>> TAG: #0day

PHP-SHOP master 1.0 – Cross-Site Request Forgery (Add admin)

Learning with Texts 1.6.2 – ‘start’ SQL Injection

OwnTicket 1.0 – ‘TicketID’ SQL Injection

BigTree CMS 4.2.23 – Cross-Site Scripting

FLIR AX8 Thermal Camera 1.32.16 – Hard-Coded Credentials

Any Sound Recorder 2.93 – Buffer Overflow (SEH)

Time and Expense Management System 3.0 – Cross-Site Request Forgery (Add Admin)

TP-Link TL-SC3130 1.6.18 – RTSP Stream Disclosure

Navigate CMS 2.8.5 – Arbitrary File Download

Navigate CMS 2.8.5 – Arbitrary File Download