)
>> AUTHOR: deepcore
FlatCore CMS 2.0.7 – Remote Code Execution (RCE) (Authenticated)
Argus Surveillance DVR 4.0 – Unquoted Service Path
SmartFTP Client 10.0.2909.0 – ‘Multiple’ Denial of Service
Patient Appointment Scheduler System 1.0 – Persistent/Stored XSS
Bus Pass Management System 1.0 – ‘viewid’ Insecure direct object references (IDOR)
OpenEMR 6.0.0 – ‘noteid’ Insecure Direct Object Reference (IDOR)
Windows Defender Application Guard suffers from a denial of service vulnerability when fed an overly long url.
jforum version 2.7.0 suffers from a persistent cross site scripting vulnerability.
Remote Mouse version 4.002 suffers from an unquoted service path vulnerability.