>> TAG: #0day

Dolibarr ERP/CRM 11.0.4 – File Upload Restrictions Bypass (Authenticated RCE)

Ext2Fsd v0.68 – ‘Ext2Srv’ Unquoted Service Path

MyBB 1.8.25 – Poll Vote Count SQL Injection

Hotel And Lodge Management System 1.0 – ‘Customer Details’ Stored XSS

Codiad 2.8.4 – Remote Code Execution (Authenticated)

Winpakpro 4.8 – ‘GuardTourService’ Unquoted Service Path

Winpakpro 4.8 – ‘WPCommandFileService’ Unquoted Service Path

Winpakpro 4.8 – ‘ScheduleService’ Unquoted Service Path

WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 – Path Traversal

MacPaw Encrypto 1.0.1 – ‘Encrypto Service’ Unquoted Service Path