__–::: Deepquest :::–__ » Archives

rss feed

Archives

September 2020 (153)

09-24: Online Food Ordering System 1.0 Remote Code Execution (0)
09-23: Seat Reservation System 1.0 Shell Upload (0)
09-23: Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution (0)
09-23: Flatpress Add Blog 1.0.3 Cross Site Scripting (0)
09-23: GoogleCloudPlatform OSConfig Privilege Escalation (0)
09-23: Seat Reservation System 1.0 SQL Injection (0)
09-23: Visitor Management System In PHP 1.0 SQL Injection (0)
09-23: Visitor Management System In PHP 1.0 Cross Site Scripting (0)
09-23: Jenkins 2.56 CLI Deserialization / Code Execution (0)
09-23: Artica Proxy 4.30.000000 Authentication Bypass / Command Injection (0)
09-23: [webapps] Online Food Ordering System 1.0 – Remote Code Execution (0)
09-22: B-swiss 3 Digital Signage System 3.6.5 Database Disclosure (0)
09-22: B-swiss 3 Digital Signage System 3.6.5 Cross Site Request Forgery (0)
09-22: ForensiTAppxService 2.2.0.4 Unquoted Service Path (0)
09-22: B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution (0)
09-22: VyOS restricted-shell Escape / Privilege Escalation (0)
09-22: Online Shop Project 1.0 SQL Injection (0)
09-22: Seat Reservation System 1.0 SQL Injection (0)
09-22: BlackCat CMS 1.3.6 Cross Site Request Forgery (0)
09-22: Mida eFramework 2.9.0 Backdoor Access (0)
09-22: [webapps] Flatpress Add Blog 1.0.3 – Persistent Cross-Site Scripting (0)
09-22: [webapps] Comodo Unified Threat Management Web Console 2.7.0 – Remote Code Execution (0)
09-21: [webapps] B-swiss 3 Digital Signage System 3.6.5 – Remote Code Execution (0)
09-21: [webapps] Mida eFramework 2.9.0 – Back Door Access (0)
09-21: [webapps] Seat Reservation System 1.0 – 'id' SQL Injection (0)
09-21: [local] ForensiTAppxService 2.2.0.4 – 'ForensiTAppxService.exe' Unquoted Service Path (0)
09-21: [webapps] BlackCat CMS 1.3.6 – Cross-Site Request Forgery (0)
09-21: [webapps] Online Shop Project 1.0 – 'p' SQL Injection (0)
09-19: http://www.wanghos.go.th (0)
09-19: D-Link DGS-1210-28 Denial Of Service (0)
09-19: SpamTitan 7.07 Remote Code Execution (0)
09-19: Mantis Bug Tracker 2.3.0 Remote Code Execution (0)
09-19: Navy Federal Cross Site Scripting (0)
09-19: TP-Link Cloud Cameras NCXXX Bonjour Command Injection (0)
09-19: Apple Security Advisory 2020-09-16-1 (0)
09-19: Apple Security Advisory 2020-09-16-2 (0)
09-19: Apple Security Advisory 2020-09-16-3 (0)
09-19: Apple Security Advisory 2020-09-16-4 (0)
09-19: Apple Security Advisory 2020-09-16-5 (0)
09-18: Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution (0)
09-18: Microsoft SQL Server Reporting Services 2016 Remote Code Execution (0)
09-18: Microsoft Spooler Local Privilege Elevation (0)
09-18: [webapps] Mantis Bug Tracker 2.3.0 – Remote Code Execution (Unauthenticated) (0)
09-18: [webapps] SpamTitan 7.07 – Remote Code Execution (Authenticated) (0)
09-17: Zerologon Proof Of Concept (0)
09-17: Piwigo 2.10.1 Cross Site Scripting (0)
09-17: Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery (0)
09-17: 1CRM 8.6.7 Insecure Direct Object Reference (0)
09-17: Mida Solutions eFramework ajaxreq.php Command Injection (0)
09-17: [remote] Microsoft SQL Server Reporting Services 2016 – Remote Code Execution (0)
09-16: http://chaleang.go.th/cl.html (0)
09-16: Tailor MS 1.0 Cross Site Scripting (0)
09-16: ThinkAdmin 6 Arbitrary File Read (0)
09-16: [webapps] Piwigo 2.10.1 – Cross Site Scripting (0)
09-16: [local] Windows TCPIP Finger Command – C2 Channel and Bypassing Security Software (0)
09-15: Microsoft Windows Finger Security Bypass / C2 Channel (0)
09-15: Linux expand_downwards() / munmap() Race Condition (0)
09-15: RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting (0)
09-15: Rapid7 Nexpose Installer 6.6.39 Unquoted Service Path (0)
09-15: RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery (0)
09-15: Pearson Vue VTS 2.3.1911 Unquoted Service Path (0)
09-15: Joomla! paGO Commerce 2.5.9.0 SQL Injection (0)
09-15: [webapps] Tailor MS 1.0 – Reflected Cross-Site Scripting (0)
09-15: [webapps] ThinkAdmin 6 – Arbitrarily File Read (0)
09-14: [local] Pearson Vue VTS 2.3.1911 Installer – 'VUEApplicationWrapper' Unquoted Service Path (0)
09-14: [local] Rapid7 Nexpose Installer 6.6.39 – 'nexposeengine' Unquoted Service Path (0)
09-14: [webapps] RAD SecFlow-1v SF_0290_2.3.01.26 – Cross-Site Request Forgery (Reboot) (0)
09-14: [webapps] RAD SecFlow-1v SF_0290_2.3.01.26 – Persistent Cross-Site Scripting (0)
09-12: CuteNews 2.1.2 Remote Code Execution (0)
09-12: Tiandy IPC / NVR 9.12.7 Credential Disclosure (0)
09-12: ZTE F602W CAPTCHA Bypass (0)
09-12: Mobile Shop System 1.0 SQL Injection (0)
09-12: Gnome Fonts Viewer 3.34.0 Heap Corruption (0)
09-12: Microsoft Internet Explorer 11 Use-After-Free (0)
09-12: Tea LaTex 1.0 Remote Code Execution (0)
09-12: VTENEXT 19 CE Remote Code Execution (0)
09-12: DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation (0)
09-11: Input Director 1.4.3 Unquoted Service Path (0)
09-11: ShareMouse 5.0.43 Unquoted Service Path (0)
