__–::: Deepquest :::–__ » Archives

rss feed

Archives

September 2022 (131)

09-24: TP-Link Tapo c200 1.1.15 Remote Code Execution (0)
09-24: Testa 3.5.1 Cross Site Scripting (0)
09-24: Feehi CMS 2.1.1 Remote Code Execution (0)
09-24: Teleport 10.1.1 Remote Code Execution (0)
09-24: WordPress WP-UserOnline 2.88.0 Cross Site Scripting (0)
09-24: WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting (0)
09-23: Multix 2.4 Cross Site Scripting (0)
09-23: Multix 2.4 Cross Site Request Forgery (0)
09-23: WorkOrder CMS 0.1.0 SQL Injection (0)
09-23: WorkOrder CMS 0.1.0 Cross Site Scripting (0)
09-23: Linux Stable 5.4 / 5.10 Use-After-Free / Race Condition (0)
09-23: Bitbucket Git Command Injection (0)
09-23: [webapps] Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS) (0)
09-23: [webapps] Aero CMS v0.0.1 – SQLi (0)
09-23: [webapps] Wordpress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS) (0)
09-23: [webapps] Wordpress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS) (0)
09-23: [remote] Teleport v10.1.1 – Remote Code Execution (RCE) (0)
09-23: [webapps] TP-Link Tapo c200 1.1.15 – Remote Code Execution (RCE) (0)
09-23: [webapps] Feehi CMS 2.1.1 – Remote Code Execution (RCE) (Authenticated) (0)
09-22: WiFiMouse 1.8.3.4 Remote Code Execution (0)
09-22: Unified Remote Authentication Bypass / Code Execution (0)
09-21: Trojan-Dropper.Win32.Corty.10 MVID-2022-0639 Insecure Credential Storage (0)
09-21: Bookwyrm 0.4.3 Authentication Bypass (0)
09-21: Trojan.Ransom.Ryuk.A MVID-2022-0640 Code Execution (0)
09-21: Buffalo TeraStation Network Attached Storage (NAS) 1.66 Authentication Bypass (0)
09-21: ProcessMaker Privilege Escalation (0)
09-21: Blink1Control2 2.2.7 Weak Password Encryption (0)
09-21: Backdoor.Win32.Hellza.120 MVID-2022-0642 Authentication Bypass (0)
09-21: Backdoor.Win32.Hellza.120 MVID-2022-0641 Remote Command Execution (0)
09-21: Arm Mali Released Buffer Use-After-Free (0)
09-21: Arm Mali Physical Address Exposure (0)
09-21: Arm Mali Race Condition (0)
09-21: Arm Mali CSF Missing Buffer Size Check (0)
09-21: [remote] Wifi HD Wireless Disk Drive 11 – Local File Inclusion (0)
09-21: [remote] WiFiMouse 1.8.3.4 – Remote Code Execution (RCE) (0)
09-20: Genesys PureConnect Cross Site Scripting (0)
09-20: WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting (0)
09-20: OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection (0)
09-20: Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion (0)
09-20: PhotoSync 4.7 Local File Inclusion (0)
09-20: SoX 14.4.2 Division-By-Zero / Denial Of Service (0)
09-20: VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload (0)
09-20: [local] Blink1Control2 2.2.7 – Weak Password Encryption (0)
09-20: [webapps] Buffalo TeraStation Network Attached Storage (NAS) 1.66 – Authentication Bypass (0)
09-20: [remote] Airspan AirSpot 5410 version 0.3.4.1 – Remote Code Execution (RCE) (0)
09-20: [webapps] Bookwyrm v0.4.3 – Authentication Bypass (0)
09-20: [remote] Mobile Mouse 3.6.0.4 – Remote Code Execution (RCE) (0)
09-19: https://www.nongpailom.go.th/index.html (0)
09-19: http://nonsomboonlocal.go.th (0)
09-18: https://www.cntpeo.go.th/o.htm (0)
09-17: Chrome LinkToTextMenuObserver::CompleteWithError Heap Use-After-Free (0)
09-17: Rocket LMS 1.6 SQL Injection (0)
09-17: Social Share Button 2.2.3 SQL Injection (0)
09-17: SAP SAProuter Improper Access Control (0)
09-17: Palo Alto Networks Authenticated Remote Code Execution (0)
09-17: SAP SAPControl Web Service Interface Local Privilege Escalation (0)
09-16: Gitea 1.16.6 Remote Code Execution (0)
09-16: News247 News Magazine 1.0 Cross Site Scripting (0)
09-15: WordPress WPGateway 3.5 Privilege Escalation (0)
09-15: [webapps] Gitea 1.16.6 – Remote Code Execution (RCE) (Metasploit) (0)
09-14: http://itservice.fpo.go.th/z.php (0)
09-14: http://www.rattanaburilocal.go.th/!.php (0)
09-14: Rocket LMS 1.6 Shell Upload (0)
09-14: Rocket LMS 1.6 Cross Site Scripting (0)
09-14: Academy Learning Management System 5.7 Shell Upload (0)
09-14: TIBCO JasperReports Server 8.0.2 Community Edition Code Execution (0)
09-14: Apple Security Advisory 2022-09-12-1 (0)
09-14: Apple Security Advisory 2022-09-12-2 (0)
09-14: Apple Security Advisory 2022-09-12-4 (0)
09-14: Apple Security Advisory 2022-09-12-5 (0)
09-13: SmartRG Router 2.6.13 Remote Code Execution (0)
09-13: Infix LMS 4.3.0 IFRAME Injection (0)
09-13: Infix LMS 4.3.0 Shell Upload (0)
09-13: ETAP Safety Manager 1.0.0.32 Cross Site Scripting (0)
09-12: http://myoffice.suratpeo.go.th/2563/laysen/55.jpg (0)
09-12: http://myoffice.surin3.go.th/2563/laysen/658.jpg (0)
09-12: http://myoffice.surat1.go.th/2563/laysen/1999.jpg (0)
09-12: http://www.ska2.go.th/myoffice/2563/laysen/2282.jpg (0)
09-12: http://myoffice.takesa2.go.th/myoffice/2563/laysen/10.jpg (0)
09-12: https://phonics.lamphuncity.go.th/index.txt (0)
09-12: https://www.pongphrae.go.th/r.htm (0)
09-10: SACCO-2022 SQL Injection (0)
09-10: Windows Kernel Refcount Overflow Use-After-Free (0)
09-10: Windows Kernel Unchecked Blink Cell Index Invalid Read/Write (0)
09-10: Windows Kernel Registry Hive Memory Problems (0)
09-10: Windows Credential Guard ASN1 Decoder Type Confusion Privilege Escalation (0)
09-10: Windows Credential Guard BCrypt Context Use-After-Free Privilege Escalation (0)
09-10: @Drive 2.8 Local File Inclusion (0)
09-10: Windows Credential Guard Insufficient Checks On Kerberos Encryption Type Use (0)
09-10: Windows Credential Guard Kerberos Change Password Privilege Escalation (0)
09-10: AirDisk 7.5.5 Cross Site Scripting (0)
09-10: mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting (0)
09-10: Online Notice Board 2022 SQL Injection (0)
09-10: Windows Credential Guard KerbIumCreateApReqAuthenticator Key Information Disclosure (0)
09-10: Windows Credential Guard KerbIumGetNtlmSupplementalCredential Information Disclosure (0)
09-10: InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal (0)
09-10: Windows Credential Guard TGT Renewal Information Disclosure (0)
09-10: .NET XML Signature Verification External Entity Injection (0)
09-10: Sagemath 9.0 Overflow / Denial Of Service (0)
09-10: http://amss.ayutthaya2.go.th/read.html (0)
09-10: http://salary.ayutthaya2.go.th/read.html (0)
09-10: http://sawat.ayutthaya2.go.th/read.html (0)
09-10: http://smss.ayutthaya2.go.th/read.html (0)
09-09: Apache Spark Unauthenticated Command Injection (0)
09-08: Trojan.Win32.Autoit.fhj MVID-2022-0637 Insecure Permissions (0)
09-08: FTPManager 8.2 Local File Inclusion / Directory Traversal (0)
09-08: Backdoor.Win32.Winshell.5_0 MVID-2022-0633 Hardcoded Credential (0)
09-08: Backdoor.Win32.Hupigon.aspg MVID-2022-0634 Unquoted Service Path (0)
09-08: Trojan-Spy.Win32.Pophot.bsl MVID-2022-0635 Insecure Permissions (0)
09-08: FE File Explorer 11.0.4 Local File Inclusion (0)
09-08: Trojan.Win32.Autoit.fhj MVID-2022-0638 NULL DACL (0)
09-08: Trojan-Ransom.Win32.Hive.bv MVID-2022-0636 Code Execution (0)
09-07: http://phpmyadmin.ayutthaya2.go.th/read.html (0)
09-07: http://new.ayutthaya2.go.th/read.html (0)
09-07: Online Employee Leave Management System 1.0 Cross Site Request Forgery (0)
09-07: Wifi HD Wireless Disk Drive 11 Local File Inclusion (0)
09-06: Apple macOS Remote Events Memory Corruption (0)
09-06: Mobile Mouse 3.6.0.4 Remote Code Execution (0)
09-06: Online Market Place Site 1.0 SQL Injection (0)
09-06: Online Market Place Site 1.0 Cross Site Scripting (0)
09-06: Cisco ASA-X With FirePOWER Services Authenticated Command Injection (0)
09-03: WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting (0)
09-02: Apple Security Advisory 2022-08-31-1 (0)
09-02: Doctor's Appointment System 1.0 Cross Site Scripting (0)
09-02: Doctor's Appointment System 1.0 SQL Injection (0)
09-02: [webapps] WordPress Plugin Netroics Blog Posts Grid 1.0 – Stored Cross-Site Scripting (XSS) (0)
09-02: [webapps] WordPress Plugin Testimonial Slider and Showcase 2.2.6 – Stored Cross-Site Scripting (XSS) (0)
09-02: [webapps] Sophos XG115w Firewall 17.0.10 MR-10 – Authentication Bypass (0)
09-01: WordPress Core Cross Site Scripting / SQL Injection (0)
09-01: Zyxel Firewall SUID Binary Privilege Escalation (0)
09-01: Packet Storm New Exploits For August, 2022 (0)

August 2022 (148)

08-31: Linux KVM Instruction Emulation Issue (0)
08-30: AeroCMS 0.0.1 SQL Injection (0)
08-28: http://ss-muni.go.th/index.php (0)
08-28: http://tambonbansong.go.th/index.php (0)
08-28: http://www.khokyanglocal.go.th/index.php (0)
08-28: http://donmuang-local.go.th/index.php (0)
08-26: Xalan-J XSLTC Integer Truncation (0)
08-26: http://www.sungnoenabt.go.th/read.html (0)
08-25: Zimbra Zip Path Traversal (0)
08-25: Arm Mali CSF VMA Split Mishandling (0)
08-25: PrestaShop Ap Pagebuilder 2.4.4 SQL Injection (0)
08-25: Centreon 22.04.0 Cross Site Scripting (0)
08-24: Zimbra Zip Path Traversal (0)
08-23: 10-Strike Network Inventory Explorer 9.3 Buffer Overflow (0)
08-23: WordPress Duplicator 1.4.7.2 Backup Disclosure (0)
08-23: Teleport 9.3.6 Command Injection (0)
08-23: http://www.wangdaeng.go.th/capcha/read.html (0)
08-22: AppleAVD AVC_RBSP::parseSliceHeader ref_pic_list_modification Overflow (0)
08-22: Personnel Property Equipment 2015-2022 SQL Injection (0)
08-22: Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution (0)
08-22: https://cri.nfe.go.th (0)
08-20: FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS (0)
08-20: Transposh WordPress Translation 1.0.8.1 Incorrect Authorization (0)
08-20: Apple Security Advisory 2022-08-17-2 (0)
08-20: Apple Security Advisory 2022-08-17-1 (0)
08-20: Apple Security Advisory 2022-08-18-1 (0)
08-20: Transposh WordPress Translation 1.0.8.1 Incorrect Authorization (0)
08-19: FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation (0)
08-19: Polar Flow Android 5.7.1 Secret Disclosure (0)
08-19: Advantech iView NetworkServlet Command Injection (0)
08-19: FLIX AX8 1.46.16 Remote Command Execution (0)
08-19: Chrome content::ServiceWorkerVersion::MaybeTimeoutRequest Heap Use-After-Free (0)
08-18: Advantech iView NetworkServlet Command Injection (0)
08-18: Update Chrome Now To Patch Actively Exploited Zero Day (0)
08-17: TypeORM 0.3.7 Information Disclosure (0)
08-17: Race Against The Sandbox (0)
08-16: Race Against The Sandbox (0)
08-16: Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure (0)
08-16: Inout SiteSearch 2.0.1 Cross Site Scripting (0)
08-16: Inout RealEstate 2.1.2 SQL Injection (0)
08-16: Win32.Ransom.BlueSky MVID-2022-0632 Code Execution (0)
08-16: Windows Credential Guard Domain-Joined Device Public Key Privilege Escalation (0)
08-15: Windows Credential Guard Domain-Joined Device Public Key Privilege Escalation (0)
08-13: Readymade Job Portal Script SQL Injection (0)
08-13: Gas Agency Management 2022 SQL Injection / XSS / Shell Upload (0)
08-13: Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow (0)
08-13: Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow (0)
08-12: Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow (0)
08-12: Intelbras ATA 200 Cross Site Scripting (0)
08-12: Fiberhome AN5506-02-B Cross Site Scripting (0)
08-12: http://www.yangngam.go.th/index.php (0)
08-12: http://www.tungluang.go.th/index.php (0)
08-12: http://www.sajorakhea.go.th/index.php (0)
08-12: https://www.secpt.go.th (0)
08-12: http://www.bankruatcity.go.th/index.php (0)
08-11: Fiberhome AN5506-02-B Cross Site Scripting (0)
08-11: Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass (0)
08-11: AirSpot 5410 0.3.4.1-4 Remote Command Injection (0)
08-11: Zimbra zmslapd Privilege Escalation (0)
08-11: Webmin Package Updates Command Injection (0)
08-10: Microsoft Patches Dogwalk Zero Day And 17 Critical Flaws (0)
08-10: Webmin Package Updates Command Injection (0)
08-10: Prestashop Blockwishlist 2.1.0 SQL Injection (0)
08-10: Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage (0)
08-10: PAN-OS 10.0 Remote Code Execution (0)
08-10: Matrimonial PHP Script 1.0 SQL Injection (0)
08-10: Feehi CMS 2.1.1 Cross Site Scripting (0)
08-09: http://www.kasetwisai.go.th/index.php (0)
08-09: http://www.kukasinglocal.go.th/index.php (0)
08-09: http://kham-saengcity.go.th/index.php (0)
08-09: http://www.nongjabok.go.th/index.php (0)
08-09: http://www.mabkrad.go.th/index.php (0)
08-09: http://www.muangmailocal.go.th/index.php (0)
08-09: http://ptb.go.th/index.php (0)
08-09: http://www.plubpla101.go.th/index.php (0)
08-09: http://www.nongyueng.go.th/index.php (0)
08-09: http://www.muangphoe.go.th/index.php (0)
08-09: http://www.prasuk.go.th/index.php (0)
08-09: http://rmchaiyaphum.go.th/index.php (0)
08-09: http://www.borthong.go.th/index.php (0)
08-09: Feehi CMS 2.1.1 Cross Site Scripting (0)
08-09: Nortek Linear eMerge E3-Series Credential Disclosure (0)
08-09: Nortek Linear eMerge E3-Series Command Injection (0)
08-09: Nortek Linear eMerge E3-Series Account Takeover (0)
08-09: WordPress Duplicator 1.4.7.1 Backup Disclosure (0)
08-09: ManageEngine ADAudit Plus Path Traversal / XML Injection (0)
08-09: Thingsboard 3.3.1 Cross Site Scripting (0)
08-09: [remote] PAN-OS 10.0 – Remote Code Execution (RCE) (Authenticated) (0)
08-09: [webapps] ThingsBoard 3.3.1 'name' – Stored Cross-Site Scripting (XSS) (0)
08-09: [webapps] Feehi CMS 2.1.1 – Stored Cross-Site Scripting (XSS) (0)
08-09: [webapps] Prestashop blockwishlist module 2.1.0 – SQLi (0)
08-09: [webapps] ThingsBoard 3.3.1 'description' – Stored Cross-Site Scripting (XSS) (0)
08-08: Thingsboard 3.3.1 Cross Site Scripting (0)
08-06: WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting (0)
08-06: Online Admission System 1.0 SQL Injection (0)
08-06: Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass (0)
08-06: Backdoor.Win32.Bushtrommel.122 MVID-2022-0630 Remote Command Execution (0)
08-06: WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery (0)
08-06: Zimbra UnRAR Path Traversal (0)
08-05: Zimbra UnRAR Path Traversal (0)
08-05: WordPress Duplicator 1.4.7 Unauthenticated Backup Download (0)
08-05: WordPress Download Manager 3.2.50 Arbitrary File Deletion (0)
08-05: Backdoor.Win32.Jokerdoor MVID-2022-0628 Buffer Overflow (0)
08-05: Chrome WebGL Uniform Integer Overflows (0)
08-05: VMware Workspace ONE Access Privilege Escalation (0)
08-05: https://khamtalayso.go.th/Sec.html (0)
08-05: https://nonyor.go.th/Sec.html (0)
08-05: https://samrong.go.th/Sec.html (0)
08-05: https://kangplu.go.th/Sec.html (0)
08-05: https://naimeung.go.th/Sec.html (0)
08-04: VMware Workspace ONE Access Privilege Escalation (0)
08-04: IObit Malware Fighter 9.2 Tampering / Privilege Escalation (0)
08-04: Multi-Language Hotel Management 2022 1.0 SQL Injection (0)
08-04: MobileIron Log4Shell Remote Command Execution (0)
08-04: Zoho Password Manager Pro XML-RPC Java Deserialization (0)
08-03: Zoho Password Manager Pro XML-RPC Java Deserialization (0)
08-03: uftpd 2.10 Directory Traversal (0)
08-02: uftpd 2.10 Directory Traversal (0)
08-02: Crime Reporting System 1.0 SQL Injection (0)
08-02: WordPress SeatReg 1.23.0 Open Redirect (0)
08-02: Wavlink WN533A8 Cross Site Scripting (0)
08-02: Wavlink WN533A8 Password Disclosure (0)
08-02: Wavlink WN530HG4 Password Disclosure (0)
08-02: Easy Chat Server 3.1 Buffer Overflow (0)
08-02: CodeIgniter CMS 4.2.0 SQL Injection (0)
08-02: Webmin 1.996 Remote Code Execution (0)
08-02: WordPress Duplicator 1.4.7 Information Disclosure (0)
08-02: WordPress Duplicator 1.4.6 Backup Disclosure (0)
08-02: mPDF 7.0 Local File Inclusion (0)
08-02: Backdoor.Win32.Destrukor.20 MVID-2022-0626 Authentication Bypass / Code Execution (0)
08-02: CuteEditor For PHP 6.6 Directory Traversal (0)
08-02: NanoCMS 0.4 Remote Code Execution (0)
08-02: Omnia MPX 1.5.0+r1 Path Traversal (0)
08-02: Backdoor.Win32.Destrukor.20 MVID-2022-0627 Remote Command Execution (0)
08-02: Packet Storm New Exploits For July, 2022 (0)
08-02: [remote] uftpd 2.10 – Directory Traversal (Authenticated) (0)
08-01: Packet Storm New Exploits For July, 2022 (0)
08-01: [webapps] Wavlink WN533A8 – Password Disclosure (0)
08-01: [webapps] Wavlink WN533A8 – Cross-Site Scripting (XSS) (0)
08-01: [remote] Easy Chat Server 3.1 – Remote Stack Buffer Overflow (SEH) (0)
08-01: [webapps] Wavlink WN530HG4 – Password Disclosure (0)
08-01: [webapps] WordPress Plugin Duplicator 1.4.6 – Unauthenticated Backup Download (0)
08-01: [webapps] Webmin 1.996 – Remote Code Execution (RCE) (Authenticated) (0)
08-01: [webapps] NanoCMS v0.4 – Remote Code Execution (RCE) (Authenticated) (0)
08-01: [remote] Omnia MPX 1.5.0+r1 – Path Traversal (0)
08-01: [webapps] mPDF 7.0 – Local File Inclusion (0)
08-01: [webapps] CuteEditor for PHP 6.6 – Directory Traversal (0)
08-01: [webapps] WordPress Plugin Duplicator 1.4.7 – Information Disclosure (0)

July 2022 (197)

07-30: WordPress WP-UserOnline 2.87.6 Cross Site Scripting (0)
07-30: Transposh WordPress Translation 1.0.7 Cross Site Scripting (0)
07-30: Transposh WordPress Translation 1.0.7 Cross Site Scripting (0)
07-30: Dingtian-DT-R002 3.1.276A Authentication Bypass (0)
07-30: Transposh WordPress Translation 1.0.7 Incorrect Authorization (0)
07-30: rpc.py 0.6.0 Remote Code Execution (0)
07-30: Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery (0)
07-30: Crime Reporting System 1.0 Cross Site Scripting (0)
07-30: Transposh WordPress Translation 1.0.8.1 Information Disclosure (0)
07-30: Geonetwork 4.2.0 XML Injection (0)
07-30: Transposh WordPress Translation 1.0.8.1 Improper Authorization (0)
07-30: Transposh WordPress Translation 1.0.8.1 SQL Injection (0)
07-30: Transposh WordPress Translation 1.0.8.1 Remote Code Execution (0)
07-30: http://www.pasanghospital.go.th/404.php (0)
07-29: http://www.tago.go.th/tago/gallery/hai.html (0)
07-29: http://www.arpon.go.th/arpon/mainfile/hai.html (0)
07-29: http://www.krabuang.go.th/krabuang/file_editor/hai.html (0)
07-29: http://srinarong.go.th/srinarong/mainfile/hai.html (0)
07-29: http://nanuan.go.th/nanuan/module_eservice1/ (0)
07-29: Transposh WordPress Translation 1.0.8.1 Remote Code Execution (0)
07-29: Loan Management System 1.0 SQL Injection (0)
07-29: Loan Management System 1.0 Cross Site Scripting (0)
07-29: [webapps] WordPress Plugin WP-UserOnline 2.87.6 – Stored Cross-Site Scripting (XSS) (0)
07-29: [remote] Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) – Remote Code Execution (0)
07-29: [webapps] Geonetwork 4.2.0 – XML External Entity (XXE) (0)
07-29: [webapps] Carel pCOWeb HVAC BACnet Gateway 2.1.0 – Directory Traversal (0)
07-29: [local] Asus GameSDK v1.0.0.4 – 'GameSDK.exe' Unquoted Service Path (0)
07-29: [webapps] Dingtian-DT-R002 3.1.276A – Authentication Bypass (0)
07-29: [remote] rpc.py 0.6.0 – Remote Code Execution (RCE) (0)
07-28: http://www.kalasin-pao.go.th/antidrug//images/id.gif (0)
07-27: PCProtect Endpoint 5.17.470 Tampering / Privilege Escalation (0)
07-27: Expert X Jobs Portal And Resume Builder 1.0 SQL Injection (0)
07-27: Garage Management System 1.0 Shell Upload (0)
07-27: Hospital Information System 1.0 SQL Injection (0)
07-27: Roxy-WI Remote Command Execution (0)
07-26: Roxy-WI Remote Command Execution (0)
07-26: Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection (0)
07-26: Patlite 1.46 Buffer Overflow (0)
07-26: [webapps] WordPress Plugin Visual Slide Box Builder 3.2.9 – SQLi (0)
07-25: Patlite 1.46 Buffer Overflow (0)
07-23: Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential (0)
07-23: http://www.kokkrabuang.go.th/index.php (0)
07-23: Apple Security Advisory 2022-07-20-1 (0)
07-23: Apple Security Advisory 2022-07-20-2 (0)
07-23: Apple Security Advisory 2022-07-20-3 (0)
07-23: Apple Security Advisory 2022-07-20-4 (0)
07-23: Apple Security Advisory 2022-07-20-5 (0)
07-23: Apple Security Advisory 2022-07-20-6 (0)
07-23: Apple Security Advisory 2022-07-20-7 (0)
07-22: Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential (0)
07-22: DASDEC Cross Site Scripting / HTML Injection (0)
07-22: IOTransfer 4.0 Remote Code Execution (0)
07-22: Dr. Fone 4.0.8 Unquoted Service Path (0)
07-22: Kite 1.2021.610.0 Unquoted Service Path (0)
07-22: OctoBot WebInterface 0.4.3 Remote Code Execution (0)
07-22: CodoForum 5.1 Remote Code Execution (0)
07-22: Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root (0)
07-22: Chrome Scope Break (0)
07-22: Chrome Scope Break (0)
07-21: http://khlongkhwai.go.th/counter.txt (0)
07-21: http://monnanglocal.go.th/counter.txt (0)
07-21: http://www.naleng.go.th/index.php (0)
07-21: http://www.cheewuek.go.th/index.php (0)
07-21: Emporium eCommerce Online Shopping CMS 1.2 SQL Injection (0)
07-21: http://www.bannalocal.go.th (0)
07-21: http://www.tungkula.go.th (0)
07-21: http://www.tonglang.go.th (0)
07-21: http://www.tamafaiwan.go.th (0)
07-21: http://www.muangkae.go.th (0)
07-21: http://www.huaycan.go.th (0)
07-21: [webapps] OctoBot WebInterface 0.4.3 – Remote Code Execution (RCE) (0)
07-21: [webapps] CodoForum v5.1 – Remote Code Execution (RCE) (0)
07-21: [local] Dr. Fone 4.0.8 – 'net_updater32.exe' Unquoted Service Path (0)
07-21: [remote] IOTransfer 4.0 – Remote Code Execution (RCE) (0)
07-21: [webapps] Magnolia CMS 6.2.19 – Stored Cross-Site Scripting (XSS) (0)
07-21: [local] Kite 1.2021.610.0 – Unquoted Service Path (0)
07-20: Emporium eCommerce Online Shopping CMS 1.2 SQL Injection (0)
07-20: http://www.muangfak.go.th (0)
07-20: http://www.makha-sm.go.th (0)
07-20: http://www.nonpradoo.go.th (0)
07-20: http://rangam.go.th (0)
07-20: http://nongbuakhok.go.th (0)
07-20: http://www.kohloybanghak-chonburi.go.th (0)
07-20: http://hinkhon.go.th (0)
07-20: http://www.lumpeak.go.th/index.php (0)
07-20: http://www.thungchanghan.go.th (0)
07-20: http://www.nongdon.go.th (0)
07-20: http://nongkham.go.th (0)
07-20: http://www.samrit.go.th (0)
07-20: http://www.chiangkhwan.go.th (0)
07-20: http://www.banbua.go.th/index.php (0)
07-20: http://www.pakthongchai.go.th/index.php (0)
07-20: http://www.songchan.go.th/index.php (0)
07-20: http://koksoong.go.th/index.php (0)
07-20: http://www.sisuk.go.th (0)
07-20: http://www.kwianhug.go.th (0)
07-20: http://www.sao-nongbua.go.th (0)
07-20: Asus GameSDK 1.0.0.4 Unquoted Service Path (0)
07-20: Spryker Commerce OS Remote Command Execution (0)
07-20: https://www.medcannabis.go.th (0)
07-20: http://nongpluang.go.th/coremain/images/theme/hai.html (0)
07-20: http://sawanpraya.go.th/coremain/images/border/ (0)
07-19: Spryker Commerce OS Remote Command Execution (0)
07-19: http://takook.go.th (0)
07-19: Travel Tours Script 1.0 SQL Injection (0)
07-19: Property Listing Script 3.1 SQL Injection (0)
07-19: Orange Station 1.0 SQL Injection (0)
07-19: Backdoor.Win32.HoneyPot.a MVID-2022-0622 Weak Hardcoded Password (0)
07-19: Builder XtremeRAT 3.7 MVID-2022-0623 Insecure Permissions (0)
07-19: Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass (0)
07-18: Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass (0)
07-18: http://lumkhaw.go.th/index.php (0)
07-18: http://www.khokkung.go.th/index.php (0)
07-18: http://khokmamuang.go.th/index.php (0)
07-18: http://klongtabchan.go.th/index.php (0)
07-18: http://www.dontanin.go.th/index.php (0)
07-17: http://www.soengsanglocal.go.th/index.php (0)
07-17: http://www.sakot.go.th/index.php (0)
07-17: http://www.sampanieng.go.th/index.php (0)
07-17: http://www.srapra.go.th/index.php (0)
07-16: Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation (0)
07-16: Windows Kernel nt!MiRelocateImage Invalid Read (0)
07-15: http://www.bankangcity.go.th/index.php (0)
07-15: http://www.tungsawang.go.th/index.php (0)
07-15: Windows Kernel nt!MiRelocateImage Invalid Read (0)
07-15: PrestaShop 1.7.6.7 Cross Site Scripting (0)
07-14: PrestaShop 1.7.6.7 Cross Site Scripting (0)
07-14: Sourcegraph gitserver sshCommand Remote Command Execution (0)
07-14: Sourcegraph gitserver sshCommand Remote Command Execution (0)
07-13: http://amss.ses26.go.th (0)
07-13: http://amssplus.ses26.go.th (0)
07-13: JBOSS EAP/AS 6.x Remote Code Execution (0)
07-13: JBOSS EAP/AS 6.x Remote Code Execution (0)
07-12: Mutt mutt_decode_uuencoded() Memory Disclosure (0)
07-12: Xen TLB Flush Bypass (0)
07-12: Chrome PaintImage Deserialization Out-Of-Bounds Read (0)
07-12: Nginx 1.20.0 Denial Of Service (0)
07-12: Sashimi Evil OctoBot Tentacle (0)
07-12: WordPress Visual Slide Box Builder 3.2.9 SQL Injection (0)
07-11: WordPress Visual Slide Box Builder 3.2.9 SQL Injection (0)
07-11: https://sanpong.go.th/riz.htm (0)
07-11: [remote] Nginx 1.20.0 – Denial of Service (DOS) (0)
07-08: Windows Kerberos KerbRetrieveEncodedTicketMessage AppContainer Privilege Escalation (0)
07-08: http://www.plailocal.go.th/index.php (0)
07-07: Windows Kerberos KerbRetrieveEncodedTicketMessage AppContainer Privilege Escalation (0)
07-07: Magnolia CMS 6.2.19 Cross Site Scripting (0)
07-07: EQS Integrity Line Cross Site Scripting / Information Disclosure (0)
07-07: Xen PV Guest Non-SELFSNOOP CPU Memory Corruption (0)
07-07: Windows Kerberos Redirected Logon Buffer Privilege Escalation (0)
07-06: Windows Kerberos Redirected Logon Buffer Privilege Escalation (0)
07-06: http://www.sptn.dss.go.th/bas/public/site/images/zbiok/Ox.gif (0)
07-06: Windows Defender Remote Credential Guard Authentication Relay Privilege Escalation (0)
07-06: Advanced Testimonials Manager 5.6 SQL Injection (0)
07-06: Ransom Lockbit 3.0 MVID-2022-0621 Code Execution (0)
07-05: Google: Half Of Zero-Day Exploits Linked To Poor Software Fixes (0)
07-05: Ransom Lockbit 3.0 MVID-2022-0621 Code Execution (0)
07-05: Stock Management System 2020 SQL Injection (0)
07-05: Paymoney 3.3 Cross Site Scripting (0)
07-05: DouPHP 1.2 Release 20141027 SQL Injection (0)
07-05: Ransom Lockbit 3.0 MVID-2022-0620 Buffer Overflow (0)
07-04: https://web.sakon2.go.th/daka.htm (0)
07-04: https://bigdata.sakon2.go.th/daka.htm (0)
07-04: https://emoney.sakon2.go.th/daka.htm (0)
07-04: https://material.sakon2.go.th/daka.htm (0)
07-04: Ransom Lockbit 3.0 MVID-2022-0620 Buffer Overflow (0)
07-03: https://www.khaochot.go.th/Matigan.php (0)
07-02: TypeORM SQL Injection (0)
07-02: Classified Listing 2.2.9 Cross Site Scripting (0)
07-02: BigBlueButton 2.3 / 2.4.7 Cross Site Scripting (0)
07-02: PHP Library Remote Code Execution (0)
07-02: Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal (0)
07-02: Packet Storm New Exploits For June, 2022 (0)
07-01: Packet Storm New Exploits For June, 2022 (0)
07-01: Backdoor.Win32.Cafeini.b MVID-2022-0617 Hardcoded Credential (0)
07-01: Backdoor.Win32.EvilGoat.b MVID-2022-0619 Hardcoded Credential (0)
07-01: Backdoor.Win32.Coredoor.10.a MVID-2022-0618 Authentication Bypass (0)
07-01: http://keumchad.go.th/zz.html (0)
07-01: http://namatoom.go.th/zz.html (0)
07-01: http://nkt.go.th/zz.html (0)
07-01: http://sridonpai.go.th/zz.html (0)
07-01: http://phimainuea.go.th/zz.html (0)
07-01: http://pimoon.go.th/zz.html (0)
07-01: http://phanokkhao.go.th/zz.html (0)
07-01: http://sammuang.go.th/zz.html (0)
07-01: http://simeun.go.th/zz.html (0)
07-01: http://preakasamai.go.th/zz.html (0)
07-01: http://tal.go.th/zz.html (0)
07-01: http://phanthongnongkakha.go.th/zz.html (0)
07-01: http://thanonkhad.go.th/zz.html (0)
07-01: http://thangphra.go.th/zz.html (0)
07-01: http://suansom.go.th/zz.html (0)
07-01: http://tasala-loei.go.th/zz.html (0)
07-01: http://tasawang.go.th/zz.html (0)
07-01: http://whd.go.th/zz.html (0)
07-01: http://tln.go.th/zz.html (0)
07-01: http://yaicha.go.th/zz.html (0)
07-01: [remote] WiFi Mouse 1.7.8.5 – Remote Code Execution(v2) (0)

