>> TAG: #0day

Online Clothing Store 1.0 – ‘username’ SQL Injection

webTareas 2.0.p8 – Arbitrary File Deletion

GitLab 12.9.0 – Arbitrary File Read

Saltstack 3000.2 – Remote Code Execution

Fishing Reservation System 7.5 – ‘uid’ SQL Injection

Oracle Database 11g Release 2 – ‘OracleDBConsoleorcl’ Unquoted Service Path

Online Scheduling System 1.0 – ‘username’ SQL Injection

webERP 4.15.1 – Unauthenticated Backup File Access

BlogEngine 3.3 – ‘syndication.axd’ XML External Entity Injection

SimplePHPGal 0.7 – Remote File Inclusion