>> TAG: #0day

Victor CMS 1.0 – ‘comment_author’ Persistent Cross-Site Scripting

Victor CMS 1.0 – Authenticated Arbitrary File Upload

Pi-Hole – heisenbergCompensator Blocklist OS Command Execution (Metasploit)

Online Examination System 1.0 – ‘eid’ SQL Injection

WordPress Plugin Ajax Load More 5.3.1 – ‘#1’ Authenticated SQL Injection

forma.lms The E-Learning Suite 2.3.0.2 – Persistent Cross-Site Scripting

Oracle Hospitality RES 3700 5.7 – Remote Code Execution

Monstra CMS 3.0.4 – Authenticated Arbitrary File Upload

online Chatting System 1.0 – ‘id’ SQL Injection

Online Healthcare Patient Record Management System 1.0 – Authentication Bypass