https://www.mabkhapattana.go.th notified by LoliCyndrome
http://mmhs.go.th
http://mmhs.go.th notified by Family Attack Cyber
GitLab 11.4.7 Remote Code Execution
GitLab version 11.4.7 authenticated remote code execution exploit. Original discovery of this issue attributed to Mohin Paramasivam in December of 2020.
WordPress WP-PostRatings 1.86 Cross Site Scripting
WordPress WP-PostRatings plugin version 1.86 suffers from a cross site scripting vulnerability.
WordPress Adning Advertising 1.5.5 Shell Upload
Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.
Arteco Web Client DVR/NVR Session Hijacking
The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.
Apache Struts 2 Forced Multi OGNL Evaluation
The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag’s attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This […]
WordPress Epsilon Framework SSRF / Denial of Service
Multiple themes from the WordPress Epsilon Framework suffer from an unauthenticated function injection vulnerability that allows for server-side request forgery and denial of service attacks.
TerraMaster TOS 4.2.06 Remote Code Execution
TerraMaster TOS version 4.2.06 unauthenticated remote code execution exploit.