OpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe.
The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell…
http://www.bpp1.go.th//images/fighter.gif notified by Royal Battler BD
Odoo 12.0.20190101 – ‘nssm.exe’ Unquoted Service Path
Microweber CMS 1.1.20 – Remote Code Execution (Authenticated)
PHP Timeclock 1.04 – ‘Multiple’ Cross Site Scripting (XSS)
TFTP Broadband 4.3.0.1465 – ‘tftpt.exe’ Unquoted Service Path
BOOTP Turbo 2.0.0.1253 – ‘bootpt.exe’ Unquoted Service Path
DHCP Broadband 4.1.0.1503 – ‘dhcpt.exe’ Unquoted Service Path
Human Resource Information System 0.1 – ‘First Name’ Persistent Cross-Site Scripting (Authenticated)