>> TAG: #0day

WordPress Plugin JoomSport 3.3 – SQL Injection

Google Chrome 74.0.3729.0 / 76.0.3789.0 – Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability

macOS iMessage – Heap Overflow when Deserializing

Apache Tika 1.15 – 1.17 – Header Command Injection (Metasploit)

Sar2HTML 3.2.1 – Remote Command Execution

Rest – Cafe and Restaurant Website CMS – ‘slug’ SQL Injection

1CRM On-Premise Software 8.5.7 – Persistent Cross-Site Scripting

Ultimate Loan Manager 2.0 – Cross-Site Scripting

WebIncorp ERP – SQL injection

Oracle Hyperion Planning 11.1.2.3 – XML External Entity