09-11: Scopia XT Desktop 8.3.915.4 Cross Site Request Forgery (0)
09-11: Audio Playback Recorder 3.2.2 Local Buffer Overflow (0)
09-11: IlchCMS 2.1.37 Cross Site Scripting (0)
09-11: [local] Internet Explorer 11 – Use-After-Free (0)
09-11: [webapps] Tea LaTex 1.0 – Remote Code Execution (Unauthenticated) (0)
09-11: [webapps] VTENEXT 19 CE – Remote Code Execution (0)
09-11: [local] Gnome Fonts Viewer 3.34.0 – Heap Corruption (0)
09-10: [webapps] ZTE Router F602W – Captcha Bypass (0)
09-10: [webapps] CuteNews 2.1.2 – Remote Code Execution (0)
09-10: [webapps] Tiandy IPC and NVR 9.12.7 – Credential Disclosure (0)
09-09: Yaws 2.0.7 XML Injection / Command Injection (0)
09-09: Microsoft Windows CloudExperienceHostBroker Privilege Escalation (0)
09-09: Qualcomm Adreno GPU Ringbuffer Corruption / Protected Mode Bypass (0)
09-09: Microsoft Windows StorageFolder Marshaled Object Access Check Bypass / Privilege Escalation (0)
09-09: http://thepsathit.go.th/doc/ghi.html (0)
09-09: http://abtnongyang.go.th/doc/ghi.html (0)
09-09: http://bungor.go.th/doc/ghi.html (0)
09-09: http://bunlung.go.th/doc/ghi.html (0)
09-09: http://chaecity.go.th/doc/ghi.html (0)
09-09: http://kongyang.go.th/doc/ghi.html (0)
09-09: http://jakkarat.go.th/doc/ghi.html (0)
09-09: http://nbk.go.th/doc/ghi.html (0)
09-09: http://udomsap.go.th/doc/ghi.html (0)
09-09: http://tambolsamrong.go.th/doc/ghi.html (0)
09-09: [webapps] Scopia XT Desktop 8.3.915.4 – Cross-Site Request Forgery (change admin password) (0)
09-09: [local] Audio Playback Recorder 3.2.2 – Local Buffer Overflow (SEH) (0)
09-09: [webapps] Tailor Management System – 'id' SQL Injection (0)
09-09: [local] Input Director 1.4.3 – 'Input Director' Unquoted Service Path (0)
09-08: Cabot 0.11.12 Cross Site Scripting (0)
09-08: Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload (0)
09-08: Grocy 2.7.1 Cross Site Scripting (0)
09-08: Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation (0)
09-08: macOS cfprefsd Arbitrary File Write / Local Privilege Escalation (0)
09-08: [local] ShareMouse 5.0.43 – 'ShareMouse Service' Unquoted Service Path (0)
09-07: [webapps] ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated) (0)
09-07: [webapps] grocy 2.7.1 – Persistent Cross-Site Scripting (0)
09-07: [webapps] Cabot 0.11.12 – Persistent Cross-Site Scripting (0)
09-06: https://www.pattawee.go.th/U72.html (0)
09-05: http://www.roiet.go.th (0)
09-05: COVR 3902 1.01B0 Hardcoded Credentials (0)
09-05: Hyland OnBase SQL Injection (0)
09-05: Nord VPN 6.31.13.0 Unquoted Service Path (0)
09-05: SiteMagic CMS 4.4.2 Shell Upload (0)
09-05: Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks (0)
09-05: Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks (0)
09-05: Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell (0)
09-05: Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks (0)
09-05: Pulse Secure Windows Client Privilege Escalation (0)
09-05: ManageEngine Applications Manager Authenticated Remote Code Execution (0)
09-04: http://www.1tambon1school.go.th/data/-.txt (0)
09-04: [local] Nord VPN-6.31.13.0 – 'nordvpn-service' Unquoted Service Path (0)
09-03: Go CGI / FastCGI Transport Cross Site Scripting (0)
09-03: [local] BarracudaDrive v6.5 – Insecure Folder Permissions (0)
09-03: [webapps] SiteMagic CMS 4.4.2 – Arbitrary File Upload (Authenticated) (0)
09-03: [webapps] Daily Tracker System 1.0 – Authentication Bypass (0)
09-03: [webapps] BloodX CMS 1.0 – Authentication Bypass (0)
09-03: [webapps] Savsoft Quiz Enterprise Version 5.5 – Persistent Cross-Site Scripting (0)
09-02: Packet Storm New Exploits For August, 2020 (0)
09-02: Bagisto Credential Disclosure (0)
09-02: Sagemcom F@ST 5280 Privilege Escalation (0)
09-02: Rebar3 3.13.2 Command Injection (0)
09-02: Kamailio 5.4.0 Header Smuggling (0)
09-02: Mara CMS 7.5 Remote Code Execution (0)
09-02: moziloCMS 2.0 Cross Site Scripting (0)
09-02: [webapps] Stock Management System 1.0 – Cross-Site Request Forgery (Change Username) (0)
09-01: TP-Link WDR4300 Remote Code Execution (0)
09-01: Online Book Store 1.0 SQL Injection (0)
09-01: BlazeDVD 7.0 Professional Buffer Overflow (0)
09-01: Fuel CMS 1.4.8 SQL Injection (0)
09-01: CMS Made Simple 2.2.14 Shell Upload (0)
09-01: https://www.dft.go.th/laZy.txt (0)
09-01: Cisco Warns Of Actively Exploited IOS XR Zero Day (0)
09-01: [webapps] Mara CMS 7.5 – Remote Code Execution (Authenticated) (0)
09-01: [webapps] moziloCMS 2.0 – Persistent Cross-Site Scripting (Authenticated) (0)

August 2020 (225)

08-31: [webapps] CMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated) (0)
08-31: [webapps] Mara CMS 7.5 – Reflective Cross-Site Scripting (0)
08-31: [local] BlazeDVD 7.0 Professional – '.plf' Local Buffer Overflow (SEH,ASLR,DEP) (0)
08-31: [webapps] Fuel CMS 1.4.8 – 'fuel_replace_id' SQL Injection (Authenticated) (0)
08-31: [webapps] Online Book Store 1.0 – 'id' SQL Injection (0)
08-29: Nagios Log Server 2.1.6 Cross Site Scripting (0)
08-29: SUPERAntiSpyware Professional X Trial Privilege Escalation (0)
