Web2py version 2.14.5 suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.
>> ARCHIVE: 2016-05
An independent vulnerability laboratory researcher discovered an arbitrary file download vulnerability in the Teampass Password Manager v2.1.25 web-application.
http://barahom.go.th/by.htm notified by GeNErAL
http://khonkaen4.go.th/by.htm notified by GeNErAL
http://bkkpro3.go.th/by.htm notified by GeNErAL
http://board.bkkpro3.go.th/by.htm notified by GeNErAL
Adobe Flash – Heap Overflow in ATF Processing (Image Reading)
Windows – gdi32.dll Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055)
Adobe Flash – Type Confusion in FileReference Constructor
Windows – gdi32.dll Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055)