:: Deepquest ::

http://www.pri1.go.th/yo.php notified by YIIX103

RATES SYSTEM 1.0 – ‘Multiple’ SQL Injections

Altova MobileTogether Server 7.3 – XML External Entity Injection (XXE)

COVID19 Testing Management System 1.0 – ‘searchdata’ SQL Injection

Canon TR150 print drivers versions 3.71.2.10 and below allow local users to read/write files within the “CanonBJ” directory and its subdirectories. By overwriting the DLL at C:\ProgramData\CanonBJ\IJPrinter\CNMWINDOWS\Canon TR150 series\LanguageModules\040C\CNMurGE.dll with a malicious DLL at the right time whilst running the C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs script to install a new printer, a timing issue can be exploited to cause […]

http://english.dip.go.th/ma.txt notified by Moroccan Revolution

Cockpit CMS version 0.11.1 username enumeration and password reset NoSQL injection exploit.

WordPress LifterLMS plugin version 4.21.1 suffers from an insecure direct object reference vulnerability.

IPCop version 2.1.9 authenticated remote code execution exploit.

Facebook for Android is vulnerable to a permission issue which allows anyone with physical access to the Android device, to accept friend requests without unlocking the phone. Facebook does not consider this a security issue. Version 29.0.0.29.120 on Android 10 is affected.