Category: Security

[webapps] Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 – Arbitrary File Upload

[webapps] WordPress Plugin WooCommerce – GloBee (cryptocurrency) Payment Gateway 1.1.1 – Payment Bypass / Unauthorized Order Status Spoofing

[webapps] MyBB Trash Bin Plugin 1.1.3 – Cross-Site Scripting / Cross-Site Request Forgery

[dos] Navicat for Oracle 12.1.15 – "Password" Denial of Service (PoC)

[dos] VSCO 1.1.1.0 – Denial of Service (PoC)

[webapps] Jinja2 2.10 – 'from_string' Server Side Template Injection

[webapps] qdPM 9.1 – 'search_by_extrafields[]' SQL Injection

[dos] Free IP Switcher 3.1 – 'Computer Name' Denial of Service (PoC)

[dos] AirMore 1.6.1 – Denial of Service (PoC)

[webapps] UniSharp Laravel File Manager 2.0.0-alpha7 – Arbitrary File Upload