qdPM version 9.2 discloses the password and connection string for the database in an internet-accessible file.
Hotel Management System version 1.0 exploit that leverages a blind cross site scripting attack against the admin to have a reverse PHP shell uploaded.
ApacheOfBiz 17.12.01 – Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
qdPM 9.2 – DB Connection String and Password Exposure (Unauthenticated)
qdPM 9.1 – Remote Code Execution (RCE) (Authenticated)
WordPress Plugin WP Customize Login 1.1 – ‘Change Logo Title’ Stored Cross-Site Scripting (XSS)
Client Management System 1.1 – ‘cname’ Stored Cross-site scripting (XSS)
https://rayonghospital.go.th/pwn.htm notified by Toro
Hotel Management System version 1.0 exploit that leverages a blind cross site scripting attack against the admin to have a reverse PHP shell uploaded.
Men Salon Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.