While performing registry queries for something not exactly related, I saw an application on my personal machine with an unquoted service path.  Since this is a commonly used application, I've contacted the developer and I've submitted the CVE to secure an ID -- that whole "responsible disclosure" thing.  Seriously though, this isn't an obscure application and I would go so far as to say it's heavily used.  The mitigation technique would be to quote the path but that's something the average user wouldn't be capable of doing.  So while we wait, I'll explain the problem in detail.

Read more: Unquoted Service Path Exploitation

Disclosure date: 10/24/19

CVE-2019-18417

Restaurant Management System 1.0 is affected by a vulnerability which allows an authenticated attacker to upload arbitrary files which can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input.

Read more: Restaurant Management System 1.0 Arbitrary File Upload

Disclosure date: 10/24/19

CVE-2019-18414

Restaurant Management System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

Read more: Restaurant Management System 1.0 CSRF

Disclosure date: 10/23/19

CVE-2019-18387

Hotel and Lodge Management System is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the Customer, Room, Currency, Room Booking Details, and Tax Details, functions.

Read more: Hotel and Lodge Management System 1.0 SQLi

Disclosure date: 10/24/19

CVE-2019-18415
CVE-2019-18416

Restaurant Management System 1.0 is affected by a cross site scripting vulnerability that can be leveraged for session hijacking.  An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account.  This vulnerability can be exploited with an authenticated and an unauthenticated account.

Read more: Restaurant Management System 1.0 XSS / Session Hijack

Disclosure date: 10/23/19

CVE-2019-18344

Online Grading System is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, and user, parameters.

Read more: Online Grading System 1.0 SQLi