:: Deepquest ::

Cabot 0.11.12 – Persistent Cross-Site Scripting

https://www.pattawee.go.th/U72.html notified by Unravel72

http://www.roiet.go.th notified by TAHU PETIS

The COVR 3902 REVA router with firmware 1.01B0 has hardcoded telnet credentials.

All versions up to and prior to OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a multitude of remote SQL injection vulnerabilities.

Nord VPN version 6.31.13.0 suffers from an unquoted service path vulnerability.

SiteMagic CMS version 4.4.2 suffers from a remote shell upload vulnerability.

Noise-Java suffers from an issue located in the AESGCMFallbackCipherState.encryptWithAd() method defined in AESGCMFallbackCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were found to be either incomplete or missing.

Noise-Java suffers from an issue located in the ChaChaPolyCipherState.encryptWithAd() method defined in ChaChaPolyCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were found to be either incomplete or missing.

Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.