>> CATEGORY: exploit

School ERP Ultimate version 2018 suffers from a remote SQL injection vulnerability.

The Open ISES Project version 3.30A suffers from an arbitrary file download vulnerability.

AjentiCP versions 1.2.23.13 and below suffer from a persistent cross site scripting vulnerability.

eNdonesia Portal version 8.7 suffers from a remote SQL injection vulnerability.

Traq version 3.7.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

Viva Visitor and Volunteer ID Tracking version 0.95.1 suffers from a remote SQL injection vulnerability.

VestaCP versions 0.9.8-22 and below suffer from multiple cross site scripting vulnerabilities.

libSSH suffers from an authentication bypass vulnerability.

WiFiRanger version 7.0.8rc3 suffers from an incorrect access control that allows for ftp retrieval of an RSA identity that an attacker can use to ssh in as root.

Viprinet VPN Hub Router suffers from a persistent cross site scripting vulnerability.