>> AUTHOR: deepcore

ECTouch ECShop version 2.7.3 suffers from a remote SQL injection vulnerability.

An insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still is not atomic.

Citrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability.

Employee Leaves Management System version 2.0 suffers from a cross site request forgery vulnerability.

ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.

This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko)….

D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.