:: Deepquest ::

McAfee Security Scan Plus – Remote Command Execution

http://www.natub.go.th/content/ notified by @Df Brazil Hack Team

WordPress Ultimate Affiliate Pro plugin versions 3.6 and below suffer from a persistent cross site scripting vulnerability.

WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent cross site scripting vulnerability.

http://www.thabo-mu.go.th notified by D4RKM491C

http://www.bandonglocal.go.th notified by D4RKM491C

http://suphan.go.th notified by D4RKM491C

RedTeam Pentesting discovered an information disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Affected versions include build 2032 and 2.0.625.

RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary files from the affected system with root permissions. Affected versions include build 2032 and 2.0.625.

RedTeam Pentesting discovered a cross site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Affected versions include build 2032 and 2.0.625.