Subscribe via feed.
Archive for January, 2021

http://nonsaat.go.th

Posted by deepcore under defacement (No Respond)

http://nonsaat.go.th notified by Xyp3r2667

Tags:

ECSIMAGING PACS 6.21.5 Remote Code Execution

Posted by deepcore under exploit (No Respond)

ECSIMAGING PACS version 6.21.5 suffers from a remote code execution vulnerability.

iBall-Baton WRA150N File Disclosure

Posted by deepcore under exploit (No Respond)

iBall-Baton WRA150N Rom-0 backup suffers from a file disclosure vulnerability.

Employee Record System 1.0 Shell Upload

Posted by deepcore under exploit (No Respond)

Employee Record System version 1.0 suffers from a remote shell upload vulnerability.

Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.

WordPress Autoptimize Shell Upload

Posted by deepcore under exploit (No Respond)

WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.

Life Insurance Management System 1.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Life Insurance Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

Cockpit CMS Remote Code Execution

Posted by deepcore under exploit (No Respond)

Cockpit CMS versions prior to 0.6.1 suffer from a remote code execution vulnerability.

OX App Suite / OX Documents 7.10.x XSS / SSRF

Posted by deepcore under exploit (No Respond)

OX App Suite and OX Documents suffer from server-side request forgery and multiple cross site scripting vulnerabilities. Various versions are affected including 7.10.4 and 7.10.3.

Curfew e-Pass Management System 1.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Curfew e-Pass Management System version 1.0 suffers from a cross site scripting vulnerability.