SonicWall NetExtender version 10.2.0.300 suffers from an unquoted service path vulnerability.
Cyberoam NetGenie with a firmware version of C0101B1-20141120-NG11VO suffers from a cross site scripting vulnerability.
GeoVision Geowebserver versions 5.3.3 and below suffer from code execution, cross site request forgery, cross site scripting, html injection, and local file inclusion vulnerabilities.
This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.
crossfire-server 1.9.0 – ‘SetUp()’ Remote Buffer Overflow
Simple Image Gallery 1.0 – Remote Code Execution (RCE) (Unauthenticated)
COVID19 Testing Management System 1.0 – ‘Multiple’ SQL Injections
Crime records Management System 1.0 – ‘Multiple’ SQL Injection (Authenticated)
This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.
Tiny Java Web Server and Servlet Container versions 1.115 and below suffer from a cross site scripting vulnerability.