:: Deepquest ::

WordPress Dosimple theme version 2.0 suffers from a cross site scripting vulnerability.

Creative Zone suffers from a remote SQL injection vulnerability.

The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.

This Metasploit module leverages a trusted file overwrite with a dll hijacking vulnerability to gain SYSTEM-level access on vulnerable Windows 10 x64 targets.

This Metasploit module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex(), which is reachable via a NtUserMNDragOver() system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint() function does not effectively check the validity of the tagPOPUPMENU objects it processes before passing them on to MNGetpItemFromIndex(), where the NULL pointer dereference will occur. This module […]

Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.

Linux futex+VFS suffers from an improper inode reference in get_futex_key() that causes a use-after-free if the superblock goes away.

Linux 5.6 has an issue with IORING_OP_MADVISE racing with coredumping.

http://e-mining.dpim.go.th/java.html notified by Al Catraz

http://www.nanual.go.th/m-1.html notified by moncet