June 2022 (179)

06-30: http://myoffice.sesao14.go.th/myoffice/2565/laysen/2007.jpg (0)
06-30: https://myoffice.sesaskss.go.th/laysen/89.jpg (0)
06-30: https://web.sesao8.go.th/myoffice/2565/laysen/3827.jpg (0)
06-30: http://myoffice.nonpeo.go.th/laysen/31.jpg (0)
06-30: http://office.sea12.go.th/2564/laysen/734.jpg (0)
06-30: http://buengkan.immigration.go.th/admin/pic/3a7f0cb8f403f782e9d9fd0c4514aa0b.jpg (0)
06-30: Backdoor.Win32.Coredoor.10.a MVID-2022-0618 Authentication Bypass (0)
06-30: http://ict.utd2.go.th/readme.txt (0)
06-30: http://e-salary2.utd2.go.th/readme.txt (0)
06-30: https://ww.utd2.go.th/readme.txt (0)
06-30: http://amss.utd2.go.th/readme.txt (0)
06-30: https://smss.aya1.go.th/daka.htm (0)
06-30: https://bigdata.nb2.go.th/daka.htm (0)
06-30: https://amss-old.nb2.go.th/daka.htm (0)
06-30: https://e-salary.nb2.go.th/daka.htm (0)
06-30: https://e-bamnan.nb2.go.th/daka.htm (0)
06-30: https://amss.nb2.go.th/daka.htm (0)
06-30: Laundry Management System 1.0 SQL Injection (0)
06-30: Fruits-Bazar 2021 1.0 SQL Injection (0)
06-30: Fruits-Bazar 2021 1.0 SQL Injection (0)
06-29: Zoo Management System 1.0 Cross Site Scripting (0)
06-29: OpenCart 3.x So Filter Shop By SQL Injection (0)
06-29: AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service (0)
06-28: AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service (0)
06-28: WSO2 Management Console Cross Site Scripting (0)
06-28: Library Management System With QR Code 1.0 Shell Upload (0)
06-28: Library Management System With QR Code 1.0 Cross Site Scripting (0)
06-28: Library Management System With QR Code 1.0 SQL Injection (0)
06-28: Coffee Shop Cashiering System 1.0 SQL Injection (0)
06-28: WordPress Weblizar 8.9 Code Execution (0)
06-28: WordPress W-DALIL 2.0 Cross Site Scripting (0)
06-28: Mailhog 1.0.1 Cross Site Scripting (0)
06-28: WordPress Simple Page Transition 1.4.1 Cross Site Scripting (0)
06-27: WordPress Simple Page Transition 1.4.1 Cross Site Scripting (0)
06-27: [webapps] Mailhog 1.0.1 – Stored Cross-Site Scripting (XSS) (0)
06-27: [webapps] WSO2 Management Console (Multiple Products) – Unauthenticated Reflected Cross-Site Scripting (XSS) (0)
06-27: [webapps] WordPress Plugin Weblizar 8.9 – Backdoor (0)
06-25: Yashma Ransomware Builder 1.2 MVID-2022-0613 Insecure Permissions (0)
06-25: Backdoor.Win32.Shark.btu MVID-2022-0615 Insecure Permissions (0)
06-25: Trojan-Mailfinder.Win32.VB.p MVID-2022-0616 Insecure Permissions (0)
06-25: Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions (0)
06-24: Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions (0)
06-23: Zoo Management System 1.0 Cross Site Scripting (0)
06-23: WordPress Download Manager 3.2.43 Cross Site Scripting (0)
06-22: WordPress Download Manager 3.2.43 Cross Site Scripting (0)
06-22: SAP Fiori Launchpad Cross Site Scripting (0)
06-22: SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal (0)
06-22: SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal (0)
06-22: SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication (0)
06-22: SAP FRUN 2.00 / 3.00 Cross Site Scripting (0)
06-21: http://phonkho.go.th/back.txt (0)
06-21: Marval MSM 14.19.0.12476 Remote Code Execution (0)
06-21: Kitty 0.76.0.8 Stack Buffer Overflow (0)
06-21: Marval MSM 14.19.0.12476 Cross Site Request Forgery (0)
06-21: Warehouse Management System 2022 SQL Injection (0)
06-21: Virtua Software Cobranca 12S SQL Injection (0)
06-21: ChurchCRM 4.4.5 SQL Injection (0)
06-21: JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect (0)
06-21: HP LaserJet Professional M1210 MFP Series Receive Fax Service Unquoted Service Path (0)
06-21: Algo 8028 Control Panel Remote Code Execution (0)
06-21: Pandora FMS 7.0NG.742 Remote Code Execution (0)
06-21: Sourcegraph Gitserver 3.36.3 Remote Code Execution (0)
06-21: Multi Language Pharmacy Management System 1.0 Shell Upload (0)
06-21: Old Age Home Management System 1.0 SQL Injection (0)
06-21: Chrome WebGPUDecoderImpl::DoRequestDevice Missing Bounds Check (0)
06-21: Chrome CVE-2022-1096 Incomplete Fix (0)
06-21: XNU Flow Divert Race Condition Use-After-Free (0)
06-21: phpIPAM 1.4.5 Remote Code Execution (0)
06-21: TP-Link AX50 Remote Code Execution (0)
06-21: SolarView Compact 6.00 Cross Site Scripting (0)
06-21: Gentics CMS 5.36.29 Cross Site Scripting / Deserialization (0)
06-21: SoftGuard SNMP Network Management Extension HTML Injection / File Download (0)
06-21: Mitel 6800/6900 Series SIP Phones Backdoor Access (0)
06-21: Lepin EP-KP001 KP001_V19 Authentication Bypass (0)
06-21: Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor (0)
06-21: SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting (0)
06-20: SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting (0)
06-19: http://nonedu2.go.th/kz.html (0)
06-19: https://sakon2.go.th/daka.htm (0)
06-18: http://www7.djop.go.th/index2.html (0)
06-16: http://nongjom.go.th (0)
06-15: http://bookshelf.senate.go.th/lol.txt (0)
06-15: http://questionnaire.senate.go.th/lol.txt (0)
06-15: http://legalxml.senate.go.th/lol.txt (0)
06-15: http://question.senate.go.th/lol.txt (0)
06-15: http://budget.senate.go.th/lol.txt (0)
06-15: http://mail3.senate.go.th/lol.txt (0)
06-15: http://act.senate.go.th/lol.txt (0)
06-15: http://money.senate.go.th/lol.txt (0)
06-14: http://mueangkhaen.go.th/zz.php (0)
06-14: http://sanc.go.th/zz.php (0)
06-14: https://www.phukethealthfund.go.th/zz.php (0)
06-14: [local] Real Player 16.0.3.51 – 'external::Import()' Directory Traversal to Remote Code Execution (RCE) (0)
06-14: [webapps] SolarView Compact 6.00 – 'pow' Cross-Site Scripting (XSS) (0)
06-14: [local] Real Player v.20.0.8.310 G2 Control – 'DoGoToURL()' Remote Code Execution (RCE) (0)
06-14: [webapps] SolarView Compact 6.00 – 'time_begin' Cross-Site Scripting (XSS) (0)
06-14: [webapps] Avantune Genialcloud ProJ 10 – Cross-Site Scripting (XSS) (0)
06-14: [remote] Marval MSM v14.19.0.12476 – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [webapps] Old Age Home Management System 1.0 – SQLi Authentication Bypass (0)
06-14: [webapps] ChurchCRM 4.4.5 – SQLi (0)
06-14: [remote] Sourcegraph Gitserver 3.36.3 – Remote Code Execution (RCE) (0)
06-14: [remote] TP-Link Router AX50 firmware 210730 – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [webapps] phpIPAM 1.4.5 – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [remote] Algo 8028 Control Panel – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [webapps] Pandora FMS v7.0NG.742 – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [remote] Virtua Software Cobranca 12S – SQLi (0)
06-14: [local] HP LaserJet Professional M1210 MFP Series Receive Fax Service – Unquoted Service Path (0)
06-14: [remote] Marval MSM v14.19.0.12476 – Cross-Site Request Forgery (CSRF) (0)
06-11: https://taladlocal.go.th/kz.html (0)
06-11: WordPress Motopress Hotel Booking Lite 4.2.4 Cross Site Scripting (0)
06-11: Kik Messenger XMPP Stanza Smuggling (0)
06-10: https://wangsomboonhospital.go.th/1975.html (0)
06-10: Kik Messenger XMPP Stanza Smuggling (0)
06-10: https://khamthoa.go.th/kz.html (0)
06-10: https://sikhiotown.go.th/kz.html (0)
06-10: [webapps] Confluence Data Center 7.18.0 – Remote Code Execution (RCE) (0)
06-10: [webapps] WordPress Plugin Motopress Hotel Booking Lite 4.2.4 – Stored Cross-Site Scripting (XSS) (0)
06-09: WordPress Download Manager 3.2.42 Cross Site Scripting (0)
06-09: Atlassian Confluence Namespace OGNL Injection (0)
06-08: Atlassian Confluence Namespace OGNL Injection (0)
06-08: Confluence OGNL Injection Remote Code Execution (0)
06-08: Through The Wire CVE-2022-26134 Confluence Proof Of Concept (0)
06-08: Confluence OGNL Injection Proof Of Concept (0)
06-08: Trojan-Banker.Win32.Banker.agzg MVID-2022-0608 Insecure Permissions (0)
06-08: Trojan-Banker.Win32.Banbra.cyt MVID-2022-0611 Insecure Permissions (0)
06-08: Trojan-Proxy.Win32.Symbab.o MVID-2022-0610 Heap Corruption (0)
06-08: Ransom.Haron MVID-2022-0609 Code Execution (0)
06-08: Backdoor.Win32.Cabrotor.10.d MVID-2022-0612 Remote Command Execution (0)
06-08: Microsoft Office Word MSDTJS Code Execution (0)
06-07: Microsoft Office Word MSDTJS Code Execution (0)
06-07: http://www.singburihosp.go.th/0x.jpg (0)
06-07: http://satun.nfe.go.th/t_khokoa/web1/file_editor/0x.txt (0)
06-07: http://www.sahathat.go.th/obec/web1/file_editor/0x.txt (0)
06-07: Apache 2.4.50 Remote Code Execution (0)
06-07: Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure (0)
06-07: Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure (0)
06-07: Korenix JetPort 5601V3 Backdoor Account (0)
06-07: dbus-broker-29 Memory Corruption (0)
06-07: Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass (0)
06-07: Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection (0)
06-06: Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection (0)
06-04: http://spb3.go.th/rz.php (0)
06-04: Zyxel USG FLEX 5.21 Command Injection (0)
06-04: Microweber CMS 1.2.15 Account Takeover (0)
06-04: Contao 4.13.2 Cross Site Scripting (0)
06-04: SolarView Compact 6.00 Directory Traversal (0)
06-04: Telesquare SDT-CW3B1 1.1.0 Command Injection (0)
06-04: IIPImage Remote Memory Corruption (0)
06-04: Real Player 20.1.0.312 / 20.0.3.317 DLL Hijacking (0)
06-04: NVIDIA Data Center GPU Manager Remote Memory Corruption (0)
06-03: Zero-Day Exploitation Of Atlassian Confluence (0)
06-03: NVIDIA Data Center GPU Manager Remote Memory Corruption (0)
06-03: dotCMS Shell Upload (0)
06-03: Product Show Room Site 1.0 Cross Site Scripting (0)
06-03: libMeshb Buffer Overflow (0)
06-03: libMeshb Buffer Overflow (0)
06-03: [remote] SolarView Compact 6.00 – Directory Traversal (0)
06-03: [remote] Telesquare SDT-CW3B1 1.1.0 – OS Command Injection (0)
06-03: [webapps] Microweber CMS 1.2.15 – Account Takeover (0)
06-03: [remote] Zyxel USG FLEX 5.21 – OS Command Injection (0)
06-03: [webapps] Contao 4.13.2 – Cross-Site Scripting (XSS) (0)
06-03: [remote] Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 – Remote Code Execution (RCE) (0)
06-02: Real Player 20.0.8.310 G2 Control DoGoToURL() Remote Code Execution (0)
06-02: Real Player 16.00.282 / 16.0.3.51 / Cloud 17.0.9.17 / 20.0.7.309 Remote Code Execution (0)
06-02: Real Player 16.0.3.51 / Cloud 17.0.9.17 / 20.0.7.309 DCP URI Remote Code Execution (0)
06-02: Avantune Genialcloud ProJ 10 Cross Site Scripting (0)
06-02: OpenSSL 1.0.2 / 1.1.1 / 3.0 BN_mod_sqrt() Infinite Loop (0)
06-02: libxml2 xmlBufAdd Heap Buffer Overflow (0)
06-02: Packet Storm New Exploits For May, 2022 (0)
06-02: GtkRadiant 1.6.6 Buffer Overflow (0)
06-02: http://yala.nfe.go.th/betong/web1/file_editor/0x.txt (0)
06-02: http://phuket.nfe.go.th/kathu/web1/file_editor/0x.txt (0)
06-02: GtkRadiant 1.6.6 Buffer Overflow (0)
06-02: Microsoft Releases Workaround For 1-Click 0-Day Under Active Attack (0)
06-01: Fast Food Ordering System 1.0 Cross Site Scripting (0)
06-01: Microsoft Follina Proof Of Concept (0)
06-01: Microsoft Office MSDT Follina Proof Of Concept (0)
06-01: MyBB Admin Control Remote Code Execution (0)
06-01: MyBB Admin Control Remote Code Execution (0)

May 2022 (260)

05-31: http://thongfah.dit.go.th/krd.html (0)
05-31: http://blueflag.dit.go.th/krd.html (0)
05-31: https://lowpricemap.dit.go.th/krd.html (0)
05-31: Fast Food Ordering System 1.0 SQL Injection (0)
05-31: Ingredient Stock Management System 1.0 SQL Injection (0)
05-31: Ingredient Stock Management System 1.0 Account Takeover (0)
05-31: WordPress User Meta Lite / Pro 2.4.3 Path Traversal (0)
05-31: Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root (0)
05-30: Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root (0)
05-29: https://loei2.go.th/1975.html (0)
05-28: https://amnat-ed.go.th/1975.html (0)
05-27: http://www.mhs-pao.go.th/zil.php (0)
05-27: qdPM 9.1 Remote Code Execution (0)
05-27: ChromeOS usbguard Bypass (0)
05-27: Tigase XMPP Server Stanza Smuggling (0)
05-26: Tigase XMPP Server Stanza Smuggling (0)
05-26: http://cems.diw.go.th/sadme.htm (0)
05-26: http://policeubon.go.th/o.htm (0)
05-26: Print Spooler Remote DLL Injection (0)
05-25: Print Spooler Remote DLL Injection (0)
05-25: Zoom XMPP Stanza Smuggling Remote Code Execution (0)
05-25: CLink Office 2.0 SQL Injection (0)
05-25: Online Fire Reporting System 1.0 SQL Injection (0)
05-25: Online Fire Reporting System 1.0 SQL Injection (0)
05-25: [webapps] qdPM 9.1 – Remote Code Execution (RCE) (Authenticated) (v2) (0)
05-24: OpenCart Newsletter 3.0.2.0 SQL Injection (0)
05-24: Blockchain AltExchanger 1.2.1 SQL Injection (0)
05-24: Blockchain FiatExchanger 2.2.1 SQL Injection (0)
05-24: m1k1o's Blog 1.3 Remote Code Execution (0)
05-24: iTop Remote Command Execution (0)
05-23: iTop Remote Command Execution (0)
05-23: [webapps] m1k1o's Blog v.10 – Remote Code Execution (RCE) (Authenticated) (0)
05-23: [webapps] OpenCart v3.x Newsletter Module – Blind SQLi (0)
05-21: Linux USB Use-After-Free (0)
05-20: Linux USB Use-After-Free (0)
05-20: PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting (0)
05-20: LiquidFiles 3.4.15 Cross Site Scripting (0)
05-20: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization (0)
05-19: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization (0)
05-19: Emby Media Server 4.7.0.60 Cross Site Scripting (0)
05-18: APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days (0)
05-18: Emby Media Server 4.7.0.60 Cross Site Scripting (0)
05-18: SolarView Compact 6.0 Command Injection (0)
05-18: Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting (0)
05-18: T-Soft E-Commerce 4 Cross Site Scripting (0)
05-18: T-Soft E-Commerce 4 SQL Injection (0)
05-18: OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization (0)
05-18: Showdoc 2.10.3 Cross Site Scripting (0)
05-18: Online Discussion Forum Site 1.0 SQL Injection (0)
05-18: SDT-CW3B1 1.1.0 Command Injection (0)
05-18: Trojan-Ransom.Thanos MVID-2022-0607 Code Execution (0)
05-18: Apple Security Advisory 2022-05-16-1 (0)
05-18: Apple Security Advisory 2022-05-16-2 (0)
05-18: Apple Security Advisory 2022-05-16-3 (0)
05-18: Apple Security Advisory 2022-05-16-4 (0)
05-18: Apple Security Advisory 2022-05-16-5 (0)
05-18: Apple Security Advisory 2022-05-16-6 (0)
05-18: Apple Security Advisory 2022-05-16-7 (0)
05-18: Apple Security Advisory 2022-05-16-8 (0)
05-18: Trojan-Ransom.Thanos MVID-2022-0607 Code Execution (0)
05-17: Ransom.Conti MVID-2022-0601 Code Execution (0)
05-17: Ransom.Conti MVID-2022-0602 Code Execution (0)
05-17: Ransom.Conti MVID-2022-0603 Code Execution (0)
05-17: HighCMS/HighPortal 12.x SQL Injection (0)
05-17: Ransom.Conti MVID-2022-0604 Code Execution (0)
05-17: WordPress WP Event Manager 3.1.27 Cross Site Scripting (0)
05-17: Ransom.Conti MVID-2022-0605 Code Execution (0)
05-17: Zyxel Remote Command Execution (0)
05-17: Ransom.Conti MVID-2022-0606 Code Execution (0)
05-17: IpMatcher 1.0.4.1 Server-Side Request Forgery (0)
05-17: Chrome 100 extensions::ExtensionApiFrameIdMap::GetFrameId Heap Use-After-Free (0)
05-17: Zyxel Firewall ZTP Unauthenticated Command Injection (0)
05-17: [webapps] Showdoc 2.10.3 – Stored Cross-Site Scripting (XSS) (0)
05-17: [remote] SolarView Compact 6.0 – OS Command Injection (0)
05-17: [webapps] T-Soft E-Commerce 4 – SQLi (Authenticated) (0)
05-17: [remote] SDT-CW3B1 1.1.0 – OS Command Injection (0)
05-17: [webapps] T-Soft E-Commerce 4 – 'UrunAdi' Stored Cross-Site Scripting (XSS) (0)
05-17: [webapps] Survey Sparrow Enterprise Survey Software 2022 – Stored Cross-Site Scripting (XSS) (0)
05-16: Zyxel Firewall ZTP Unauthenticated Command Injection (0)
05-14: Konica Minolta bizhub MFP Printer Terminal Sandbox Escape (0)
05-13: Konica Minolta bizhub MFP Printer Terminal Sandbox Escape (0)
05-13: F5 BIG-IP 16.0.x Remote Code Execution (0)
05-13: Royal Event Management System 1.0 SQL Injection (0)
05-13: Ransom.REvil MVID-2022-0596 Code Execution (0)
05-13: TLR-2005KSH Arbitrary File Delete (0)
05-13: College Management System 1.0 SQL Injection (0)
05-13: AppleVideoDecoder CreateHeaderBuffer Out-Of-Bounds Free (0)
05-13: F5 BIG-IP iControl Remote Code Execution (0)
05-13: Ransom.REvil MVID-2022-0595 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0597 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0598 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0599 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0600 Code Execution (0)
05-12: Ransom.REvil MVID-2022-0600 Code Execution (0)
05-12: e107 CMS 3.2.1 Arbitrary File Upload / Cross Site Scripting (0)
05-12: Apache CouchDB 3.2.1 Remote Code Execution (0)
05-12: Wondershare Dr.Fone 12.0.7 Privilege Escalation (0)
05-12: Wondershare Dr.Fone 12.0.7 Privilege Escalation (0)
05-12: ExifTool 12.23 Arbitrary Code Execution (0)
05-12: Cyclos 4.14.7 Cross Site Scripting (0)
05-12: DLINK DIR850 Open Redirection (0)
05-12: DLINK DIR850 Insecure Direct Object Reference (0)
05-12: Wondershare Dr.Fone 11.4.10 Insecure Permissions (0)
05-12: SAP BusinessObjects Intelligence 4.3 XML Injection (0)
05-12: Microsoft CMD.EXE Integer Overflow (0)
05-12: ManageEngine ADSelfService Plus Build 6118 NTLMv2 Hash Exposure (0)
05-12: TCQ Unquoted Service Path (0)
05-12: UDisk Monitor Z5 Phone 2.0.3.0 Unquoted Service Path (0)
05-12: Anuko Time Tracker 1.20.0.5640 SQL Injection (0)
05-12: Navigate CMS 2.9.4 Server-Side Request Forgery (0)
05-12: Google Chrome 78.0.3904.70 Remote Code Execution (0)
05-12: PyScript 2022-05-04-Alpha Source Code Disclosure (0)
05-12: DLINK DAP-1620 A1 1.01 Directory Traversal (0)
05-12: Beehive Forum 1.5.2 Account Takeover (0)
05-12: MyBB 1.8.29 Remote Code Execution (0)
05-12: WordPress Blue Admin 21.06.01 Cross Site Request Forgery (0)
05-12: Joomla SexyPolling 2.1.7 SQL Injection (0)
05-12: Ruijie Reyee Mesh Router Remote Code Execution (0)
05-12: Cisco RV340 SSL VPN Unauthenticated Remote Code Execution (0)
05-12: Actively Exploited Zero-Day Bug Patched By Microsoft (0)
05-12: Cisco RV340 SSL VPN Unauthenticated Remote Code Execution (0)
05-12: [webapps] TLR-2005KSH – Arbitrary File Delete (0)
05-12: [webapps] College Management System 1.0 – 'course_code' SQL Injection (Authenticated) (0)
05-12: [webapps] Royal Event Management System 1.0 – 'todate' SQL Injection (Authenticated) (0)
05-12: [remote] F5 BIG-IP 16.0.x – Remote Code Execution (RCE) (0)
05-11: Spring4Shell Spring Framework Class Property Remote Code Execution (0)
05-11: Printix 1.3.1106.0 Privilege Escalation (0)
05-11: Printix 1.3.1106.0 Privileged API Abuse (0)
05-11: https://area2.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area3.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area5.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area7.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area10.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area8.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area9.kkzone1.go.th/resize-image-class.php (0)
05-11: [webapps] TLR-2005KSH – Arbitrary File Upload (0)
05-11: [remote] ManageEngine ADSelfService Plus Build 6118 – NTLMv2 Hash Exposure (0)
05-11: [webapps] Microfinance Management System 1.0 – 'customer_number' SQLi (0)
05-11: [webapps] e107 CMS v3.2.1 – Multiple Vulnerabilities (0)
05-11: [webapps] WebTareas 2.4 – Blind SQLi (Authenticated) (0)
05-11: [local] ExifTool 12.23 – Arbitrary Code Execution (0)
05-11: [webapps] WordPress Plugin Advanced Uploader 4.2 – Arbitrary File Upload (Authenticated) (0)
05-11: [local] Wondershare Dr.Fone 12.0.7 – Privilege Escalation (ElevationService) (0)
05-11: [remote] Bookeen Notea – Directory Traversal (0)
05-11: [local] Wondershare Dr.Fone 12.0.7 – Privilege Escalation (InstallAssistService) (0)
05-11: [webapps] CSZ CMS 1.3.0 – 'Multiple' Blind SQLi (0)
05-11: [remote] Apache CouchDB 3.2.1 – Remote Code Execution (RCE) (0)
05-11: [local] UDisk Monitor Z5 Phone – 'MonServiceUDisk.exe' Unquoted Service Path (0)
05-11: [webapps] Anuko Time Tracker – SQLi (Authenticated) (0)
05-11: [local] Wondershare Dr.Fone 11.4.10 – Insecure File Permissions (0)
05-11: [remote] Tenda HG6 v3.3.0 – Remote Command Injection (0)
05-11: [remote] Prime95 Version 30.7 build 9 – Remote Code Execution (RCE) (0)
05-11: [remote] Google Chrome 78.0.3904.70 – Remote Code Execution (0)
05-11: [remote] DLINK DIR850 – Open Redirect (0)
05-11: [remote] PyScript – Read Remote Python Source Code (0)
05-11: [webapps] Cyclos 4.14.7 – 'groupId' DOM Based Cross-Site Scripting (XSS) (0)
05-11: [remote] DLINK DAP-1620 A1 v1.01 – Directory Traversal (0)
05-11: [remote] Akka HTTP 10.1.14 – Denial of Service (0)
05-11: [webapps] Explore CMS 1.0 – SQL Injection (0)
05-11: [webapps] Magento eCommerce CE v2.3.5-p2 – Blind SQLi (0)
05-11: [webapps] Navigate CMS 2.9.4 – Server-Side Request Forgery (SSRF) (Authenticated) (0)
05-11: [webapps] Bitrix24 – Remote Code Execution (RCE) (Authenticated) (0)
05-11: [webapps] WordPress Plugin stafflist 3.1.2 – SQLi (Authenticated) (0)
05-11: [webapps] Joomla Plugin SexyPolling 2.1.7 – SQLi (0)
05-11: [webapps] WordPress Plugin Blue Admin 21.06.01 – Cross-Site Request Forgery (CSRF) (0)
05-11: [webapps] Beehive Forum – Account Takeover (0)
05-11: [webapps] MyBB 1.8.29 – MyBB 1.8.29 – Remote Code Execution (RCE) (Authenticated) (0)
05-11: [remote] USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 – Remote Root Backdoor (0)
05-11: [webapps] PHProjekt PhpSimplyGest v1.3. – Stored Cross-Site Scripting (XSS) (0)
05-11: [webapps] Cyclos 4.14.7 – DOM Based Cross-Site Scripting (XSS) (0)
05-11: [webapps] ImpressCMS v1.4.4 – Unrestricted File Upload (0)
05-11: [remote] Ruijie Reyee Mesh Router – Remote Code Execution (RCE) (Authenticated) (0)
05-11: [remote] DLINK DIR850 – Insecure Access Control (0)
05-11: [remote] SAP BusinessObjects Intelligence 4.3 – XML External Entity (XXE) (0)
05-11: [local] TCQ – ITeCProteccioAppServer.exe – Unquoted Service Path (0)
05-10: Printix 1.3.1106.0 Privileged API Abuse (0)
05-10: Ransom.Cryakl Code Execution (0)
05-10: Ransom.Petya Code Execution (0)
05-10: Travel Management System 1.0 SQL Injection (0)
05-10: School Dormitory Management 1.0 SQL Injection (0)
05-10: Ransom.Conti Code Execution (0)
05-10: Ransom.Satana Code Execution (0)
05-10: School Dormitory Management System 1.0 SQL Injection (0)
05-10: APT28 FancyBear Code Execution (0)
05-10: Chrome content::DisplayCutoutHostImpl::SendSafeAreaToFrame Use-After-Free (0)
05-10: Linux PT_SUSPEND_SECCOMP Permission Bypass / Death Race (0)
05-10: F5 BIG-IP Remote Code Execution (0)
05-09: F5 BIG-IP Remote Code Execution (0)
05-09: https://www.spmnan.go.th/readmee.htm (0)
05-09: https://nptedu.go.th/readmee.htm (0)
05-09: http://esanpt1.go.th/daka.htm (0)
05-08: http://www.nb1.go.th/daka.htm (0)
05-08: https://www.trang1.go.th/daka.htm (0)
05-07: REvil.Ransom Code Execution (0)
05-07: Trojan.Ransom.Cryptowall Code Execution (0)
05-07: ChatBot Application With A Suggestion Feature 1.0 SQL Injection (0)
05-07: Trojan-Ransom.LockerGoga Code Execution (0)
05-07: Trojan-Ransom.Cerber Code Execution (0)
05-07: Ransom.CTBLocker Code Execution (0)
05-07: Craft CMS 3.7.36 Password Reset Poisoning Attack (0)
05-07: Trojan.CryptoLocker Code Execution (0)
05-07: Trojan-Ransom.Radamant Code Execution (0)
05-07: http://ret2.go.th/readme.htm (0)
05-06: Craft CMS 3.7.36 Password Reset Poisoning Attack (0)
05-06: Red Planet Laundry Management System 1.0 SQL Injection (0)
05-06: SAP Web Dispatcher HTTP Request Smuggling (0)
05-06: PHProjekt PhpSimplyGest / MyProjects 1.3.0 Cross Site Scripting (0)
05-06: ZoneMinder Language Settings Remote Code Execution (0)
05-06: ZoneMinder Language Settings Remote Code Execution (0)
05-05: Conti.Ransom Code Execution (0)
05-05: Ransom.Conti Code Execution (0)
05-05: REvil.Ransom Code Execution (0)
05-05: Ransom.WannaCry Code Execution (0)
05-04: https://ict.amnat-ed.go.th/readmee.htm (0)
05-04: https://e-office.amnat-ed.go.th/readmee.htm (0)
05-04: https://e-news.amnat-ed.go.th/readmee.htm (0)
05-04: https://e-network.amnat-ed.go.th/readmee.htm (0)
05-04: https://salary.amnat-ed.go.th/readmee.htm (0)
05-04: http://cmarea3.go.th/readmee.htm (0)
05-04: http://loei3.go.th/readme.txt (0)
05-04: Ransom.WannaCry Code Execution (0)
05-04: WordPress Stafflist 3.1.2 Cross Site Scripting (0)
05-04: Tenda HG6 3.3.0 Remote Command Injection (0)
05-04: VMware Workspace ONE Access Template Injection / Command Execution (0)
05-04: Ransom.AvosLocker Code Execution (0)
05-04: BlackBasta Ransom Code Execution (0)
05-04: LokiLocker Ransom Code Execution (0)
05-04: Conti Ransom Code Execution (0)
05-04: REvil Ransom Code Execution (0)
05-04: RedLine.Stealer Code Execution (0)
05-03: RedLine.Stealer Code Execution (0)
05-03: http://www.krajai.go.th/readme.html (0)
05-03: http://www.nakhamloei.go.th/readme.html (0)
05-03: http://www.napongloei.go.th/readme.html (0)
05-03: http://www.nonghin.go.th/readme.html (0)
05-03: http://www.nonpasang.go.th/readme.html (0)
05-03: http://www.nonpodaeng.go.th/readme.html (0)
05-03: http://www.npt.go.th/readme.html (0)
05-03: http://www.pnt.go.th/readme.html (0)
05-03: http://www.raitai.go.th/readme.html (0)
05-03: http://www.srithan.go.th/readme.html (0)
05-03: http://www.taladjinda.go.th/readme.html (0)
05-03: http://www.tambolbangyang.go.th/readme.html (0)
05-03: http://www.tessabanna-o.go.th/readme.html (0)
05-03: http://www.tessabannahaeo.go.th/readme.html (0)
05-03: http://www.thachangklong.go.th/readme.html (0)
05-03: http://www.thamchalong.go.th/readme.html (0)
05-03: http://www.thasaklocal.go.th/readme.html (0)
05-03: http://www.thungkrabam.go.th/readme.html (0)
05-03: http://www.wangdin.go.th/readme.html (0)
05-03: http://www.wangsaphung.go.th/readme.html (0)
05-03: Toll Tax Management System 1.0 SQL Injection (0)
05-03: Covid 19 Travel Pass Management System 1.0 SQL Injection (0)
05-03: Ransom.LockBit DLL Hijacking (0)
05-03: Strapi 3.6.8 Password Disclosure / Insecure Handling (0)
05-03: WordPress Stafflist 3.1.2 SQL Injection (0)
05-03: WordPress Stafflist 3.1.2 Cross Site Request Forgery (0)
05-03: WSO Arbitrary File Upload / Remote Code Execution (0)
05-03: Packet Storm New Exploits For April, 2022 (0)
05-02: Packet Storm New Exploits For April, 2022 (0)

