http://www.cdc.ptho.moph.go.th/cyb3r_dr4in.gif notified by ashiyane digital security team
Linux ARM/ARM64 perf_event_open() Arbitrary Memory Read
Linux ARM/ARM64 architectures suffer from an arbitrary memory read vulnerability in perf_event_open().
WordPress Ultimate Product Catalog 3.9.8 SQL Injection
WordPress Ultimate Product Catalog plugin versions 3.9.8 and below suffer from a remote unauthenticated blind SQL injection vulnerability.
Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (3)
This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.008 and Load Balancer Firmware <= v5.4.0.004 by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations […]
[papers] Hacking the PS4, part 3 – Kernel exploitation
Hacking the PS4, part 3 – Kernel exploitation
http://www.loei2.go.th/lms/web1/file_editor/_input_3_.txt
http://www.loei2.go.th/lms/web1/file_editor/_input_3_.txt notified by DeadsOul
Guppy CMS v5.01.03 – Client Side Cross Site Vulnerability
No abstract description available in the upcomings!
WinSaber – Unquoted Service Path Privilege Escalation
No abstract description available in the upcomings!
LastPass 4.1.20a Communication Design Flaw
LastPass version 4.1.20a on Windows suffers from some issues where the add-on works by injecting elements and event handlers into the page. The attached proof of concept will delete a given file.
AXIS Authenticated Remote Command Execution
Multiple products from AXIS suffer from a remote command execution vulnerability.