>> TAG: #0day

SolarView Compact 6.0 – OS Command Injection

Showdoc 2.10.3 – Stored Cross-Site Scripting (XSS)

F5 BIG-IP 16.0.x – Remote Code Execution (RCE)

Royal Event Management System 1.0 – ‘todate’ SQL Injection (Authenticated)

College Management System 1.0 – ‘course_code’ SQL Injection (Authenticated)

TLR-2005KSH – Arbitrary File Delete

TCQ – ITeCProteccioAppServer.exe – Unquoted Service Path

SAP BusinessObjects Intelligence 4.3 – XML External Entity (XXE)

DLINK DIR850 – Insecure Access Control

Ruijie Reyee Mesh Router – Remote Code Execution (RCE) (Authenticated)