:: Deepquest ::

http://plaiklad.go.th/images/img-thumb/0.txt notified by CaFe_ID

http://thaimuang.go.th/images/img-thumb/0.txt notified by CaFe_ID

http://wangtanode.go.th/images/0.txt notified by CaFe_ID

ViMbAdmin version 3.0.15 suffers from multiple cross site request forgery vulnerabilities.

ViMbAdmin version 3.0.15 suffers from multiple cross site scripting vulnerabilities.

CloudBees Jenkins version 2.32.1 suffers from an unauthenticated remote code execution vulnerability.

WordPress Facebook plugin versions 1.0.13 and below suffer from a remote SQL injection vulnerability.

WordPress Spider Event Calendar plugin versions 1.5.49 and below suffer from a remote SQL injection vulnerability.

WordPress WebDorado Gallery plugin versions 1.3.29 and below suffer from a remote SQL injection vulnerability.

This Metasploit module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a terminal command under the context of the web user. login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation and parameter binding. Which cause a […]