April 2022 (222)

04-29: Home Clean Service System 1.0 SQL Injection (0)
04-28: Home Clean Service System 1.0 SQL Injection (0)
04-28: WordPress Curtain 1.0.2 Cross Site Scripting (0)
04-28: Prime95 30.7 Build 9 Buffer Overflow (0)
04-28: Trojan-Banker.Win32.Banker.heq Insecure Permissions (0)
04-28: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
04-28: Net-Worm.Win32.Kibuv.c Authentication Bypass (0)
04-28: Email-Worm.Win32.Sidex Remote Command Execution (0)
04-28: Virus.Win32.Qvod.b Insecure Permissions (0)
04-28: Trojan-Downloader.Win32.Small.ahlq Insecure Permissions (0)
04-28: Backdoor.Win32.Cafeini.b Hardcoded Credential (0)
04-28: Backdoor.Win32.Cafeini.b Man-In-The-Middle (0)
04-28: Backdoor.Win32.GF.j Remote Command Execution (0)
04-28: Trojan-Downloader.Win32.Agent Insecure Permissions (0)
04-28: Backdoor.Win32.Agent.aegg Hardcoded Credential (0)
04-28: Miele Benchmark Programming Tool 1.1.49 / 1.2.71 Privilege Escalation (0)
04-28: Zepp 6.1.4-play User Account Enumeration (0)
04-28: Redis Lua Sandbox Escape (0)
04-28: Redis Lua Sandbox Escape (0)
04-27: http://www.ssk3.go.th/zz.html (0)
04-27: WordPress WP-Invoice 4.3.1 Cross Site Scripting (0)
04-27: Gitlab 14.9 Authentication Bypass (0)
04-27: Gitlab 14.9 Cross Site Scripting (0)
04-27: WordPress Coru LFMember 1.0.2 Cross Site Scripting (0)
04-26: WordPress Coru LFMember 1.0.2 Cross Site Scripting (0)
04-26: http://phutthaisonglocal.go.th/pentest.php (0)
04-26: WordPress ScrollReveal.js Effects 1.1.1 Cross Site Scripting (0)
04-26: Joomla Sexy Polling 2.1.7 SQL Injection (0)
04-26: Hackers Are Exploiting Zero Days More Than Ever (0)
04-26: [webapps] GitLab 14.9 – Stored Cross-Site Scripting (XSS) (0)
04-26: [webapps] Gitlab 14.9 – Authentication Bypass (0)
04-25: Joomla Sexy Polling 2.1.7 SQL Injection (0)
04-22: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor (0)
04-22: Watch Queue Out-Of-Bounds Write (0)
04-22: ManageEngine ADSelfService Plus Custom Script Execution (0)
04-21: ManageEngine ADSelfService Plus Custom Script Execution (0)
04-21: Jenkins Remote Code Execution (0)
04-21: 7-Zip 16 DLL Hijacking (0)
04-21: Online Restaurant Table Reservation System 1.0 SQL Injection (0)
04-21: Pharmacy Management System 1.0 Shell Upload (0)
04-21: Pharmacy Management System 1.0 SQL Injection (0)
04-20: Google: 2021 Was A Banner Year For Exploited 0-Day Bugs (0)
04-20: Pharmacy Management System 1.0 SQL Injection (0)
04-20: http://www.budhosp.go.th/kurdish.html (0)
04-20: Microsoft Exchange Active Directory Topology 15.0.847.40 Unquoted Service Path (0)
04-20: Fuel CMS 1.5.0 Cross Site Request Forgery (0)
04-20: Zyxel NWA-1100-NH Command Injection (0)
04-20: Scriptcase 9.7 Shell Upload (0)
04-20: PTPublisher 2.3.4 Unquoted Service Path (0)
04-20: EaseUS Data Recovery 15.1.0.0 Unquoted Service Path (0)
04-20: HackTool.Win32.Delf.vs Insecure Credential Storage (0)
04-20: WordPress Elementor 3.6.2 Shell Upload (0)
04-20: Backdoor.Win32.Loselove Denial Of Service (0)
04-20: WordPress Videos Sync PDF 1.7.4 Cross Site Scripting (0)
04-20: Trojan.Win32.TScash.c Insecure Permissions (0)
04-20: Backdoor.Win32.Hupigon.haqj Unquoted Service Path (0)
04-20: PKP Open Journals System 3.3 Cross Site Scripting (0)
04-20: 7-Zip 21.07 Code Execution / Privilege Escalation (0)
04-20: ManageEngine ADSelfService Plus 6.1 User Enumeration (0)
04-20: Backdoor.Win32.Psychward.03.a Weak Hardcoded Password (0)
04-20: Responsive Online Blog 1.0 SQL Injection (0)
04-20: WordPress Popup Maker 1.16.5 Cross Site Scripting (0)
04-20: Backdoor.Win32.GateHell.21 Man-In-The-Middle (0)
04-20: Linux watch_queue Filter Out-Of-Bounds Write (0)
04-20: WordPress Motopress Hotel Booking Lite 4.2.4 SQL Injection (0)
04-20: Linux FUSE Use-After-Free (0)
04-20: Backdoor.Win32.Delf.zn Insecure Credential Storage (0)
04-20: Backdoor.Win32.GateHell.21 Authentication Bypass (0)
04-20: BlueZ Key Theft / bluetoothd Double-Free (0)
04-19: BlueZ Key Theft / bluetoothd Double-Free (0)
04-19: [webapps] Scriptcase 9.7 – Remote Code Execution (RCE) (0)
04-19: [webapps] Easy Appointments 1.4.2 – Information Disclosure (0)
04-19: [remote] Zyxel NWA-1100-NH – Command Injection (0)
04-19: [webapps] WordPress Plugin Motopress Hotel Booking Lite 4.2.4 – SQL Injection (0)
04-19: [local] Microsoft Exchange Mailbox Assistants 15.0.847.40 – 'Service MSExchangeMailboxAssistants' Unquoted Service Path (0)
04-19: [local] EaseUS Data Recovery – 'ensserver.exe' Unquoted Service Path (0)
04-19: [local] Microsoft Exchange Active Directory Topology 15.0.847.40 – 'Service MSExchangeADTopology' Unquoted Service Path (0)
04-19: [local] PTPublisher v2.3.4 – Unquoted Service Path (0)
04-19: [remote] ManageEngine ADSelfService Plus 6.1 – User Enumeration (0)
04-19: [webapps] WordPress Plugin Videos sync PDF 1.7.4 – Stored Cross Site Scripting (XSS) (0)
04-19: [webapps] Fuel CMS 1.5.0 – Cross-Site Request Forgery (CSRF) (0)
04-19: [local] 7-zip – Code Execution / Local Privilege Escalation (0)
04-19: [webapps] WordPress Plugin Elementor 3.6.2 – Remote Code Execution (RCE) (Authenticated) (0)
04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cookie User Password Disclosure (0)
04-19: [webapps] PKP Open Journals System 3.3 – Cross-Site Scripting (XSS) (0)
04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Request Forgery (CSRF) (0)
04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Scripting (XSS) (0)
04-19: [webapps] WordPress Plugin Popup Maker 1.16.5 – Stored Cross-Site Scripting (Authenticated) (0)
04-19: [webapps] REDCap 11.3.9 – Stored Cross Site Scripting (0)
04-19: [remote] Verizon 4G LTE Network Extender – Weak Credentials Algorithm (0)
04-18: http://www2.utd2.go.th/readme.txt (0)
04-18: https://education-phatthalungcity.go.th (0)
04-18: http://sikhoraphumcity.go.th/zz.html (0)
04-17: https://office.yst1.go.th/1975.html (0)
04-16: Microsoft HTTP Protocol Stack Denial Of Service (0)
04-16: Backdoor.Win32.MotivFTP.12 Authentication Bypass (0)
04-16: Backdoor.Win32.Prorat.cwx Insecure Permissions (0)
04-16: Backdoor.Win32.Psychward.03.a Weak Hardcoded Password (0)
04-16: HackTool.Win32.IpcScan.c Buffer Overflow (0)
04-16: Backdoor.Win32.Kilo.016 Denial Of Service (0)
04-16: Email-Worm.Win32.Pluto.b Insecure Permissions (0)
04-16: Backdoor.Win32.NinjaSpy.c Authentication Bypass (0)
04-16: Backdoor.Win32.NetCat32.10 Remote Command Execution (0)
04-16: Backdoor.Win32.NetSpy.10 Remote Command Execution (0)
04-16: Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication (0)
04-15: Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication (0)
04-15: REDCap Cross Site Scripting (0)
04-15: Online Car Wash Booking System 1.0 SQL Injection (0)
04-15: Online Car Wash Booking System 1.0 Blind SQL Injection (0)
04-15: Delta Controls enteliTOUCH 3.40.3935 Cross Site Request Forgery (0)
04-15: Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting (0)
04-15: Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure (0)
04-14: https://www.nsw2.go.th/1975.html (0)
04-14: https://nb2.go.th/1975.html (0)
04-14: http://www.chon3.go.th/1975.html (0)
04-14: Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure (0)
04-14: Verizon 4G LTE Network Extender 0.4.038.2131 Weak Credential Algorithm (0)
04-14: Spring4Shell Code Execution (0)
04-14: Microsoft Zero Days, Wormable Bugs Spark Concern (0)
04-13: Spring4Shell Code Execution (0)
04-13: Explore CMS 1.0 SQL Injection (0)
04-13: Easy!Appointments Information Disclosure (0)
04-12: MiniTool Partition Wizard 12.0 Unquoted Service Path (0)
04-12: SAM SUNNY TRIPOWER 5.0 Insecure Direct Object Reference (0)
04-12: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion (0)
04-12: Telesquare TLR-2855KS6 Arbitrary File Creation (0)
04-12: Telesquare TLR-2855KS6 Arbitrary File Deletion (0)
04-12: WordPress LayerSlider Cross Site Scripting (0)
04-12: WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting (0)
04-12: Razer Sila 2.0.418 Local File Inclusion (0)
04-12: Razer Sila 2.0.418 Command Injection (0)
04-12: Razer Sila 2.0.418 Command Injection (0)
04-11: [webapps] Telesquare TLR-2855KS6 – Arbitrary File Deletion (0)
04-11: [webapps] Telesquare TLR-2855KS6 – Arbitrary File Creation (0)
04-11: [remote] Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 – Local File Inclusion (LFI) (0)
04-11: [local] MiniTool Partition Wizard – Unquoted Service Path (0)
04-11: [webapps] SAM SUNNY TRIPOWER 5.0 – Insecure Direct Object Reference (IDOR) (0)
04-09: School Club Application System 1.0 Local File Inclusion (0)
04-09: Online Sports Complex Booking System 1.0 Cross Site Scripting (0)
04-09: WordPress SiteGround Security 1.2.5 Authentication Bypass (0)
04-09: Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure (0)
04-09: PHPGurukul Zoo Management System 1.0 SQL Injection (0)
04-09: AeroCMS 0.0.1 Cross Site Scripting (0)
04-09: Social Codia SMS 1 Cross Site Scripting (0)
04-09: PHPGurukul Zoo Management System 1.0 Shell Upload (0)
04-09: E-Commerce Website 1.0 Shell Upload (0)
04-09: Musical World 1 Shell Upload (0)
04-09: E-Commerce Website 1.1.0 Shell Upload (0)
04-09: Social Codia SMS 1 Shell Upload (0)
04-09: Simple House Rental System 1 Shell Upload (0)
04-09: Car Rental System 1.0 SQL Injection (0)
04-09: Movie Seat Reservation System 1.0 File Disclosure / SQL Injection (0)
04-09: AeroCMS 0.0.1 Shell Upload (0)
04-08: FFS Colibri Controller Module 1.8.19.8580 Directory Traversal (0)
04-08: Backdoor.Win32.FTP.Lana.01.d Hardcoded Credential (0)
04-08: Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle (0)
04-08: CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution (0)
04-08: School Club Application System 1.0 SQL Injection (0)
04-08: Backdoor.Win32.Ptakks.XP.a Insecure Credential Storage (0)
04-08: Backdoor.Win32.Xingdoor Denial Of Service (0)
04-08: Zenario CMS 9.0.54156 Remote Code Execution (0)
04-08: binutils 2.37 Objdump Segmentation Fault (0)
04-08: Opmon 9.11 Cross Site Scripting (0)
04-08: Backdoor.Win32.Wisell Buffer Overflow (0)
04-08: Small HTTP Server 3.06 Remote Buffer Overflow (0)
04-08: Kramer VIAware Remote Code Execution (0)
04-08: Backdoor.Win32.Wisell Remote Command Execution (0)
04-08: WordPress Loco Translate Cross Site Scripting (0)
04-08: WordPress Ad Inserter Cross Site Scripting (0)
04-08: ICEHRM 31.0.0.0S Cross Site Request Forgery (0)
04-08: WordPress Hummingbird Cross Site Scripting (0)
04-08: minewebcms 1.15.2 Cross Site Scripting (0)
04-08: qdPM 9.2 Cross Site Request Forgery (0)
04-08: WordPress UpdraftPlus Cross Site Scripting (0)
04-08: WordPress WP Downgrade Cross Site Scripting (0)
04-08: KLiK Social Media Website 1.0 SQL Injection (0)
04-08: Backdoor.Win32.Verify.h Remote Command Execution (0)
04-08: Backdoor.Win32.XLog.21 Authentication Bypass / Race Condition (0)
04-07: [remote] Opmon 9.11 – Cross-site Scripting (0)
04-07: [local] binutils 2.37 – Objdump Segmentation Fault (0)
04-07: [webapps] Zenario CMS 9.0.54156 – Remote Code Execution (RCE) (Authenticated) (0)
04-07: [webapps] KLiK Social Media Website 1.0 – 'Multiple' SQLi (0)
04-07: [remote] Kramer VIAware – Remote Code Execution (RCE) (Root) (0)
04-07: [webapps] ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Deletion (0)
04-07: [webapps] qdPM 9.2 – Cross-site Request Forgery (CSRF) (0)
04-07: [local] Sherpa Connector Service v2020.2.20328.2050 – Unquoted Service Path (0)
04-07: [webapps] minewebcms 1.15.2 – Cross-site Scripting (XSS) (0)
04-06: SAP Information System 1.0 Shell Upload (0)
04-06: Online Sports Complex Booking System 1.0 SQL Injection (0)
04-06: cmark-gfm Integer overflow (0)
04-06: Bakery Shop Management System 1.0 SQL Injection (0)
04-06: Bakery Shop Management System 1.0 Local File Inclusion (0)
04-06: https://www.kkpho.go.th/planyut/ (0)
04-05: Gadget Store Management System 1.0 Shell Upload (0)
04-05: Online Banquet Booking System 1.0 Cross Site Request Forgery (0)
04-05: Multi Store Inventory Management System 1.0 Information Disclosure (0)
04-05: Multi Store Inventory Management System 1.0 Account Takeover (0)
04-04: ALLMediaServer 1.6 Buffer Overflow (0)
04-04: Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path (0)
04-04: Backdoor.Win32.Wollf.h Remote Command Execution (0)
04-04: Barco Control Room Management Suite Directory Traversal (0)
04-04: Backdoor.Win32.Jokerdoor Hardcoded Credential (0)
04-04: Payroll Management System 1.0 SQL Injection (0)
04-04: Backdoor.Win32.Delf.ps Information Disclosure (0)
04-04: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass (0)
04-04: https://patrol-psd.go.th/v3n.html (0)
04-03: https://mdh.go.th/1975index.html (0)
04-03: https://npte2.go.th/1975index.html (0)
04-02: Apple Rushes Out Patches For Two Zero Days Threatening Users (0)
04-02: Apple Security Advisory 2022-03-31-2 (0)
04-02: Apple Security Advisory 2022-03-31-1 (0)
04-01: Message System 1.0 Cross Site Scripting (0)
04-01: Message System 1.0 SQL Injection (0)
04-01: Medical Hub Directory Site 1.0 SQL Injection (0)
04-01: Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path (0)
04-01: EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path (0)
04-01: Chrome DeserializeFromMessage Validation Issue (0)
04-01: IdeaRE RefTree Shell Upload (0)
04-01: IdeaRE RefTree Path Traversal (0)
04-01: Spring Cloud Function SpEL Injection (0)
04-01: WordPress Uleak Security Dashboard 1.2.3 Cross Site Scripting (0)
04-01: Packet Storm New Exploits For March, 2022 (0)

March 2022 (271)

03-30: Sports Complex Booking System 1.0 Local File Inclusion (0)
03-30: Fingerprint Attendance 1.0 SQL Injection (0)
03-30: Fingerprint Attendance 1.0 Shell Upload (0)
03-30: Fingerprint Attendance 1.0 Account Takeover (0)
03-30: Message System 1.0 Local File Inclusion (0)
03-30: Message System 1.0 Shell Upload (0)
03-30: WordPress Curtain 1.0.2 Cross Site Request Forgery (0)
03-30: WordPress Clipr 1.2.3 Cross Site Scripting (0)
03-30: WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting (0)
03-30: Atom CMS 1.0.2 Shell Upload (0)
03-30: WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion (0)
03-30: WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion (0)
03-30: CSZ CMS 1.2.9 SQL Injection (0)
03-30: Medical Hub Directory Site 1.0 Local File Inclusion (0)
03-30: Medical Hub Directory Site 1.0 Cross Site Scripting (0)
03-30: Medical Hub Directory Site 1.0 Shell Upload (0)
03-30: Medical Hub Directory Site 1.0 SQL Injection (0)
03-30: PostgreSQL 11.7 Remote Code Execution (0)
03-30: Kramer VIAware 2.5.0719.1034 Remote Code Execution (0)
03-30: WordPress CleanTalk 5.173 Cross Site Scripting (0)
03-30: WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting (0)
03-30: Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal (0)
03-30: Chrome safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails Use-After-Free (0)
03-30: [remote] Kramer VIAware 2.5.0719.1034 – Remote Code Execution (RCE) (0)
03-30: [remote] PostgreSQL 9.3-11.7 – Remote Code Execution (RCE) (Authenticated) (0)
03-30: [webapps] CSZ CMS 1.2.9 – 'Multiple' Blind SQLi(Authenticated) (0)
03-30: [webapps] WordPress Plugin video-synchro-pdf 1.7.4 – Local File Inclusion (0)
03-30: [webapps] WordPress Plugin cab-fare-calculator 1.0.3 – Local File Inclusion (0)
03-30: [webapps] WordPress Plugin Curtain 1.0.2 – Cross-site Request Forgery (CSRF) (0)
03-30: [webapps] Atom CMS 2.0 – Remote Code Execution (RCE) (0)
03-30: [webapps] ImpressCMS 1.4.2 – Remote Code Execution (RCE) (0)
03-29: Message System 1.0 Shell Upload (0)
03-29: One Church Management System 1.0 Cross Site Scripting (0)
03-29: Microfinance Management System 1.0 SQL Injection (0)
03-29: One Church Management System 1.0 SQL Injection (0)
03-29: FruityWifi Remote Code Execution (0)
03-29: ALLMediaServer 1.6 Remote Buffer Overflow (0)
03-29: Backdoor.Win32.Cyn.20 Insecure Permissions (0)
03-29: Pay Slip PDF Generator System 1.0 SQL Injection (0)
03-29: Pay Slip PDF Generator System 1.0 Shell Upload (0)
03-29: Backdoor.Win32.Cafeini.b Denial Of Service (0)
03-29: PDF Generator Web App Using TCPDF 1.0 Local File Inclusion (0)
03-29: Microfinance Management System 1.0 Cross Site Scripting (0)
03-29: Backdoor.Win32.Chubo.c Remote Command Execution (0)
03-29: Backdoor.Win32.Chubo.c Cross Site Scripting (0)
03-29: Online Banking System 1.0 SQL Injection (0)
03-29: WordPress Admin Word Count Column 2.2 Local File Inclusion (0)
03-29: Backdoor.Win32.Avstral.e Remote Command Execution (0)
03-29: Royale Event Management System 1.0 Privilege Escalation (0)
03-29: Royale Event Management System 1.0 Cross Site Scripting (0)
03-29: PDF Generator Web Application 1.0 SQL Injection (0)
03-29: Covid-19 Directory On Vaccination System 1.0 SQL Injection (0)
03-29: Covid-19 Directory On Vaccination System 1.0 SQL Injection (0)
03-29: Backdoor.Win32.Cafeini.b Hardcoded Credential (0)
03-29: Razer Synapse 3.6.x DLL Hijacking (0)
03-28: Razer Synapse 3.6.x DLL Hijacking (0)
03-26: RTLO Injection URI Spoofing (0)
03-25: RTLO Injection URI Spoofing (0)
03-25: containerd Image Volume Insecure Handling (0)
03-25: Online Sports Complex Booking System 1.0 Account Takeover (0)
03-25: Online Sports Complex Booking System 1.0 SQL Injection (0)
03-25: Sports Complex Booking System 1.0 Shell Upload (0)
03-25: Foxit PDF Editor (iOS) 11.3.1 Arbitrary File Upload (0)
03-25: Trend Micro Virtual Mobile Infrastructure 6.0.1278 Denial Of Service (0)
03-25: Sports Complex Booking System 1.0 SQL Injection (0)
03-25: Microfinance Management System 1.0 SQL Injection (0)
03-25: Event Management System 1.0 Shell Upload (0)
03-25: http://e-learning.rid.go.th/kz.html (0)
03-24: WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read (0)
03-24: Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting (0)
03-24: WordPress Contact Form 7 5.5.6 Cross Site Scripting (0)
03-24: WordPress Akismet Spam Protection 4.2.2 Cross Site Scripting (0)
03-24: ProtonVPN 1.26.0 Unquoted Service Path (0)
03-24: ImpressCMS 1.4.2 SQL Injection / Remote Code Execution (0)
03-24: Event Management System 1.0 Shell Upload (0)
03-24: http://www.na-khu.go.th/attach_file/1643522665_lisence.txt (0)
03-24: https://khoksanga.go.th/forms_file/6db2c2dc3227a2ff2a652b94fb661f87.txt (0)
03-24: https://www.chaisor.go.th/forms_file/426e821c0353711d536ced779734e5f6.txt (0)
03-24: http://www.silakhonkaen.go.th/sapa_file/1643523403_lisence.txt (0)
03-24: https://www.pordang.go.th/sapa_file/c6ba3e75f31da3729f234e5b6e05bdbe.txt (0)
03-24: https://www.ksk.go.th/forms_file/27fac990cc86a94393fce412b01f0683.txt (0)
03-24: https://www.thaiudom.go.th/forms_file/645201e4087caa162a86146173bf9f21.txt (0)
03-24: https://banthaenlocal.go.th/forms_file/817f62a0e632dd5385414460a56497e9.txt (0)
03-24: https://huaipichai.go.th/forms_file/17e538ffaee4c83152db25dfbcc7e592.txt (0)
03-23: ProtonVPN 1.26.0 Unquoted Service Path (0)
03-23: ImpressCMS 1.4.2 Authentication Bypass (0)
03-23: Sysax FTP Automation 6.9.0 Privilege Escalation (0)
03-23: Backdoor.Win32.Agent.bxxn Open Proxy (0)
03-23: iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution (0)
03-23: Backdoor.Win32.BirdSpy.b Hardcoded Credential (0)
03-23: ICEHRM 31.0.0.0S Cross Site Request Forgery (0)
03-23: ImpressCMS 1.4.2 Path Traversal (0)
03-23: ImpressCMS 1.4.2 Incorrect Access Control (0)
03-23: ImpressCMS 1.4.2 SQL Injection (0)
03-23: [webapps] WordPress Plugin amministrazione-aperta 3.7.3 – Local File Read – Unauthenticated (0)
03-23: [local] ProtonVPN 1.26.0 – Unquoted Service Path (0)
03-22: ImpressCMS 1.4.2 SQL Injection (0)
03-22: SAP Knowledge Warehouse 7.50 / 7.40 / 7.31 / 7.30 Cross Site Scripting (0)
03-22: WordPress iQ Block Country 1.2.13 Arbitrary File Deletion (0)
03-22: Inventory Management System 1.0 Cross Site Scripting (0)
03-22: Inventory Management System 1.0 SQL Injection (0)
03-22: Home Owners Collection Management System 1.0 SQL Injection (0)
03-22: Amazing CD Ripper 1.2 Buffer Overflow (0)
03-22: Xlight FTP 3.9.3.2 Buffer Overflow (0)
03-22: Ivanti Endpoint Manager CSA 4.5 / 4.6 Remote Code Execution (0)
03-22: Poultry Farm Management System 1.0 Shell Upload (0)
03-22: OX App Suite 7.10.5 Cross Site Scripting (0)
03-22: ICT Protege GX/WX 2.08 Cross Site Scripting (0)
03-22: ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure (0)
03-22: [remote] ICT Protege GX/WX 2.08 – Client-Side SHA1 Password Hash Disclosure (0)
03-22: [remote] ICT Protege GX/WX 2.08 – Stored Cross-Site Scripting (XSS) (0)
03-22: [local] Sysax FTP Automation 6.9.0 – Privilege Escalation (0)
03-22: [remote] Ivanti Endpoint Manager 4.6 – Remote Code Execution (RCE) (0)
03-22: [remote] iRZ Mobile Router – CSRF to RCE (0)
03-22: [webapps] ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Takeover (0)
03-21: [webapps] Wordpress Plugin iQ Block Country 1.2.13 – Arbitrary File Deletion via Zip Slip (Authenticated) (0)
03-19: Simple Mobile Comparison Website 1.0 Cross Site Scripting (0)
03-19: Chrome chrome_pdf::PDFiumEngine::RequestThumbnail Heap Buffer Overflow (0)
03-18: https://bdlh.go.th/noname.html (0)
03-18: BuilderOrcus Insecure Permissions (0)
03-18: BuilderOrcus Insecure Credential Storage (0)
03-18: BuilderPandoraRat.b Insecure Credential Storage (0)
03-18: BuilderTorCTPHPRAT.b Insecure Credential Storage (0)
03-18: BuilderTorCTPHPRAT.b Shell Upload (0)
03-18: BuilderTorCTPHPRAT.b Cross Site Scripting (0)
03-18: BuilderRevengeRAT XML Injection (0)
03-17: Apache APISIX 2.12.1 Remote Code Execution (0)
03-17: Tiny File Manager 2.4.6 Shell Upload (0)
03-17: Hikvision IP Camera Backdoor (0)
03-17: Pluck CMS 4.7.16 Shell Upload (0)
03-17: Moodle 3.11.5 SQL Injection (0)
03-17: Chrome HandleTable::AddDispatchersFromTransit Integer Overflow (0)
03-17: Windows SpoolFool Privilege Escalation (0)
03-16: College Website Management System 1.0 SQL Injection (0)
03-16: Laravel Media Library Pro 2.1.6 Shell Upload (0)
03-16: Apple Security Advisory 2022-03-14-8 (0)
03-16: Apple Security Advisory 2022-03-14-9 (0)
03-16: Apple Security Advisory 2022-03-14-6 (0)
03-16: Apple Security Advisory 2022-03-14-7 (0)
03-16: Apple Security Advisory 2022-03-14-10 (0)
03-16: Apple Security Advisory 2022-03-14-5 (0)
03-16: Apple Security Advisory 2022-03-14-3 (0)
03-16: Apple Security Advisory 2022-03-14-1 (0)
03-16: Apple Security Advisory 2022-03-14-2 (0)
03-16: Apple Security Advisory 2022-03-14-4 (0)
03-16: [remote] Apache APISIX 2.12.1 – Remote Code Execution (RCE) (0)
03-16: [webapps] Tiny File Manager 2.4.6 – Remote Code Execution (RCE) (0)
03-16: [remote] Hikvision IP Camera – Backdoor (0)
03-16: [webapps] Pluck CMS 4.7.16 – Remote Code Execution (RCE) (Authenticated) (0)
03-16: [webapps] Moodle 3.11.5 – SQLi (Authenticated) (0)
03-15: Baixar GLPI Project 9.4.6 SQL Injection (0)
03-15: Insurance Management System 1.0 SQL Injection (0)
03-15: Student Grading System 1.0 SQL Injection (0)
03-15: Automatic Question Paper Generator System 1.0 Insecure Direct Object Reference (0)
03-15: VIVE Runtime Service 1.0.0.4 Unquoted Service Path (0)
03-15: Automatic Question Paper Generator System 1.0 Cross Site Scripting (0)
03-15: RedLine.MainPanel Insecure Permissions (0)
03-15: Hades RAT Web Panel Insecure Credential Storage (0)
03-15: Hades RAT Web Panel Information Disclosure (0)
03-15: Hades RAT Web Panel Cross Site Scripting (0)
03-14: [local] VIVE Runtime Service – 'ViveAgentService' Unquoted Service Path (0)
03-14: [webapps] Baixar GLPI Project 9.4.6 – SQLi (0)
03-12: FLEX 1080/1085 Web 1.6.0 Information Disclosure (0)
03-12: Tdarr 2.00.15 Command Injection (0)
03-12: Employee Performance Evaluation System 1.0 SQL Injection (0)
03-12: Seowon SLR-120 Router Remote Code Execution (0)
03-11: Sony Playmemories Home Unquoted Service Path (0)
03-11: BattlEye 0.9 Unquoted Service Path (0)
03-11: McAfee Safe Connect VPN Unquoted Service Path (0)
03-11: Sandboxie-Plus 5.50.2 Unquoted Service Path (0)
03-11: WOW21 5.0.1.9 Unquoted Service Path (0)
03-11: Siemens S7-1200 4.5 Unauthenticated Access (0)
03-11: Zabbix 5.0.17 Remote Code Execution (0)
03-11: Dirty Pipe Local Privilege Escalation (0)
03-11: [remote] Tdarr 2.00.15 – Command Injection (0)
03-11: [remote] Seowon SLR-120 Router – Remote Code Execution (Unauthenticated) (0)
03-10: Wondershare Dr.Fone 12.0.18 Unquoted Service Path (0)
03-10: Cobian Backup 0.9 Unquoted Service Path (0)
03-10: Webmin 1.984 Remote Code Execution (0)
03-10: Printix Client 1.3.1106.0 Privilege Escalation (0)
03-10: Audio Conversion Wizard 2.01 Buffer Overflow (0)
03-10: DEOS AG OPEN 710/810 Cross Site Scripting (0)
03-10: Chinese APT Zero Days Compromised US State Governments (0)
03-10: [remote] Siemens S7-1200 – Unauthenticated Start/Stop Command (0)
03-10: [local] Sandboxie-Plus 5.50.2 – 'Service SbieSvc' Unquoted Service Path (0)
03-10: [local] McAfee(R) Safe Connect VPN – Unquoted Service Path Elevation Of Privilege (0)
03-10: [local] WOW21 5.0.1.9 – 'Service WOW21_Service' Unquoted Service Path (0)
03-10: [local] Sony playmemories home – 'PMBDeviceInfoProvider' Unquoted Service Path (0)
03-10: [webapps] Zabbix 5.0.17 – Remote Code Execution (RCE) (Authenticated) (0)
03-10: [local] BattlEye 0.9 – 'BEService' Unquoted Service Path (0)
03-09: Dirty Pipe Linux Privilege Escalation (0)
03-09: Dirty Pipe SUID Binary Hijack Privilege Escalation (0)
03-09: http://phon-thong.go.th (0)
03-09: http://www.takdad.go.th (0)
03-09: http://www.nongleng-bk.go.th (0)
03-09: http://www.tohdeng.go.th (0)
03-09: [local] Audio Conversion Wizard v2.01 – Buffer Overflow (0)
03-09: [local] Cobian Backup 0.9 – Unquoted Service Path (0)
03-09: [webapps] Webmin 1.984 – Remote Code Execution (Authenticated) (0)
03-08: Foxit PDF Reader 11.0 Unquoted Service Path (0)
03-08: Malwarebytes 4.5 Unquoted Service Path (0)
03-08: Cloudflare WARP 1.4 Unquoted Service Path (0)
03-08: Matrimony 1.0 SQL Injection (0)
03-08: Loki RAT (Relapse) Directory Traversal / Arbitrary File Deletion (0)
03-08: Private Internet Access 3.3 Unquoted Service Path (0)
03-08: Loki RAT (Relapse) SQL Injection (0)
03-08: part-db 0.5.11 Remote Code Execution (0)
03-08: Spring Cloud Gateway 3.1.0 Remote Code Execution (0)
03-08: Hasura GraphQL 2.2.0 Information Disclosure (0)
03-08: Attendance And Payroll System 1.0 SQL Injection (0)
03-08: Attendance And Payroll System 1.0 Remote Code Execution (0)
03-08: Apache APISIX Remote Code Execution (0)
03-08: http://sangsawang.go.th/kz.html (0)
03-08: http://buayainan.go.th/kz.html (0)
03-08: http://phothonglocal.go.th/kz.html (0)
03-08: http://banchiang.go.th/kz.html (0)
03-08: http://singkok.go.th/kz.html (0)
03-08: http://tungtom.go.th/kz.html (0)
03-08: http://khamkhaen.go.th/kz.html (0)
03-08: http://phanphrao.go.th/kz.html (0)
03-08: http://khaosan.go.th/kz.html (0)
03-08: [local] Linux Kernel 5.8 < 5.16.11 – Local Privilege Escalation (DirtyPipe) (0)
03-07: http://mungtong.go.th/readme.html (0)
03-07: http://nangua.go.th/readme.html (0)
03-07: [local] Foxit PDF Reader 11.0 – Unquoted Service Path (0)
03-07: [local] Cloudflare WARP 1.4 – Unquoted Service Path (0)
03-07: [local] Private Internet Access 3.3 – 'pia-service' Unquoted Service Path (0)
03-07: [webapps] Hasura GraphQL 2.2.0 – Information Disclosure (0)
03-07: [webapps] Attendance and Payroll System v1.0 – Remote Code Execution (RCE) (0)
03-07: [webapps] Attendance and Payroll System v1.0 – SQLi Authentication Bypass (0)
03-07: [webapps] Spring Cloud Gateway 3.1.0 – Remote Code Execution (RCE) (0)
03-07: [webapps] part-db 0.5.11 – Remote Code Execution (RCE) (0)
03-07: [local] Malwarebytes 4.5 – Unquoted Service Path (0)
03-06: https://atsamart.go.th (0)
03-06: http://www.yasothon.go.th/index.php (0)
03-05: Backdoor.Win32.Augudor.a Remote File Write / Code Execution (0)
03-05: Backdoor.Win32.BNLite Buffer Overflow (0)
03-05: Polkit pkexec Privilege Escalation (0)
03-05: Backdoor.Win32.FTP.Nuclear.10 Hardcoded Credential (0)
03-05: Backdoor.Win32.DirectConnection.103 Weak Hardcoded Password (0)
03-05: Backdoor.Win32.BluanWeb Information Disclosure (0)
03-05: Backdoor.Win32.BluanWeb Remote Code Execution (0)
03-05: Backdoor.Win32.BluanWeb Remote Command Execution (0)
03-05: pfSense 2.5.2 Shell Upload (0)
03-05: Backdoor.Win32.RemoteNC.beta4 Remote Command Execution (0)
03-04: Polkit pkexec Local Privilege Escalation (0)
03-03: Printix Client 1.3.1106.0 Remote Code Execution (0)
03-03: Xerte 3.10.3 Directory Traversal (0)
03-03: Xerte 3.9 Remote Code Execution (0)
03-03: Car Driving School Management 1.0 SQL Injection (0)
03-03: Prowise Reflect 1.0.9 Remote Keystroke Injection (0)
03-03: Zyxel ZyWALL 2 Plus Cross Site Scripting (0)
03-03: http://suratpeo.go.th/boy.html (0)
03-02: http://www.krabi.go.th/kt.html (0)
03-02: Rufus 3.17.1846 DLL Hijacking (0)
03-02: Firefox MCallGetProperty Write Side Effects Use-After-Free (0)
03-02: Packet Storm New Exploits For February, 2022 (0)
03-02: [remote] Printix Client 1.3.1106.0 – Remote Code Execution (RCE) (0)
03-02: [webapps] Zyxel ZyWALL 2 Plus Internet Security Appliance – Cross-Site Scripting (XSS) (0)
03-02: [remote] Prowise Reflect v1.0.9 – Remote Keystroke Injection (0)
03-02: [webapps] Xerte 3.9 – Remote Code Execution (RCE) (Authenticated) (0)
03-02: [webapps] Xerte 3.10.3 – Directory Traversal (Authenticated) (0)
03-01: Cobian Reflector 0.9.93 RC1 Denial Of Service (0)
03-01: Cobian Backup 11 Gravity 11.2.0.582 Denial Of Service (0)
03-01: Cobian Backup Gravity 11.2.0.582 Unquoted Service Path (0)
03-01: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation (0)
03-01: Cipi Control Panel 3.1.15 Cross Site Scripting (0)
03-01: Casdoor 1.13.0 SQL Injection (0)
03-01: Hikvision IP Camera Unauthenticated Command Injection (0)
03-01: Axis IP Camera Shell Upload (0)
03-01: Win32k ConsoleControl Offset Confusion / Privilege Escalation (0)

