>> TAG: #remote exploit

Nagios XI 5.7.3 – ‘mibs.php’ Remote Command Injection (Authenticated)

CSE Bookstore 1.0 – Authentication Bypass

TDM Digital Signage PC Player 4.1 – Insecure File Permissions

Adtec Digital Multiple Products – Default Hardcoded Credentials Remote Root

Sentrifugo 3.2 – File Upload Restriction Bypass (Authenticated)

Client Management System 1.0 – ‘searchdata’ SQL injection

Sphider Search Engine 1.3.6 – ‘word_upper_bound’ RCE (Authenticated)

CMS Made Simple 2.1.6 – ‘cntnt01detailtemplate’ Server-Side Template Injection

PDW File Browser 1.3 – ‘new_filename’ Cross-Site Scripting (XSS)

Online Health Care System 1.0 – Multiple Cross Site Scripting (Stored)