08-29: WordPress Autoptimize 2.7.6 Shell Upload (0)
08-29: Symphony CMS 3.0.0 Cross Site Scripting (0)
08-28: Eikon Thomson Reuters 4.0.42144 File Permissions (0)
08-28: ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password (0)
08-28: [webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation (0)
08-28: [webapps] SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting (0)
08-28: [webapps] Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting (0)
08-28: [webapps] Online Shopping Alphaware 1.0 – 'id' SQL Injection (0)
08-27: [webapps] Wordpress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated) (0)
08-27: [local] ASX to MP3 converter 3.1.3.7.2010.11.05 – '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC) (0)
08-27: [webapps] Mida eFramework 2.9.0 – Remote Code Execution (0)
08-26: Ericom Access Server 9.2.0 Server-Side Request Forgery (0)
08-26: LimeSurvey 4.3.10 Cross Site Scripting (0)
08-26: Linux CoW Incorrect Access Grant (0)
08-26: Chrome NewFixedArray Missing Array Size Check (0)
08-26: [webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Directory Traversal (0)
08-26: [webapps] Ericom Access Server x64 9.2.0 – Server-Side Request Forgery (0)
08-24: http://noph.go.th/1.php (0)
08-24: [webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Authentication Bypass (0)
08-24: [webapps] LimeSurvey 4.3.10 – 'Survey Menu' Persistent Cross-Site Scripting (0)
08-22: PNPSCADA 2.200816204020 SQL Injection (0)
08-22: ElkarBackup 1.3.3 Cross Site Scripting (0)
08-22: Joomla Adagency 6.1.2 Cross Site Scripting (0)
08-22: WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass (0)
08-22: OX App Suite / OX Documents XSS / SSRF / Bypass (0)
08-22: Seowon SlC 130 Router Remote Code Execution (0)
08-22: Microsoft Windows CmpDoReDoCreateKey Arbitrary Registry Key Creation Privilege Escalation (0)
08-22: Microsoft Windows CmpDoReadTxRBigLogRecord Memory Corruption Privilege Escalation (0)
08-22: Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure (0)
08-22: Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover (0)
08-22: Eibiz i-Media Server Digital Signage 3.8.0 File Path Traversal (0)
08-22: Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass (0)
08-21: Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal (0)
08-21: [webapps] Seowon SlC 130 Router – Remote Code Execution (0)
08-21: [webapps] Complaint Management System 1.0 – 'cid' SQL Injection (0)
08-20: Pharmacy Medical Store And Sale Point 1.0 SQL Injection (0)
08-20: [webapps] PNPSCADA 2.200816204020 – 'interf' SQL Injection (Authenticated) (0)
08-20: [webapps] ElkarBackup 1.3.3 – Persistent Cross-Site Scripting (0)
08-19: vBulletin 5.6.2 Persistent Cross Site Scripting (0)
08-19: Tailor Management System 1.0 Persistent Cross Site Scripting (0)
08-19: WordPress Change Login Logo 1.0.1 Persistent Cross Site Scripting (0)
08-19: WordPress Click To Top 1.2.7 Persistent Cross Site Scripting (0)
08-19: D-Link Central WiFi Manager CWM(100) Remote Code Execution (0)
08-19: WordPress Elegant Testimonial 1.1.6 Persistent Cross Site Scripting (0)
08-19: [webapps] Ruijie Networks Switch eWeb S29_RGOS 11.4 – Directory Traversal (0)
08-18: https://www.bdn.go.th/o.txt (0)
08-18: http://newweb.mnre.go.th/o.txt (0)
08-18: Wordpress Easy Media Download 1.1.4 Cross Site Scripting (0)
08-18: WordPress NextGen Gallery Sell Photo 1.0.5 Cross Site Scripting (0)
08-18: Bludit 3.9.2 Authentication Bruteforce Mitigation Bypass (0)
08-18: Microsoft SharePoint Server 2019 Remote Code Execution (0)
08-18: WordPress Responsive Lightbox2 1.0.2 Cross Site Scripting (0)
08-18: WordPress Colorbox Lightbox 1.1.2 Cross Site Scripting (0)
08-18: XenForo 2.1.10 Patch 2 Cross Site Scripting (0)
08-18: WordPress Fancybox Lightbox 1.0.1 Cross Site Scripting (0)
08-18: Samsung Android Skia Qmage Image Codec Heap Buffer Overflow (0)
08-18: Apache OFBiz XML-RPC Java Deserialization (0)
08-18: Geutebruck testaction.cgi Remote Command Execution (0)
08-18: [webapps] Savsoft Quiz 5 – Stored Cross-Site Scripting (0)
08-18: [webapps] Pharmacy Medical Store and Sale Point 1.0 – 'catid' SQL Injection (0)
08-17: https://nsw2.go.th (0)
08-17: [webapps] QiHang Media Web Digital Signage 3.0.9 – Remote Code Execution (Unauthenticated) (0)
08-17: [webapps] QiHang Media Web Digital Signage 3.0.9 – Unauthenticated Arbitrary File Deletion (0)
08-17: [webapps] QiHang Media Web Digital Signage 3.0.9 – Cleartext Credential Disclosure (0)
08-17: [webapps] Microsoft SharePoint Server 2019 – Remote Code Execution (0)
08-17: [webapps] QiHang Media Web Digital Signage 3.0.9 – Unauthenticated Arbitrary File Disclosure (0)
08-17: [webapps] Bludit 3.9.2 – Authentication Bruteforce Mitigation Bypass (0)
08-16: http://www.tambonnongbuaban.go.th/contact.php (0)
08-16: https://www.maungfai.go.th/contact.php (0)
08-16: https://www.taladkhwan.go.th/contact.php (0)
08-16: https://www.talan.go.th/contact.php (0)
08-16: http://www.papae.go.th/contact.php (0)
08-16: http://www.dontanphasuk.go.th/contact.php (0)
