Device Manager Express versions 7.8.20002.47752 and below suffer from code execution, command execution, cross site scripting, remote SQL injection, and traversal vulnerabilities.
pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and […]
pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and […]
Sales Tracker System version 1.0 suffers from an authenticated remote SQL injection vulnerability.
https://leeled.go.th notified by Ajoyy
Tags:
defacement
https://samkratai.go.th notified by Ajoyy
Tags:
defacement
https://palmpattanacity.go.th notified by Ajoyy
Tags:
defacement
https://tanyongmat.go.th notified by Ajoyy
Tags:
defacement
https://donsakcity.go.th notified by Ajoyy
Tags:
defacement
Sales Tracker System version 1.0 suffers from an authenticated remote SQL injection vulnerability.