Vicidial version 1.4.0.20 suffers from a reflective cross site scripting vulnerability.
>> ARCHIVE: 2016-06
http://lamphun.drr.go.th/index.htm notified by Fallaga team
http://mec.drr.go.th/index.htm notified by Fallaga team
http://video.drr.go.th/index.htm notified by Fallaga team
http://trafficsafety.drr.go.th/index.htm notified by Fallaga team
The Vulnerability Laboratory Core Research Team discovered a non-persistent web validation vulnerability in the official Fotinet FortiManager & Fortianalyzer appliance product series.
Tiki-Wiki CMS Calendar 14.2, 12.5 LTS, 9.11 LTS, and 6.15 – Remote Code Execution
Linux x86_64 Shellcode Null-Free Reverse TCP Shell
SlimCMS 0.1 – CSRF (Change Admin Password)
ATCOM PBX IP01, IP08 , IP4G, IP2G4A – Authentication Bypass