>> CATEGORY: Security

SAPSprint 7.60 – ‘SAPSprint’ Unquoted Service Path

Huawei dg8045 – Authentication Bypass

TP-Link TL-WR841N – Command Injection

Adobe ColdFusion 8 – Remote Command Execution (RCE)

VMware vCenter Server RCE 6.5 / 6.7 / 7.0 – Remote Code Execution (RCE) (Unauthenticated)

Simple CRM 3.0 – ’email’ SQL injection (Authentication Bypass)

Online Library Management System 1.0 – Arbitrary File Upload Remote Code Execution (Unauthenticated)

Online Library Management System 1.0 – ‘Search’ SQL Injection

WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 – ‘date_answers’ Blind SQL Injection

WordPress Plugin WP Google Maps 8.1.11 – Stored Cross-Site Scripting (XSS)