DASAN H665 has a vendor backdoor built into BusyBox /bin/login that provides remote root access with no password.
>> CATEGORY: exploit
RealTerm Serial Terminal version 2.0.0.70 suffers from a denial of service vulnerability.
MISP version 2.4.97 suffers from SQL command execution via command injection in the STIX module.
Realterm Serial Terminal version 2.0.0.70 local buffer overflow SEH exploit.
Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell.
mIRC versions prior to 7.55 suffer from a remote command execution using argument injection through custom URI protocol handlers.
CMSsite version 1.0 suffers from a remote SQL injection vulnerability in post.php. This version of the software has been known to have SQL injection vulnerabilities since 2010.
Apache CouchDB version 2.3.0 suffers from multiple cross site scripting vulnerabilities.
qdPM version 9.1 suffers from multiple cross site scripting vulnerabilities.
ArangoDB Community Edition version 3.4.2-1 suffers from a cross site scripting vulnerability.