WordPress Truemag theme from 2016 Q2 suffers from a cross site scripting vulnerability.
Mozilla Firefox / Thunderbird DLL Hijacking
Mozilla continues to ship Firefox and Thunderbird for Windows with a vulnerable executable installer.
GLPI 0.90.2 SQL Injection
GLPI version 0.90.2 suffers from a remote SQL injection vulnerability.
Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.
http://sahathat.go.th/obec/web1/file_editor/_input_3_.txt
http://sahathat.go.th/obec/web1/file_editor/_input_3_.txt notified by DeadsOul
http://narathiwat.nfe.go.th/ampwaeng/web1/file_editor/_input_3_.txt
http://narathiwat.nfe.go.th/ampwaeng/web1/file_editor/_input_3_.txt notified by DeadsOul
WordPress Truemag Theme – CS Cross Site Web Vulnerability
An independent vulnerability laboratory researcher discovered a client-side cross site scripting vulnerability in the official WordPress Truemag Theme.
Android Service Manager One Way Binder Transaction Crash
If an application sends a one way binder transaction the service tries to send a reply which fails. This causes the service manager to exit its binder loop and the process dies causing the system to reboot. Tested on Android version 6.0.1 February patches.
Microsoft Windows Kernel win32k.sys TTF Processing Pool Corruption
A Microsoft Windows kernel crash exists in the win32k.sys driver while processing a corrupted TTF font file.
PHP 7.x Heap Overflow
An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. Full exploit included.