OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 – Remote Code Execution (Authenticated)
>> AUTHOR: deepcore
WordPress Plugin Smart Slider-3 3.5.0.8 – ‘name’ Stored Cross-Site Scripting (XSS)
IcoFX 2.6 – ‘.ico’ Buffer Overflow SEH + DEP Bypass using JOP
Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated)
Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated)
WordPress Plugin wpDiscuz 7.0.4 – Arbitrary File Upload (Unauthenticated)
FileCOPA FTP Server version 1.01 denial of service exploit.
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 suffer from a user enumeration vulnerability.
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user’s email address needed.
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user’s email address needed.