08-16: http://www.nangew.go.th/contact.php (0)
08-16: https://www.khaokawcity.go.th/contact.php (0)
08-16: http://www.sritia.go.th/contact.php (0)
08-16: http://www.lamphaya.go.th/contact.php (0)
08-16: http://www.huahinksn.go.th/contact.php (0)
08-16: http://www.wangsammor.go.th/contact.php (0)
08-16: https://www.bankho-muk.go.th/contact.php (0)
08-16: http://www.pakpayoon.go.th/contact.php (0)
08-16: http://www.sawatloengnoktha.go.th/contact.php (0)
08-16: http://www.thakhanon.go.th/contact.php (0)
08-16: http://www.tallian.go.th/contact.php (0)
08-16: http://www.naduangmunicipality.go.th/contact.php (0)
08-16: http://www.sumranrath.go.th/contact.php (0)
08-16: http://www.phuengdad.go.th/contact.php (0)
08-16: http://www.cheangpeng.go.th/contact.php (0)
08-16: http://www.khunyuamlocal.go.th/contact.php (0)
08-16: http://www.raikhing.go.th/contact.php (0)
08-16: http://www.abtpujud.go.th/contact.php (0)
08-16: http://www.nongkhaimunicipality.go.th/contact.php (0)
08-16: http://www.bukrang.go.th/contact.php (0)
08-16: https://www.phopitak.go.th/contact.php (0)
08-16: http://www.nongyai-kalasin.go.th/contact.php (0)
08-16: https://www.thapchang.go.th/contact.php (0)
08-16: http://www.obttoom.go.th/contact.php (0)
08-16: http://www.chiangkhamlocal.go.th/contact.php (0)
08-16: https://www.nazang.go.th/contact.php (0)
08-16: http://www.amphoetakbai.go.th/contact.php (0)
08-16: http://www.bankoh-utt.go.th/contact.php (0)
08-16: http://www.khuangpao.go.th/contact.php (0)
08-16: http://www.ssm.go.th/contact.php (0)
08-16: http://www.sansuk101.go.th/contact.php (0)
08-16: http://www.banloung.go.th/contact.php (0)
08-16: http://www.fanghospital.go.th/contact.php (0)
08-15: Artica Proxy 4.3.0 Authentication Bypass (0)
08-15: Android App Zygotes Improper Guarding (0)
08-15: WordPress Sell Photo 1.0.5 Cross Site Scripting (0)
08-15: Safari Webkit For iOS 7.1.2 JIT Optimization Bug (0)
08-14: http://www.takesa2.go.th/z.htm (0)
08-14: CMS Made Simple 2.2.14 Shell Upload (0)
08-14: vBulletin 5.6.2 Cross Site Scripting (0)
08-14: Online Shopping System SQL Injection (0)
08-14: Online Book Store SQL Injection (0)
08-14: Online Book Store Cross Site Scripting (0)
08-14: Car Rental Script SQL Injection (0)
08-14: Car Rental Script Cross Site Scripting (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Password Disclosure (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Credential Disclosure (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Remote Code Execution (0)
08-14: GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery (0)
08-14: Microsoft Windows AppContainer Enterprise Authentication Capability Bypass (0)
08-14: vBulletin 5.x Remote Code Execution (0)
08-13: Fuel CMS 1.4.7 SQL Injection (0)
08-13: SugarCRM Cross Site Scripting (0)
08-13: SugarCRM SQL Injection (0)
08-13: Avian JVM 1.2.0 Integer Overflow (0)
08-13: Avian JVM 1.2.0 Silent Return (0)
08-13: [webapps] GetSimple CMS Plugin Multi User 1.8.2 – Cross-Site Request Forgery (Add Admin) (0)
08-13: [webapps] Artica Proxy 4.3.0 – Authentication Bypass (0)
08-12: flatCore CMS 1.5.5 Cross Site Scripting / Arbitrary File Upload (0)
08-12: Orion Application Server 1.5.2b Cross Site Scripting (0)
08-12: BarcodeOCR 19.3.6 Unquoted Service Path (0)
08-12: House Rental 1.0 SQL Injection (0)
08-12: BarracudaDrive 6.5 Local Privilege Escalation (0)
08-12: Tailor MS 1.0 Cross Site Scripting (0)
08-12: Warehouse Inventory System 1.0 Cross Site Request Forgery (0)
08-12: Cisco 7937G All-In-One Exploiter (0)
08-12: Cisco 7937G Privilege Escalation (0)
08-12: Cisco 7937G Denial Of Service (0)
08-12: ManageEngine ADSelfService Plus 6000 Remote Code Execution (0)
08-12: vBulletin 5.x Remote Code Execution (0)
08-12: vBulletin 5.x Remote Code Execution (0)
08-12: Travel Management System 1.0 SQL Injection (0)
08-12: Travel Management System 1.0 Remote Code Execution (0)
08-12: [webapps] CMS Made Simple 2.2.14 – Authenticated Arbitrary File Upload (0)
08-12: [webapps] vBulletin 5.6.2 – 'widget_tabbedContainer_tab_panel' Remote Code Execution (0)
08-11: http://suratpeo.go.th (0)
08-11: [webapps] Fuel CMS 1.4.7 – 'col' SQL Injection (Authenticated) (0)
08-10: [local] BarcodeOCR 19.3.6 – 'BarcodeOCR' Unquoted Service Path (0)
08-10: [webapps] ManageEngine ADSelfService Build prior to 6003 – Remote Code Execution (Unauthenticated) (0)
08-10: [webapps] Warehouse Inventory System 1.0 – Cross-Site Request Forgery (Change Admin Password) (0)
08-08: CodeMeter 6.60 Unquoted Service Path (0)
08-08: Tailor Management System 1.0 SQL Injection (0)
08-08: Car Rental Management System 1.0 Cross Site Scripting (0)
08-07: Online Shopping Alphaware 1.0 Insecure Direct Object Reference (0)
08-07: Online Shopping Alphaware 1.0 Cross Site Scripting (0)
08-07: Online Shopping Alphaware 1.0 SQL Injection (0)
08-07: ACTi NVR3 Standard / Professional Server 3.0.12.42 Denial Of Service (0)
08-07: QlikView 12.50.20000.0 Denial Of Service (0)
08-07: Curfew e-Pass Management System 1.0 SQL Injection (0)
