Kardex MLOG has an insecure path join, which allows to include files locally or from a remote smb server. In combination with the template rendering of .t4 files a SSTI is possible and allows for RCE. This blog post will describe how I found this vulnerability and how to leverage it to gain a reverse shell.
[CVE-2020-14293] and [CVE-2020-14294] 2 vulnerabilities in Secure File Transfer Solution Qiata by Secudos
The Secure File Transfer Solution Qiata by Secudos suffers from two vulnerabilities. One persistent Cross-Site Scripting and one Authenticated OS Command Injection with Privilege Escalation. This post will describe the vulnerabilities in detail.
INNEO Startup Tools has a path traversal vulnerablility in versions up to 2018 M040 (18.104.22.16804). This post will show the details of the vulnerability and how to leverage it to gain RCE.