Wing FTP Server version 6.2.3 suffers from a privilege escalation vulnerability.
>> AUTHOR: deepcore
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege.
Microsoft Exchange 2019 version 15.2.221.12 suffers from an authenticated remote code execution vulnerability.
An issue in JSC leaves the data flow graph inconsistent. While fuzzing JavaScriptCore with fuzzilli, the researcher found a crash condition in JSC.
macOS and iOS have a vulnerability with ImageIO where memory safety issues occur when processing OpenEXR images.
GUnet OpenEclass 1.7.3 E-learning platform – ‘month’ SQL Injection
RICOH Aficio SP 5200S Printer – ‘entryNameIn’ HTML Injection
Alfresco 5.2.4 – Persistent Cross-Site Scripting
RICOH Aficio SP 5210SF Printer – ‘entryNameIn’ HTML Injection
Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.