:: Deepquest ::

AccelSite Content Manager version 1.0 suffers from a remote SQL injection vulnerability.

Hikvision Digital Video Recorder versions LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, and DS-7204HVI-SH suffer from a cross site request forgery vulnerability.

The IMemory interface in frameworks/native/libs/binder/IMemory.cpp, used primarily by the media services can be tricked to return arbitrary memory locations leading to information disclosure or memory corruption.

The GET_CONFIG and GET_PARAMETER calls on IOMX are vulnerable to an information disclosure of uninitialized heap memory. This could be used by an attacker to break ASLR in the media server process by reading out heap memory which contains useful address information.

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the “untrusted” version of the language is necessary. This requires a superuser. This is usually postgres. The execution should […]

ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password for root, ‘inflection’.

http://md-nakhonphanom.go.th/x.txt notified by PaYwand_Defacer

http://www.phatthalung.m-society.go.th notified by جبهة التحرير

http://www.taladpho.go.th/taladpho/mainfile/x.html notified by Code Breaker

http://nikhompattana.go.th/nikhompattana/mainfile/x.html notified by Code Breaker