:: Deepquest ::

WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.

TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.

WordPress Concours plugin version 1.1 suffers from a cross site scripting vulnerability.

WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability.

WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability.

Ability Mail Server version 3.3.2 suffers from a cross site scripting vulnerability.

It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.

This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.

BEIMS ContractorWeb version 5.18.0.0 suffers from a remote SQL injection vulnerability.

http://kokdang.go.th/xxx.htm notified by 4Ri3 60ndr0n9