:: Deepquest ::

Netis ADSL Router DL4322D RTK 2.1.1 suffers from a cross site request forgery vulnerability.

This Metasploit module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication. The module then uses a path traversal vulnerability in navigate_upload.php that allows authenticated users to upload PHP files to arbitrary locations. Together these vulnerabilities allow an unauthenticated attacker to execute arbitrary PHP code remotely. This […]

This Metasploit module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record.

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the api under root […]

Claromentis Discuss module version 1.2.1 suffers from a stored cross site scripting vulnerability.

http://www.maekhaning.go.th/king.txt notified by ErrOr SquaD

http://www.nongyai.go.th/king.txt notified by ErrOr SquaD

http://www.thungsrithong.go.th/king.txt notified by ErrOr SquaD

http://www.sri-satuk.go.th/king.txt notified by ErrOr SquaD

http://www.khutan.go.th/king.txt notified by ErrOr SquaD