http://www.buengnakorn.go.th
Posted by deepcore under defacement (No Respond)
http://www.buengnakorn.go.th notified by MR.5T1Y0
Tags: defacement
Archive for January, 2019
CF Image Hosting Script 1.6.5 Privilege Escalation
Posted by deepcore under exploit (No Respond)
CF Image Hosting Script version 1.6.5 suffers from a privilege escalation vulnerability.
WordPress MapSVG Lite 3.2.3 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
WordPress MapSVG Lite plugin version 3.2.3 suffers from a cross site request forgery vulnerability.
Dolibarr ERP-CRM 8.0.4 SQL Injection
Posted by deepcore under exploit (No Respond)
Dolibarr ERP-CRM version 8.0.4 suffers from a remote SQL injection vulnerability.
Mantis 2.11.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Mantis version 2.11.1 suffers from a cross site scripting vulnerability.
ZenPhoto 1.4.14 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
ZenPhoto version 1.4.14 suffers from multiple cross site scripting vulnerabilities.
Microsoft Windows DSSVC CheckFilePermission Arbitrary File Deletion
Posted by deepcore under exploit (No Respond)
Microsoft Windows suffers from a privilege escalation vulnerability. The Data Sharing Service does not has a TOCTOU in PolicyChecker::CheckFilePermission resulting in an arbitrary file deletion.
Polkit Temporary Authentication Hijacking
Posted by deepcore under exploit (No Respond)
Polkit suffers from a temporary auth hijacking vulnerability via PID reuse and a non-atomic fork.
Wireshark get_t61_string Heap Out-Of-Bounds Read
Posted by deepcore under exploit (No Respond)
Wireshark suffers from a get_t61_string heap out-of-bounds read vulnerability.
Mailcleaner Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. […]