https://cri.nfe.go.th
https://cri.nfe.go.th notified by 1877
Tags: defacementhttps://cri.nfe.go.th notified by 1877
Tags: defacementFLIR AX8 versions 1.46.16 and below suffer from command injection, directory traversal, improper access control, and cross site scripting vulnerabilities.
Transposh WordPress Translation versions 1.0.8.1 and below suffer from an incorrect authorization vulnerability.
Transposh WordPress Translation versions 1.0.8.1 and below suffer from an incorrect authorization vulnerability.
FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.
Polar Flow for Android version 5.7.1 stores the username and password in clear text in a file on mobile devices.
Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backup_file to the mysqldump command. The sanitization functionality only tests for SQL injection attempts and directory traversal, so leveraging the -r and -w mysqldump flags permits exploitation. The […]