:: Deepquest ::

https://amnat-ed.go.th/1975.html notified by 1975 Team

http://www.mhs-pao.go.th/zil.php notified by AnonCoders

qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.

ChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues.

Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server’s output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client […]

Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server’s output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client […]

http://cems.diw.go.th/sadme.htm notified by typicalsadboy

http://policeubon.go.th/o.htm notified by ./Fell Ganns

The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITYSYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running.

The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running.