08-07: Daily Expenses Management System 1.0 Cross Site Scripting (0)
08-07: Daily Expenses Management System 1.0 Cross SIte Request Forgery (0)
08-07: Daily Expenses Management System 1.0 SQL Injection (0)
08-07: Online Shopping Alphaware 1.0 Cross Site Request Forgery (0)
08-07: Online Shopping Alphaware 1.0 Arbitrary File Upload (0)
08-07: Online Shopping Alphaware 1.0 Unauthorized Administrative Access (0)
08-07: Victor CMS 1.0 SQL Injection (0)
08-07: Docker Privileged Container Escape (0)
08-07: [webapps] Daily Expenses Management System 1.0 – 'item' SQL Injection (0)
08-07: [webapps] All-Dynamics Digital Signage System 2.0.2 – Cross-Site Request Forgery (Add Admin) (0)
08-06: http://mueang.trang.doae.go.th (0)
08-06: [webapps] Victor CMS 1.0 – 'Search' SQL Injection (0)
08-05: Car Rental Management System 1.0 Cross Site Scripting (0)
08-05: Car Rental Management System 1.0 Remote Code Execution (0)
08-05: Pi-hole 4.3.2 Remote Code Execution (0)
08-05: RTSP For iOS 1.0 Denial Of Service (0)
08-05: Daily Expenses Management System 1.0 SQL Injection (0)
08-05: Mocha Telnet Lite For iOS 4.2 Denial Of Service (0)
08-05: Gantt-Chart For Jira 5.5.3 Missing Privilege Check (0)
08-05: Gantt-Chart For Jira 5.5.4 Cross Site Scripting (0)
08-05: Documalis Free PDF Editor 5.7.2.26 / Documalis Free PDF Scanner 5.7.2.122 Buffer Overflow (0)
08-05: [webapps] Stock Management System 1.0 – Authentication Bypass (0)
08-05: [dos] QlikView 12.50.20000.0 – 'FTP Server Address' Denial of Service (PoC) (0)
08-05: [dos] ACTi NVR3 Standard or Professional Server 3.0.12.42 – Denial of Service (PoC) (0)
08-04: Online Bike Rental 1.0 Shell Upload (0)
08-04: All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF (0)
08-04: All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation (0)
08-04: CloudMe 1.11.2 SEH Buffer Overflow (0)
08-04: BacklinkSpeed 2.4 Buffer Overflow (0)
08-04: Packet Storm New Exploits For July, 2020 (0)
08-04: AtMail Email Server Appliance 6.4 XSS / CSRF / Code Execution (0)
08-04: OpenEMR 5.0.1 Remote Code Execution (0)
08-04: Mara CMS 7.5 Cross Site Scripting (0)
08-04: Umbraco CMS 7.12.4 Remote Code Execution (0)
08-04: Stock Management System 1.0 SQL Injection (0)
08-04: Stock Management System 1.0 Cross Site Scripting (0)
08-04: Stock Management System 1.0 Cross Site Scripting (0)
08-04: Stock Management System 1.0 Cross Site Request Forgery (0)
08-04: Microsoft Windows Win32k Privilege Escalation (0)
08-04: October CMS Build 465 XSS / File Read / File Deletion / CSV Injection (0)
08-04: [webapps] Daily Expenses Management System 1.0 – 'username' SQL Injection (0)
08-04: [dos] RTSP for iOS 1.0 – 'IP Address' Denial of Service (PoC) (0)
08-04: [dos] Mocha Telnet Lite for iOS 4.2 – 'User' Denial of Service (PoC) (0)
08-04: [webapps] Pi-hole 4.3.2 – Remote Code Execution (Authenticated) (0)
08-03: Setup UGEEK UPS3 HAT on Raspberry (0)
08-02: Daily Tracker System 1.0 SQL Injection (0)
08-02: Daily Tracker System 1.0 Cross Site Scripting (0)
08-02: Online Bike Rental 1.0 Shell Upload (0)
08-02: Online Shopping Alphaware 1.0 SQL Injection (0)
08-02: CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow (0)
08-02: SharePoint DataSet / DataTable Deserialization (0)
08-02: FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation (0)
08-02: iOS Page Protection Layer (PPL) Bypass (0)
08-01: SigInt OS 1.1 hd install fix (0)

July 2020 (208)

07-31: Namirial SIGNificant SignAnyWhere 6.10.x Cross Site Scripting (0)
07-30: Cisco ASA / FTD Remote File Disclosure (0)
07-30: Cisco Adaptive Security Appliance Software 9.11 Local File Inclusion (0)
07-30: Cisco Adaptive Security Appliance Software 9.7 Arbitrary File Deletion (0)
07-30: WordPress Maintenance Mode By SeedProd 5.1.1 Cross Site Scripting (0)
07-30: Baldr Botnet Panel Shell Upload (0)
07-30: [webapps] Online Shopping Alphaware 1.0 – Authentication Bypass (0)
07-29: [webapps] Cisco Adaptive Security Appliance Software 9.7 – Unauthenticated Arbitrary File Deletion (0)
07-29: [webapps] Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 – Persistent Cross-Site Scripting (0)
07-28: http://www.phuho.go.th/Admin/IMG/20200422032710.html (0)
07-28: http://rdhsj.moph.go.th/ojs/public/site/images/owned/Owned.JPG (0)
07-28: Nidesoft DVD Ripper 5.2.18 Local Buffer Overflow (0)
07-28: DiskBoss 7.7.14 Local Buffer Overflow (0)
07-28: GOautodial 4.0 Cross Site Scripting (0)
07-28: Socusoft Photo To Video Converter Professional 8.07 Buffer Overflow (0)
07-28: ManageEngine Applications Manager 13 SQL Injection (0)
07-28: INNEO Startup TOOLS 2018 M040 13.0.70.3804 Remote Code Execution (0)
07-28: Port Forwarding Wizard 4.8.0 Buffer Overflow (0)
07-28: Free MP3 CD Ripper 2.8 Buffer Overflow (0)
07-28: Calavera UpLoader 3.5 Denial Of Service (0)
07-28: WordPress Email Subscribers And Newsletters 4.2.2 File Disclosure (0)
07-28: WordPress Email Subscribers And Newsletters 4.2.2 SQL Injection (0)
07-28: Bludit 3.9.2 Directory Traversal (0)
