>> TAG: #0day

HiSilicon Video Encoders – RCE via unauthenticated command injection

HiSilicon Video Encoders – Unauthenticated file disclosure via path traversal

HiSilicon Video Encoders – Full admin access via backdoor password

HiSilicon video encoders – RCE via unauthenticated upload of malicious firmware

HiSilicon Video Encoders – Unauthenticated RTSP buffer overflow (DoS)

Jenkins 2.63 – Sandbox bypass in pipeline: Groovy plug-in

Hostel Management System 2.1 – Cross Site Scripting (Multiple Fields)

Employee Management System 1.0 – Authentication Bypass

Alumni Management System 1.0 – Authentication Bypass

Employee Management System 1.0 – Cross Site Scripting (Stored)