February 2022 (254)

02-28: [remote] WAGO 750-8212 PFC200 G2 2ETH RS – Privilege Escalation (0)
02-28: [local] Cobian Backup Gravity 11.2.0.582 – 'CobianBackup11' Unquoted Service Path (0)
02-28: [local] Cobian Backup 11 Gravity 11.2.0.582 – 'Password' Denial of Service (PoC) (0)
02-28: [local] Cobian Reflector 0.9.93 RC1 – 'Password' Denial of Service (PoC) (0)
02-28: [webapps] Cipi Control Panel 3.1.15 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
02-28: [webapps] Casdoor 1.13.0 – SQL Injection (Unauthenticated) (0)
02-26: Dahua ToolBox 1.010.0000000.0 DLL Hijacking (0)
02-26: Technitium Installer 4.4 DLL Hijacking (0)
02-26: WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting (0)
02-26: Bank Management System 1.0 SQL Injection (0)
02-26: Microsoft Exchange Server Remote Code Execution (0)
02-25: Wondershare MirrorGo 2.0.11.346 Insecure File Permissions (0)
02-25: Simple Mobile Comparison Website 1.0 SQL Injection (0)
02-24: Backdoor.Win32.Acropolis.10 Insecure Permissions (0)
02-24: Adobe ColdFusion 11 Remote Code Execution (0)
02-24: aaPanel 6.8.21 Directory Traversal (0)
02-24: Backdoor.Win32.FTP.Ics Man-In-The-Middle (0)
02-24: WebHMI 4.1 Cross Site Scripting (0)
02-24: WebHMI 4.1.1 Remote Code Execution (0)
02-24: Backdoor.Win32.FTP.Ics Authentication Bypass / Code Execution (0)
02-24: Microweber CMS 1.2.10 Local File Inclusion (0)
02-24: Backdoor.Win32.FTP.Ics Remote Command Execution (0)
02-24: [local] Wondershare MirrorGo 2.0.11.346 – Insecure File Permissions (0)
02-23: Trojan.Win32.Cosmu.abix Insecure Permissions (0)
02-23: Air Cargo Management System 1.0 SQL Injection (0)
02-23: WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting (0)
02-23: Backdoor.Win32.Agent.baol Insecure Permissions (0)
02-23: Agirhnet 1.0 Cross Site Scripting (0)
02-23: Backdoor.Win32.Dsocks.10 Hardcoded Password (0)
02-23: ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification (0)
02-23: [webapps] Student Record System 1.0 – 'cid' SQLi (Authenticated) (0)
02-23: [webapps] aaPanel 6.8.21 – Directory Traversal (Authenticated) (0)
02-23: [webapps] Air Cargo Management System v1.0 – SQLi (0)
02-23: [remote] Adobe ColdFusion 11 – LDAP Java Object Deserialization Remode Code Execution (RCE) (0)
02-23: [webapps] Simple Real Estate Portal System 1.0 – 'id' SQLi (0)
02-22: Cab Management System 1.0 Remote Code Execution (0)
02-22: Cab Management System 1.0 SQL Injection (0)
02-22: Microsoft Gaming Services 2.52.13001.0 Unquoted Service Path (0)
02-22: HMA VPN 5.3 Unquoted Service Path (0)
02-22: Auto Spare Parts Management 1.0 SQL Injection (0)
02-22: Thinfinity VirtualUI 2.5.41.0 IFRAME Injection (0)
02-22: Thinfinity VirtualUI 2.5.26.2 Information Disclosure (0)
02-22: WordPress WP User Frontend 3.5.25 SQL Injection (0)
02-22: WordPress Perfect Survey 1.5.1 SQL Injection (0)
02-22: FileCloud 21.2 Cross Site Request Forgery (0)
02-22: Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion (0)
02-22: Microweber 1.2.11 Shell Upload (0)
02-22: Simple Real Estate Portal System 1.0 SQL Injection (0)
02-22: Cyclades Serial Console Server 3.3.0 Privilege Escalation (0)
02-22: Chrome RenderFrameHostImpl Use-After-Free (0)
02-22: https://www.dannok.go.th/kz.html (0)
02-21: [webapps] Thinfinity VirtualUI 2.5.26.2 – Information Disclosure (0)
02-21: [webapps] Cab Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
02-21: [webapps] Microweber 1.2.11 – Remote Code Execution (RCE) (Authenticated) (0)
02-21: [webapps] Cab Management System 1.0 – 'id' SQLi (Authenticated) (0)
02-21: [local] HMA VPN 5.3 – Unquoted Service Path (0)
02-21: [webapps] WordPress Plugin Perfect Survey – 1.5.1 – SQLi (Unauthenticated) (0)
02-21: [webapps] Thinfinity VirtualUI 2.5.41.0 – IFRAME Injection (0)
02-19: Wondershare UBackit 2.0.5 Unquoted Service Path (0)
02-19: Wondershare FamiSafe 1.0 Unquoted Service Path (0)
02-19: Wondershare MobileTrans 3.5.9 Unquoted Service Path (0)
02-19: Wondershare Dr.Fone 11.4.9 Unquoted Service Path (0)
02-19: Connectify Hotspot 2018 Unquoted Service Path (0)
02-19: Intel Management Engine Components 6.0.0.1189 Unquoted Service Path (0)
02-19: File Santizer For HP ProtectTools 5.0.1.3 Unquoted Service Path (0)
02-19: Bluetooth Application 5.4.277 Unquoted Service Path (0)
02-19: TOSHIBA DVD PLAYER Navi Support Service 1.00.0000 Unquoted Service Path (0)
02-19: Cosmetics And Beauty Product Online Store 1.0 Cross Site Scripting (0)
02-19: Cosmetics And Beauty Product Online Store 1.0 SQL Injection (0)
02-19: Hotel Druid 3.0.3 Remote Code Execution (0)
02-19: Fortinet Fortimail 7.0.1 Cross Site Scripting (0)
02-19: WordPress dzs-zoomsounds 6.60 Shell Upload (0)
02-19: WordPress MasterStudy LMS 2.7.5 Account Creation (0)
02-18: Telegram Android 8.4.4 Denial Of Service (0)
02-18: Backdoor.Win32.Zombam.b Buffer Overflow (0)
02-18: Backdoor.Win32.Zombam.b Information Disclosure (0)
02-18: Car Portal Template Cross Site Scripting (0)
02-18: Backdoor.Win32.Zombam.b Cross Site Scripting (0)
02-18: Backdoor.Win32.Prorat.lkt Weak Hardcoded Password (0)
02-18: Vicidial 2.14-783a SQL Injection (0)
02-18: Email-Worm.Win32.Lama Insecure Permissions (0)
02-18: MartFury Marketplace Cross Site Scripting (0)
02-18: Backdoor.Win32.Prosti.b Insecure Permissions (0)
02-18: Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder Insecure Permissions (0)
02-18: Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control (0)
02-18: [webapps] WordPress Plugin dzs-zoomsounds 6.60 – Remote Code Execution (RCE) (Unauthenticated) (0)
02-18: [webapps] WordPress Plugin MasterStudy LMS 2.7.5 – Unauthenticated Admin Account Creation (0)
02-18: [local] File Sanitizer for HP ProtectTools 5.0.1.3 – 'HPFSService' Unquoted Service Path (0)
02-18: [local] Connectify Hotspot 2018 'ConnectifyService' – Unquoted Service Path (0)
02-18: [webapps] Hotel Druid 3.0.3 – Remote Code Execution (RCE) (0)
02-18: [local] Wondershare Dr.Fone 11.4.9 – 'DFWSIDService' Unquoted Service Path (0)
02-18: [local] Intel(R) Management Engine Components 6.0.0.1189 – 'LMS' Unquoted Service Path (0)
02-18: [local] Bluetooth Application 5.4.277 – 'BlueSoleilCS' Unquoted Service Path (0)
02-18: [local] TOSHIBA DVD PLAYER Navi Support Service – 'TNaviSrv' Unquoted Service Path (0)
02-18: [local] Wondershare UBackit 2.0.5 – 'wsbackup' Unquoted Service Path (0)
02-18: [webapps] Fortinet Fortimail 7.0.1 – Reflected Cross-Site Scripting (XSS) (0)
02-18: [local] Wondershare MobileTrans 3.5.9 – 'ElevationService' Unquoted Service Path (0)
02-18: [local] Wondershare FamiSafe 1.0 – 'FSService' Unquoted Service Path (0)
02-17: WordPress Error Log Viewer 1.1.1 Arbitrary File Deletion (0)
02-17: Emerson PAC Machine Edition 9.80 Build 8695 Unquoted Service Path (0)
02-17: ServiceNow Orlando Username Enumeration (0)
02-17: Medical Store Management System 1.0 SQL Injection (0)
02-17: Simple Student Quarterly Result / Grade System 1.0 SQL Injection (0)
02-17: Google Play Protect 22.4.25 Detection Bypass (0)
02-17: Multi-Vendor Online Groceries Management System 1.0 SQL Injection (0)
02-17: Ignition Remote Code Execution (0)
02-17: TeamSpeak 3.5.6 Insecure File Permissions (0)
02-17: Network Video Recorder NVR304-16EP Cross Site Scripting (0)
02-17: Tiny File Manager 2.4.3 Shell Upload (0)
02-17: http://healthnmd.nmd.go.th/wh.html (0)
02-17: http://hwd.nmd.go.th/wh.html (0)
02-17: http://knowledge.nmd.go.th/wh.html (0)
02-17: http://mssd.nmd.go.th/wh.html (0)
02-17: http://navylady.nmd.go.th/wh.html (0)
02-17: http://phisweb.nmd.go.th/wh.html (0)
02-17: http://person.nmd.go.th/wh.html (0)
02-17: http://pmqa.nmd.go.th/wh.html (0)
02-17: http://strategy.nmd.go.th/wh.html (0)
02-17: http://srknurse.nmd.go.th/wh.html (0)
02-17: http://support.nmd.go.th/wh.html (0)
02-16: [webapps] WordPress Plugin Error Log Viewer 1.1.1 – Arbitrary File Clearing (Authenticated) (0)
02-16: [webapps] Network Video Recorder NVR304-16EP – Reflected Cross-Site Scripting (XSS) (Unauthenticated) (0)
02-16: [local] TeamSpeak 3.5.6 – Insecure File Permissions (0)
02-16: [remote] H3C SSL VPN – Username Enumeration (0)
02-16: [webapps] Simple Student Quarterly Result/Grade System 1.0 – SQLi Authentication Bypass (0)
02-16: [webapps] ServiceNow – Username Enumeration (0)
02-16: [webapps] Multi-Vendor Online Groceries Management System 1.0 – 'id' Blind SQL Injection (0)
02-16: [local] Emerson PAC Machine Edition 9.80 Build 8695 – 'TrapiServer' Unquoted Service Path (0)
02-15: WordPress International SMS For Contact Form 7 Integration 1.2 CSRF (0)
02-15: Slurp 1.10.2 Format String (0)
02-15: Simple Bakery Shop Management System 1.0 SQL Injection (0)
02-15: H3C SSL VPN Username Enumeration (0)
02-15: Nagios XI Autodiscovery Shell Upload (0)
02-15: Patch Now: Adobe Releases Emergency Fix For Exploited Commerce, Magenta Zero Day (0)
02-15: Patch Now: Adobe Releases Emergency Fix For Exploited Commerce, Magenta Zero Day (0)
02-14: https://phapae.go.th (0)
02-13: https://king9.nrct.go.th/0x48.htm (0)
02-12: Kyocera Command Center RX ECOSYS M2035dn Directory Traversal (0)
02-12: Accounting Journal Management System 1.0 SQL Injection (0)
02-12: Subrion CMS 4.2.1 Cross Site Request Forgery (0)
02-12: Nokia Transport Module Authentication Bypass (0)
02-12: SIEMENS-SINEMA Remote Connect 1.0 SP3 HF1 Open Redirection (0)
02-12: Apple Security Advisory 2022-02-10-1 (0)
02-12: Apple Security Advisory 2022-02-10-2 (0)
02-12: Apple Security Advisory 2022-02-10-3 (0)
02-11: Apple Patches Actively Exploited WebKit Zero Day (0)
02-11: WordPress 5.9 Cross Site Scripting (0)
02-11: Cain And Abel 4.9.56 Unquoted Service Path (0)
02-11: WordPress Jetpack 9.1 Cross Site Scripting (0)
02-11: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQL Injection / Code Execution (0)
02-11: WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection (0)
02-11: Hospital Management Startup 1.0 SQL Injection (0)
02-11: WordPress VeronaLabs WP Statistics 13.1.4 SQL Injection (0)
02-11: Home Owners Collection Management System 1.0 SQL Injection (0)
02-11: Home Owners Collection Management System 1.0 Account Takeover (0)
02-11: Home Owners Collection Management System 1.0 Shell Upload (0)
02-11: [webapps] Kyocera Command Center RX ECOSYS M2035dn – Directory Traversal File Disclosure (Unauthenticated) (0)
02-11: [webapps] Accounting Journal Management System 1.0 – 'id' SQLi (Authenticated) (0)
02-11: [webapps] Subrion CMS 4.2.1 – Cross Site Request Forgery (CSRF) (Add Amin) (0)
02-10: Backdoor.Win32.Frauder.jt Insecure Permissions (0)
02-10: Backdoor.Win32.XRat.k Remote Command Execution (0)
02-10: Exam Reviewer Management System 1.0 SQL Injection (0)
02-10: Exam Reviewer Management System 1.0 Shell Upload (0)
02-10: Backdoor.Win32.Prexot.a Man-In-The-Middle (0)
02-10: Backdoor.Win32.Wdoor.11 Remote Command Execution (0)
02-10: Atom CMS 2.0 SQL Injection (0)
02-10: Backdoor.Win32.Prexot.a Authentication Bypass (0)
02-10: Backdoor.Win32.Freddy.2001 Authentication Bypass / Command Execution (0)
02-10: Grandstream GXV31XX settimezone Unauthenticated Command Execution (0)
02-10: [webapps] WordPress Plugin Jetpack 9.1 – Cross Site Scripting (XSS) (0)
02-10: [webapps] WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 – SQL-Injection (Unauthenticated) (0)
02-10: [webapps] Home Owners Collection Management System 1.0 – 'id' Blind SQL Injection (0)
02-10: [webapps] Home Owners Collection Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
02-10: [webapps] Hospital Management Startup 1.0 – 'Multiple' SQLi (0)
02-10: [webapps] Home Owners Collection Management System 1.0 – Account Takeover (Unauthenticated) (0)
02-10: [local] Cain & Abel 4.9.56 – Unquoted Service Path (0)
02-10: [webapps] WordPress Plugin Contact Form Builder 1.6.1 – Cross-Site Scripting (XSS) (0)
02-09: FileBrowser 2.17.2 Code Execution / Cross Site Request Forgery (0)
02-09: WordPress Security Audit 1.0.0 Cross Site Scripting (0)
02-09: WordPress CP Blocks 1.0.14 Cross Site Scripting (0)
02-09: WordPress Contact Form Builder 1.6.1 Cross Site Scripting (0)
02-09: Hotel Reservation System 1.0 SQL Injection (0)
02-09: WordPress Simple Job Board 2.9.3 Local File Inclusion (0)
02-09: Wing FTP Server 4.3.8 Remote Code Execution (0)
02-09: PHP Everywhere 2.0.3 Remote Code Execution (0)
02-09: Strapi CMS 3.0.0-beta.17.4 Privilege Escalation (0)
02-09: QEMU Monitor HMP migrate Command Execution (0)
02-09: [webapps] AtomCMS v2.0 – SQLi (0)
02-09: [webapps] Exam Reviewer Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
02-09: [webapps] Exam Reviewer Management System 1.0 – ‘id’ SQL Injection (0)
02-08: Chrome storage::BlobBuilderFromStream Uninitializaed On-Stack Pointer (0)
02-08: Backdoor.Win32.Small.er Code Execution (0)
02-08: Hospital Management System 4.0 SQL Injection (0)
02-08: WordPress International SMS For Contact Form 7 Integration 1.2 XSS (0)
02-08: [webapps] Wordpress Plugin Simple Job Board 2.9.3 – Local File Inclusion (0)
02-08: [remote] Wing FTP Server 4.3.8 – Remote Code Execution (RCE) (Authenticated) (0)
02-08: [webapps] WordPress Plugin International Sms For Contact Form 7 Integration V1.2 – Cross Site Scripting (XSS) (0)
02-08: [webapps] Hospital Management System 4.0 – 'multiple' SQL Injection (0)
02-08: [webapps] FileBrowser 2.17.2 – Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE) (0)
02-08: [webapps] Hotel Reservation System 1.0 – SQLi (Unauthenticated) (0)
02-08: [webapps] Strapi CMS 3.0.0-beta.17.4 – Set Password (Unauthenticated) (Metasploit) (0)
02-05: WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting (0)
02-05: FLAME II MODEM USB Unquoted Service Path (0)
02-05: Servisnet Tessa Authentication Bypass (0)
02-05: Servisnet Tessa MQTT Credential Disclosure (0)
02-05: WBCE CMS 1.5.2 Remote Code Execution (0)
02-05: Servisnet Tessa Privilege Escalation (0)
02-05: WAGO 750-8xxx PLC Denial Of Service / User Enumeration (0)
02-05: Korenix Technology JetWave CSRF / Command Injection / Missing Authentication (0)
02-05: Voltage SecureMail Server Business Logic Bypass (0)
02-05: Shopmetrics Mystery Shopping Software Broken Access Control / XSS (0)
02-04: Feberr 12.7 Shell Upload (0)
02-04: Vivellio 1.2.1 User Account Enumeration (0)
02-04: [webapps] Servisnet Tessa – Add sysAdmin User (Unauthenticated) (Metasploit) (0)
02-04: [webapps] Servisnet Tessa – Privilege Escalation (Metasploit) (0)
02-04: [webapps] WordPress Plugin IP2Location Country Blocker 2.26.7 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
02-04: [local] FLAME II MODEM USB – Unquoted Service Path (0)
02-04: [webapps] WBCE CMS 1.5.2 – Remote Code Execution (RCE) (Authenticated) (0)
02-04: [webapps] Servisnet Tessa – MQTT Credentials Dump (Unauthenticated) (Metasploit) (0)
02-03: CONTPAQi AdminPAQ 14.0.0 Unquoted Service Path (0)
02-03: WordPress 404 To 301 2.0.2 SQL Injection (0)
02-03: WordPress Post Grid 2.1.1 Cross Site Scripting (0)
02-03: WordPress Product Slider For WooCommerce 1.13.21 Cross Site Scripting (0)
02-03: Chamilo LMS 1.11.14 Cross Site Scripting / Account Takeover (0)
02-03: WordPress Download Monitor WordPress 4.4.4 SQL Injection (0)
02-03: Backdoor.Win32.Wollf.m Weak Hardcoded Password (0)
02-03: WordPress Domain Check 1.0.16 Cross Site Scripting (0)
02-03: PHP Unit 4.8.28 Remote Code Execution (0)
02-03: WordPress Contact Form Check Tester 1.0.2 XSS / Access Control (0)
02-03: Mozilla Firefox 67 Array.pop JIT Type Confusion (0)
02-03: PHP Restaurants 1.0 SQL Injection (0)
02-03: Backdoor.Win32.Zxman Code Execution (0)
02-03: Moodle 3.11.4 SQL Injection (0)
02-03: Huawei DG8045 Router 1.0 Credential Disclosure (0)
02-03: Backdoor.Win32.Small.bu Remote Command Execution (0)
02-03: WordPress Learnpress 4.1.4.1 Arbitrary Image Renaming (0)
02-02: Cisco Small Business RV Series Authentication Bypass / Command Injection (0)
02-02: Packet Storm New Exploits For January, 2022 (0)
02-02: [webapps] Moodle 3.11.4 – SQL Injection (0)
02-02: [webapps] Wordpress Plugin 404 to 301 2.0.2 – SQL-Injection (Authenticated) (0)
02-02: [webapps] WordPress Plugin Domain Check 1.0.16 – Reflected Cross-Site Scripting (XSS) (Authenticated) (0)
02-02: [local] CONTPAQi(R) AdminPAQ 14.0.0 – Unquoted Service Path (0)
02-02: [local] Mozilla Firefox 67 – Array.pop JIT Type Confusion (0)
02-01: HackTool.Win32.Muzzer.a Buffer Overflow (0)
02-01: Backdoor.Win32.Tiny.c Code Execution (0)
02-01: Moxa TN-5900 Firmware Upgrade Checksum Validation (0)
02-01: Moxa TN-5900 Post Authentication Command Injection (0)
02-01: Apple Security Advisory 2022-01-26-1 (0)
02-01: Apple Security Advisory 2022-01-26-2 (0)
02-01: Apple Security Advisory 2022-01-26-3 (0)
02-01: Apple Security Advisory 2022-01-26-4 (0)
02-01: Apple Security Advisory 2022-01-26-5 (0)
02-01: Apple Security Advisory 2022-01-26-6 (0)
02-01: Apple Security Advisory 2022-01-26-7 (0)

January 2022 (216)