07-28: LibreHealth 2.0.0 Remote Code Execution (0)
07-28: MAMP PRO 4.2.0 Local Privilege Escalation (0)
07-28: Microsoft Windows Unsafe Handling Practices (0)
07-28: Koken CMS 0.22.24 Shell Upload (0)
07-28: Bio Star 2.8.2 Local File Inclusion (0)
07-28: F5 Big-IP 13.1.3 Build 0.0.6 Local File Inclusion (0)
07-28: Sickbeard 0.1 Cross Site Request Forgery (0)
07-28: eGroupWare 1.14 Remote Command Execution (0)
07-28: docPrint Pro 8.0 Buffer Overflow (0)
07-28: Ruby On Rails 5.0.1 Remote Code Execution (0)
07-28: Virtual Airlines Manager 2.6.2 Cross Site Scripting (0)
07-28: pfSense 2.4.4-p3 Cross Site Request Forgery (0)
07-28: Socket.io-file 2.0.31 Arbitrary File Upload (0)
07-28: [webapps] Cisco Adaptive Security Appliance Software 9.11 – Local File Inclusion (0)
07-27: [webapps] eGroupWare 1.14 – 'spellchecker.php' Remote Command Execution (0)
07-26: HackRF One/ Portapack hints (0)
07-26: [webapps] Webtareas 2.1p – Arbitrary File Upload (Authenticated) (0)
07-26: [webapps] UBICOD Medivision Digital Signage 1.5.1 – Cross-Site Request Forgery (Add Admin) (0)
07-26: [local] Port Forwarding Wizard 4.8.0 – Buffer Overflow (SEH) (0)
07-26: [webapps] PandoraFMS 7.0 NG 746 – Persistent Cross-Site Scripting (0)
07-26: [webapps] Koken CMS 0.22.24 – Arbitrary File Upload (Authenticated) (0)
07-26: [webapps] elaniin CMS – Authentication Bypass (0)
07-26: [webapps] LibreHealth 2.0.0 – Authenticated Remote Code Execution (0)
07-26: [webapps] Online Course Registration 1.0 – Unauthenticated Remote Code Execution (0)
07-26: [webapps] WordPress Plugin Email Subscribers & Newsletters 4.2.2 – 'hash' SQL Injection (Unauthenticated) (0)
07-26: [webapps] Bludit 3.9.2 – Directory Traversal (0)
07-26: [dos] Calavera UpLoader 3.5 – 'FTP Logi' Denial of Service (PoC + SEH Overwrite) (0)
07-26: [webapps] WordPress Plugin Email Subscribers & Newsletters 4.2.2 – Unauthenticated File Download (0)
07-26: [local] Free MP3 CD Ripper 2.8 – Stack Buffer Overflow (SEH + Egghunter) (0)
07-26: [local] Socusoft Photo to Video Converter Professional 8.07 – 'Output Folder' Buffer Overflow (SEH Egghunter) (0)
07-26: [webapps] GOautodial 4.0 – Persistent Cross-Site Scripting (Authenticated) (0)
07-26: [local] DiskBoss 7.7.14 – 'Reports and Data Directory' Buffer Overflow (SEH Egghunter) (0)
07-26: [local] Nidesoft DVD Ripper 5.2.18 – Local Buffer Overflow (SEH) (0)
07-26: [local] Frigate Professional 3.36.0.9 – 'Pack File' Buffer Overflow (SEH Egghunter) (0)
07-25: Snes9K 0.09z Local Buffer Overflow (0)
07-25: Newsportal 3 SQL Injection (0)
07-24: Online Book Store 1.0 Code Execution (0)
07-24: FTPDummy! 4.80 Local Buffer Overflow (0)
07-24: EternalBlueC EternalBlue Suite (0)
07-23: Sophos VPN Web Panel 2020 Denial Of Service (0)
07-23: WordPress NexosReal Estate Theme 1.7 Cross Site Scripting / SQL Injection (0)
07-23: Docsify.js 4.11.4 Cross Site Scripting (0)
07-23: ZenTao Pro 8.8.2 Remote Code Execution (0)
07-23: [local] Snes9K 0.09z – 'Port Number' Buffer Overflow (SEH) (0)
07-23: [local] FTPDummy 4.80 – Local Buffer Overflow (SEH) (0)
07-23: [webapps] UBICOD Medivision Digital Signage 1.5.1 – Authorization Bypass (0)
07-22: LibreHealth 2.0.0 Remote Code Execution (0)
07-22: Daily Expense Tracker 1.0 SQL Injection (0)
07-22: Plexus anblick Digital Signage Management 3.1.13 Open Redirect (0)
07-22: Employee Record Management System 1.1 SQL Injection (0)
07-22: Company Visitor Management System (CVMS) 1.0 SQL Injection (0)
07-22: UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery (0)
07-22: Directory Management System (DMS) 1.0 SQL Injection (0)
07-22: UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation (0)
07-22: usrsctp Stack Buffer Overflow (0)
07-22: SIGRed Windows DNS Denial Of Service (0)
07-22: [local] NetPCLinker 1.0.0.0 – Buffer Overflow (SEH Egghunter) (0)
07-20: http://www.police7.go.th/police7_newSite/images/memPic/blackcoder.html (0)
07-20: https://www3.nrct.go.th/ma.txt (0)
07-20: http://www.secondary35.go.th/ay.htm (0)
07-19: CMSUno 1.6 Cross Site Request Forgery (0)
07-19: Simple Startup Manager 1.17 Buffer Overflow (0)
07-19: PMB 5.6 Cross Site Scripting (0)
07-19: Sonar Qube 8.3.1 Unquoted Service Path (0)
07-19: Plex Unpickle Dict Windows Remote Code Execution (0)
07-18: Apple Security Advisory 2020-07-15-1 (0)
07-18: Apple Security Advisory 2020-07-15-2 (0)
07-18: Apple Security Advisory 2020-07-15-3 (0)
07-18: Apple Security Advisory 2020-07-15-4 (0)
07-18: Apple Security Advisory 2020-07-15-5 (0)
07-18: Online Course Registration 1.0 Remote Code Execution (0)
07-18: Vehicle Parking Management System 1.0 SQL Injection (0)
07-18: Wing FTP Server 6.3.8 Remote Code Execution (0)
07-18: Infor Storefront B2B 1.0 SQL Injection (0)
07-18: Web Based Online Hotel Booking System 0.1.0 SQL Injection (0)
07-18: Online Farm Management System 0.1.0 Cross Site Scripting (0)
07-17: [webapps] CMSUno 1.6 – Cross-Site Request Forgery (Change Admin Password) (0)
07-17: [local] Sonar Qube 8.3.1 – 'SonarQube Service' Unquoted Service Path (0)
