>> TAG: #0day

Bolt CMS 3.7.0 – Authenticated Remote Code Execution

LimeSurvey 4.1.11 – ‘File Manager’ Path Traversal

AIDA64 Engineer 6.20.5300 – ‘Report File’ filename Buffer Overflow (SEH)

Pandora FMS 7.0NG – ‘net_tools.php’ Remote Code Execution

DiskBoss 7.7.14 – ‘Input Directory’ Local Buffer Overflow (PoC)

DiskBoss 7.7.14 – Denial of Service (PoC)

10Strike LANState 9.32 – ‘Force Check’ Buffer Overflow (SEH)

FlashFXP 4.2.0 Build 1730 – Denial of Service (PoC)

Grandstream UCM6200 Series CTI Interface – ‘user_password’ SQL Injection

DLINK DWL-2600 – Authenticated Remote Command Injection (Metasploit)