:: Deepquest ::

https://www.mabkhapattana.go.th notified by LoliCyndrome

http://mmhs.go.th notified by Family Attack Cyber

GitLab version 11.4.7 authenticated remote code execution exploit. Original discovery of this issue attributed to Mohin Paramasivam in December of 2020.

WordPress WP-PostRatings plugin version 1.86 suffers from a cross site scripting vulnerability.

Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.

The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag’s attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This […]

Multiple themes from the WordPress Epsilon Framework suffer from an unauthenticated function injection vulnerability that allows for server-side request forgery and denial of service attacks.

TerraMaster TOS version 4.2.06 unauthenticated remote code execution exploit.