:: Deepquest ::

The vulnerability laboratory core research team discovered a local passcode bypass via access permission vulnerability i…

CS-Cart versions 4.3.10 and below suffer from an unauthenticated XML external entity (XXE) injection vulnerability.

A specially crafted web-page can cause the Javascript engine of Microsoft Internet Explorer 8 to free memory used for a string. The code will keep a reference to the string and can be forced to reuse it when compiling a regular expression.

WordPress All In One WP Security and Firewall plugin versions 4.1.4 through 4.1.9 suffer from a cross site scripting vulnerability.

Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. The vulnerability could be easily exploited by attackers who have managed to compromise a web application […]

In Chakra, function calls can sometimes take an extra internal argument, using the flag CallFlags_ExtraArg. The global eval function makes assumptions about the type of this extra arg, and casts it to a FrameDisplay object. If eval is called from a location in code where an extra parameter is added, for example, a Proxy function […]

This Metasploit module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded payload. Persistence option can be set to keep the payload looping while a handler is present to receive it. By default the module runs as […]

http://krabi.nfe.go.th/x.txt notified by Exploiter-Albania

http://nongkung.go.th/2014/x.txt notified by Exploiter-Albania

http://ipcam.ptlhosp.go.th/qc/templates/beez/index.php notified by Hmei7