:: Deepquest ::

http://dw-web.bangkok.go.th/index.htm notified by Kuroi’SH

http://glass.dss.go.th notified by p4r4d0x cr3w

Transcend Wi-Fi SD Card 16GB with firmware 1.8 suffers from cross site request forgery and directory traversal vulnerabilities.

Everus.org Mobile Wallet version 1.0.9 suffers from an information disclosure vulnerability.

KARMA version 6.0.0 suffers from a remote SQL injection vulnerability.

This Module will generate and upload an executable to a remote host and then makes it a persistent service. It will create a new service which will start the payload whenever the service is running. Admin or system privilege is required.

WordPress Lumise plugin version 4.9 suffers from a database disclosure vulnerability.

WordPress Ithemes-BackupBuddy Amazon WP-S3 plugin version 2.9 suffers from a database disclosure vulnerability.

WordPress Mirrorwp-Backups plugin version 4.8 suffers from a database disclosure vulnerability.

WordPress Dev-Custom-Management VerzDesign plugin version 1.0 suffers from database disclosure and remote shell upload vulnerabilities.