:: Deepquest ::

Senayan Library Management System version 9.5.0 suffers from a remote SQL injection vulnerability.

WebKit suffers from an HTMLSelectElement use-after-free vulnerability.

In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges (ATGs) which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators when tank volumes are too high or have reached a critical low. […]

http://korat4.go.th/zah.txt notified by KAKEGURAI

http://ssd.go.th/read.html notified by ./Niz4r

In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and changing file permissions. It is possible to achieve remote code execution via a crafted .cgi file by chaining those functionalities in the file manager.

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability to upload and execute payloads gaining root […]

In Apache CouchDB versions prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.

This archive contains all of the 88 exploits added to Packet Storm in October, 2022.

https://www.dwf-lampang.go.th/fine.html notified by /Rayzky_