#apple

As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation?

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.

Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.

Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.

Plus: WikiLeaks’ website is falling apart, tax websites are sending your data to Facebook, and cops take down a big phone-number-spoofing operation.

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.

Ecommerce version 1.0 suffers from cross site scripting and open redirection vulnerabilities.