Zabbix versions 2.2 through 3.0.3 suffer from a remote command execution vulnerability in the JSON-RPC API.
>> ARCHIVE: 2016-06
This Metasploit module exploits a command injection in Apache Continuum versions 1.4.2 and below. By injecting a command into the installation.varValue POST parameter to /continuum/saveInstallation.action, a shell can be spawned.
http://cash.spr.go.th notified by W.A_666
An indepedent vulnerability laboratory researcher discovered a stored cross site scripting web vulnerability in the official CM Ad Changer v1.7.7 WordPress Plugin.
The vulnerability laboratory core research team discovered a local memory corruption vulnerability in the official FlashFXP v5.3.0 windows software.
WordPress Social Stream Plugin 1.5.15 – wp_options Overwrite
Apache Continuum Arbitrary Command Execution
http://dmsic.moph.go.th/dmsic//images/ notified by ZD-0FF
http://tambonbing.go.th/file_editor/cyb3r_dr4in.gif notified by Ashiyane Digital Security Team
Grid Gallery 1.0 – Admin Panel Authentication Bypass