FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. Date published : 2018-12-31 https://github.com/security-breachlock/CVE-2018-19844/blob/master/frog_CMS.pdf
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring. Date published : 2018-12-31 https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/
The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow. Date published : 2018-12-31 https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. Date published : 2018-12-31 https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33...
Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects,...
publicinstallinstall.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/cim.md#reload-application
TEMMOKU T1.09 Beta allows admin/user/add CSRF. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/temmoku.md
UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/UWA.md
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#xss
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#directory-traversal
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2