EgavilanMedia My To Do List version 1.0 suffers from a persistent cross site scripting vulnerability.
URVE Software Build 24.03.2020 Authentication Bypass / Remote Code Execution
URVE Software build version 24.03.2020 suffers from an authentication bypass that allows for remote code execution.
Philips Hue Denial Of Service
Philips Hue hubs suffer from a denial of service vulnerability via simple SYN floods.
URVE Software Build 24.03.2020 Missing Authorization
URVE Software build version 24.03.2020 suffers from a missing authorization vulnerability.
URVE Software Build 24.03.2020 Information Disclosure
URVE Software build version 24.03.2020 suffers from an information disclosure vulnerability that leaks passwords.
CHMSC Elearning System 1.0 SQL Injection
CHMSC Elearning System version 1.0 suffers from a remote SQL injection vulnerability.
SEOPanel 4.6.0 Cross Site Scripting
SEOPanel version 4.6.0 suffers from multiple cross site scripting vulnerabilities.
Cassandra Web 0.5.0 Remote File Read
Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.
HPE Edgeline Infrastructure Manager Improper Authorization
HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.
https://taepalai.go.th/index.htm
https://taepalai.go.th/index.htm notified by Mr.OverKiLL