ETAP suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘C’ flag (Change) for ‘Authenticated Users’ group. Version 14.1.0.0 is affected.
JobScript suffers from an open redirection vulnerability.
Multiple ETAP binaries are prone to a stack-based buffer overflow vulnerability because the application fails to handle malformed arguments. Version 14.1.0.0 is affected. An attacker can exploit these issues to execute arbitrary code within the context of the application or to trigger a denial-of-service conditions.
JobScript suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in ‘/admin-ajax.php’ script thru the ‘name’ and ‘file’ POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with ‘.php’ extension (to bypass the ‘.htaccess’ block […]
AfterLogic WebMail Pro ASP.NET 6.2.6 – Administrator Account Disclosure via XXE Injection
Tags: 0day, remote exploithttp://maepao.go.th/_files/data/dfy.txt notified by dfy
Tags: defacementhttp://tareao.go.th/by.htm notified by GeNErAL
Tags: defacementhttp://mengrai.go.th/_files/data/dfy.txt notified by dfy
Tags: defacementhttp://mflhospital.go.th/_files/data/dfy.txt notified by dfy
Tags: defacementhttp://srikham.go.th/_files/data/dfy.txt notified by dfy
Tags: defacement