07-17: [local] Simple Startup Manager 1.17 – 'File' Local Buffer Overflow (PoC) (0)
07-16: V-SOL OLTs Backdoor / Privilege Escalation (0)
07-16: Verint Impact 360 15.1 Script Insertion / HTML Injection (0)
07-16: Verint Impact 360 15.1 Open Redirect (0)
07-16: Verint Impact 360 15.1 Cross Site Request Forgery (0)
07-16: Checker CVE-2020-5902 (0)
07-16: Client Management System 1.0 SQL Injection (0)
07-16: Teachers Record Management System 1.0 SQL Injection (0)
07-16: Cyber Cafe Management System SQL Injection (0)
07-16: BSA Radar 1.6.7234.24750 Local File Inclusion (0)
07-16: Apartment Visitors Management System Project 1.0 SQL Injection (0)
07-16: Trend Micro Web Security Remote Code Execution (0)
07-16: Zyxel Armor X1 WAP6806 Directory Traversal (0)
07-16: Oracle Solaris 11 Device Driver Utility 1.3.1 Race Condition (0)
07-16: [webapps] Wing FTP Server 6.3.8 – Remote Code Execution (Authenticated) (0)
07-16: [webapps] RiteCMS 2.2.1 – Remote Code Execution (0)
07-15: [webapps] Zyxel Armor X1 WAP6806 – Directory Traversal (0)
07-15: [webapps] SuperMicro IPMI WebInterface 03.40 – Cross-Site Request Forgery (Add Admin) (0)
07-14: Park Ticketing Management System 1.0 SQL Injection (0)
07-14: Online Polling System SQL Injection (0)
07-14: User Registration And Login And User Management System 2.1 SQL Injection (0)
07-14: Small CRM 2.0 SQL Injection (0)
07-14: Curfew e-Pass Management System 1.0 SQL Injection (0)
07-14: Online Birth Certificate System 1.0 SQL Injection / Code Execution (0)
07-14: [webapps] Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 – Remote Code Execution (Metasploit) (0)
07-14: [webapps] BSA Radar 1.6.7234.24750 – Local File Inclusion (0)
07-13: Responsive Online Blog 1.0 SQL Injection (0)
07-13: Liferay Portal Remote Code Execution (0)
07-13: Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution (0)
07-13: http://donphothong.go.th/y.php (0)
07-13: http://civil.sakaeocity.go.th/pr.php (0)
07-13: http://www.samtambon.go.th/silence.html (0)
07-13: http://secondary34.go.th/robh.htm (0)
07-13: [webapps] Park Ticketing Management System 1.0 – 'viewid' SQL Injection (0)
07-13: [webapps] Park Ticketing Management System 1.0 – Authentication Bypass (0)
07-11: Barangay Management System 1.0 SQL Injection (0)
07-11: HelloWeb 2.0 Arbitrary File Download (0)
07-11: Webtareas 2.1 / 2.1p Cross Site Scripting (0)
07-11: Impress CMS 1.4.0 Cross Site Scripting (0)
07-11: Pandora FMS 7.0 NG 746 Script Insertion / Code Execution (0)
07-11: Pandora FMS 7.0 NG 7XX Remote Command Execution (0)
07-10: PHP 7.4 FFI disable_functions Bypass (0)
07-10: BSA Radar 1.6.7234.24750 Cross Site Request Forgery (0)
07-10: SuperMicro IPMI 03.40 Cross Site Request Forgery (0)
07-10: Savsoft Quiz 5 Cross Site Scripting (0)
07-10: Webtareas 2.1 / 2.1p File Upload / Information Disclosure (0)
07-10: WordPress Power's WHOIS Domain Check 0.9.31 Cross Site Scripting (0)
07-10: Microsoft OneDrive 19.232.1124.0010 DLL Hijacking (0)
07-10: Impress CMS 1.4.0 Code Execution / SQL Injection (0)
07-10: Colin Percival's bsdiff 4.3 Memory Corruption (0)
07-10: Rittal Products Bypass / Command Injection / Privilege Escalation (0)
07-10: [remote] Aruba ClearPass Policy Manager 6.7.0 – Unauthenticated Remote Command Execution (0)
07-10: [webapps] Barangay Management System 1.0 – Authentication Bypass (0)
07-10: [webapps] HelloWeb 2.0 – Arbitrary File Download (0)
07-09: [webapps] Savsoft Quiz 5 – Persistent Cross-Site Scripting (0)
07-09: [webapps] Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 – Persistent Cross-Site Scripting (0)
07-09: [local] FrootVPN 4.8 – 'frootvpn' Unquoted Service Path (0)
07-08: Sickbeard 0.1 Command Injection (0)
07-08: BIG-IP TMUI Remote Code Execution (0)
07-08: BIG-IP TMUI Remote Code Execution (0)
07-08: Sony PS4 / FreeBSD ip6_setpktopt Local Privilege Escalation (0)
07-08: Online Shopping Portal 3.1 SQL Injection (0)
07-08: CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure (0)
07-08: F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution (0)
07-08: ClearPass Policy Manager Unauthenticated Remote Command Execution (0)
07-08: http://mlds.go.th/z.htm (0)
07-08: [webapps] BSA Radar 1.6.7234.24750 – Cross-Site Request Forgery (Change Password) (0)
07-08: [webapps] SuperMicro IPMI 03.40 – Cross-Site Request Forgery (Add Admin) (0)
07-07: File Management System 1.1 Cross Site Scripting (0)
07-07: RiteCMS 2.2.1 Remote Code Execution (0)
07-07: WhatsApp android-gif-drawable Double-Free (0)
07-07: Grafana 7.0.1 Denial Of Service (0)
07-07: Microsoft Windows MSHTA.EXE .HTA File XML Injection (0)
07-07: Nagios XI 5.6.12 Remote Code Execution (0)
07-07: Fire Web Server 0.1 Denial Of Service (0)
07-07: rauLink Software Domotica Web 2.0 SQL Injection (0)
07-07: RSA IG+L Aveksa 7.1.1 Remote Code Execution (0)
07-07: openSIS 7.4 Unauthenticated PHP Code Execution (0)
07-07: [webapps] Joomla! J2 JOBS 1.3.0 – 'sortby' Authenticated SQL Injection (0)
07-07: [webapps] Sickbeard 0.1 – Remote Command Injection (0)