01-29: Fetch Softworks Fetch FTP Client 5.8 Denial Of Service (0)
01-28: WordPress Mortgage Calculators WP 1.52 Cross Site Scripting (0)
01-28: Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion (0)
01-28: PolicyKit-1 0.105-31 Privilege Escalation (0)
01-28: WordPress Modern Events Calendar 6.1 SQL Injection (0)
01-28: WordPress RegistrationMagic V 5.0.1.5 SQL Injection (0)
01-27: Apple Fixes 2 Zero-Day Security Bugs, One Exploited In the Wild (0)
01-27: Polkit pkexec CVE-2021-4034 Local Root (0)
01-27: Backdoor.Win32.WinShell.50 Weak Hardcoded Password (0)
01-27: Polkit pkexec CVE-2021-4034 Proof Of Concept (0)
01-27: Polkit pkexec CVE-2021-4034 Local Root (0)
01-27: Linux Kernel Slab Out-Of-Bounds Write (0)
01-27: Linux Kernel Slab Out-Of-Bounds Write (0)
01-27: [remote] Oracle WebLogic Server 14.1.1.0.0 – Local File Inclusion (0)
01-27: [webapps] WordPress Plugin Modern Events Calendar V 6.1 – SQL Injection (Unauthenticated) (0)
01-27: [webapps] WordPress Plugin RegistrationMagic V 5.0.1.5 – SQL Injection (Authenticated) (0)
01-27: [webapps] WordPress Plugin Mortgage Calculators WP 1.52 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
01-26: TYPO3 femanager 6.3.0 Cross Site Scripting (0)
01-26: H2 Database Console Remote Code Execution (0)
01-26: Online Project Time Management System 1.0 Cross Site Scripting (0)
01-26: Backdoor.Win32.Agent.uq Insecure Permissions (0)
01-26: Backdoor.Win32.FTP99 Authentication Bypass (0)
01-26: Backdoor.Win32.FTP99 Man-In-The-Middle (0)
01-26: PHPIPAM 1.4.4 SQL Injection (0)
01-26: WebACMS 2.1.0 Cross Site Scripting (0)
01-26: Backdoor.Win32.Hanuman.b Code Execution (0)
01-26: Backdoor.Win32.FTP.Lana.01.d Weak Hardcoded Password (0)
01-26: Online Project Time Management System 1.0 SQL Injection (0)
01-26: Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle (0)
01-26: Ametys CMS 4.4.1 Cross Site Scripting (0)
01-26: Backdoor.Win32.DRA.c Weak Hardcoded Password (0)
01-26: CosaNostra Builder Insecure Permissions (0)
01-26: Xerox Versalink Denial Of Service (0)
01-26: CosaNostra Builder WebPanel Insecure Cryptographic Storage (0)
01-26: FAUST iServer 9.0.018.018.4 Local File Inclusion (0)
01-26: uBidAuction 2.0.1 Cross Site Scripting (0)
01-26: CosaNostra Builder WebPanel Cross Site Request Forgery (0)
01-26: Ethercreative Logs 3.0.3 Path Traversal (0)
01-26: Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution (0)
01-25: XNU Kernel mach_msg Use-After-Free (0)
01-25: UniFi Network Application Unauthenticated Log4Shell Remote Code Execution (0)
01-25: [webapps] PHPIPAM 1.4.4 – SQLi (Authenticated) (0)
01-25: [webapps] Online Project Time Management System 1.0 – Multiple Stored Cross Site Scripting (XSS) (Authenticated) (0)
01-25: [webapps] Online Project Time Management System 1.0 – SQLi (Authenticated) (0)
01-24: [webapps] Landa Driving School Management System 2.0.1 – Arbitrary File Upload (0)
01-22: Online Project Time Management 1.0 SQL Injection (0)
01-22: Banco Guayaquil 8.0.0 Cross Site Scripting (0)
01-22: Backdoor.Win32.Wollf.16 Authentication Bypass (0)
01-22: Backdoor.Win32.Wollf.16 Hardcoded Credential (0)
01-21: VulturiBuilder Insecure Permissions (0)
01-21: CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage (0)
01-21: CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle (0)
01-21: Backdoor.Win32.Wisell Remote Command Execution (0)
01-21: Ransomware Builder Babuk Insecure Permissions (0)
01-21: VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution (0)
01-21: Grandstream GXV3175 Unauthenticated Command Execution (0)
01-20: WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting (0)
01-19: Nyron 1.0 SQL Injection (0)
01-19: Simple Chatbot Application 1.0 SQL Injection (0)
01-19: Simple Chatbot Application 1.0 Shell Upload (0)
01-19: Online Resort Management System 1.0 SQL Injection (0)
01-19: Landa Driving School Management System 2.0.1 Arbitrary File Upload (0)
01-19: Archeevo 5.0 Local File Inclusion (0)
01-19: [webapps] Affiliate Pro 1.7 – 'Multiple' Cross Site Scripting (XSS) (0)
01-19: [webapps] Rocket LMS 1.1 – Persistent Cross Site Scripting (XSS) (0)
01-19: [webapps] uDoctorAppointment v2.1.1 – 'Multiple' Cross Site Scripting (XSS) (0)
01-18: Worktime 10.20 Build 4967 DLL Hijacking (0)
01-18: Worktime 10.20 Build 4967 Unquoted Service Path (0)
01-18: HTTP Protocol Stack Denial Of Service / Remote Code Execution (0)
01-18: Cisco IP Phone Cleartext Password Storage (0)
01-18: Ab Stealer Web Panel Cross Site Scripting (0)
01-18: Win32.MarsStealer Web Panel Information Disclosure (0)
01-18: SB Admin Cross Site Request Forgery / SQL Injection (0)
01-18: Win32.MarsStealer Web Panel Cross Site Scripting (0)
01-18: Win32.MarsStealer Web Panel Unauthenticated Remote Data Deletion (0)
01-18: OpenBMCS 2.4 Cross Site Request Forgery (0)
01-18: Chaos Ransomware Builder 4 Insecure Permissions (0)
01-18: OpenBMCS 2.4 SQL Injection (0)
01-18: OpenBMCS 2.4 Remote Privilege Escalation (0)
01-18: AgentTesla Builder Web Panel Cross Site Scripting (0)
01-18: AgentTesla Builder Web Panel SQL Injection (0)
01-18: OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery (0)
01-18: OpenBMCS 2.4 Secret Disclosure (0)
01-18: [webapps] OpenBMCS 2.4 – Cross Site Request Forgery (CSRF) (0)
01-18: [webapps] Simple Chatbot Application 1.0 – 'message' Blind SQLi (0)
01-18: [webapps] Simple Chatbot Application 1.0 – Remote Code Execution (RCE) (0)
01-18: [webapps] OpenBMCS 2.4 – Information Disclosure (0)
01-18: [webapps] OpenBMCS 2.4 – Create Admin / Remote Privilege Escalation (0)
01-18: [webapps] OpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated) (0)
01-18: [webapps] OpenBMCS 2.4 – SQLi (Authenticated) (0)
01-18: [webapps] Online Resort Management System 1.0 – SQLi (Authenticated) (0)
01-18: [local] WorkTime 10.20 Build 4967 – Unquoted Service Path (0)
01-18: [remote] Archeevo 5.0 – Local File Inclusion (0)
01-14: Microsoft Windows EFSRPC Arbitrary File Upload / Privilege Escalation (0)
01-14: Chrome IPC::ChannelAssociatedGroupController Memory Corruption (0)
01-14: SonicWall SMA 100 Series Authenticated Command Injection (0)
01-14: Apple Security Advisory 2022-01-12-1 (0)
01-14: Apple ColorSync Out-Of-Bounds Read (0)
01-13: RLM 14.2 Cross Site Scripting (0)
01-13: Online Diagnostic Lab Management System 1.0 Missing Access Control (0)
01-13: Online Diagnostic Lab Management System 1.0 Cross Site Scripting (0)
01-13: Online Diagnostic Lab Management System 1.0 SQL Injection (0)
01-13: WordPress Frontend Uploader 1.3.2 Cross Site Scripting (0)
01-13: Libstagefright Heap Out-Of-Bounds Write (0)
01-13: Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure (0)
01-13: Log4Shell HTTP Header Injection (0)
01-13: Microsoft Starts 2022 With Big Bundle Fixes For 96 Security Bugs In Its Software (0)
01-13: [webapps] WordPress Core 5.8.2 – 'WP_Query' SQL Injection (0)
01-13: [webapps] Online Diagnostic Lab Management System 1.0 – Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Online Diagnostic Lab Management System 1.0 – Account Takeover (Unauthenticated) (0)
01-13: [webapps] SalonERP 3.0.1 – 'sql' SQL Injection (Authenticated) (0)
01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'room_list' Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'doctors' Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'room_types' Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Online Diagnostic Lab Management System 1.0 – SQL Injection (Unauthenticated) (0)
01-12: Microsoft Starts 2022 With Big Bundle Fixes For 96 Security Bugs In Its Software (0)
01-12: Microsoft Windows .Reg File Dialog Spoofing / Mitigation Bypass (0)
01-12: Microsoft Windows Defender / Detection Bypass (0)
01-12: Backdoor.Win32.Controlit.10 Code Execution (0)
01-12: [webapps] WordPress Plugin Frontend Uploader 1.3.2 – Stored Cross Site Scripting (XSS) (Unauthenticated) (0)
01-12: [local] Microsoft Windows Defender – Detections Bypass (0)
01-12: [local] Microsoft Windows .Reg File – Dialog Spoof / Mitigation Bypass (0)
01-11: CoreFTP Server Build 725 Directory Traversal (0)
01-11: VUPlayer 2.49 Buffer Overflow (0)
01-11: Online Railway Reservation System 1.0 Cross Site Scripting (0)
01-11: Online Railway Reservation System 1.0 Missing Access Control (0)
01-11: Online Railway Reservation System 1.0 Remote Code Execution (0)
01-11: Online Railway Reservation System 1.0 SQL Injection (0)
01-11: Online Resort Management System 1.0 SQL Injection (0)
01-11: Online Examination System Project 1.0 SQL Injection (0)
01-11: HTTP Commander 3.1.9 Cross Site Scripting (0)
01-11: WordPress Contact Form Entries Cross Site Scripting (0)
01-11: Open-AudIT Community 4.2.0 Cross Site Scripting (0)
01-11: Linux Garbage Collection Memory Corruption (0)
01-10: [local] VUPlayer 2.49 – '.wax' Local Buffer Overflow (DEP Bypass) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated) (0)
01-10: [webapps] HTTP Commander 3.1.9 – Stored Cross Site Scripting (XSS) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – 'id' SQL Injection (Unauthenticated) (0)
01-08: Online Veterinary Appointment System 1.0 SQL Injection (0)
01-08: Chrome storage::BlobURLStoreImpl::Revoke Heap Use-After-Free (0)
01-08: Microsoft Windows SMB Direct Session Takeover (0)
01-08: Google Project Zero 0-Days Exploited In-The-Wild (0)
01-07: Backdoor.Win32.Jtram.a Insecure Credential Storage (0)
01-07: Backdoor.Win32.Dsklite.a Denial Of Service (0)
01-07: Simple Music Cloud Community System 1.0 SQL Injection (0)
01-07: Backdoor.Win32.Jtram.a Man-In-The-Middle (0)
01-07: Backdoor.Win32.SVC Buffer Overflow (0)
01-07: XNU inm_merge Heap Use-After-Free (0)
01-07: Backdoor.Win32.Dsklite.a Insecure Transit (0)
01-07: Backdoor.Win32.SubSeven.c Buffer Overflow (0)
01-07: Backdoor.Win32.SVC Directory Traversal (0)
01-07: [webapps] Online Veterinary Appointment System 1.0 – 'Multiple' SQL Injection (0)
01-06: Movie Rating System 1.0 Broken Access Control (0)
01-06: Movie Rating System 1.0 SQL Injection / Code Execution (0)
01-06: Nettmp NNT 5.1 SQL Injection (0)
01-06: Safari Montage 8.5 Cross Site Scripting (0)
01-06: RiteCMS 3.1.0 Arbitrary File Deletion (0)
01-06: RiteCMS 3.1.0 Arbitrary File Overwrite (0)
01-06: cWifi Hotspot Wireless CP Code Execution (0)
01-06: Virtual Airline Manager 2.6.2 SQL Injection (0)
01-06: AWebServer GhostBuilding 18 Denial Of Service (0)
01-06: Easy Cart Shopping Cart 2021 Cross Site Scripting (0)
01-06: Hospitals Patient Records Management System 1.0 SQL Injection (0)
01-06: Vodafone H-500-s 3.5.10 WiFi Password Disclosure (0)
01-06: Automox Agent 32 Local Privilege Escalation (0)
01-06: uDoctorAppointment 2.1.1 Cross Site Scripting (0)
01-06: WordPress AAWP 3.16 Cross Site Scripting (0)
01-06: Hospitals Patient Records Management System 1.0 Account TakeOver (0)
01-06: Online Admission System 1.0 Remote Code Execution (0)
01-06: openSIS Student Information System 8.0 SQL Injection (0)
01-06: Rocket LMS 1.1 Cross Site Scripting (0)
01-06: TermTalk Server 3.24.0.2 Arbitrary File Read (0)
01-06: Hostel Management System 2.1 Cross Site Scripting (0)
01-06: Affiliate Pro 1.7 Cross Site Scripting (0)
01-06: Gerapy 0.9.7 Remote Code Execution (0)
01-06: Dixell XWEB 500 Arbitrary File Write (0)
01-06: WordPress Catch Themes Demo Import Shell Upload (0)
01-05: Projeqtor 9.3.1 Cross Site Scripting (0)
01-05: [webapps] Virtual Airlines Manager 2.6.2 – 'multiple' SQL Injection (0)
01-05: [webapps] Movie Rating System 1.0 – SQLi to RCE (Unauthenticated) (0)
01-05: [webapps] Online Admission System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
01-05: [local] TRIGONE Remote System Monitor 3.61 – Unquoted Service Path (0)
01-05: [webapps] BeyondTrust Remote Support 6.0 – Reflected Cross-Site Scripting (XSS) (Unauthenticated) (0)
01-05: [webapps] Hospitals Patient Records Management System 1.0 – Account TakeOver (0)
01-05: [remote] AWebServer GhostBuilding 18 – Denial of Service (DoS) (0)
01-05: [webapps] Hospitals Patient Records Management System 1.0 – 'id' SQL Injection (Authenticated) (0)
01-05: [webapps] Nettmp NNT 5.1 – SQLi Authentication Bypass (0)
01-05: [webapps] Hostel Management System 2.1 – Cross Site Scripting (XSS) (0)
01-05: [webapps] Library System in PHP 1.0 – 'publisher name' Stored Cross-Site Scripting (XSS) (0)
01-05: [webapps] SAFARI Montage 8.5 – Reflected Cross Site Scripting (XSS) (0)
01-05: [webapps] WordPress Plugin The True Ranker 2.2.2 – Arbitrary File Read (Unauthenticated) (0)
01-05: [remote] ConnectWise Control 19.2.24707 – Username Enumeration (0)
01-05: [webapps] RiteCMS 3.1.0 – Remote Code Execution (RCE) (Authenticated) (0)
01-05: [webapps] RiteCMS 3.1.0 – Arbitrary File Deletion (Authenticated) (0)
01-05: [webapps] RiteCMS 3.1.0 – Arbitrary File Overwrite (Authenticated) (0)
01-05: [webapps] CMSimple 5.4 – Cross Site Scripting (XSS) (0)
01-05: [webapps] WordPress Plugin Contact Form Entries 1.1.6 – Cross Site Scripting (XSS) (Unauthenticated) (0)
01-05: [dos] Siemens S7 Layer 2 – Denial of Service (DoS) (0)
01-04: Computer And Mobile Repair Shop Management 1.0 SQL Injection (0)
01-04: TRIGONE Remote System Monitor 3.61 Unquoted Service Path (0)
01-04: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
01-04: Backdoor.Win32.Wollf.m Weak Hardcoded Password (0)
01-04: Backdoor.Win32.Wollf.m Authentication Bypass (0)
01-04: BeyondTrust Remote Support 6.0 Cross Site Scripting (0)
01-04: Backdoor.Win32.Fantador Insecure Password Storage (0)
01-04: Backdoor.Win32.Fantador Denial Of Service (0)
01-04: Backdoor.Win32.Skrat Insecure Password Storage (0)
01-04: Backdoor.Win32.SilentSpy.10 Authentication Bypass / Command Execution (0)
01-04: WordPress CRM Form Entries Cross Site Scripting (0)
01-04: Backdoor.Win32.SilentSpy.10 Authentication Race Condition (0)
01-04: Zoom Chat Message Processing Buffer Overflow (0)
01-04: Zoom MMR Server Information Leak (0)
01-02: Packet Storm New Exploits For December, 2021 (0)
01-02: Packet Storm New Exploits For 2021 (0)

December 2021 (169)

12-29: Microsoft Windows Explorer Preview Pane Security Bypass (0)
12-29: Backdoor.Win32.Visiotrol.10 Insecure Password Storage (0)
12-29: Backdoor.Win32.FTP.Simpel.12 Man-In-The-Middle (0)
12-29: Windows Explorer Preview Pane HTML File Link Spoofing (0)
12-29: Backdoor.Win32.FTP.Simpel.12 Insecure Crypto Implementation (0)
12-29: Terramaster F4-210 / F2-210 Remote Code Execution (0)
12-29: ManageEngine ServiceDesk Plus Remote Code Execution (0)
12-24: Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service (0)
12-22: WBCE CMS 1.5.1 Admin Password Reset (0)
12-22: phpKF CMS 3.00 Beta y6 Remote Code Execution (0)
12-22: Exponent CMS 2.6 Cross Site Scripting / Brute Force (0)
12-22: Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets (0)
12-21: Alfa Team Shell Tesla 4.1 Remote Code Execution (0)
12-21: Signup PHP Portal 2.1 Shell Upload (0)
12-21: Video Sharing Website 1.0 SQL Injection (0)
12-21: Bazaar Web PHP Social Listings Shell Upload (0)
12-21: WordPress Popular Posts 5.3.2 Remote Code Execution (0)
12-20: [webapps] Exponent CMS 2.6 – Multiple Vulnerabilities (0)
12-20: [webapps] phpKF CMS 3.00 Beta y6 – Remote Code Execution (RCE) (Unauthenticated) (0)
12-20: [webapps] WBCE CMS 1.5.1 – Admin Password Reset (0)
12-18: Backdoor.Win32.BNLite Buffer Overflow (0)
12-18: Backdoor.Win32.Mellpon.b Information Disclosure (0)
12-18: Android VM_MAYWRITE Access To Shared Zygote JIT Mapping (0)
12-18: Apple Security Advisory 2021-12-15-1 (0)
12-18: Apple Security Advisory 2021-12-15-2 (0)
12-18: Apple Security Advisory 2021-12-15-3 (0)
12-18: Apple Security Advisory 2021-12-15-4 (0)
12-18: Apple Security Advisory 2021-12-15-5 (0)
12-18: Apple Security Advisory 2021-12-15-6 (0)
12-18: Apple Security Advisory 2021-12-15-7 (0)
12-17: Child's Day Care Management System 1.0 SQL Injection (0)
12-17: Arunna 1.0.0 Cross Site Request Forgery (0)
12-17: Croogo 3.0.2 Cross Site Scripting (0)
12-17: Croogo 3.0.2 Shell Upload (0)
12-17: Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration (0)
12-17: Chrome blink::NativeIOFile::DoRead Heap Use-After-Free (0)
12-17: Chrome ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread Heap Use-After-Free (0)
12-17: Chrome NavigationPreloadRequest Site Isolation Bypass (0)
12-16: Log4j2 Log4Shell Regexes (0)
12-16: Log4j Payload Generator (0)
12-16: Oliver Library Server 5 Arbitrary File Download (0)
12-16: Simple Cold Storage Management System 1.0 SQL Injection (0)
12-16: OpenEMR 6.0.0 / 6.1.0-dev SQL Injection (0)
12-16: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection (0)
12-16: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection (0)
12-16: SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection (0)
12-16: L4sh Log4j Remote Code Execution (0)
12-16: Log4j Remote Code Execution Word Bypassing (0)
12-16: log4j-scan Extensive Scanner (0)
12-16: Actively Attacked Microsoft Zero Day Allows App Spoofing (0)
12-16: [webapps] Arunna 1.0.0 – 'Multiple' Cross-Site Request Forgery (CSRF) (0)
12-16: [webapps] Croogo 3.0.2 – Unrestricted File Upload (0)
12-16: [webapps] Croogo 3.0.2 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
12-16: [webapps] Cibele Thinfinity VirtualUI 2.5.41.0 – User Enumeration (0)
12-15: Apache Log4j2 2.14.1 Information Disclosure (0)
12-15: Booked Scheduler 2.7.5 Shell Upload (0)
12-15: AbanteCart Arbitrary File Upload / Cross Site Scripting (0)
12-15: Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery (0)
12-15: Ticket Booking 1.0 SQL Injection (0)
12-15: Apache Log4j2 2.14.1 Remote Code Execution (0)
12-15: Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting (0)
12-15: meterN 1.2.3 Remote Command Execution (0)
12-15: WordPress Typebot 1.4.3 Cross Site Scripting (0)
12-15: Laravel Valet 2.0.3 Privilege Escalation (0)
12-15: Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting (0)
12-15: [remote] Oliver Library Server v5 – Arbitrary File Download (0)
12-14: Backdoor.Win32.Mechbot.a Insecure Permissions (0)
12-14: Backdoor.IRC.Subhuman Unauthenticated Open Proxy (0)
12-14: Backdoor.Win32.Asylum.014 Insecure Password Storage (0)
12-14: Backdoor.Win32.Nucleroot.mf Buffer Overflow (0)
12-14: HD-Network Real-Time Monitoring System 2.0 Local File Inclusion (0)
12-14: Backdoor.Win32.Ncx.b Code Execution (0)
12-14: Backdoor.Win32.Ncx.b Buffer Overflow (0)
12-14: Backdoor.Win32.BackAttack.20 Code Execution (0)
12-14: Simple Forum-Discussion System 1.0 SQL Injection (0)
12-14: Backdoor.Win32.BackAttack.20 Authentication Bypass / Code Execution (0)
12-14: Backdoor.Win32.FTP.Matiteman Weak Hardcoded Password (0)
12-14: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
12-14: WebHMI 4.0 Remote Code Execution (0)
12-14: Backdoor.Win32.Ramus Code Execution (0)
12-14: Oracle Database Protection Mechanism Bypass (0)
12-14: Backdoor.Win32.Phase.11 Code Execution (0)
12-14: Oracle Database Weak NNE Integrity Key Derivation (0)
12-14: [local] Microsoft Internet Explorer / ActiveX Control – Security Bypass (0)
12-14: [webapps] WordPress Plugin Typebot 1.4.3 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
12-14: [remote] Apache Log4j 2 – Remote Code Execution (RCE) (0)
12-14: [local] Laravel Valet 2.0.3 – Local Privilege Escalation (macOS) (0)
12-14: [remote] Apache Log4j2 2.14.1 – Information Disclosure (0)
12-13: Log4j Zero Day Flaw: What You Need To Know And How To Protect Yourself (0)
12-13: [webapps] WebHMI 4.0 – Remote Code Execution (RCE) (Authenticated) (0)
12-13: [remote] HD-Network Real-time Monitoring System 2.0 – Local File Inclusion (LFI) (0)
12-11: Apache Log4j2 2.14.1 Remote Code Execution (0)
12-11: Polkit CVE-2021-3560 Research (0)
12-11: Free School Management Software 1.0 Shell Upload (0)
12-11: Free School Management Software 1.0 Cross Site Scripting (0)
12-11: OpenCATS 0.9.4 Remote Code Execution (0)
12-10: Raspberry Pi 5.10 Default Credentials (0)
12-10: Kabir Alhasan Student Management System 1.0 SQL Injection (0)
12-10: Employees Daily Task Management System 1.0 Cross Site Scripting (0)
12-10: Employees Daily Task Management System 1.0 SQL Injection (0)
12-10: Chikitsa Patient Management System 2.0.2 Backup Remote Code Execution (0)
12-10: Chikitsa Patient Management System 2.0.2 Plugin Remote Code Execution (0)
12-10: MTPutty 1.0.1.21 SSH Password Disclosure (0)
12-10: WordPress Catch Themes Demo Import 1.6.1 Shell Upload (0)
12-10: TestLink 1.19 Arbitrary File Download (0)
12-10: LimeSurvey 5.2.4 Remote Code Execution (0)
12-10: Microsoft Office Word MSHTML Remote Code Execution (0)
12-10: Grafana 8.3.0 Directory Traversal / Arbitrary File Read (0)
12-10: [webapps] OpenCATS 0.9.4 – Remote Code Execution (RCE) (0)
12-09: Docker runc Command Execution Proof Of Concept (0)
12-09: Reprise License Manager 14.2 User Enumeration (0)
12-09: Reprise License Manager 14.2 Unauthenticated Password Change (0)
12-09: Reprise License Manager 14.2 Session Hijacking (0)
12-09: Reprise License Manager 14.2 Buffer Overflow (0)
12-09: Reprise License Manager 14.2 Remote Binary Execution (0)
12-09: Grafana Arbitrary File Reading (0)
12-09: (0)
12-09: ETS5 Password Recovery Tool (0)
12-09: [webapps] Grafana 8.3.0 – Directory Traversal and Arbitrary File Read (0)
12-09: [webapps] Wordpress Plugin Catch Themes Demo Import 1.6.1 – Remote Code Execution (RCE) (Authenticated) (0)
12-09: [webapps] Student Management System 1.0 – SQLi Authentication Bypass (0)
12-09: [webapps] TestLink 1.19 – Arbitrary File Download (Unauthenticated) (0)
12-09: [webapps] Employees Daily Task Management System 1.0 – 'username' SQLi Authentication Bypass (0)
12-09: [webapps] Chikitsa Patient Management System 2.0.2 – 'backup' Remote Code Execution (RCE) (Authenticated) (0)
12-09: [webapps] Chikitsa Patient Management System 2.0.2 – Remote Code Execution (RCE) (Authenticated) (0)
12-07: Simple Online Men's Salon Management System 1.0 SQL Injection (0)
12-07: HCL Lotus Notes 12 Unquoted Service Path (0)
12-07: Microsoft Internet Explorer Active-X Control Security Bypass (0)
12-07: Croogo 3.0.2 Remote Code Execution (0)
12-07: Auerswald COMfortel 1400/2600/3600 IP 2.8F Authentication Bypass (0)
12-07: Auerswald COMpact 8.0B Privilege Escalation (0)
12-07: runc / libcontainer Bind Mount Sources Insecure Handling (0)
12-07: Auerswald COMpact 8.0B Arbitrary File Disclosure (0)
12-07: Auerswald COMpact 8.0B Backdoors (0)
12-06: [webapps] Croogo 3.0.2 – Remote Code Execution (Authenticated) (0)
12-06: [remote] Auerswald COMpact 8.0B – Multiple Backdoors (0)
12-06: [remote] Auerswald COMpact 8.0B – Arbitrary File Disclosure (0)
12-06: [remote] Auerswald COMfortel 2.8F – Authentication Bypass (0)
12-06: [remote] Auerswald COMpact 8.0B – Privilege Escalation (0)
12-06: [local] HCL Lotus Notes V12 – Unquoted Service Path (0)
12-04: DuckDuckGo 7.64.4 Address Bar Spoofing (0)
12-04: Trojan.Win32.Mucc.ivk Unquoted Service Path (0)
12-04: Online Pre-Owned / Used Car Showroom Management System 1.0 SQL Injection (0)
12-04: M-Files Web Denial Of Service (0)
12-04: Backdoor.Win32.Vernet.axt Insecure Permissions (0)
12-04: Backdoor.Win32.Bionet.10 Authentication Bypass / Code Execution (0)
12-04: Online Magazine Management System 1.0 SQL Injection (0)
12-04: WordPress DZS Zoomsounds 6.45 Arbitrary File Read (0)
12-04: Backdoor.Win32.WinShell.50 Hardcoded Password (0)
12-04: WordPress Slider By Soliloquy 2.6.2 Cross Site Scripting (0)
12-04: Ubuntu Overlayfs Local Privilege Escalation (0)
12-04: WordPress All-In-One Video Gallery 2.4.9 Local File Inclusion (0)
12-04: Backdoor.Win32.WinShell.50 Hardcoded Password (0)
12-04: OrbiTeam BSCW Server XSS / LFI / User Enumeration (0)
12-03: Android vold Unsafe Mounting (0)
12-03: [webapps] WordPress Plugin DZS Zoomsounds 6.45 – Arbitrary File Read (Unauthenticated) (0)
12-03: [webapps] WordPress Plugin All-in-One Video Gallery plugin 2.4.9 – Local File Inclusion (LFI) (0)
12-03: [webapps] Online Magazine Management System 1.0 – SQLi Authentication Bypass (0)
12-03: [webapps] WordPress Plugin Slider by Soliloquy 2.6.2 – 'title' Stored Cross Site Scripting (XSS) (Authenticated) (0)
12-03: [webapps] Online Pre-owned/Used Car Showroom Management System 1.0 – SQLi Authentication Bypass (0)
12-02: Online Enrollment Management System In PHP And PayPal 1.0 Cross Site Scripting (0)
12-02: Advanced Comment System 1.0 Remote Command Execution (0)
12-02: NSS Signature Validation Memory Corruption (0)
12-02: MilleGPG5 5.7.2 Luglio 2021 Privilege Escalation (0)
12-02: Packet Storm New Exploits For November, 2021 (0)
12-01: Laundry Booking Management System 1.0 Remote Code Execution (0)
12-01: [webapps] Advanced Comment System 1.0 – Remote Command Execution (RCE) (0)
12-01: [local] MilleGPG5 5.7.2 Luglio 2021 – Local Privilege Escalation (0)
12-01: [webapps] Online Enrollment Management System in PHP and PayPal 1.0 – 'U_NAME' Stored Cross-Site Scripting (0)

November 2021 (251)

