>> CATEGORY: Security

CSZ CMS 1.2.9 – ‘Multiple’ Blind SQLi(Authenticated)

PostgreSQL 9.3-11.7 – Remote Code Execution (RCE) (Authenticated)

Kramer VIAware 2.5.0719.1034 – Remote Code Execution (RCE)

ProtonVPN 1.26.0 – Unquoted Service Path

WordPress Plugin amministrazione-aperta 3.7.3 – Local File Read – Unauthenticated

ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Takeover

iRZ Mobile Router – CSRF to RCE

Ivanti Endpoint Manager 4.6 – Remote Code Execution (RCE)

Sysax FTP Automation 6.9.0 – Privilege Escalation

ICT Protege GX/WX 2.08 – Stored Cross-Site Scripting (XSS)