Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending…
>> ARCHIVE: 2022-12
ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.
https://office.cpd.go.th/area2/ notified by z7F HaCkEr
The HTTP server implemented in HTTP.SYS on Windows handles authentication in a system thread which bypasses PAC verification leading to escalation of privilege.
pixman versions prior to 0.42.2 suffer from an out-of-bounds write vulnerability in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr versions 0.20.0 and earlier allows attackers to read arbitrary files on the local machine via a malicious…
SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep.
http://nites.ayutthaya2.go.th/oni.html notified by Team Anon Force
http://financial.ayutthaya2.go.th/oni.html notified by Team Anon Force
http://director.ayutthaya2.go.th/oni.html notified by Team Anon Force