SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition.
5f21a47194e596c49a31455b6731ab60cd1e4e77d9094e16a002d5a7d296e114
Microsoft Azure DevOps Server version 2020.0.1 suffers from a cross site scripting vulnerability.
2865bdfc703b7d0f9e4183f21398f57ed28f9364149b790650846f15f2d1f767
Platinum Mobile version 1.0.4.850 has a broken access control. The mobile application connects to the company-specific server, which does not properly restrict the access to confidential data. Thus, an authenticated attacker can disclose the company's payroll, personal information of other employees without having appropriate privileges to do so.
ef616be2199ef7ca952b57851fb6f735192ec9301a566f2f186d4adaf12d70a8
FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery. Versions prior to 4.4.2335 on Linux, 5.6.1 on Windows, and 5.6.1 on Mac OSX are vulnerable.
e979475b106297fb2dc050e554be589a58bf126c0e7adb1e3495fc242851917d
Progress Sitefinity versions 10.0 and 10.1 suffer from broken access control and LINQ injection vulnerabilities.
3b9ede0ed34ccec1a3785d53427af9ee98ed5e43eb4328b53908fb90a5292e5c