11-30: Nextar C472 POS DLL Hijacking (0)
11-30: Polkit Authentication Bypass / Local Privilege Escalation (0)
11-30: Apache HTTP Server 2.4.50 CVE-2021-42013 Exploitation (0)
11-30: Opencart 3.0.3.8 Session Injection (0)
11-30: Orangescrum 1.8.0 Cross Site Scripting (0)
11-30: Orangescrum 1.8.0 SQL Injection (0)
11-30: Orangescrum 1.8.0 Privilege Escalation (0)
11-30: [webapps] Laundry Booking Management System 1.0 – Remote Code Execution (RCE) (0)
11-29: [webapps] opencart 3.0.3.8 – Sessjion Injection (0)
11-29: [webapps] orangescrum 1.8.0 – 'Multiple' SQL Injection (Authenticated) (0)
11-29: [webapps] orangescrum 1.8.0 – 'Multiple' Cross-Site Scripting (XSS) (Authenticated) (0)
11-29: [webapps] orangescrum 1.8.0 – Privilege escalation (Authenticated) (0)
11-28: Gerdab.ir SQL Injection (0)
11-28: Bagisto 1.3.3 Client-Side Template Injection (0)
11-28: Backdoor.Win32.Coredoor.10.a Authentication Bypass / Code Execution (0)
11-28: Email-Worm.Win32.Deltad Insecure Permissions (0)
11-28: Backdoor.Win32.Coredoor.10.a Man-In-The-Middle (0)
11-28: D-Link DSL-3782 Pre-Authentication Remote Root (0)
11-28: ManageEngine ADSelfService Plus Authentication Bypass / Code Execution (0)
11-26: [webapps] Bagisto 1.3.3 – Client-Side Template Injection (0)
11-25: Serva 4.4.0 TFTP Remote Buffer Overflow (0)
11-25: CMSimple 5.4 Local File Inclusion / Remote Code Execution (0)
11-25: HTTPDebuggerPro 9.11 Unquoted Service Path (0)
11-25: Apple ColorSync CMMNDimLinear::Interpolate Uninitialized Memory (0)
11-24: Attackers Actively Target Windows Installer Zero-Day (0)
11-24: Samsung NPU (Neural Processing Unit) Memory Corruption (0)
11-24: GNU gdbserver 9.2 Remote Command Execution (0)
11-24: FLEX 1085 Web 1.6.0 HTML Injection (0)
11-24: Webrun 3.6.0.42 SQL Injection (0)
11-24: Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation (0)
11-24: WordPress WP Guppy 1.1 Information Disclosure (0)
11-24: [webapps] CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated) (0)
11-24: [local] HTTPDebuggerPro 9.11 – Unquoted Service Path (0)
11-23: PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection (0)
11-23: Backdoor.Win32.Acropolis.10 Insecure Permissions (0)
11-23: Backdoor.Win32.Curioso.zp Insecure Permissions (0)
11-23: Modbus Slave 7.3.1 Buffer Overflow (0)
11-23: Backdoor.Win32.Antilam.11 Code Execution (0)
11-23: Backdoor.Win32.Wollf.a Hardcoded Password (0)
11-23: Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass (0)
11-23: OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal (0)
11-23: Backdoor.Win32.Wollf.h Hardcoded Password (0)
11-23: Pinkie 2.15 Remote Buffer Overflow (0)
11-23: Wipro Holmes Orchestrator 20.4.1 File Disclosure (0)
11-23: Backdoor.Win32.Agent.ad Insecure Credential Storage (0)
11-23: Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection (0)
11-23: Backdoor.Win32.BNLite Buffer Overflow (0)
11-23: Backdoor.Win32.BlueAdept.02.a Buffer Overflow (0)
11-23: OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure (0)
11-23: Wipro Holmes Orchestrator 20.4.1 Report Disclosure (0)
11-23: [webapps] FLEX 1085 Web 1.6.0 – HTML Injection (0)
11-23: [webapps] Bus Pass Management System 1.0 – 'Search' SQL injection (0)
11-23: [webapps] Webrun 3.6.0.42 – 'P_0' SQL Injection (0)
11-23: [local] Linux Kernel 5.1.x – 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2) (0)
11-23: [webapps] Wordpress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure (0)
11-23: [remote] GNU gdbserver 9.2 – Remote Command Execution (RCE) (0)
11-22: [webapps] Aimeos Laravel ecommerce platform 2021.10 LTS – 'sort' SQL injection (0)
11-22: [dos] Modbus Slave 7.3.1 – Buffer Overflow (DoS) (0)
11-22: [dos] Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC) (0)
11-20: Apache Storm Nimbus 2.2.0 Command Execution (0)
11-19: FBI: FatPipe VPN Zero-Day Exploited By APT For 6 Months (0)
11-19: Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free (0)
11-18: Bludit 3.13.1 Cross Site Scripting (0)
11-18: Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting (0)
11-18: GitLab 13.10.2 Remote Code Execution (0)
11-18: LiquidFiles 3.5.13 Privilege Escalation (0)
11-18: WordPress Smart Product Review 1.0.4 Shell Upload (0)
11-18: SuiteCRM 7.11.18 Remote Code Execution (0)
11-17: Fuel CMS 1.4.13 SQL Injection (0)
11-17: Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection (0)
11-17: KONGA 0.14.9 Privilege Escalation (0)
11-17: WordPress Contact Form To Email 1.3.24 Cross Site Scripting (0)
11-17: Simple Subscription Website 1.0 SQL Injection (0)
11-17: Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download (0)
11-17: PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting (0)
11-17: WordPress WPSchoolPress 2.1.16 Cross Site Scripting (0)
11-17: CMDBuild 3.3.2 Cross Site Scripting (0)
11-17: Online Reviewer System 2.4.0 SQL Injection (0)
11-17: Online Learning System 2.0 Remote Code Execution (0)
11-17: Sitecore Experience Platform (XP) Remote Code Execution (0)
11-17: [webapps] Quick.CMS 6.7 – Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated) (0)
11-17: [webapps] Bludit 3.13.1 – 'username' Cross Site Scripting (XSS) (0)
11-16: WordPress WPSchoolPress 2.1.16 Cross Site Scripting (0)
11-16: [webapps] Online Learning System 2.0 – Remote Code Execution (RCE) (0)
11-16: [webapps] CMDBuild 3.3.2 – 'Multiple' Cross Site Scripting (XSS) (0)
11-15: [webapps] PHP Laravel 8.70.1 – Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF) (0)
11-15: [webapps] Fuel CMS 1.4.13 – 'col' Blind SQL Injection (Authenticated) (0)
11-15: [webapps] Simple Subscription Website 1.0 – SQLi Authentication Bypass (0)
11-15: [webapps] KONGA 0.14.9 – Privilege Escalation (0)
11-15: [webapps] WordPress Plugin Contact Form to Email 1.3.24 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
11-15: [webapps] WordPress Plugin WPSchoolPress 2.1.16 – 'Multiple' Cross Site Scripting (XSS) (0)
11-13: Mumara Classic 2.93 SQL Injection (0)
11-13: Microsoft Windows MultiPoint Server 2011 SP1 Local Privilege Escalation (0)
11-13: WordPress WP Symposium Pro 2021.10 Cross Site Scripting (0)
11-13: Xlight FTP 3.9.3.1 Buffer Overflow (0)
11-13: WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting (0)
11-13: Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution (0)
11-13: Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution (0)
11-12: [webapps] Mumara Classic 2.93 – 'license' SQL Injection (Unauthenticated) (0)
11-12: [local] Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation (0)
11-12: [dos] Xlight FTP 3.9.3.1 – Buffer Overflow (PoC) (0)
11-12: [webapps] WordPress Plugin AccessPress Social Icons 1.8.2 – 'icon title' Stored Cross-Site Scripting (XSS) (0)
11-12: [webapps] WordPress Plugin WP Symposium Pro 2021.10 – 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS) (0)
11-11: Employee And Visitor Gate Pass Logging System 1.0 Cross Site Scripting (0)
11-11: Employee Daily Task Management System 1.0 Cross Site Scripting (0)
11-11: Dolibarr ERP / CRM 13.0.2 Cross Site Scripting (0)
11-11: Dolibarr ERP / CRM 13.0.2 Remote Code Execution (0)
11-11: Microsoft OMI Management Interface Authentication Bypass (0)
11-11: Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation (0)
11-11: FormaLMS 2.4.4 Authentication Bypass (0)
11-11: YeaLink SIP-TXXXP 53.84.0.15 Command Injection (0)
11-11: AbsoluteTelnet 11.24 Denial Of Service (0)
11-11: Apache HTTP Server 2.4.50 Remote Code Execution (0)
11-11: Microsoft Windows WSAQuerySocketSecurity AppContainer Privilege Escalation (0)
11-11: Massive Zero-Day Hole Found In Palo Alto Security Appliances (0)
11-11: Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation (0)
11-11: [webapps] FormaLMS 2.4.4 – Authentication Bypass (0)
11-11: [dos] AbsoluteTelnet 11.24 – 'Phone' Denial of Service (PoC) (0)
11-11: [dos] AbsoluteTelnet 11.24 – 'Username' Denial of Service (PoC) (0)
11-11: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (3) (0)
11-11: [webapps] YeaLink SIP-TXXXP 53.84.0.15 – 'cmd' Command Injection (Authenticated) (0)
11-10: Movable Type 7 r.5002 XMLRPC API Remote Command Injection (0)
11-10: Google Assistant Authentication Bypass (0)
11-10: Google Assistant Authentication Bypass (0)
11-10: [webapps] Employee and Visitor Gate Pass Logging System 1.0 – 'name' Stored Cross-Site Scripting (XSS) (0)
11-10: [webapps] Employee Daily Task Management System 1.0 – 'Name' Stored Cross-Site Scripting (XSS) (0)
11-09: Backdoor.Win32.VB.afu Insecure Permissions (0)
11-09: FusionPBX 4.5.29 Remote Code Execution (0)
11-09: Money Transfer Management System 1.0 SQL Injection (0)
11-09: Backdoor.Win32.VB.afu Insecure Transit (0)
11-09: WordPress Backup And Restore 1.0.3 Arbitrary File Deletion (0)
11-09: Backdoor.Win32.Pahador.aj Authentication Bypass / Code Execution (0)
11-09: Froxlor 0.10.29.1 SQL Injection (0)
11-09: Backdoor.Win32.Hupigon.nqr Unauthenticated Open Proxy (0)
11-09: zlog 1.2.15 Buffer Overflow (0)
11-09: HEUR.Backdoor.Win32.Denis.gen Denial Of Service (0)
11-09: Backdoor.Win32.Hupigon.bnbb Unquoted Service Path (0)
11-09: Kmaleon 1.1.0.205 SQL Injection (0)
11-09: Trojan.Win32.Servstar.poa Unquoted Service Path (0)
11-09: Simple Client Management System 1.0 Cross Site Scripting (0)
11-09: Trojan.Win32.SkynetRef.x Unauthenticated Open Proxy (0)
11-09: Trojan.Win32.SkynetRef.y Unauthenticated Open Proxy (0)
11-09: Email-Worm.Win32.Plexus.b Code Execution (0)
11-08: Email-Worm.Win32.Plexus.b Code Execution (0)
11-08: [webapps] FusionPBX 4.5.29 – Remote Code Execution (RCE) (Authenticated) (0)
11-08: [local] zlog 1.2.15 – Buffer Overflow (0)
11-08: [webapps] Simple Client Management System 1.0 – SQLi (Authentication Bypass) (0)
11-08: [webapps] WordPress Plugin Backup and Restore 1.0.3 – Arbitrary File Deletion (0)
11-08: [webapps] Froxlor 0.10.29.1 – SQL Injection (Authenticated) (0)
11-08: [webapps] Money Transfer Management System 1.0 – Authentication Bypass (0)
11-08: [webapps] Simple Client Management System 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
11-08: [webapps] Kmaleon 1.1.0.205 – 'tipocomb' SQL Injection (Authenticated) (0)
11-06: Khamenei.ir SQL Injection (0)
11-06: Backdoor.Win32.Optix.03.b Code Execution (0)
11-06: 10-Strike Network Inventory Explorer Pro 9.31 Unquoted Service Path (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution (0)
11-06: Payment Terminal 2.x / 3.x Cross Site Scripting (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass (0)
11-06: Backdoor.Win32.Ncx.b Buffer Overflow (0)
11-06: PHP Event Calendar Lite Edition SQL Injection (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control (0)
11-06: ImportExportTools NG 10.0.4 HTML Injection (0)
11-06: Backdoor.Win32.Ncx.b Code Execution (0)
11-06: IBM Sterling B2B Integrator Cross Site Scripting (0)
11-06: PHP Event Calendar Lite Edition Cross Site Scripting (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass (0)
11-06: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration (0)
11-06: HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection (0)
11-05: Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection (0)
11-05: Opencart 3 Extension TMD Vendor System SQL Injection (0)
11-05: GitLab Unauthenticated Remote ExifTool Command Injection (0)
11-05: [webapps] Payment Terminal 3.1 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-05: [local] 10-Strike Network Inventory Explorer Pro 9.31 – 'srvInventoryWebServer' Unquoted Service Path (0)
11-04: GitLab Unauthenticated Remote ExifTool Command Injection (0)
11-04: Fuel CMS 1.4.1 Remote Code Execution (0)
11-04: Fuel CMS 1.4.1 Remote Code Execution (0)
11-04: [webapps] Opencart 3 Extension TMD Vendor System – Blind SQL Injection (0)
11-04: [webapps] Opencart 3 Extension TMD Vendor System – Blind SQL Injection (0)
11-03: YouTube Video Grabber 1.9.9.1 Buffer Overflow (0)
11-03: Kingdia CD Extractor 3.0.2 Buffer Overflow (0)
11-03: Codiad 2.8.4 Shell Upload (0)
11-03: WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution (0)
11-03: 10-Strike Network Inventory Explorer Pro 9.31 Buffer Overflow (0)
11-03: Employee Record Management System 1.2 SQL Injection (0)
11-03: Dynojet Power Core 2.3.0 Unquoted Service Path (0)
11-03: Ericsson Network Location MPS GMPC21 Remote Code Execution (0)
11-03: Ericsson Network Location MPS GMPC21 Privilege Escalation (0)
11-03: i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw (0)
11-03: [webapps] Eclipse Jetty 11.0.5 – Sensitive File Disclosure (0)
11-03: [webapps] Fuel CMS 1.4.1 – Remote Code Execution (3) (0)
11-03: [webapps] WordPress Plugin Hotel Listing 3 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] WordPress Plugin Popup Anything 2.0.3 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHPJabbers Simple CMS 5 – 'name' Persistent Cross-Site Scripting (XSS) (0)
11-03: [webapps] Ultimate POS 4.4 – 'name' Cross-Site Scripting (XSS) (0)
11-03: [webapps] OpenAM 13.0 – LDAP Injection (0)
11-03: [webapps] Vanguard 2.1 – 'Search' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Isshue Shopping Cart 3.5 – 'Title' Cross Site Scripting (XSS) (0)
11-03: [webapps] Mult-e-Cart Ultimate 2.4 – 'id' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – Persistent Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHP Melody 3.0 – 'vid' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Sonicwall SonicOS 6.5.4 – 'Common Name' Cross-Site Scripting (XSS) (0)
11-03: [local] RDP Manager 4.9.9.3 – Denial-of-Service (PoC) (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' SQL Injection (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
11-03: [webapps] Ultimate POS 4.4 – 'name' Cross-Site Scripting (XSS) (0)
11-03: [webapps] OpenAM 13.0 – LDAP Injection (0)
11-03: [webapps] Vanguard 2.1 – 'Search' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Isshue Shopping Cart 3.5 – 'Title' Cross Site Scripting (XSS) (0)
11-03: [webapps] Mult-e-Cart Ultimate 2.4 – 'id' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – Persistent Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHP Melody 3.0 – 'vid' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Sonicwall SonicOS 6.5.4 – 'Common Name' Cross-Site Scripting (XSS) (0)
11-03: [local] RDP Manager 4.9.9.3 – Denial-of-Service (PoC) (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' SQL Injection (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
11-03: [webapps] Fuel CMS 1.4.1 – Remote Code Execution (3) (0)
11-03: [webapps] WordPress Plugin Hotel Listing 3 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHPJabbers Simple CMS 5 – 'name' Persistent Cross-Site Scripting (XSS) (0)
11-02: i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw (0)
11-02: Trojan.Win32.Pasta.mca Insecure Permissions (0)
11-02: PHPJabbers Simple CMS 5 Cross Site Scripting (0)
11-02: WordPress Hotel Listing 3.x Cross Site Scripting (0)
11-02: My Movie Collection Sinatra App Movie Cross Site Scripting (0)
11-02: My Movie Collection Sinatra App Login Cross Site Scripting (0)
11-02: Trojan.Win32.Phires.zm Insecure Permissions (0)
11-02: Trojan.Win32.Delf.bna Information Disclosure (0)
11-02: Backdoor.Win32.Agent.sah Heap Corruption (0)
11-02: Packet Storm New Exploits For October, 2021 (0)
11-02: [webapps] Employee Record Management System 1.2 – 'empid' SQL injection (Unauthenticated) (0)
11-02: [local] Dynojet Power Core 2.3.0 – Unquoted Service Path (0)
11-02: [webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (4) (0)
11-02: [webapps] i3 International Annexxus Cameras Ax-n 5.2.0 – Application Logic Flaw (0)
11-02: [local] 10-Strike Network Inventory Explorer Pro 9.31 – Buffer Overflow (SEH) (0)
11-02: [local] YouTube Video Grabber 1.9.9.1 – Buffer Overflow (SEH) (0)
11-02: [local] Kingdia CD Extractor 3.0.2 – Buffer Overflow (SEH) (0)
11-02: [webapps] Ericsson Network Location MPS GMPC21 – Privilege Escalation (Metasploit) (0)
11-02: [webapps] Ericsson Network Location MPS GMPC21 – Remote Code Execution (RCE) (Metasploit) (0)
11-02: [webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (4) (0)
11-02: [webapps] i3 International Annexxus Cameras Ax-n 5.2.0 – Application Logic Flaw (0)
11-02: [local] 10-Strike Network Inventory Explorer Pro 9.31 – Buffer Overflow (SEH) (0)
11-02: [local] YouTube Video Grabber 1.9.9.1 – Buffer Overflow (SEH) (0)
11-02: [local] Kingdia CD Extractor 3.0.2 – Buffer Overflow (SEH) (0)
11-02: [webapps] Ericsson Network Location MPS GMPC21 – Remote Code Execution (RCE) (Metasploit) (0)
11-02: [webapps] Ericsson Network Location MPS GMPC21 – Privilege Escalation (Metasploit) (0)
11-02: [local] Dynojet Power Core 2.3.0 – Unquoted Service Path (0)
11-02: [webapps] Employee Record Management System 1.2 – 'empid' SQL injection (Unauthenticated) (0)
11-01: Packet Storm New Exploits For October, 2021 (0)

October 2021 (382)

10-30: Umbraco 8.14.1 Server-Side Request Forgery (0)
10-30: Mini-XML 3.2 Heap Overflow (0)
10-30: Android NFC Type Confusion (0)
10-30: Movable Type 7 r.5002 XMLRPC API Remote Command Injection (0)
10-30: WordPress NextScripts: Social Networks Auto-Poster 4.3.20 XSS (0)
10-30: WebCTRL OEM 6.5 Cross Site Scripting (0)
10-30: Google Fixes Two High Severity Zero Day Flaws In Chrome (0)
10-29: WebCTRL OEM 6.5 Cross Site Scripting (0)
10-29: Trojan.Win32.Akl.bc Insecure Permissions (0)
10-29: Backdoor.Win32.Delf.arjo Unquoted Service Path (0)
10-29: Backdoor.Win32.Hupigon.acio Unquoted Service Path (0)
10-29: WordPress Supsystic Contact Form 1.7.18 Cross Site Scripting (0)
10-29: Backdoor.Win32.Hupigon.acio Unauthenticated Open Proxy (0)
10-29: Backdoor.Win32.Hupigon.afjk Directory Traversal (0)
10-29: Backdoor.Win32.Hupigon.afjk Man-In-The-Middle (0)
10-29: Backdoor.Win32.Hupigon.afjk Authentication Bypass / Code Execution (0)
10-29: Hostel Management System 2.1 Cross Site Request Forgery / Cross Site Scripting (0)
10-29: Backdoor.Win32.Mazben.es Unauthenticated Open Proxy (0)
10-29: HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy (0)
10-29: Backdoor.Win32.Antilam.14.o Remote Command Execution (0)
10-29: Virus.Win32.Ipamor.c Unauthenticated Reboot (0)
10-29: Microsoft OMI Management Interface Authentication Bypass (0)
10-29: Backdoor.Win32.Prorat.ntz Man-In-The-Middle (0)
10-29: Backdoor.Win32.Prorat.ntz Weak Hardcoded Password (0)
10-29: Sophos UTM WebAdmin SID Command Injection (0)
10-29: Apple Security Advisory 2021-10-26-4 (0)
10-29: Apple Security Advisory 2021-10-26-5 (0)
10-29: Apple Security Advisory 2021-10-26-6 (0)
10-29: Apple Security Advisory 2021-10-26-7 (0)
10-29: Apple Security Advisory 2021-10-26-8 (0)
10-29: Apple Security Advisory 2021-10-26-9 (0)
10-29: Apple Security Advisory 2021-10-26-10 (0)
10-29: Apple Security Advisory 2021-10-26-11 (0)
10-29: [webapps] Movable Type 7 r.5002 – XMLRPC API OS Command Injection (Metasploit) (0)
10-29: [local] Mini-XML 3.2 – Heap Overflow (0)
10-29: [webapps] Movable Type 7 r.5002 – XMLRPC API OS Command Injection (Metasploit) (0)
10-29: [webapps] WebCTRL OEM 6.5 – 'locale' Reflected Cross-Site Scripting (XSS) (0)
10-29: [webapps] Umbraco v8.14.1 – 'baseUrl' SSRF (0)
10-29: [webapps] Umbraco v8.14.1 – 'baseUrl' SSRF (0)
10-28: Sophos UTM WebAdmin SID Command Injection (0)
10-28: Apple Security Advisory 2021-10-26-1 (0)
10-28: Apple Security Advisory 2021-10-26-2 (0)
10-28: Apple Security Advisory 2021-10-26-3 (0)
10-28: [webapps] PHPGurukul Hostel Management System 2.1 – Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) (0)
10-28: [webapps] WordPress Plugin Supsystic Contact Form 1.7.18 – 'label' Stored Cross-Site Scripting (XSS) (0)
10-28: [webapps] PHPGurukul Hostel Management System 2.1 – Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) (0)
10-28: [webapps] WordPress Plugin Supsystic Contact Form 1.7.18 – 'label' Stored Cross-Site Scripting (XSS) (0)
10-27: RDP Manager 4.9.9.3 Denial Of Service (0)
10-27: Simplephpscripts Simple CMS 2.1 Cross Site Scripting (0)
10-27: Simplephpscripts Simple CMS 2.1 Cross Site Scripting (0)
10-27: Simplephpscripts Simple CMS 2.1 SQL Injection (0)
10-27: WordPress Filterable Portfolio Gallery 1.0 Cross Site Scripting (0)
10-27: Sonicwall SonicOS 6.5.4 Cross Site Scripting (0)
10-27: Mult-e-Cart Ultimate 2.4 SQL Injection (0)
10-27: BMW Online Cross Site Scripting (0)
10-27: SPA Cart CMS 2021 SQL Injection (0)
10-27: PHP Melody 3.0 Cross Site Scripting (0)
10-27: PHP Melody 3.0 SQL Injection (0)
10-27: PHP Melody 3.0 Cross Site Scripting (0)
10-27: PHP Melody 3.0 Cross Site Scripting (0)
10-27: Isshue Shopping Cart 3.5 Cross Site Scripting (0)
10-27: Vanguard 2.1 Cross Site Scripting (0)
10-27: Linux SELinux PTRACE_TRACEME Handler Use-After-Free (0)
10-27: Ultimate POS 4.4 Cross Site Scripting (0)
10-27: Ultimate POS 4.4 Cross Site Scripting (0)
10-26: Engineers Online Portal 1.0 Shell Upload (0)
10-26: Apache HTTP Server 2.4.50 Remote Code Execution (0)
10-26: Hikvision Web Server Build 210702 Command Injection (0)
10-26: WordPress TaxoPress 3.0.7.1 Cross Site Scripting (0)
10-26: Build Smart ERP 21.0817 SQL Injection (0)
10-26: Netgear Genie 2.4.64 Unquoted Service Path (0)
10-26: Balbooa Joomla Forms Builder 2.0.6 SQL Injection (0)
10-26: OpenClinic GA 5.194.18 Privilege Escalation (0)
10-26: Online Event Booking And Reservation System 1.0 Cross Site Scripting (0)
10-26: Engineers Online Portal 1.0 Cross Site Scripting (0)
10-26: Engineers Online Portal 1.0 SQL Injection (0)
10-26: GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal (0)
10-26: FreeSWITCH 1.10.6 SIP Digest Leak (0)
10-26: phpMyAdmin 4.8.1 Remote Code Execution (0)
10-26: FreeSWITCH 1.10.6 SIP Flooding Denial Of Service (0)
10-26: Online Student Admission System 1.0 SQL Injection / Shell Upload (0)
10-26: WordPress Media-Tags 3.2.0.2 Cross Site Scripting (0)
10-26: Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution (0)
10-26: FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication (0)
10-26: WordPress Ninja Tables 4.1.7 Cross Site Scripting (0)
10-26: WordPress 4.9.6 Arbitrary File Deletion (0)
10-26: Gestionale Open 11.00.00 Privilege Escalation (0)
10-26: FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication (0)
10-26: FreeSWITCH 1.10.6 SRTP Packet Denial Of Service (0)
10-26: FreeSWITCH 1.10.6 SRTP Packet Denial Of Service (0)
10-26: [webapps] WordPress Plugin Filterable Portfolio Gallery 1.0 – 'title' Stored Cross-Site Scripting (XSS) (0)
10-26: [webapps] WordPress Plugin Filterable Portfolio Gallery 1.0 – 'title' Stored Cross-Site Scripting (XSS) (0)
10-25: [local] OpenClinic GA 5.194.18 – Local Privilege Escalation (0)
10-25: [webapps] Balbooa Joomla Forms Builder 2.0.6 – SQL Injection (Unauthenticated) (0)
10-25: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (2) (0)
10-25: [webapps] Build Smart ERP 21.0817 – 'eidValue' SQL Injection (Unauthenticated) (0)
10-25: [local] Netgear Genie 2.4.64 – Unquoted Service Path (0)
10-25: [webapps] Engineers Online Portal 1.0 – File Upload Remote Code Execution (RCE) (0)
10-25: [webapps] Hikvision Web Server Build 210702 – Command Injection (0)
10-25: [local] Gestionale Open 11.00.00 – Local Privilege Escalation (0)
10-25: [webapps] WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] Online Event Booking and Reservation System 1.0 – 'reason' Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] phpMyAdmin 4.8.1 – Remote Code Execution (RCE) (0)
10-25: [webapps] Wordpress 4.9.6 – Arbitrary File Deletion (Authenticated) (2) (0)
10-25: [webapps] WordPress Plugin Ninja Tables 4.1.7 – Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] WordPress Plugin Media-Tags 3.2.0.2 – Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'id' SQL Injection (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Authentication Bypass (0)
10-25: [webapps] WordPress Plugin Ninja Tables 4.1.7 – Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
10-25: [local] Netgear Genie 2.4.64 – Unquoted Service Path (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'id' SQL Injection (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Authentication Bypass (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
10-25: [local] Gestionale Open 11.00.00 – Local Privilege Escalation (0)
10-25: [webapps] Online Event Booking and Reservation System 1.0 – 'reason' Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] Balbooa Joomla Forms Builder 2.0.6 – SQL Injection (Unauthenticated) (0)
10-25: [local] OpenClinic GA 5.194.18 – Local Privilege Escalation (0)
10-25: [webapps] Build Smart ERP 21.0817 – 'eidValue' SQL Injection (Unauthenticated) (0)
10-25: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (2) (0)
10-25: [webapps] Engineers Online Portal 1.0 – File Upload Remote Code Execution (RCE) (0)
10-25: [webapps] Hikvision Web Server Build 210702 – Command Injection (0)
10-23: Jetty 9.4.37.v20210219 Information Disclosure (0)
10-23: Clinic Management System 1.0 Code Execution / SQL Injection (0)
10-23: Online Course Registration 1.0 SQL Injection (0)
10-23: Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation (0)
10-22: Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation (0)
10-22: Easy Chat Server 3.1 Directory Traversal (0)
10-22: NIMax 5.3.1f0 Denial Of Service (0)
10-22: Small CRM 3.0 Cross Site Scripting (0)
10-22: [webapps] Clinic Management System 1.0 – SQL injection to Remote Code Execution (0)
10-22: [webapps] Jetty 9.4.37.v20210219 – Information Disclosure (0)
10-22: [webapps] Online Course Registration 1.0 – Blind Boolean-Based SQL Injection (Authenticated) (0)
10-22: [webapps] Online Course Registration 1.0 – Blind Boolean-Based SQL Injection (Authenticated) (0)
10-22: [webapps] Clinic Management System 1.0 – SQL injection to Remote Code Execution (0)
10-22: [webapps] Jetty 9.4.37.v20210219 – Information Disclosure (0)
10-21: Small CRM 3.0 Cross Site Scripting (0)
10-21: Macro Expert 4.7 Unquoted Service Path (0)
10-21: SonicWall SMA 10.2.1.0-17sv Password Reset (0)
10-21: Apple Security Advisory 2021-10-11-1 (0)
10-21: [webapps] Easy Chat Server 3.1 – Directory Traversal and Arbitrary File Read (0)
10-21: [dos] NIMax 5.3.1f0 – 'VISA Alias' Denial of Service (PoC) (0)
10-21: [webapps] Small CRM 3.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
10-21: [dos] NIMax 5.3.1 – 'Remote VISA System' Denial of Service (PoC) (0)
10-21: [webapps] Small CRM 3.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
10-21: [dos] NIMax 5.3.1 – 'Remote VISA System' Denial of Service (PoC) (0)
10-21: [dos] NIMax 5.3.1f0 – 'VISA Alias' Denial of Service (PoC) (0)
10-20: http://keelek-phatumrat.go.th (0)
10-20: SonicWall SMA 10.2.1.0-17sv Password Reset (0)
10-20: http://old.ddc.moph.go.th/data/br4in(36).gif (0)
10-20: http://www.khunpadpeng.go.th/editor/ (0)
10-20: http://www.srapanglan.go.th/editor/ (0)
10-20: http://www.banrome.go.th/editor/ (0)
10-20: http://www.wangwa.go.th/editor/ (0)
10-20: http://www.thajaosanook.go.th/editor/ (0)
10-20: http://nangbuach.go.th/editor/ (0)
10-20: http://www.khaodin.go.th/editor/ (0)
10-20: Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation (0)
10-20: Online Motorcycle (Bike) Rental System 1.0 SQL Injection (0)
10-20: WordPress Enfold Theme 4.8.3 Cross Site Scripting (0)
10-20: [webapps] Dolibarr ERP-CRM 14.0.2 – Stored Cross-Site Scripting (XSS) / Privilege Escalation (0)
10-20: [local] Macro Expert 4.7 – Unquoted Service Path (0)
10-20: [webapps] SonicWall SMA 10.2.1.0-17sv – Password Reset (0)
10-20: [webapps] Dolibarr ERP-CRM 14.0.2 – Stored Cross-Site Scripting (XSS) / Privilege Escalation (0)
10-20: [local] Macro Expert 4.7 – Unquoted Service Path (0)
10-20: [webapps] SonicWall SMA 10.2.1.0-17sv – Password Reset (0)
10-19: WordPress Enfold Theme 4.8.3 Cross Site Scripting (0)
10-19: Support Board 3.3.4 Cross Site Scripting (0)
10-19: Trojan-Spy.Win32.Ardamax.ocx Insecure Permissions (0)
10-19: Worm.Win32.Fasong.c Unquoted Service Path (0)
10-19: Company's Recruitment Management System 1.0 Cross Site Scripting (0)
10-19: Company's Recruitment Management System 1.0 Cross Site Request Forgery (0)
10-19: Trojan-Proxy.Win32.Ranky.dh Unauthenticated Open Proxy (0)
10-19: Plastic SCM 10.0.16.5622 Insecure Direct Object Reference (0)
10-19: Worm.Win32.Runfer.bpo Unquoted Service Path (0)
10-19: WordPress Duplicator 1.3.26 Arbitrary File Read (0)
10-19: Trojan-Proxy.Win32.Ranky.z Unauthenticated Open Proxy (0)
10-19: Engineers Online Portal 1.0 SQL Injection (0)
10-19: Virus.Win32.Ipamor.c Unauthenticated Remote System Reboot (0)
10-19: Mitsubishi Electric / INEA SmartRTU Cross Site Scripting (0)
10-19: Mitsubishi Electric / INEA SmartRTU Source Code Disclosure (0)
10-19: Backdoor.Win32.LanFiltrator.11.b Code Execution (0)
10-19: Backdoor.Win32.LanaFTP.k Heap Corruption (0)
10-19: [webapps] myfactory FMS 7.1-911 – 'Multiple' Reflected Cross-Site Scripting (XSS) (0)
10-19: [webapps] WordPress Theme Enfold 4.8.3 – Reflected Cross-Site Scripting (XSS) (0)
10-19: [webapps] Online Motorcycle (Bike) Rental System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
10-19: [webapps] Online Motorcycle (Bike) Rental System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
10-19: [webapps] myfactory FMS 7.1-911 – 'Multiple' Reflected Cross-Site Scripting (XSS) (0)
10-19: [webapps] WordPress Theme Enfold 4.8.3 – Reflected Cross-Site Scripting (XSS) (0)
10-18: Backdoor.Win32.LanaFTP.k Heap Corruption (0)
10-18: Plastic SCM 10.0.16.5622 Improper Access Control (0)
10-18: [webapps] Company's Recruitment Management System 1.0 – 'Add New user' Cross-Site Request Forgery (CSRF) (0)
10-18: [webapps] Plastic SCM 10.0.16.5622 – WebAdmin Server Access (0)
10-18: [webapps] Support Board 3.3.4 – 'Message' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Company's Recruitment Management System 1.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Reflected Cross-Site Scripting (XSS) (0)
10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Source Code Disclosure (0)
10-18: [webapps] Wordpress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (0)
10-18: [webapps] Company's Recruitment Management System 1.0. – 'title' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Company's Recruitment Management System 1.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Source Code Disclosure (0)
10-18: [webapps] Company's Recruitment Management System 1.0. – 'title' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Wordpress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (0)
10-18: [webapps] Support Board 3.3.4 – 'Message' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Reflected Cross-Site Scripting (XSS) (0)
10-16: i-Panel Administration System 2.0 Cross Site Scripting (0)
10-15: i-Panel Administration System 2.0 Cross Site Scripting (0)
10-15: SolarWinds Kiwi CatTools 3.11.8 Unquoted Service Path (0)
10-15: TextPattern CMS 4.8.7 Shell Upload (0)
10-15: IFSC Code Finder Project 1.0 SQL Injection (0)
10-15: Yellowfin Cross Site Scripting / Insecure Direct Object Reference (0)
10-15: WebKit PointerCaptureController::processPendingPointerCapture Heap Use-After-Free (0)
10-15: WebKit EventHandler::keyEvent Heap Use-After-Free (0)
10-15: WebKit DOMWindow::open Heap Use-After-Free (0)
10-15: [webapps] i-Panel Administration System 2.0 – Reflected Cross-site Scripting (XSS) (0)
10-15: [webapps] i-Panel Administration System 2.0 – Reflected Cross-site Scripting (XSS) (0)
10-14: WebKit DOMWindow::open Heap Use-After-Free (0)
10-14: Pharmacy Point Of Sale System 1.0 Cross Site Request Forgery (0)
10-14: Simple Issue Tracker System 1.0 SQL Injection (0)
10-14: Student Quarterly Grading System 1.0 Cross Site Scripting (0)
10-14: Lifestyle Store 1.0 Cross Site Scripting (0)
10-14: Logitech Media Server 8.2.0 Cross Site Scripting (0)
10-14: Simple Payroll System 1.0 SQL Injection (0)
10-14: Alchemy CMS 6.0.0 Arbitrary File Upload (0)
10-14: Keycloak 12.0.1 Server-Side Request Forgery (0)
10-14: Apache HTTP Server 2.4.50 Path Traversal / Code Execution (0)
10-14: Sonicwall SonicOS 7.0 Host Header Injection (0)
10-14: myfactory.FMS 7.1-911 Cross Site Scripting (0)
10-14: [local] SolarWinds Kiwi CatTools 3.11.8 – Unquoted Service Path (0)
10-14: [webapps] TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated) (0)
10-14: [webapps] TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated) (0)
10-14: [local] SolarWinds Kiwi CatTools 3.11.8 – Unquoted Service Path (0)
10-13: myfactory.FMS 7.1-911 Cross Site Scripting (0)
10-13: Moodle Authenticated Spelling Binary Remote Code Execution (0)
10-13: Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution (0)
10-13: Moodle SpellChecker Path Authenticated Remote Command Execution (0)
10-13: Moodle Admin Shell Upload (0)
10-13: Zero-Day Hunters Seek Laws To Prevent Vendors Suing Them For Helping Out And Doing Their Jobs (0)
10-13: [webapps] Sonicwall SonicOS 7.0 – Host Header Injection (0)
10-13: [webapps] Logitech Media Server 8.2.0 – 'Title' Cross-Site Scripting (XSS) (0)
10-13: [webapps] Student Quarterly Grading System 1.0 – 'grade' Stored Cross-Site Scripting (XSS) (0)
10-13: [webapps] Simple Issue Tracker System 1.0 – SQLi Authentication Bypass (0)
10-13: [webapps] Online Learning System 2.0 – 'Multiple' SQLi Authentication Bypass (0)
10-13: [remote] Cypress Solutions CTM-200 2.7.1 – Root Remote OS Command Injection (0)
10-13: [webapps] Pharmacy Point of Sale System 1.0 – 'Add New User' Cross-Site Request Forgery (CSRF) (0)
10-13: [webapps] Apache HTTP Server 2.4.50 – Path Traversal & Remote Code Execution (RCE) (0)
10-13: [remote] Cypress Solutions CTM-200/CTM-ONE – Hard-coded Credentials Remote Root (Telnet/SSH) (0)
10-13: [webapps] Keycloak 12.0.1 – 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) (0)
10-13: [webapps] Company's Recruitment Management System 1.0 – 'Multiple' SQL Injection (Unauthenticated) (0)
10-13: [webapps] Simple Payroll System 1.0 – SQLi Authentication Bypass (0)
10-12: Moodle Admin Shell Upload (0)
10-12: Aviatrix Controller 6.x Path Traversal / Code Execution (0)
10-12: Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root (0)
10-12: Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection (0)
10-11: Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection (0)
10-11: https://www.spr.go.th/er.php (0)
10-09: Loan Management System 1.0 SQL Injection (0)
10-09: Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation (0)
10-09: django-unicorn 0.35.3 Cross Site Scripting (0)
10-09: Online Traffic Offense Management System 1.0 Privilege Escalation (0)
10-09: Maian-Cart 3.8 Remote Code Execution (0)
10-09: WordPress Pie Register 3.7.1.4 Privilege Escalation (0)
10-09: Simple Online College Entrance Exam System 1.0 Account Takeover (0)
10-09: IFSC Code Finder Project 1.0 SQL Injection (0)
10-09: Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation (0)
10-09: Online Enrollment Management System 1.0 SQL Injection (0)
10-09: Online Employees Work From Home Attendance System 1.0 SQL Injection (0)
10-09: Cmder Console Emulator 1.3.18 Denial Of Service (0)
10-09: Simple Online College Entrance Exam System 1.0 SQL Injection (0)
10-08: Cmder Console Emulator 1.3.18 Denial Of Service (0)
10-08: https://www.samtambon.go.th/silence.html (0)
10-08: http://www.phichit.go.th/wh.html (0)
10-08: Google SLO-Generator 2.0.0 Code Execution (0)
10-08: Online DJ Booking Management System 1.0 Cross Site Scripting (0)
10-08: Simple Online College Entrance Exam System 1.0 SQL Injection (0)
10-08: Online Traffic Offense Management System 1.0 Shell Upload (0)
10-08: Online Traffic Offense Management System 1.0 Cross Site Scripting (0)
10-08: Online Traffic Offense Management System 1.0 SQL Injection (0)
10-08: Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation (0)
10-08: VMware vCenter Server Analytics (CEIP) Service File Upload (0)
10-08: [webapps] Online Employees Work From Home Attendance System 1.0 – SQLi Authentication Bypass (0)
10-08: [webapps] Online Enrollment Management System 1.0 – Authentication Bypass (0)
10-08: [webapps] Simple Online College Entrance Exam System 1.0 – Account Takeover (0)
10-08: [webapps] Simple Online College Entrance Exam System 1.0 – Unauthenticated Admin Creation (0)
10-08: [webapps] WordPress Plugin Pie Register 3.7.1.4 – Admin Privilege Escalation (Unauthenticated) (0)
10-08: [webapps] django-unicorn 0.35.3 – Stored Cross-Site Scripting (XSS) (0)
10-08: [webapps] Maian-Cart 3.8 – Remote Code Execution (RCE) (Unauthenticated) (0)
10-08: [webapps] IFSC Code Finder Project 1.0 – SQL injection (Unauthenticated) (0)
10-08: [webapps] Online Traffic Offense Management System 1.0 – Privilage escalation (Unauthenticated) (0)
10-08: [webapps] Simple Online College Entrance Exam System 1.0 – 'Multiple' SQL injection (0)
10-07: VMware vCenter Server Analytics (CEIP) Service File Upload (0)
10-07: Odine Solutions GateKeeper 1.0 SQL Injection (0)
10-07: G Data EndpointProtection Enterprise 17.08.2021 Privilege Escalation (0)
10-07: Talariax sendQuick Alertplus 4.3 SQL Injection (0)
10-07: Apache HTTP Server 2.4.49 Path Traversal (0)
10-07: Microsoft Office OneNote 2007 Remote Code Execution (0)
10-07: WordPress BulletProof Security 5.1 Information Disclosure (0)
10-07: Online-Food-Ordering-Web-App SQL Injection (0)
10-07: Dahua Authentication Bypass (0)
10-07: High Infinity Technology HiKam S6 1.3.26 Spoofing / Broken Authentication (0)
10-07: [webapps] Simple Online College Entrance Exam System 1.0 – SQLi Authentication Bypass (0)
10-07: [webapps] Online Traffic Offense Management System 1.0 – Multiple RCE (Unauthenticated) (0)
10-07: [webapps] Online Traffic Offense Management System 1.0 – Multiple XSS (Unauthenticated) (0)
10-07: [webapps] Online Traffic Offense Management System 1.0 – Multiple SQL Injection (Unauthenticated) (0)
10-07: [webapps] Online DJ Booking Management System 1.0 – 'Multiple' Blind Cross-Site Scripting (0)
10-07: [local] Google SLO-Generator 2.0.0 – Code Execution (0)
10-06: High Infinity Technology HiKam S6 1.3.26 Spoofing / Broken Authentication (0)
10-06: Virus.Win32.Renamer.a Insecure Permissions (0)
10-06: Backdoor.Win32.LolBot.gen Insecure Permissions (0)
10-06: Backdoor.Win32.Yoddos.an Unquoted Service Path (0)
10-06: HEUR.Trojan.Win32.Generic Unquoted Service Path (0)
10-06: Student Quarterly Grading System 1.0 SQL Injection (0)
10-06: Backdoor.Win32.Bifrose.ahyg Insecure Permissions (0)
10-06: Try My Recipe SQL Injection (0)
10-06: Backdoor.Win32.Hupigon.gy Unauthenticated Open Proxy (0)
10-06: Atlassian Confluence Server 7.5.1 Arbitrary File Read (0)
10-06: Trojan-PSW.Win32.PdPinch.gen Denial Of Service (0)
10-06: WordPress TheCartPress 1.5.3.6 Privilege Escalation (0)
10-06: WordPress MStore API 2.0.6 Shell Upload (0)
10-06: Atlassian Jira Server/Data Center 8.4.0 File Read (0)
10-06: HackTool.Win32.Agent.gi Buffer Overflow (0)
10-06: Backdoor.Win32.Prorat.lkt Hardcoded Password (0)
10-06: Tapatalk Plugins PHP Object Injection (0)
10-06: Backdoor.Win32.Prorat.lkt Man-In-The-Middle (0)
10-06: https://wanghinlad.go.th/license.txt (0)
10-06: https://www.sichomphu.go.th (0)
10-06: https://phuwiangsub.go.th (0)
10-06: Apache Fixes Actively Exploited Zero-Day Vulnerability, Patch Now (0)
10-06: [webapps] Apache HTTP Server 2.4.49 – Path Traversal (0)
10-06: [webapps] Wordpress Plugin BulletProof Security 5.1 – Sensitive Information Disclosure (0)
10-06: [webapps] Odine Solutions GateKeeper 1.0 – 'trafficCycle' SQL Injection (0)
10-06: [webapps] Atlassian Jira Server/Data Center 8.16.0 – Arbitrary File Read (0)
10-05: Backdoor.Win32.Prorat.lkt Man-In-The-Middle (0)
10-05: Payara Micro Community 5.2021.6 Directory Traversal (0)
10-05: Lodging Reservation Management System 1.0 SQL Injection (0)
10-05: College Management System 1.0 Arbitrary File Upload (0)
10-05: Pet Shop Management System 1.0 Privilege Escalation / Shell Upload (0)
10-05: Open Game Panel Remote Code Execution (0)
10-05: Vehicle Service Management System 1.0 SQL Injection (0)
10-05: Vehicle Service Managment System 1.0 Shell Upload (0)
10-05: Young Entrepreneur E-Negosyo System 1.0 SQL Injection (0)
10-05: Young Entrepreneur E-Negosyo System 1.0 Cross Site Scripting (0)
10-05: Lifestyle Store 1.0 Cross Site Scripting (0)
10-05: Gatekeeper Bypass Proof Of Concept (0)
10-05: College Management System 1.0 SQL Injection (0)
10-05: College Management System 1.0 Cross Site Scripting (0)
10-05: College Management System 1.0 Insecure Direct Object Reference (0)
10-05: Local Offices Contact Directory Site SQL Injection (0)
10-05: Company's Recruitment Management System SQL Injection (0)
10-05: Company’s Recruitment Management System SQL Injection (0)
10-05: [webapps] Wordpress Plugin MStore API 2.0.6 – Arbitrary File Upload (0)
10-05: [webapps] Wordpress Plugin TheCartPress 1.5.3.6 – Privilege Escalation (Unauthenticated) (0)
10-05: [webapps] Atlassian Confluence 7.12.2 – Pre-Authorization Arbitrary File Read (0)
10-05: [webapps] Student Quarterly Grading System 1.0 – SQLi Authentication Bypass (0)
10-04: [webapps] Young Entrepreneur E-Negosyo System 1.0 – SQL Injection Authentication Bypass (0)
10-04: [webapps] Open Game Panel – Remote Code Execution (RCE) (Authenticated) (0)
10-04: [webapps] Lodging Reservation Management System 1.0 – SQL Injection / Authentication Bypass (0)
10-04: [webapps] Payara Micro Community 5.2021.6 – Directory Traversal (0)
10-03: http://www.sidalocal.go.th/nad.htm (0)
10-02: CMSimple_XH 1.7.4 Remote Command Execution (0)
10-02: Vehicle Service Management System 1.0 Shell Upload (0)
10-02: Exam Form Submission System 1.0 SQL Injection (0)
10-02: Drupal MiniorangeSAML 8.x-2.22 Privilege Escalation (0)
10-02: Phpwcms 1.9.30 Cross Site Scripting (0)
10-02: Blood Bank System 1.0 SQL Injection (0)
10-02: WhatsUpGold 21.0.3 Cross Site Scripting (0)
10-02: Packet Storm New Exploits For September, 2021 (0)
10-01: Packet Storm New Exploits For September, 2021 (0)
10-01: Azure Active Directory Brute Forcer (0)
10-01: Pharmacy Point Of Sale System 1.0 SQL Injection (0)
10-01: WordPress JS Jobs Manager 1.1.7 Authorization Bypass (0)
10-01: Cmsimple 5.4 Remote Code Execution (0)
10-01: PlaceOS 1.2109.1 Open Redirection (0)
10-01: [webapps] CMSimple_XH 1.7.4 – Remote Code Execution (RCE) (Authenticated) (0)
10-01: [webapps] WhatsUpGold 21.0.3 – Stored Cross-Site Scripting (XSS) (0)
10-01: [webapps] Vehicle Service Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
10-01: [webapps] Phpwcms 1.9.30 – File Upload to XSS (0)
10-01: [webapps] Blood Bank System 1.0 – SQL Injection / Authentication Bypass (0)
10-01: [webapps] Exam Form Submission System 1.0 – SQL Injection Authentication Bypass (0)
10-01: [webapps] Dairy Farm Shop Management System 1.0 – SQL Injection Authentication Bypass (0)
10-01: [webapps] Drupal Module MiniorangeSAML 8.x-2.22 – Privilege escalation via XML Signature Wrapping (0)

