Author: Cyberthreat Blog

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login...

INFOR EAM V11.0 Build 201410 has XSS via comment fields.

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.