2016
06.26

This blog is mainly about security but I will add a drone section. The first post is related to my painful and regretful purchased of a Xiro Xplorer V few months ago. Everything went fine at the beginning but not for long…

Read More >>

2018
04.23

Monstra cms 3.0.4 – Persitent Cross-Site Scripting

more details here.

2018
04.23

Apache CouchDB 1.7.0 and 2.x before 2.1.1 – Remote Privilege Escalation

more details here.

2018
04.23

phpMyAdmin 4.8.0 < 4.8.0-1 – Cross-Site Request Forgery

more details here.

2018
04.23

Ncomputing vSpace Pro v10 and v11 – Directory Traversal PoC

more details here.

2018
04.22

http://www.reo8.go.th notified by The WTJ

mirror site here.

2018
04.22

Cobub Razor version 0.8.0 suffers from a path disclosure vulnerability.

more details here.

2018
04.22

Microsoft Internet Explorer version 11.371.16299.0 suffers from a denial of service vulnerability.

more details here.

2018
04.22

DrayTek Vigor ACS server, a remote enterprise management system for DrayTek routers, uses a vulnerable version of the Adobe / Apache Flex Java library that has a deserialisation vulnerability. This can be exploited by an unauthenticated attacker to achieve remote code execution as root / SYSTEM on all versions until 2.2.2. Exploit code included.

more details here.

2018
04.22

Chrome V8 JIT suffers from a NodeProperties::InferReceiverMaps type confusion vulnerability.

more details here.

2018
04.22

Drupal Avatar Uploader module version 7.x-1.0-beta8 suffers from an arbitrary file download vulnerability.

more details here.