September 2021 (321)

09-30: PlaceOS 1.2109.1 Open Redirection (0)
09-30: Covid Vaccination Scheduler System 1.0 SQL Injection / Cross Site Scripting (0)
09-30: OpenSIS 8.0 Cross Site Scripting (0)
09-30: WordPress Select All Categories And Taxonomies 1.3.1 Cross Site Scripting (0)
09-30: WordPress Redirect 404 To Parent 1.3.0 Cross Site Scripting (0)
09-30: Storage Unit Rental Management System 1.0 Shell Upload (0)
09-30: Google Extensible Service Proxy Header Forgery (0)
09-30: Mitrastar GPT-2541GNAC-N1 Privilege Escalation (0)
09-30: Pet Shop Management System 1.0 Shell Upload (0)
09-30: [webapps] Pharmacy Point of Sale System 1.0 – 'Multiple' SQL Injection (SQLi) (0)
09-30: [webapps] Cmsimple 5.4 – Remote Code Execution (RCE) (Authenticated) (0)
09-30: [webapps] Cyber Cafe Management System Project (CCMS) 1.0 – SQL Injection Authentication Bypass (0)
09-30: [webapps] Wordpress Plugin JS Jobs Manager 1.1.7 – Unauthenticated Plugin Install/Activation (0)
09-29: Pet Shop Management System 1.0 Shell Upload (0)
09-29: WordPress TranslatePress 2.0.8 Cross Site Scripting (0)
09-29: WordPress Contact Form 1.7.14 Cross Site Scripting (0)
09-29: WordPress Popup 1.10.4 Cross Site Scripting (0)
09-29: Apache James Server 2.3.2 Remote Command Execution (0)
09-29: WordPress Ultimate Maps 1.2.4 Cross Site Scripting (0)
09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Cross Site Request Forgery (0)
09-29: FatPipe Networks WARP 10.2.2 Authorization Bypass (0)
09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Configuration Disclosure (0)
09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Backdoor Account (0)
09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation (0)
09-29: [webapps] Pet Shop Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-29: [remote] Mitrastar GPT-2541GNAC-N1 – Privilege escalation (0)
09-29: [webapps] WordPress Plugin Redirect 404 to Parent 1.3.0 – Reflected Cross-Site Scripting (XSS) (0)
09-29: [webapps] WordPress Plugin Select All Categories and Taxonomies 1.3.1 – Reflected Cross-Site Scripting (XSS) (0)
09-29: [webapps] OpenSIS 8.0 – 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS) (0)
09-29: [webapps] Storage Unit Rental Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-28: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation (0)
09-28: iOS 15.0 Gamed Information Disclosure (0)
09-28: iOS 15.0 nehelper Enumeration (0)
09-28: iOS 15.0 Nehelper Wifi Info Entitlement Check Bypass (0)
09-28: [remote] Apache James Server 2.3.2 – Remote Command Execution (RCE) (Authenticated) (2) (0)
09-28: [webapps] WordPress Plugin Popup 1.10.4 – Reflected Cross-Site Scripting (XSS) (0)
09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – 'Add Admin' Cross-Site Request Forgery (CSRF) (0)
09-28: [webapps] WordPress Plugin Ultimate Maps 1.2.4 – Reflected Cross-Site Scripting (XSS) (0)
09-28: [webapps] WordPress Plugin Contact Form 1.7.14 – Reflected Cross-Site Scripting (XSS) (0)
09-28: [webapps] WordPress Plugin TranslatePress 2.0.8 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
09-28: (0)
09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – Remote Privilege Escalation (0)
09-28: [webapps] FatPipe Networks WARP 10.2.2 – Authorization Bypass (0)
09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – Config Download (Unauthenticated) (0)
09-27: Simple Attendance System 1.0 Authentication Bypass (0)
09-27: [local] Cyberfox Web Browser 52.9.1 – Denial-of-Service (PoC) (0)
09-27: [remote] Cisco small business RV130W 1.0.3.44 – Inject Counterfeit Routers (0)
09-27: [webapps] Library System 1.0 – 'student_id' SQL injection (Authenticated) (0)
09-27: [local] Ether_MP3_CD_Burner 1.3.8 – Buffer Overflow (SEH) (0)
09-27: [webapps] WordPress Plugin Wappointment 2.2.4 – Stored Cross-Site Scripting (XSS) (0)
09-25: https://www.ombudsman.go.th/krd.html (0)
09-25: SmarterTools SmarterTrack 7922 Information Disclosure (0)
09-25: OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service (0)
09-25: OpenVPN Monitor 1.1.3 Command Injection (0)
09-25: OpenVPN Monitor 1.1.3 Cross Site Request Forgery (0)
09-25: Apple Security Advisory 2021-09-23-1 (0)
09-25: Apple Security Advisory 2021-09-23-2 (0)
09-24: OpenVPN Monitor 1.1.3 Cross Site Request Forgery (0)
09-24: Apple Patches 3 More Zero-Days Under Active Attack (0)
09-24: 100M IoT Devices Exposed By Zero-Day Bug (0)
09-24: http://pymr.go.th/er.php (0)
09-24: Gurock Testrail 7.2.0.3014 Improper Access Control (0)
09-24: Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution (0)
09-24: WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery (0)
09-24: WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting (0)
09-24: Redragon Gaming Mouse Denial Of Service (0)
09-24: Police Crime Record Management Project 1.0 SQL Injection (0)
09-24: Pharmacy Point Of Sale System 1.0 SQL Injection (0)
09-24: WordPress 3DPrint Lite 1.9.1.4 Shell Upload (0)
09-24: [webapps] Pharmacy Point of Sale System 1.0 – SQLi Authentication BYpass (0)
09-24: [webapps] SmarterTools SmarterTrack 7922 – 'Multiple' Information Disclosure (0)
09-23: WordPress 3DPrint Lite 1.9.1.4 Shell Upload (0)
09-23: Cloudron 6.2 Cross Site Scripting (0)
09-23: Simple Attendance System 1.0 SQL Injection (0)
09-23: TotalAV 5.15.69 Unquoted Service Path (0)
09-23: Filerun 2021.03.26 Remote Code Execution (0)
09-23: Sentry 8.2.0 Remote Code Execution (0)
09-23: South Gate Inn Online Reservation System 1.0 Shell Upload / SQL Injection (0)
09-23: Online Reviewer System 1.0 Shell Upload (0)
09-23: e107 CMS 2.3.0 Shell Upload (0)
09-23: E-Negosyo System 1.0 SQL Injection (0)
09-23: E-Negosyo System 1.0 Shell Upload (0)
09-23: OpenCats 0.9.4-2 XML Injection (0)
09-23: Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race (0)
09-23: [webapps] Police Crime Record Management Project 1.0 – Time Based SQLi (0)
09-23: [webapps] WordPress Plugin Fitness Calculators 1.9.5 – Cross-Site Request Forgery (CSRF) (0)
09-23: [webapps] WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 – Reflected Cross-Site Scripting (XSS) (0)
09-23: [webapps] Backdrop CMS 1.20.0 – 'Multiple' Cross-Site Request Forgery (CSRF) (0)
09-23: [webapps] Wordpress Plugin 3DPrint Lite 1.9.1.4 – Arbitrary File Upload (0)
09-23: [dos] Redragon Gaming Mouse – 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) (0)
09-23: [webapps] Gurock Testrail 7.2.0.3014 – 'files.md5' Improper Access Control (0)
09-23: [webapps] Budget and Expense Tracker System 1.0 – Arbitrary File Upload (0)
09-22: Apple Security Advisory 2021-09-20-1 (0)
09-22: Apple Security Advisory 2021-09-20-2 (0)
09-22: Apple Security Advisory 2021-09-20-3 (0)
09-22: Apple Security Advisory 2021-09-20-4 (0)
09-22: Apple Security Advisory 2021-09-20-5 (0)
09-22: Apple Security Advisory 2021-09-20-6 (0)
09-22: Apple Security Advisory 2021-09-20-7 (0)
09-22: Apple Security Advisory 2021-09-20-8 (0)
09-22: Apple Security Advisory 2021-09-20-9 (0)
09-22: Apple Security Advisory 2021-09-20-10 (0)
09-22: Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race (0)
09-22: Yenkee Hornet Gaming Mouse Denial Of Service (0)
09-22: Church Management System 1.0 SQL Injection / Code Execution (0)
09-22: Trojan.Win32.Agent.xaamkd Insecure Permissions (0)
09-22: Budgets And Expense Tracker System 1.0 Shell Upload (0)
09-22: WebsiteBaker 2.13.0 Remote Code Execution (0)
09-22: Backdoor.Win32.Hupigon.asqx Unauthenticated Open Proxy (0)
09-22: Backdoor.Win32.Minilash.10.b Denial Of Service (0)
09-22: OpenCats 0.9.4 XML Injection (0)
09-22: ManageEngine OpManager SumPDU Java Deserialization (0)
09-22: [webapps] Filerun 2021.03.26 – Remote Code Execution (RCE) (Authenticated) (0)
09-22: [webapps] Simple Attendance System 1.0 – Unauthenticated Blind SQLi (0)
09-21: ManageEngine OpManager SumPDU Java Deserialization (0)
09-21: Maxpatrol 8 / Xspider Denial Of Service (0)
09-21: WordPress 5.7 Media Library XML Injection (0)
09-21: Church Management System 1.0 Shell Upload (0)
09-21: Online Food Ordering System 2.0 Shell Upload (0)
09-21: Budget And Expense Tracker System 1.0 SQL Injection (0)
09-21: Church Management System 1.0 SQL Injection (0)
09-21: T-Soft E-Commerce 4 Cross Site Request Forgery (0)
09-21: Microsoft Windows MSHTML Overview (0)
09-21: Apple Security Advisory 2021-09-13-1 (0)
09-21: Apple Security Advisory 2021-09-13-2 (0)
09-21: Apple Security Advisory 2021-09-13-3 (0)
09-21: Apple Security Advisory 2021-09-13-4 (0)
09-21: Apple Security Advisory 2021-09-13-5 (0)
09-21: [dos] Yenkee Hornet Gaming Mouse – 'GM312Fltr.sys' Denial-Of-Service (PoC) (0)
09-21: [webapps] WebsiteBaker 2.13.0 – Remote Code Execution (RCE) (Authenticated) (0)
09-21: [webapps] Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-20: Microsoft Windows MSHTML Overview (0)
09-20: http://chaleang.go.th/er.php (0)
09-20: [webapps] Budget and Expense Tracker System 1.0 – Authenticated Bypass (0)
09-20: [webapps] Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-20: [webapps] Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-20: [webapps] WordPress 5.7 – 'Media Library' XML External Entity Injection (XXE) (Authenticated) (0)
09-20: [webapps] Church Management System 1.0 – 'search' SQL Injection (Unauthenticated) (0)
09-20: [webapps] T-Soft E-Commerce 4 – change 'admin credentials' Cross-Site Request Forgery (CSRF) (0)
09-18: Simple Attendance System 1.0 SQL Injection (0)
09-18: Cloudron 6.2 Cross Site Scripting (0)
09-18: Library Management System 1.0 SQL Injection (0)
09-18: WordPress WooCommerce Booster 5.4.3 Authentication Bypass (0)
09-18: Geutebruck instantrec Remote Command Execution (0)
09-17: Geutebruck instantrec Remote Command Execution (0)
09-17: Impress CMS 1.4.2 Remote Code Execution (0)
09-17: Microsoft Windows cmd.exe Stack Buffer Overflow (0)
09-17: Git git-lfs Remote Code Execution (0)
09-17: Azure Zero Day Flaws Highlight Lurking Supply Chain Risk (0)
09-17: [webapps] Simple Attendance System 1.0 – Authenticated bypass (0)
09-17: [webapps] Library Management System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
09-17: [webapps] WordPress Plugin WooCommerce Booster Plugin 5.4.3 – Authentication Bypass (0)
09-16: Git git-lfs Remote Code Execution (0)
09-16: Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload (0)
09-16: Evolution CMS 3.1.6 Remote Code Execution (0)
09-16: AHSS-PHP 1.0 Cross Site Scripting / SQL Injection (0)
09-16: Support Board 3.3.3 SQL Injection (0)
09-16: elFinder Archive Command Injection (0)
09-16: [webapps] ImpressCMS 1.4.2 – Remote Code Execution (RCE) (Authenticated) (0)
09-15: elFinder Archive Command Injection (0)
09-15: http://kpp.nfe.go.th/kurd.html (0)
09-15: Men Salon Management System 1.0 Cross Site Scripting / SQL Injection (0)
09-15: WordPress Download From Files 1.48 Shell Upload (0)
09-15: Apartment Visitor Management System 1.0 Shell Upload / SQL Injection (0)
09-15: Active WebCam 11.5 Unquoted Service Path (0)
09-15: Purchase Order Management System 1.0 Shell Upload (0)
09-15: Facebook ParlAI 1.0.0 Code Execution / Deserialization (0)
09-15: Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload (0)
09-15: Ulfius Web Framework Remote Memory Corruption (0)
09-15: DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting (0)
09-15: Pair Of Google Chrome Zero Day Bugs Actively Exploited (0)
09-15: [webapps] AlphaWeb XE – File Upload Remote Code Execution (RCE) (Authenticated) (0)
09-15: [webapps] Seowon 130-SLC router – 'queriesCnt' Remote Code Execution (Unauthenticated) (0)
09-15: [webapps] Evolution CMS 3.1.6 – Remote Code Execution (RCE) (Authenticated) (0)
09-15: [webapps] Support Board 3.3.3 – 'Multiple' SQL Injection (Unauthenticated) (0)
09-14: DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting (0)
09-14: [webapps] Purchase Order Management System 1.0 – Remote File Upload (0)
09-13: [webapps] Men Salon Management System 1.0 – Multiple Vulnerabilities (0)
09-13: [local] Active WebCam 11.5 – Unquoted Service Path (0)
09-13: [webapps] Apartment Visitor Management System (AVMS) 1.0 – SQLi to RCE (0)
09-13: [local] Facebook ParlAI 1.0.0 – Deserialization of Untrusted Data in parlai (0)
09-13: [webapps] ECOA Building Automation System – Weak Default Credentials (0)
09-13: [webapps] ECOA Building Automation System – Path Traversal Arbitrary File Upload (0)
09-13: [webapps] Wordpress Plugin Download From Files 1.48 – Arbitrary File Upload (0)
09-13: [webapps] ECOA Building Automation System – Arbitrary File Deletion (0)
09-13: [webapps] ECOA Building Automation System – Local File Disclosure (0)
09-13: [local] ECOA Building Automation System – Missing Encryption Of Sensitive Information (0)
09-13: [webapps] ECOA Building Automation System – Remote Privilege Escalation (0)
09-13: (0)
09-13: [remote] ECOA Building Automation System – Hard-coded Credentials SSH Access (0)
09-13: [webapps] ECOA Building Automation System – Cookie Poisoning Authentication Bypass (0)
09-13: [webapps] ECOA Building Automation System – Configuration Download Information Disclosure (0)
09-13: [webapps] ECOA Building Automation System – Directory Traversal Content Disclosure (0)
09-13: [webapps] ECOA Building Automation System – 'multiple' Cross-Site Request Forgery (CSRF) (0)
09-10: POMS-PHP 1.0 SQL Injection (0)
09-10: (0)
09-10: HEUR.Trojan.Win32.Generic Insecure Permissions (0)
09-10: ECOA Building Automation System Weak Default Credentials (0)
09-10: ECOA Building Automation System Path Traversal / Arbitrary File Upload (0)
09-10: ECOA Building Automation System Directory Traversal (0)
09-10: Backdoor.Win32.VB.awm Authentication Bypass / Information Disclosure (0)
09-10: ECOA Building Automation System Cross Site Request Forgery (0)
09-10: ECOA Building Automation System Cookie Poisoning / Authentication Bypass (0)
09-10: ECOA Building Automation System Configuration Download Information Disclosure (0)
09-10: Backdoor.Win32.Wollf.h Code Execution (0)
09-10: ECOA Building Automation System Hardcoded SSH Credentials (0)
09-10: ECOA Building Automation System Missing Encryption (0)
09-10: ECOA Building Automation System Remote Privilege Escalation (0)
09-10: ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference (0)
09-10: ECOA Building Automation System Local File Disclosure (0)
09-10: Backdoor.Win32.WinterLove.i Hardcoded Credential (0)
09-10: ECOA Building Automation System Arbitrary File Deletion (0)
09-10: Internet Explorer JIT Optimization Memory Corruption (0)
09-10: Atlassian Confluence WebWork OGNL Injection (0)
09-10: https://spm-sk.go.th (0)
09-09: https://www.nkpthospital.go.th/readme.html (0)
09-09: WordPress TablePress 1.14 CSV Injection (0)
09-09: Rencode Denial Of Service (0)
09-09: Ionic Identity Vault 4.7 Android Biometric Authentication Bypass (0)
09-09: [webapps] Bus Pass Management System 1.0 – 'adminname' Stored Cross-Site Scripting (XSS) (0)
09-08: Ionic Identity Vault 4.7 Android Biometric Authentication Bypass (0)
09-08: Bus Pass Management System 1.0 Cross Site Scripting (0)
09-08: Argus Surveillance DVR 4.0 Unquoted Service Path (0)
09-08: FlatCore CMS 2.0.7 Remote Code Execution (0)
09-08: Antminer Monitor 0.5.0 Authentication Bypass (0)
09-08: Online Learning System 2 SQL Injection (0)
09-08: Bus Pass Management System 1.0 Insecure Direct Object Reference (0)
09-08: Backdoor.Win32.Nyara.aq Insecure Permissions (0)
09-08: Patient Appointment Scheduler System 1.0 Shell Upload (0)
09-08: Patient Appointment Scheduler System 1.0 Cross Site Scripting (0)
09-08: Backdoor.Win32.Small.gs Code Execution (0)
09-08: SmartFTP Client 10.0.2909.0 Denial Of Service (0)
09-08: WordPress WP Sitemap Page 1.6.4 Cross Site Scripting (0)
09-08: Backdoor.Win32.Small.vjt Code Execution (0)
09-08: WordPress Survey And Poll 1.5.7.3 SQL Injection (0)
09-08: https://osd101.ldd.go.th/lindex.php (0)
09-08: [webapps] WordPress Plugin TablePress 1.14 – CSV Injection (0)
09-07: http://www.inlandfisheries.go.th/lindex.php (0)
09-07: Backdoor.Win32.Small.vjt Code Execution (0)
09-07: [webapps] WordPress Plugin WP Sitemap Page 1.6.4 – Stored Cross-Site Scripting (XSS) (0)
09-06: http://www.pattaya.chonburi.police.go.th/README.txt (0)
09-06: [webapps] Antminer Monitor 0.5.0 – Authentication Bypass (0)
09-06: [dos] SmartFTP Client 10.0.2909.0 – 'Multiple' Denial of Service (0)
09-06: [webapps] Patient Appointment Scheduler System 1.0 – Persistent/Stored XSS (0)
09-06: [webapps] Patient Appointment Scheduler System 1.0 – Unauthenticated File Upload & Remote Code Execution (RCE) (0)
09-06: [webapps] Bus Pass Management System 1.0 – 'viewid' Insecure direct object references (IDOR) (0)
09-06: [webapps] FlatCore CMS 2.0.7 – Remote Code Execution (RCE) (Authenticated) (0)
09-06: [webapps] OpenEMR 6.0.0 – 'noteid' Insecure Direct Object Reference (IDOR) (0)
09-06: [local] Argus Surveillance DVR 4.0 – Unquoted Service Path (0)
09-04: Windows Defender Application Guard Denial Of Service (0)
09-04: jforum 2.7.0 Cross Site Scripting (0)
09-04: Remote Mouse 4.002 Unquoted Service Path (0)
09-04: OpenSIS 8.0 Directory Traversal (0)
09-04: Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal (0)
09-03: Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal (0)
09-03: WordPress Duplicate Page 4.4.1 Cross Site Scripting (0)
09-03: WPanel 4.3.1 Remote Code Execution (0)
09-03: Backdoor.Win32.MoonPie.40 Authentication Bypass / Code Execution (0)
09-03: OpenSIS Community 8.0 SQL Injection (0)
09-03: Compro Technology IP Camera Denial Of Service (0)
09-03: Backdoor.Win32.MoonPie.40 Man-In-The-Middle (0)
09-03: Compro Technology IP Camera RTSP Stream Disclosure (0)
09-03: Compro Technology IP Camera Credential Disclosure (0)
09-03: Dolibarr ERP/CRM 14.0.1 Privilege Escalation (0)
09-03: Backdoor.Win32.MoonPie.40 Remote Command Execution (0)
09-03: Compro Technology IP Camera Stream Disclosure (0)
09-03: Compro Technology IP Camera Screenshot Disclosure (0)
09-03: CyberArk Credential Provider Race Condition / Authorization Bypass (0)
09-03: Geutebruck Remote Command Execution (0)
09-03: [webapps] OpenSIS 8.0 'modname' – Directory/Path Traversal (0)
09-03: [local] Remote Mouse 4.002 – Unquoted Service Path (0)
09-02: Geutebruck Remote Command Execution (0)
09-02: Telegram Desktop 2.9.2 Denial Of Service (0)
09-02: COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection (0)
09-02: HiveNightmare AKA SeriousSAM (0)
09-02: WordPress GetPaid 2.4.6 HTML Injection (0)
09-02: Fabasoft Cloud Website Cross Site Scripting (0)
09-02: Traffic Offense Management System 1.0 SQL Injection / Remote Code Execution (0)
09-02: OpenEMR 6.0.0 Insecure Direct Object Reference (0)
09-02: Confluence Server 7.12.4 OGNL Injection Remote Code Execution (0)
09-02: Moxa Command Injection / Cross Site Scripting / Vulnerable Software (0)
09-02: Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation (0)
09-02: Packet Storm New Exploits For August, 2021 (0)
09-02: [webapps] WPanel 4.3.1 – Remote Code Execution (RCE) (Authenticated) (0)
09-02: [webapps] Compro Technology IP Camera – ' index_MJpeg.cgi' Stream Disclosure (0)
09-02: [webapps] Compro Technology IP Camera – 'Multiple' Credential Disclosure (0)
09-02: [webapps] Compro Technology IP Camera – RTSP stream disclosure (Unauthenticated) (0)
09-02: [webapps] OpenSIS Community 8.0 – 'cp_id_miss_attn' SQL Injection (0)
09-02: [webapps] Compro Technology IP Camera – 'killps.cgi' Denial-of-Service (DoS) (0)
09-02: [webapps] Compro Technology IP Camera – ' mjpegStreamer.cgi' Screenshot Disclosure (0)
09-02: [webapps] Dolibarr ERP/CRM 14.0.1 – Privilege Escalation (0)
09-01: Packet Storm New Exploits For August, 2021 (0)
09-01: MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation (0)
09-01: Strapi 3.0.0-beta.17.7 Remote Code Execution (0)
09-01: HEUR.Trojan.Win32.Delf.gen Insecure Permissions (0)
09-01: Bus Pass Management System 1.0 SQL Injection (0)
09-01: Backdoor.Win32.DarkKomet.aspl Insecure Permissions (0)
09-01: Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy (0)
09-01: Strapi CMS 3.0.0-beta.17.4 Remote Code Execution (0)
09-01: Backdoor.Win32.Antilam.11 Code Execution (0)
09-01: Ship Ferry Ticket Reservation System 1.0 SQL Injection (0)
09-01: Backdoor.Win32.Hupigon.abe Unauthenticated Open Proxy (0)
09-01: Projectsend r1295 Cross Site Scripting (0)
09-01: Strapi 3.0.0-beta Authentication Bypass (0)
09-01: Backdoor.Win32.Delf.um Authentication Bypass / Code Execution (0)
09-01: Online Leave Management System 1.0 SQL Injection (0)
09-01: Umbraco CMS 8.9.1 Traversal / Arbitrary File Write (0)
09-01: Backdoor.Win32.Delf.wr Authentication Bypass / Code Execution (0)
09-01: Backdoor.Win32.Delf.wr Man-In-The-Middle (0)
09-01: WordPress ProfilePress 3.1.3 Privilege Escalation (0)
09-01: Git LFS Clone Command Execution (0)
09-01: Backdoor.Win32.BO2K.11.d Buffer Overflow (0)
09-01: Backdoor.Win32.Hupigon.aejq Authentication Bypass / Code Execution (0)
09-01: Backdoor.Win32.Hupigon.aejq Man-In-The-Middle (0)
09-01: Backdoor.Win32.Hupigon.aejq Traversal (0)
09-01: BSCW Server XML Injection (0)
09-01: BSCW Server Remote Code Execution (0)
09-01: [dos] Telegram Desktop 2.9.2 – Denial of Service (PoC) (0)
09-01: [webapps] WordPress Plugin Payments Plugin | GetPaid 2.4.6 – HTML Injection (0)
09-01: [webapps] Traffic Offense Management System 1.0 – SQLi to Remote Code Execution (RCE) (Unauthenticated) (0)
09-01: [webapps] Confluence Server 7.12.4 – 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated) (0)

