The Compal CH7465LG-LC suffers session management, denial of service, unauthenticated configuration changes, and command injection vulnerabilities. Proof of concept included.
>> ARCHIVE: 2016-07
PHP versions 7.0.8, 5.6.23, and 5.5.37 suffers from an out-of-bounds write vulnerability in bzread().
WordPress Paid Memberships Pro plugin version 1.8.9.3 suffers from a cross site scripting vulnerability.
WordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.
The Technicolor TC7200 suffers from session management issues and also uses a fixed password for backup file encryption. Proof of concept code included.
UPC Hungary devices have the same administrative password for all devices, send it insecurely over the wire, and also use telnetd by default.
This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters…
http://www.bupholocal.go.th notified by by_dadaş
http://wangnuea.go.th/img/ notified by AR3S
Novel contributions to the field – How I broke MySQL’s codebase