>> TAG: #0day

Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 – Directory Traversal

Joomla! Component Jimtawl 2.1.6 – Arbitrary File Upload

Joomla! Component JMS Music 1.1.1 – SQL Injection

Linux/x64 – Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

Joomla! Component JEXTN Reverse Auction 3.1.0 – SQL Injection

Joomla! Component JE PayperVideo 3.0.0 – ‘usr_plan’ SQL Injection

IPSwitch MOVEit 8.1 < 9.4 – Cross-Site Scripting

Microsoft Windows Subsystem for Linux – Local Privilege Escalation

Advance Loan Management System – ‘id’ SQL Injection

Fancy Clone Script – ‘search_browse_product’ SQL Injection