>> CATEGORY: Security

Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 – Arbitrary File Upload

WordPress Plugin WooCommerce – GloBee (cryptocurrency) Payment Gateway 1.1.1 – Payment Bypass / Unauthorized Order Status Spoofing

MyBB Trash Bin Plugin 1.1.3 – Cross-Site Scripting / Cross-Site Request Forgery

Navicat for Oracle 12.1.15 – “Password” Denial of Service (PoC)

VSCO 1.1.1.0 – Denial of Service (PoC)

Jinja2 2.10 – ‘from_string’ Server Side Template Injection

qdPM 9.1 – ‘search_by_extrafields[]’ SQL Injection

Free IP Switcher 3.1 – ‘Computer Name’ Denial of Service (PoC)

AirMore 1.6.1 – Denial of Service (PoC)

UniSharp Laravel File Manager 2.0.0-alpha7 – Arbitrary File Upload