>> TAG: #0day

Compro Technology IP Camera – ‘Multiple’ Credential Disclosure

Compro Technology IP Camera – ‘ index_MJpeg.cgi’ Stream Disclosure

WPanel 4.3.1 – Remote Code Execution (RCE) (Authenticated)

Confluence Server 7.12.4 – ‘OGNL injection’ Remote Code Execution (RCE) (Unauthenticated)

Traffic Offense Management System 1.0 – SQLi to Remote Code Execution (RCE) (Unauthenticated)

WordPress Plugin Payments Plugin | GetPaid 2.4.6 – HTML Injection

Telegram Desktop 2.9.2 – Denial of Service (PoC)

Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated)

WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated)

ZesleCP 3.1.9 – Remote Code Execution (RCE) (Authenticated)