The vulnerability laboratory core research team discovered a local passcode bypass via access permission vulnerability i…
>> ARCHIVE: 2016-11
CS-Cart versions 4.3.10 and below suffer from an unauthenticated XML external entity (XXE) injection vulnerability.
A specially crafted web-page can cause the Javascript engine of Microsoft Internet Explorer 8 to free memory used for a string. The code will keep a reference to the string…
WordPress All In One WP Security and Firewall plugin versions 4.1.4 through 4.1.9 suffer from a cross site scripting vulnerability.
Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to…
In Chakra, function calls can sometimes take an extra internal argument, using the flag CallFlags_ExtraArg. The global eval function makes assumptions about the type of this extra arg, and casts…
This Metasploit module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded…
http://krabi.nfe.go.th/x.txt notified by Exploiter-Albania
http://nongkung.go.th/2014/x.txt notified by Exploiter-Albania
http://ipcam.ptlhosp.go.th/qc/templates/beez/index.php notified by Hmei7