>> CATEGORY: Security

Citadel WebCit < 926 – Session Hijacking Exploit

Online Job Portal 1.0 – ‘userid’ SQL Injection

Mailman 1.x > 2.1.23 – Cross Site Scripting (XSS)

Online Examination System 1.0 – ‘name’ Stored Cross Site Scripting

WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 – Unauthenticated RCE via GET request

Nagios XI 5.7.3 – ‘mibs.php’ Remote Command Injection (Authenticated)

CSE Bookstore 1.0 – Authentication Bypass

TDM Digital Signage PC Player 4.1 – Insecure File Permissions

Adtec Digital Multiple Products – Default Hardcoded Credentials Remote Root

Sentrifugo 3.2 – File Upload Restriction Bypass (Authenticated)