>> TAG: #remote exploit

Visual Tools DVR VX16 4.2.28.0 – OS Command Injection (Unauthenticated)

perfexcrm 1.10 – ‘State’ Stored Cross-site scripting (XSS)

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 – Directory Traversal

Phone Shop Sales Managements System 1.0 – ‘Multiple’ Arbitrary File Upload to Remote Code Execution

Church Management System 1.0 – ‘Multiple’ Stored Cross-Site Scripting (XSS)

Church Management System 1.0 – Unrestricted File Upload to Remote Code Execution (Authenticated)

Church Management System 1.0 – ‘password’ SQL Injection (Authentication Bypass)

WordPress Plugin Backup Guard 1.5.8 – Remote Code Execution (Authenticated)

Simple Client Management System 1.0 – Remote Code Execution (RCE)

Online Birth Certificate System 1.1 – ‘Multiple’ Stored Cross-Site Scripting (XSS)