:: Deepquest ::

WordPress Truemag theme from 2016 Q2 suffers from a cross site scripting vulnerability.

Mozilla continues to ship Firefox and Thunderbird for Windows with a vulnerable executable installer.

GLPI version 0.90.2 suffers from a remote SQL injection vulnerability.

This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.

http://sahathat.go.th/obec/web1/file_editor/_input_3_.txt notified by DeadsOul

http://narathiwat.nfe.go.th/ampwaeng/web1/file_editor/_input_3_.txt notified by DeadsOul

An independent vulnerability laboratory researcher discovered a client-side cross site scripting vulnerability in the official WordPress Truemag Theme.

If an application sends a one way binder transaction the service tries to send a reply which fails. This causes the service manager to exit its binder loop and the process dies causing the system to reboot. Tested on Android version 6.0.1 February patches.

A Microsoft Windows kernel crash exists in the win32k.sys driver while processing a corrupted TTF font file.

An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. Full exploit included.