Microsoft Internet Explorer 11 suffers from a null pointer dereference vulnerability in Tree::Notify_InvalidateDisplay.
Mongo Web Admin version 6.0 suffers from an information leakage vulnerability.
CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote code execution.
PHP Proxy version 3.0.3 suffers from a local file inclusion vulnerability.
CMS Made Simple version 2.2.7 suffers from a remote code execution vulnerability.
Voovi Social Networking Script version 1.0 suffers from a remote SQL injection vulnerability.
This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo’s Egg.
This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp’s jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget’s .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been exploited in the wild since at […]
This Metasploit module exploits sendmail’s well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo’s Egg. Currently only cmd/unix/reverse and cmd/unix/generic are supported.
http://sonwr.onwr.go.th notified by Ayyıldız Tim
Tags: defacement
