:: Deepquest ::

The Compal CH7465LG-LC suffers session management, denial of service, unauthenticated configuration changes, and command injection vulnerabilities. Proof of concept included.

PHP versions 7.0.8, 5.6.23, and 5.5.37 suffers from an out-of-bounds write vulnerability in bzread().

WordPress Paid Memberships Pro plugin version 1.8.9.3 suffers from a cross site scripting vulnerability.

WordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.

The Technicolor TC7200 suffers from session management issues and also uses a fixed password for backup file encryption. Proof of concept code included.

UPC Hungary devices have the same administrative password for all devices, send it insecurely over the wire, and also use telnetd by default.

This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting […]

http://www.bupholocal.go.th notified by by_dadaş

http://wangnuea.go.th/img/ notified by AR3S

Novel contributions to the field – How I broke MySQL’s codebase