:: Deepquest ::

https://web.sakon2.go.th/daka.htm notified by Metro Lampung Indonesia Attacker

https://bigdata.sakon2.go.th/daka.htm notified by Metro Lampung Indonesia Attacker

https://emoney.sakon2.go.th/daka.htm notified by Metro Lampung Indonesia Attacker

https://material.sakon2.go.th/daka.htm notified by Metro Lampung Indonesia Attacker

Lockbit ransomware version 3.0 apparently now requires a password to execute as noted by “@vxunderground”, but does not properly check bounds for both the -pass and -k arguments. Supplying a long string of characters for either flag will trigger a unicode stack buffer overflow overwriting the ECX register and structured exception handler (SEH).

https://www.khaochot.go.th/Matigan.php notified by Matigan1337

TypeORM versions prior to 0.3.0 suffer from a remote SQL injection vulnerability in the findOne function.

Classified Listing version 2.2.9 suffers from a cross site scripting vulnerability.

BigBlueButton versions 2.3, prior to 2.4.8, and prior to 2.5.0 suffer from a persistent cross site scripting vulnerability.

Several PHP compatibility libraries contain a potential remote code execution flaw in their json_decode() function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more.