Barco wePresent WiPG-1600W version 2.5.1.8 has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system…
>> AUTHOR: deepcore
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image.
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.
PESCMS TEAM version 2.3.2 suffers from multiple cross site scripting vulnerabilities.
xuucms version 3 suffers from a remote SQL injection vulnerability.
Fortinet FortiOS version 6.0.4 suffers from an unauthenticated SSL VPN user password modification vulnerability.
Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.
M/Monit version 3.7.4 suffers from a password disclosure vulnerability.
M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.
Nagios Log Server version 2.1.7 suffers from a persistent cross site scripting vulnerability.