OpenEMR 5.0.0 – Remote Code Execution (Authenticated)
>> AUTHOR: deepcore
OpenEMR 5.0.0 – Remote Code Execution (Authenticated)
Microsoft SharePoint Server 16.0.10372.20060 – ‘GetXmlDataFromDataSource’ Server-Side Request Forgery (SSRF)
Cerberus FTP Web Service 11 – ‘svg’ Stored Cross-Site Scripting (XSS)
Accela Civic Platform 21.1 – ‘servProvCode’ Cross-Site-Scripting (XSS)
n+otes version 1.6.2 suffers from a denial of service vulnerability.
Sticky Notes Widget version 3.0.6 suffers from a denial of service vulnerability.
EasyFTP Server version 1.7.0.11 XRMD denial of service proof of concept exploit.
memono Notepad 4.2 denial of service proof of concept exploit.
TextPattern CMS version 4.8.7 suffers from a persistent cross site scripting vulnerability.
GravCMS version 1.10.7 unauthenticated arbitrary YAML write/update exploit. This is a variant exploit of the original discovery made by Mehmet Ince in April of 2021.