WordPress Plugin TablePress 1.14 – CSV Injection
>> TAG: #remote exploit
WordPress Plugin TablePress 1.14 – CSV Injection
WordPress Plugin WP Sitemap Page 1.6.4 – Stored Cross-Site Scripting (XSS)
Argus Surveillance DVR 4.0 – Unquoted Service Path
OpenEMR 6.0.0 – ‘noteid’ Insecure Direct Object Reference (IDOR)
FlatCore CMS 2.0.7 – Remote Code Execution (RCE) (Authenticated)
Bus Pass Management System 1.0 – ‘viewid’ Insecure direct object references (IDOR)
Patient Appointment Scheduler System 1.0 – Unauthenticated File Upload & Remote Code Execution (RCE)
Patient Appointment Scheduler System 1.0 – Persistent/Stored XSS
SmartFTP Client 10.0.2909.0 – ‘Multiple’ Denial of Service
Antminer Monitor 0.5.0 – Authentication Bypass