>> CATEGORY: Security

jizhi CMS 1.6.7 – Arbitrary File Download

P5 FNIP-8x16A FNIP-4xSH 1.0.20 – Cross-Site Request Forgery (Add Admin)

Neowise CarbonFTP 1.4 – Insecure Proprietary Password Encryption

CSZ CMS 1.2.7 – Persistent Cross-Site Scripting

PMB 5.6 – ‘logid’ SQL Injection

Atomic Alarm Clock 6.3 – Stack Overflow (Unicode+SEH)

Centreon 19.10.5 – ‘id’ SQL Injection

Fork CMS 5.8.0 – Persistent Cross-Site Scripting

Nsauditor 3.2.1.0 – Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))

Rubo DICOM Viewer 2.0 – Buffer Overflow (SEH)