>> TAG: #0day

Neowise CarbonFTP 1.4 – Insecure Proprietary Password Encryption

CSZ CMS 1.2.7 – Persistent Cross-Site Scripting

PMB 5.6 – ‘logid’ SQL Injection

Atomic Alarm Clock 6.3 – Stack Overflow (Unicode+SEH)

Centreon 19.10.5 – ‘id’ SQL Injection

Fork CMS 5.8.0 – Persistent Cross-Site Scripting

Nsauditor 3.2.1.0 – Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))

Rubo DICOM Viewer 2.0 – Buffer Overflow (SEH)

Atomic Alarm Clock x86 6.3 – ‘AtomicAlarmClock’ Unquoted Service Path

Unraid 6.8.0 – Auth Bypass PHP Code Execution (Metasploit)