Cybersecurity information flow

4images 1.9 - Remote Command Execution (RCE)

CrowdStrike Falcon AGENT  6.44.15806  - Uninstall without Installation Token

Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)

Concrete5 CME v9.1.3 - Xpath injection

Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

Virtual Reception v1.0 - Web Server Directory Traversal

Covenant v0.5 - Remote Code Execution (RCE)

Ecommerse v1.0 - Cross-Site Scripting (XSS)

Boa Web Server v0.94.14 - Authentication Bypass

Router ZTE-H108NS - Authentication Bypass

Router ZTE-H108NS - Stack Buffer Overflow (DoS)

myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)

ClicShopping v3.402 - Cross-Site Scripting (XSS)

Dreamer CMS v4.0.0 - SQL Injection

In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
[GitHub]Full LPE Exploit for CVE-2019-5596 / FreeBSD-SA-19:02.fd

In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.
[GitHub]Full LPE Exploit for CVE-2019-5603 / FreeBSD-SA-19:15.mqueuefs / FreeBSD-SA-19:24.mqueuefs

Revenue Collection System v1.0 - Remote Code Execution (RCE)

Helmet Store Showroom v1.0 - SQL Injection

Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)