:: Deepquest ::

Linux USB usbnet tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.

http://selaphumhospital.go.th/ic.html notified by Umam1337

Fastly suffers from the poor practice of sending a temporary password in plaintext.

https://www.thamaunglocal.go.th notified by 0x1998

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2.

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2.

Purchase Order Management version 1.0 suffers a remote shell upload vulnerability. Flow details to achieve this are shown in the video link provided.

Wondershare Dr Fone version 12.9.6 suffers from a weak service permission vulnerability that can allow for privilege escalation.

Webpower UPS version 5.53 suffers from an HTTP denial of service vulnerability.

Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability.