CuteNews version 2.1.2 Avatar upload remote shell upload exploit. Original discovery of remote shell upload in this version is attributed to Ozkan Mustafa Akkus in April of 2019.
VestaCP version 0.9.8 suffers from a cross site request forgery that can be leveraged to add remote ssh access.
Backdoor.Win32.Agent.mzn malware suffers from a buffer overflow vulnerability.
Hestia Control Panel 1.3.2 – Arbitrary File Write
SEO Panel 4.8.0 – ‘order_col’ Blind SQL Injection
rConfig 3.9.6 – Arbitrary File Upload to Remote Code Execution (Authenticated)
VestaCP 0.9.8 – ‘v_interface’ Add IP Stored XSS
VFS for Git 1.0.21014.1 – ‘GVFS.Service’ Unquoted Service Path
Alphaware E-Commerce System version 1.0 suffers from unauthenticated remote shell upload and remote SQL injection vulnerabilities.
GeoGebra Classic version 5.0.631.0-d suffers from a denial of service vulnerability.