Dental Clinic Appointment Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities with one of them allowing for authentication bypass.
OpenPLC WebServer version 3 authentication remote code execution exploit.
ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Linux targets.
Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll use-after-free exploit.
ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Windows targets.
Firefox 72 IonMonkey JIT type confusion exploit.
There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.
http://www.phafaek.go.th notified by Fallag GTX
Tags: defacementPodcast Generator 3.1 – ‘Long Description’ Persistent Cross-Site Scripting (XSS)
Tags: 0day, remote exploit