12 - 2017 - :: Deepquest ::

>> http://km.doae.go.th

USER: deepcore // 2017-12-15 // 0 CMT

http://km.doae.go.th notified by The WTJ

>> WordPress Qiniu Cloudtuchuang 1.8 Cross Site Scripting

USER: deepcore // 2017-12-15 // 0 CMT

WordPress Qiniu Cloudtuchuang (七牛云图床) plugin version 1.8 is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

[EXPLOIT]

>> WordPress WordApp Mobile 2.0.3 Cross Site Scripting

USER: deepcore // 2017-12-15 // 0 CMT

WordPress WordApp Mobile App plugin version 2.0.3 suffers from a cross site scripting vulnerability.

[EXPLOIT]

>> WordPress WooPay Inicis 1.1.3 Cross Site Scripting

USER: deepcore // 2017-12-15 // 0 CMT

WordPress WooPay Inicis plugin version 1.1.3 suffers from a cross site scripting vulnerability.

[EXPLOIT]

>> Microsoft Office DDE Payload Delivery

USER: deepcore // 2017-12-15 // 0 CMT

This Metasploit module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server.