August 2021 (180)

08-31: BSCW Server Remote Code Execution (0)
08-31: [webapps] WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated) (0)
08-31: [webapps] Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated) (0)
08-30: [webapps] Projectsend r1295 – 'name' Stored XSS (0)
08-30: [webapps] Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated) (0)
08-30: [webapps] Strapi 3.0.0-beta – Set Password (Unauthenticated) (0)
08-30: [local] MySQL User-Defined (Linux) x32 / x86_64 – 'sys_exec' Local Privilege Escalation (2) (0)
08-30: [webapps] Usermin 1.820 – Remote Code Execution (RCE) (Authenticated) (0)
08-30: [webapps] Bus Pass Management System 1.0 – 'viewid' SQL Injection (0)
08-30: [webapps] Strapi CMS 3.0.0-beta.17.4 – Remote Code Execution (RCE) (Unauthenticated) (0)
08-30: [webapps] ZesleCP 3.1.9 – Remote Code Execution (RCE) (Authenticated) (0)
08-27: ProcessMaker 3.5.4 Local File Inclusion (0)
08-27: [webapps] CyberPanel 2.1 – Remote Code Execution (RCE) (Authenticated) (0)
08-26: ProcessMaker 3.5.4 Local File Inclusion (0)
08-26: WordPress Mail Masta 1.0 Local File Inclusion (0)
08-26: HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site Scripting (0)
08-26: Online Leave Management System 1.0 Shell Upload (0)
08-26: [webapps] ProcessMaker 3.5.4 – Local File inclusion (0)
08-25: Online Leave Management System 1.0 Shell Upload (0)
08-25: [webapps] Online Leave Management System 1.0 – Arbitrary File Upload to Shell (Unauthenticated) (0)
08-25: [webapps] HP OfficeJet 4630/7110 MYM1FN2025AR/2117A – Stored Cross-Site Scripting (XSS) (0)
08-25: [webapps] WordPress Plugin Mail Masta 1.0 – Local File Inclusion (2) (0)
08-24: Simple Phone Book/Directory 1.0 SQL Injection (0)
08-24: RaspAP 2.6.6 Remote Code Execution (0)
08-24: Shoutcast Server 2.6.0.753 Crash (0)
08-24: Online Traffic Offense Management System 1.0 Remote Code Execution (0)
08-24: https://thailandcoralbleaching.dmcr.go.th/index.html (0)
08-24: https://itcenter.dmcr.go.th/index.html (0)
08-24: http://form.dmcr.go.th/index.html (0)
08-23: Online Traffic Offense Management System 1.0 Remote Code Execution (0)
08-23: [webapps] RaspAP 2.6.6 – Remote Code Execution (RCE) (Authenticated) (0)
08-23: [webapps] Simple Phone book/directory 1.0 – 'Username' SQL Injection (Unauthenticated) (0)
08-23: [webapps] Online Traffic Offense Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
08-21: https://www.ccit.go.th/azu.php (0)
08-21: Laundry Booking Management System 1.0 Cross Site Scripting (0)
08-21: Laundry Booking Management System 1.0 SQL Injection (0)
08-21: NetModule Router Software Password Handling / Session Fixation (0)
08-21: Online Traffic Offense Management System 1.0 SQL Injection (0)
08-21: Microsoft Exchange ProxyShell Remote Code Execution (0)
08-20: Microsoft Exchange ProxyShell Remote Code Execution (0)
08-20: Charity Management System CMS 1.0 Code Execution / XSS / SQL Injection (0)
08-20: WebKit WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy Heap Use-After-Free (0)
08-20: JavaScriptCore Crash Proof Of Concept (0)
08-20: WebKit Element::dispatchMouseEvent Heap Use-After-Free (0)
08-20: Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials (0)
08-20: [webapps] Laundry Booking Management System 1.0 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
08-20: [webapps] Laundry Booking Management System 1.0 – 'Multiple' SQL Injection (0)
08-20: [webapps] Online Traffic Offense Management System 1.0 – 'id' SQL Injection (Authenticated) (0)
08-19: Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials (0)
08-19: Fortinet Slams Rapid7 For Disclosing Vulnerability (0)
08-19: COVID-19 Testing Management System 1.0 SQL Injection (0)
08-19: Hospital Management System Cross Site Scripting (0)
08-19: Crime Records Management System 1.0 SQL Injection (0)
08-19: Crossfire Server 1.0 Buffer Overflow (0)
08-19: Simple Image Gallery 1.0 Shell Upload (0)
08-19: [webapps] Charity Management System CMS 1.0 – Multiple Vulnerabilities (0)
08-18: Simple Image Gallery 1.0 Shell Upload (0)
08-18: http://mueang.chanthaburi.doae.go.th (0)
08-18: SonicWall NetExtender 10.2.0.300 Unquoted Service Path (0)
08-18: Cyberoam NetGenie Cross Site Scripting (0)
08-18: GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution (0)
08-18: Lucee Administrator imgProcess.cfm Arbitrary File Write (0)
08-18: [remote] crossfire-server 1.9.0 – 'SetUp()' Remote Buffer Overflow (0)
08-18: [webapps] Simple Image Gallery 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
08-18: [webapps] COVID19 Testing Management System 1.0 – 'Multiple' SQL Injections (0)
08-18: [webapps] Crime records Management System 1.0 – 'Multiple' SQL Injection (Authenticated) (0)
08-17: Lucee Administrator imgProcess.cfm Arbitrary File Write (0)
08-17: Tiny Java Web Server 1.115 Cross Site Scripting (0)
08-17: Firebase PHP-JWT Algorithm Confusion (0)
08-17: CentOS Web Panel 0.9.8.1081 Cross Site Scripting (0)
08-17: NetGear D1500 1.0.0.21_1.0.1PE Cross Site Scripting (0)
08-17: COMMAX Biometric Access Control System 1.0.0 Cross Site Scripting (0)
08-17: Chrome JS WasmJs::InstallConditionalFeatures Object Corruption (0)
08-17: Simple Water Refilling Station Management System 1.0 SQL Injection (0)
08-17: Simple Water Refilling Station Management System 1.0 Shell Upload (0)
08-17: COMMAX Biometric Access Control System 1.0.0 Authentication Bypass (0)
08-17: TastyIgniter 3.0.7 Cross Site Scripting (0)
08-17: COMMAX Smart Home IoT Control System CDP-1020n SQL Injection (0)
08-17: COMMAX WebViewer ActiveX Control 2.1.4.5 Buffer Overflow (0)
08-17: COMMAX UMS Client ActiveX Control 1.7.0.2 Buffer Overflow (0)
08-17: COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credential Disclosure (0)
08-17: COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS (0)
08-17: COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure (0)
08-17: [webapps] GeoVision Geowebserver 5.3.3 – LFI / XSS / HHI / RCE (0)
08-17: [local] SonicWall NetExtender 10.2.0.300 – Unquoted Service Path (0)
08-16: COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure (0)
08-16: [webapps] COMMAX CVD-Axx DVR 5.1.4 – Weak Default Credentials Stream Disclosure (0)
08-16: [webapps] COMMAX Smart Home Ruvie CCTV Bridge DVR Service – RTSP Credentials Disclosure (0)
08-16: [webapps] COMMAX Smart Home IoT Control System CDP-1020n – SQL Injection Authentication Bypass (0)
08-16: [webapps] COMMAX Biometric Access Control System 1.0.0 – Authentication Bypass (0)
08-16: [webapps] Simple Water Refilling Station Management System 1.0 – Authentication Bypass (0)
08-16: [webapps] Simple Water Refilling Station Management System 1.0 – Remote Code Execution (RCE) through File Upload (0)
08-16: [webapps] CentOS Web Panel 0.9.8.1081 – Stored Cross-Site Scripting (XSS) (0)
08-16: [webapps] COMMAX Smart Home Ruvie CCTV Bridge DVR Service – Config Write / DoS (Unauthenticated) (0)
08-16: [webapps] NetGear D1500 V1.0.0.21_1.0.1PE – 'Wireless Repeater' Stored Cross-Site Scripting (XSS) (0)
08-14: RATES SYSTEM 1.0 SQL Injection (0)
08-14: Police Crime Record Management System 1.0 SQL Injection (0)
08-14: Police Crime Record Management System 1.0 Cross Site Scripting (0)
08-14: Easy-Mock 1.6.0 Remote Code Execution (0)
08-14: Chikitsa 2.0.0 Cross Site Scripting (0)
08-14: Care2x Open Source Hospital Information Management 2.7 Alpha XSS (0)
08-14: 4images 1.8 SQL Injection (0)
08-14: Simple Image Gallery System 1.0 SQL Injection (0)
08-14: HackTool.Win32.HKit Remote Command Execution (0)
08-14: PluXML 5.8.7 Cross Site Scripting (0)
08-13: http://www.sesalpglpn.go.th/index.html (0)
08-13: PluXML 5.8.7 Cross Site Scripting (0)
08-13: Xiaomi 10.2.4.g Information Disclosure (0)
08-13: COVID19 Testing Management System 1.0 SQL Injection (0)
08-13: RATES SYSTEM 1.0 SQL Injection (0)
08-13: Atlassian Crowd pdkinstall Remote Code Execution (0)
08-13: Lexmark Driver Privilege Escalation (0)
08-13: [webapps] Simple Image Gallery System 1.0 – 'id' SQL Injection (0)
08-13: [webapps] easy-mock 1.6.0 – Remote Code Execution (RCE) (Authenticated) (0)
08-13: [webapps] 4images 1.8 – 'limitnumber' SQL Injection (Authenticated) (0)
08-12: Lexmark Driver Privilege Escalation (0)
08-12: Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy (0)
08-12: Backdoor.Win32.IRCBot.gen Hardcoded Credential (0)
08-12: HackTool.Win32.Hidd.b Buffer Overflow (0)
08-12: Canon TR150 Driver 3.71.2.10 Privilege Escalation (0)
08-12: http://www.pri1.go.th/yo.php (0)
08-12: [webapps] RATES SYSTEM 1.0 – 'Multiple' SQL Injections (0)
08-12: [webapps] Altova MobileTogether Server 7.3 – XML External Entity Injection (XXE) (0)
08-12: [webapps] COVID19 Testing Management System 1.0 – 'searchdata' SQL Injection (0)
08-11: Canon TR150 Driver 3.71.2.10 Privilege Escalation (0)
08-11: http://english.dip.go.th/ma.txt (0)
08-11: Cockpit CMS 0.11.1 NoSQL Injection (0)
08-11: WordPress LifterLMS 4.21.1 Insecure Direct Object Reference (0)
08-11: IPCop 2.1.9 Remote Code Execution (0)
08-11: Facebook For Android Friend Acceptance (0)
08-11: WordPress Picture Gallery 1.4.2 Cross Site Scripting (0)
08-11: Simple Library Management System 1.0 SQL Injection (0)
08-11: MobileTogether Server 7.3 XML Injection (0)
08-10: MobileTogether Server 7.3 XML Injection (0)
08-10: OneNav Beta 0.9.12 Cross Site Scripting (0)
08-10: Microsoft Windows Malicious Software Removal Tool Privilege Escalation (0)
08-10: [webapps] Cockpit CMS 0.11.1 – 'Username Enumeration & Password Reset' NoSQL Injection (0)
08-10: [local] Amica Prodigy 1.7 – Privilege Escalation (0)
08-10: [webapps] IPCop 2.1.9 – Remote Code Execution (RCE) (Authenticated) (0)
08-09: Microsoft Windows Malicious Software Removal Tool Privilege Escalation (0)
08-09: https://udn1.go.th/yo.php (0)
08-07: http://www.nongtongpattana.go.th (0)
08-07: Amica Prodigy 1.7 Privilege Escalation (0)
08-07: Constructor.Win32.SS.11.c Unauthenticated Open Proxy (0)
08-07: Trojan-Dropper.Win32.Small.fp Unauthenticated Open Proxy (0)
08-07: Backdoor.Win32.Zdemon.10 Remote Command Execution (0)
08-07: Backdoor.Win32.Zdemon.126 Remote Command Execution (0)
08-07: Backdoor.Win32.Zaratustra Remote File Write / Code Execution (0)
08-06: Backdoor.Win32.Zaratustra Remote File Write / Code Execution (0)
08-06: CMSuno 1.7 Cross Site Scripting (0)
08-06: Moodle 3.9 Remote Code Execution (0)
08-06: GFI Mail Archiver 15.1 Arbitrary File Upload (0)
08-05: GFI Mail Archiver 15.1 Arbitrary File Upload (0)
08-05: Apache OfBiz 17.12.01 Remote Command Execution (0)
08-05: WordPress WP Customize Login 1.1 Cross Site Scripting (0)
08-05: Riak Insecure Default Configuration / Remote Command Execution (0)
08-05: Client Management System 1.1 Cross Site Scripting (0)
08-05: qdPM 9.2 Information Disclosure (0)
08-05: [webapps] GFI Mail Archiver 15.1 – Telerik UI Component Arbitrary File Upload (Unauthenticated) (0)
08-05: [webapps] CMSuno 1.7 – 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated) (0)
08-05: [webapps] Moodle 3.9 – Remote Code Execution (RCE) (Authenticated) (0)
08-04: http://www.kuangrod.go.th (0)
08-04: qdPM 9.2 Information Disclosure (0)
08-04: Hotel Management System 1.0 Cross Site Scripting / Shell Upload (0)
08-04: [webapps] ApacheOfBiz 17.12.01 – Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments (0)
08-04: [webapps] qdPM 9.2 – DB Connection String and Password Exposure (Unauthenticated) (0)
08-04: [webapps] qdPM 9.1 – Remote Code Execution (RCE) (Authenticated) (0)
08-04: [webapps] WordPress Plugin WP Customize Login 1.1 – 'Change Logo Title' Stored Cross-Site Scripting (XSS) (0)
08-04: [webapps] Client Management System 1.1 – 'cname' Stored Cross-site scripting (XSS) (0)
08-03: https://rayonghospital.go.th/pwn.htm (0)
08-03: Hotel Management System 1.0 Cross Site Scripting / Shell Upload (0)
08-03: Men Salon Management System 1.0 SQL Injection (0)
08-03: Neo4j 3.4.18 Remote Code Execution (0)
08-03: Online Hotel Reservation System 1.0 Cross Site Scripting (0)
08-03: Packet Storm New Exploits For July, 2021 (0)
08-03: [webapps] Hotel Management System 1.0 – Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE) (0)
08-02: Packet Storm New Exploits For July, 2021 (0)
08-02: [webapps] Online Hotel Reservation System 1.0 – 'Multiple' Cross-site scripting (XSS) (0)
08-02: [remote] Neo4j 3.4.18 – RMI based Remote Code Execution (RCE) (0)
08-02: [webapps] Men Salon Management System 1.0 – SQL Injection Authentication Bypass (0)

July 2021 (311)

07-31: ObjectPlanet Opinio 7.13 / 7.14 XML Injection (0)
07-31: ObjectPlanet Opinio 7.13 Expression Language Injection (0)
07-31: ObjectPlanet Opinio 7.13 Shell Upload (0)
07-31: Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery (0)
07-31: Pi-Hole Remove Commands Linux Privilege Escalation (0)
07-31: http://korat7.go.th/hi.htm (0)
07-30: Pi-Hole Remove Commands Linux Privilege Escalation (0)
07-30: IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration (0)
07-30: Care2x Integrated Hospital Info System 2.7 SQL Injection (0)
07-30: CloverDX 5.9.0 Code Execution / Cross Site Request Forgery (0)
07-30: ObjectPlanet Opinio 7.12 Cross Site Scripting (0)
07-30: Denver IP Camera SHO-110 Snapshot Disclosure (0)
07-30: Longjing Technology BEMS API 1.21 Remote Arbitrary File Download (0)
07-30: Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection (0)
07-30: Microsoft Exchange AD Schema Misconfiguration Privilege Escalation (0)
07-29: Microsoft Exchange AD Schema Misconfiguration Privilege Escalation (0)
07-29: http://secondary33.go.th/vuln.gif (0)
07-29: TripSpark VEO Transportation SQL Injection (0)
07-29: eGain Chat 15.5.5 Cross Site Scripting (0)
07-29: Denver Smart Wifi Camera SHC-150 Remote Code Execution (0)
07-29: Event Registration System With QR Code 1.0 Shell Upload (0)
07-29: Backdoor.Win32.WinShell.40 Code Execution (0)
07-29: Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers (0)
07-29: [webapps] Oracle Fatwire 6.3 – Multiple Vulnerabilities (0)
07-29: [webapps] CloverDX 5.9.0 – Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) (0)
07-29: [webapps] Care2x Integrated Hospital Info System 2.7 – 'Multiple' SQL Injection (0)
07-29: [webapps] IntelliChoice eFORCE Software Suite 2.5.9 – Username Enumeration (0)
07-29: [webapps] Longjing Technology BEMS API 1.21 – Remote Arbitrary File Download (0)
07-29: [webapps] Denver IP Camera SHO-110 – Unauthenticated Snapshot (0)
07-28: Backdoor.Win32.WinShell.40 Code Execution (0)
07-28: WordPress Social Warfare 3.5.2 Remote Code Execution (0)
07-28: PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection (0)
07-28: https://kangplu.go.th/krz.html (0)
07-28: https://bantan.go.th/krz.html (0)
07-28: https://samrong.go.th/krz.html (0)
07-28: https://khamtalayso.go.th/krz.html (0)
07-28: https://nonyor.go.th/krz.html (0)
07-28: https://naimeung.go.th/krz.html (0)
07-28: [webapps] TripSpark VEO Transportation – Blind SQL Injection (0)
07-28: [remote] Denver Smart Wifi Camera SHC-150 – 'Telnet' Remote Code Execution (RCE) (0)
07-28: [webapps] Event Registration System with QR Code 1.0 – Authentication Bypass & RCE (0)
07-27: PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection (0)
07-27: Zabbix 5.x SQL Injection / Cross Site Scripting (0)
07-27: Elasticsearch ECE 7.13.3 Database Disclosure (0)
07-27: Backdoor.Win32.Hupigon.aaur Unauthenticated Open Proxy (0)
07-27: Backdoor.Win32.Mazben.me Unauthenticated Open Proxy (0)
07-27: Leawo Prof. Media 11.0.0.1 Denial Of Service (0)
07-27: Backdoor.Win32.Agent.cu Authentication Bypass (0)
07-27: XOS Shop 1.0.9 Arbitrary File Deletion (0)
07-27: Backdoor.Win32.Agent.cu Man-In-The-Middle (0)
07-27: Backdoor.Win32.Agent.cu Code Execution (0)
07-27: Backdoor.Win32.PsyRat.b Denial Of Service (0)
07-27: NoteBurner 2.35 Denial Of Service (0)
07-27: Backdoor.Win32.PsyRat.b Code Execution (0)
07-27: WordPress Modern Events Calendar Remote Code Execution (0)
07-27: Backdoor.Win32.Bifrose.acci Buffer Overflow (0)
07-27: Backdoor.Win32.Nbdd.bgz Buffer Overflow (0)
07-27: WordPress SP Project And Document Remote Code Execution (0)
07-27: [webapps] PHP 7.3.15-3 – 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection (0)
07-27: [webapps] Customer Relationship Management System (CRM) 1.0 – Sql Injection Authentication Bypass (0)
07-26: [webapps] XOS Shop 1.0.9 – 'Multiple' Arbitrary File Deletion (Authenticated) (0)
07-26: [webapps] NoteBurner 2.35 – Denial Of Service (DoS) (PoC) (0)
07-26: [dos] Leawo Prof. Media 11.0.0.1 – Denial of Service (DoS) (PoC) (0)
07-26: [webapps] Elasticsearch ECE 7.13.3 – Anonymous Database Dump (0)
07-24: WordPress Simple Post 1.1 Cross Site Scripting (0)
07-24: Microsoft SharePoint Server 2019 Remote Code Execution (0)
07-24: ElasticSearch 7.13.3 Memory Disclosure (0)
07-23: Apple Security Advisory 2021-07-21-1 (0)
07-23: Apple Security Advisory 2021-07-21-2 (0)
07-23: Apple Security Advisory 2021-07-21-3 (0)
07-23: Apple Security Advisory 2021-07-21-4 (0)
07-23: Apple Security Advisory 2021-07-21-5 (0)
07-23: Apple Security Advisory 2021-07-21-6 (0)
07-23: Apple Security Advisory 2021-07-21-7 (0)
07-23: ElasticSearch 7.13.3 Memory Disclosure (0)
07-23: [webapps] ElasticSearch 7.13.3 – Memory disclosure (0)
07-23: [webapps] WordPress Plugin Simple Post 1.1 – 'Text field' Stored Cross-Site Scripting (XSS) (0)
07-22: NSO Will No Longer Talk To The Press About Damning Reports (0)
07-22: Vehicle Parking Management System 1.0 Cross Site Scripting (0)
07-22: Vehicle Parking Management System 1.0 SQL Injection (0)
07-22: Online Shopping Portal 3.1 SQL Injection (0)
07-22: News Portal Project 3.1 SQL Injection (0)
07-22: CSZ CMS 1.2.9 Arbitrary File Deletion (0)
07-22: Ampache 4.4.2 Cross Site Scripting (0)
07-22: Sequoia: A Deep Root In Linux's Filesystem Layer (0)
07-22: WordPress Backup Guard Authenticated Remote Code Execution (0)
07-22: Sage X3 Administration Service Authentication Bypass / Command Execution (0)
07-21: WordPress KN Fix Your Title 1.0.1 Cross Site Scripting (0)
07-21: Webmin 1.973 Cross Site Request Forgery (0)
07-21: Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation (0)
07-21: Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization (0)
07-21: KevinLAB BEMS 1.0 Undocumented Backdoor Account (0)
07-21: KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass (0)
07-21: KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure (0)
07-21: Apple Under Pressure Over iPhone Security After NSO Spyware Claims (0)
07-21: [webapps] CSZ CMS 1.2.9 – 'Multiple' Arbitrary File Deletion (0)
07-21: [webapps] KevinLAB BEMS 1.0 – File Path Traversal Information Disclosure (Authenticated) (0)
07-21: [webapps] KevinLAB BEMS 1.0 – Unauthenticated SQL Injection / Authentication Bypass (0)
07-21: [remote] KevinLAB BEMS 1.0 – Undocumented Backdoor Account (0)
07-20: http://www.takesa1.go.th (0)
07-20: Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation (0)
07-20: PEEL Shopping 9.3.0 SQL Injection (0)
07-20: HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy (0)
07-20: HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy (0)
07-20: Backdoor.Win32.IRCBot.gen Weak Hardcoded Password (0)
07-20: HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions (0)
07-20: WordPress LearnPress SQL Injection (0)
07-20: WordPress LearnPress Privilege Escalation (0)
07-20: HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions (0)
07-20: Backdoor.Win32.Agent.bjev Insecure Permissions (0)
07-20: Dolibarr ERP/CRM 10.0.6 Login Brute Forcer (0)
07-20: Trojan-Spy.Win32.SpyEyes.abdb Insecure Permissions (0)
07-20: Trojan-Spy.Win32.SpyEyes.hqd Insecure Permissions (0)
07-20: WordPress Mimetic Books 0.2.13 Cross Site Scripting (0)
07-20: Backdoor.Win32.IRCBot.gen Remote Command Execution (0)
07-20: [webapps] WordPress Plugin KN Fix Your Title 1.0.1 – 'Separator' Stored Cross-Site Scripting (XSS) (0)
07-19: [webapps] PEEL Shopping 9.3.0 – 'id' Time-based SQL Injection (0)
07-19: [webapps] Dolibarr ERP/CRM 10.0.6 – Login Brute Force (0)
07-19: [webapps] WordPress Plugin Mimetic Books 0.2.13 – 'Default Publisher ID field' Stored Cross-Site Scripting (XSS) (0)
07-19: [webapps] WordPress Plugin LearnPress 3.2.6.7 – 'current_items' SQL Injection (Authenticated) (0)
07-19: [webapps] WordPress Plugin LearnPress 3.2.6.8 – Privilege Escalation (0)
07-17: VMware ThinApp DLL Hijacking (0)
07-17: Aruba Instant (IAP) Remote Code Execution (0)
07-17: Seagate BlackArmor NAS sg2000-2000.1331 Command Injection (0)
07-17: Aruba Instant 8.7.1.0 Arbitrary File Modification (0)
07-17: ForgeRock Access Manager/OpenAM 14.6.3 Remote Code Execution (0)
07-17: Argus Surveillance DVR 4.0 Weak Password Encryption (0)
07-17: OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting (0)
07-17: Linux Kernel Netfilter Heap Out-Of-Bounds Write (0)
07-16: Linux Kernel Netfilter Heap Out-Of-Bounds Write (0)
07-16: https://www.forest.go.th/by.html (0)
07-16: Safari Zero-Day Used In LinkedIn Campaign (0)
07-16: osCommerce 2.3.4.1 Remote Code Execution (0)
07-16: WordPress Popular Posts 5.3.2 Shell Upload (0)
07-16: Tor Half-Closed Connection Stream Confusion (0)
07-16: [remote] Aruba Instant 8.7.1.0 – Arbitrary File Modification (0)
07-16: [webapps] ForgeRock Access Manager/OpenAM 14.6.3 – Remote Code Execution (RCE) (Unauthenticated) (0)
07-16: [local] Argus Surveillance DVR 4.0 – Weak Password Encryption (0)
07-16: [webapps] Seagate BlackArmor NAS sg2000-2000.1331 – Command Injection (0)
07-15: iOS Zero-Day Let SolarWinds Hackers Compromise iPhones (0)
07-15: Google Details Recent Malware Campaigns Amid Uptick In Zero-Day Attacks (0)
07-15: https://e-service.loei2.go.th/report/resource/krz.txt (0)
07-15: http://nakhonphanom.rid.go.th/wp-includes_/krz.txt (0)
07-15: http://rio14data.rid.go.th/data_rio14/finance/krz.txt (0)
07-15: http://yasothon.rid.go.th/wp-content/krz.txt (0)
07-15: http://krabi.rid.go.th/kbi/wp-content/krz.txt (0)
07-15: http://pasakjolasid.rid.go.th/krz.txt (0)
07-15: http://songkhla.rid.go.th/wp-content//krz.txt (0)
07-15: http://phakhai.rid.go.th/2021/sites/krz.txt (0)
07-15: http://rio11.rid.go.th/images/krz.txt (0)
07-15: http://kangkrachan.rid.go.th/images/krz.txt (0)
07-15: http://maelao.rid.go.th/krz.txt (0)
07-15: http://narathiwat.rid.go.th/17/tmp/krz.txt (0)
07-15: http://rio2.rid.go.th/krz.txt (0)
07-15: http://nongwai.rid.go.th/nw/tmp/krz.txt (0)
07-15: http://surin.rid.go.th/images/krz.txt (0)
07-15: Tor Half-Closed Connection Stream Confusion (0)
07-15: https://www.jvkorat.go.th/pi.html (0)
07-15: Webmin 1.973 Cross Site Request Forgery (0)
07-15: WordPress Current Book 1.0.1 Cross Site Scripting (0)
07-15: Microsoft Hyper-V vmswitch.sys Proof Of Concept (0)
07-15: Realtek RTKVHD64.sys Out-Of-Bounds Access (0)
07-15: Windows TCP/IP Denial Of Service (0)
07-15: XNU Network Stack Kernel Heap Overflow (0)
07-15: Microsoft Windows CreateProcessWithLogon Write Restricted Service Privilege Escalation (0)
07-15: Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution (0)
07-15: [webapps] osCommerce 2.3.4.1 – Remote Code Execution (2) (0)
07-15: [webapps] WordPress Plugin Popular Posts 5.3.2 – Remote Code Execution (RCE) (Authenticated) (0)
07-14: Apache Tomcat 9.0.0M1 Open Redirect (0)
07-14: Apache Tomcat 9.0.0.M1 Cross Site Scripting (0)
07-14: HEUR.Backdoor.Win32.Agent.gen Insecure Permissions (0)
07-14: Backdoor.IRC.Ataka.a Insecure Permissions (0)
07-14: Trojan-Proxy.Win32.Ranky.gen Unauthenticated Open Proxy (0)
07-14: Backdoor.Win32.NerTe.a Authentication Bypass / Code Execution (0)
07-14: Pandora FMS 7.54 Cross Site Scripting (0)
07-14: Backdoor.Win32.NerTe.a Unauthenticated Remote Command Execution (0)
07-14: Trojan.Win32.RASFlooder.b Hardcoded Password (0)
07-14: Backdoor.Win32.Surila.j Man-In-The-Middle / Port Bounce (0)
07-14: Backdoor.Win32.Surila.j Authentication Bypass (0)
07-14: OpenEMR 5.0.1.3 Shell Upload (0)
07-14: VirTool.Win32.Afix Buffer Overflow / Code Execution (0)
07-14: WordPress WPFront Notification Bar 1.9.1.04012 Cross Site Scripting (0)
07-14: Garbage Collection Management System 1.0 Shell Upload / SQL Injection (0)
07-14: Backdoor.Win32.Surila.j Denial Of Service (0)
07-14: Invoice System 1.0 Cross Site Scripting (0)
07-14: VirTool.Win32.Afix Buffer Overflow / Code Execution (0)
07-14: ForgeRock / OpenAM Jato Java Deserialization (0)
07-14: VMware vCenter Server Virtual SAN Health Check Remote Code Execution (0)
07-14: SolarWinds Issues Hotfix For Zero-Day Flaw Under Active Attack (0)
07-14: [webapps] WordPress Plugin Current Book 1.0.1 – 'Book Title and Author field' Stored Cross-Site Scripting (XSS) (0)
07-14: [webapps] Webmin 1.973 – Cross-Site Request Forgery (CSRF) (0)
07-13: [webapps] Garbage Collection Management System 1.0 – SQL Injection + Arbitrary File Upload (0)
07-13: [webapps] OpenEMR 5.0.1.3 – 'manage_site_files' Remote Code Execution (Authenticated) (2) (0)
07-13: [webapps] Invoice System 1.0 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
07-13: [webapps] Apache Tomcat 9.0.0.M1 – Open Redirect (0)
07-13: [webapps] WordPress Plugin WPFront Notification Bar 1.9.1.04012 – Stored Cross-Site Scripting (XSS) (0)
07-13: [webapps] Apache Tomcat 9.0.0.M1 – Cross-Site Scripting (XSS) (0)
07-10: Zoo Management System 1.0 Cross Site Scripting (0)
07-10: Church Management System 1.0 Shell Upload / SQL Injection (0)
07-10: Polkit D-Bus Authentication Bypass (0)
07-09: WordPress SP Project And Document Manager 4.21 Shell Upload (0)
07-09: Employee Record Management System 1.2 Cross Site Scripting (0)
07-09: Online Covid Vaccination Scheduler System 1.0 Shell Upload (0)
07-09: MpEngine ASProtect Embedded Runtime DLL Memory Corruption (0)
07-09: Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload (0)
07-09: [webapps] Zoo Management System 1.0 – 'Multiple' Stored Cross-Site-Scripting (XSS) (0)
07-09: [webapps] Church Management System 1.0 – SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE (0)
07-08: Online Covid Vaccination Scheduler System 1.0 SQL Injection (0)
07-08: Docker Dashboard Remote Command Execution (0)
07-08: Rocket.Chat 3.12.1 NoSQL Injection / Code Execution (0)
07-08: WordPress Plainview Activity Monitor 20161228 Remote Code Execution (0)
07-08: Okta Access Gateway 2020.5.5 Authenticated Remote Root (0)
07-08: [webapps] Wordpress Plugin SP Project & Document Manager 4.21 – Remote Code Execution (RCE) (Authenticated) (0)
07-08: [webapps] Wyomind Help Desk 1.3.6 – Remote Code Execution (RCE) (0)
07-08: [webapps] Employee Record Management System 1.2 – Stored Cross-Site Scripting (XSS) (0)
07-08: [webapps] Online Covid Vaccination Scheduler System 1.0 – Arbitrary File Upload to Remote Code Execution (Unauthenticated) (0)
07-08: [webapps] Exam Hall Management System 1.0 – Unrestricted File Upload + RCE (Unauthenticated) (0)
07-07: Visual Tools DVR VX16 4.2.28 Privilege Escalation (0)
07-07: Netgear DGN2200v1 Remote Command Execution (0)
07-07: Black Box Kvm Extender 3.4.31307 Local File Inclusion (0)
07-07: Backdoor.Win32.NerTe.781 Authentication Bypass / Code Execution (0)
07-07: Visual Tools DVR VX16 4.2.28.0 Command Injection (0)
07-07: