ApacheOfBiz 17.12.01 – Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
>> TAG: #0day
Hotel Management System 1.0 – Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
Men Salon Management System 1.0 – SQL Injection Authentication Bypass
Neo4j 3.4.18 – RMI based Remote Code Execution (RCE)
Online Hotel Reservation System 1.0 – ‘Multiple’ Cross-site scripting (XSS)
Denver IP Camera SHO-110 – Unauthenticated Snapshot
Longjing Technology BEMS API 1.21 – Remote Arbitrary File Download
IntelliChoice eFORCE Software Suite 2.5.9 – Username Enumeration
Care2x Integrated Hospital Info System 2.7 – ‘Multiple’ SQL Injection
CloverDX 5.9.0 – Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)