OpenCats Applicant Tracking System – Unauthenticated XML External Entity Injection (XXE)
CVE-2019-13358 OpenCats Applicant Tracking System before version 0.9.4-3 suffers from a XML External Entity Injection that allows unauthenticated job applicants (remote users) to read files on the underlying operating system after uploading a resume with a docx or odt file extension.
Palo Alto Networks Expedition (Migration Tool) – Unauthenticated Command Injection
CVE-2018-10143 Palo Alto Networks Expedition (Migration Tool) before version 1.0.108 suffers from an unauthenticated command injection that allows unauthenticated users to execute remote commands under the context of the web-server user. This was responsibly disclosed, and an update was released.
IPFire Firewall – Command Injection
CVE-2018-16232 A command injection vulnerability was discovered that led to the execution of remote commands. This was responsibly disclosed, and an update was released.
pfSense Firewall – Command Injection
CVE-2018-16055 A command injection vulnerability was discovered that led to the execution of remote commands as root. This was responsibly disclosed, and an update was released.
Mutiny Monitoring Appliance – Command Injection
CVE-2018-15529
A command injection vulnerability was discovered that led to the execution of remote commands. This was responsibly disclosed to the vendor, and an update was released.
PHP Login & User Management – Arbitrary File Upload to RCE
CVE-2018-11392 An arbitrary file upload vulnerability that led to the execution of remote code. This was responsibly disclosed to the vendor, and an update was released.
Vicon Network Cameras – Authentication Bypass
BugTraq
A responsibly disclosed vulnerability that allows unauthenticated users to create administrator accounts to various network camera models. A fix was made available to end-users.
Taser Axon Dock (Body-Worn Camera Docking Station) – Authentication Bypass
BugTraq
A responsibly disclosed vulnerability that allows unauthenticated users to gain administrator access and reconfigure a core part of a body-worn camera system. A fix was pushed to end-users.