:: Deepquest ::

ImpressCMS versions 1.3.9 and below suffer from a remote SQL injection vulnerability.

Exponent CMS version 2.3.5 suffers from multiple cross site scripting vulnerabilities.

Exponent CMS version 2.3.5 suffers from a file upload vulnerability that allows for cross site scripting.

Symantec Brightmail versions 10.6.0-7 and below save the AD password in a place where it can be retrieved.

A signedness vulnerability exists in libgd version 2.1.1 which may result in a heap overflow when processing compressed gd2 data.

Gemtek CPE7000 WLTCS-106 suffers from authentication bypass and remote code execution vulnerabilities.

phpLiteadmin version 1.9.6 suffers from cross site request forgery and cross site scripting vulnerabilities.

This Metasploit module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction […]

http://www.bpp44.go.th notified by DZ-QTH

http://www.phichit.m-society.go.th/ok.html notified by Nofawkx Al