>> CATEGORY: Security

CMSUno 1.6.2 – ‘lang/user’ Remote Code Execution (Authenticated)

jQuery UI 1.12.1 – Denial of Service (DoS)

STVS ProVision 5.9.10 – File Disclosure (Authenticated)

STVS ProVision 5.9.10 – Cross-Site Request Forgery (Add Admin)

Openlitespeed Web Server 1.7.8 – Command Injection (Authenticated)

Cemetry Mapping and Information System 1.0 – ‘user_email’ Sql Injection (Authentication Bypass)

Simple College Website 1.0 – ‘name’ Sql Injection (Authentication Bypass)

Simple College Website 1.0 – ‘full’ Stored Cross Site Scripting

Tenda AC5 AC1200 Wireless – ‘WiFi Name & Password’ Stored Cross Site Scripting

Oracle WebLogic Server 12.2.1.0 – RCE (Unauthenticated)