07-07: [webapps] Online Shopping Portal 3.1 – 'email' SQL Injection (0)
07-06: [webapps] RSA IG&L Aveksa 7.1.1 – Remote Code Execution (0)
07-06: [webapps] RiteCMS 2.2.1 – Authenticated Remote Code Execution (0)
07-06: [webapps] File Management System 1.1 – Persistent Cross-Site Scripting (0)
07-04: Android o2 Business 1.2.0 Open Redirect (0)
07-04: AppleiOS 13.5.1 Resource Exposure (0)
07-03: macOS Privacy Protection Bypass (0)
07-03: EQDKP Plus CMS 2.3.29 Cross Site Scripting (0)
07-02: Online Shopping Portal 3.1 SQL Injection / Shell Upload (0)
07-02: FTPShell Server 6.90 Buffer Overflow (0)
07-02: Joomla J2 JOBS 1.3.0 SQL Injection (0)
07-02: PHP-Fusion 9.03.60 PHP Object Injection (0)
07-02: e-learning PHP Script 0.1.0 SQL Injection (0)
07-02: Packet Storm New Exploits For June, 2020 (0)
07-02: [webapps] ZenTao Pro 8.8.2 – Command Injection (0)
07-02: [webapps] WhatsApp Remote Code Execution – Paper (0)
07-01: Victor CMS 1.0 Cross Site Scripting (0)
07-01: Reside Property Management 3.0 SQL Injection (0)
07-01: ATutor 2.2.4 Directory Traversal / Remote Code Execution (0)
07-01: Cellebrite EPR Decryption Hardcoded AES Key Material (0)
07-01: openSIS 7.4 Incorrect Access Control (0)
07-01: openSIS 7.4 Local File Inclusion (0)
07-01: openSIS 7.4 SQL Injection (0)
07-01: [webapps] Online Shopping Portal 3.1 – Authentication Bypass (0)
07-01: [webapps] PHP-Fusion 9.03.60 – PHP Object Injection (0)
07-01: [webapps] e-learning Php Script 0.1.0 – 'search' SQL Injection (0)
07-01: [local] RM Downloader 2.50.60 2006.06.23 – 'Load' Local Buffer Overflow (EggHunter) (SEH) (PoC) (0)

June 2020 (187)

06-30: Fire Web Server Pre-Alpha Denial Of Service (0)
06-30: KiteService 1.2020.618.0 Unquoted Service Path (0)
06-30: OpenEMR 5.0.1 Remote Code Execution (0)
06-30: Windscribe 1.83 Unquoted Service Path (0)
06-30: NetPCLinker 1.0.0.0 Buffer Overflow (0)
06-30: Bolt CMS 3.7.0 Authenticated Remote Code Execution (0)
06-30: [webapps] Reside Property Management 3.0 – 'profile' SQL Injection (0)
06-30: [webapps] Victor CMS 1.0 – 'user_firstname' Persistent Cross-Site Scripting (0)
06-26: BSA Radar 1.6.7234.24750 Cross Site Scripting (0)
06-26: NETGEAR R6700v3 Password Reset / Remote Code Execution (0)
06-26: Cisco AnyConnect Path Traversal / Privilege Escalation (0)
06-26: ASUS Aura Sync 1.07.71 Privilege Escalation (0)
06-26: Windows Print Spooler Privilege Escalation (0)
06-26: FHEM 6.0 Local File Inclusion (0)
06-26: Online Student Enrollment System 1.0 Shell Upload (0)
06-26: iOS / macOS Wifi Proximity Kernel Double-Free (0)
06-26: Inductive Automation Ignition Remote Code Execution (0)
06-26: Microsoft: Patch Your Exchange Servers, They're Under Attack (0)
06-26: [local] KiteService 1.2020.618.0 – Unquoted Service Path (0)
06-26: [webapps] OpenEMR 5.0.1 – 'controller' Remote Code Execution (0)
06-26: [local] Windscribe 1.83 – 'WindscribeService' Unquoted Service Path (0)
06-25: http://huorua.go.th/d_finance/new_finance/hacked.pdf (0)
06-25: [remote] mySCADA myPRO 7 – Hardcoded Credentials (0)
06-25: [webapps] FHEM 6.0 – Local File Inclusion (0)
06-24: LanSpy 2.0.1.159 Stack Buffer Overflow (0)
06-24: Code Blocks 20.03 Denial Of Service (0)
06-24: Lansweeper 7.2 Default Account / Remote Code Execution (0)
06-24: GilaCMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting (0)
06-24: Qmail Local Privilege Escalation / Remote Code Execution (0)
06-24: Online Student Enrollment System 1.0 Cross Site Request Forgery (0)
06-24: Responsive Online Blog 1.0 SQL Injection (0)
06-24: [webapps] BSA Radar 1.6.7234.24750 – Persistent Cross-Site Scripting (0)
06-23: Frigate 2.02 Denial Of Service (0)
06-23: Mereo 1.9.4 Denial Of Service (0)
06-23: Trend Micro Web Security (Virtual Appliance) Remote Code Execution (0)
06-23: Online Student Enrollment System 1.0 Arbitrary File Upload (0)
06-23: FileRun 2019.05.21 Cross Site Scripting (0)
06-23: WebPort 1.19.1 Cross Site Scripting (0)
06-23: Odoo 12.0 Local File Inclusion (0)
06-23: Student Enrollment 1.0 Remote Code Execution (0)
06-23: [local] Lansweeper 7.2 – Incorrect Access Control (0)
06-23: [dos] Code Blocks 20.03 – Denial Of Service (PoC) (0)
06-23: [webapps] Online Student Enrollment System 1.0 – Cross-Site Request Forgery (Add Student) (0)
06-23: [webapps] Responsive Online Blog 1.0 – 'id' SQL Injection (0)
06-22: [webapps] WebPort 1.19.1 – Reflected Cross-Site Scripting (0)
06-22: [webapps] Online Student Enrollment System 1.0 – Unauthenticated Arbitrary File Upload (0)
06-22: [webapps] Odoo 12.0 – Local File Inclusion (0)
06-22: [webapps] Student Enrollment 1.0 – Unauthenticated Remote Code Execution (0)
06-22: [webapps] FileRun 2019.05.21 – Reflected Cross-Site Scripting (0)
06-20: Beauty Parlour Management System 1.0 SQL Injection (0)
06-20: Four Zero-Days Spotted In Attacks On Researchers' Fake Networks (0)
06-19: College-Management-System-Php 1.0 SQL Injection (0)
06-19: Code Blocks 17.12 Local Buffer Overflow (0)
06-19: OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal (0)
06-19: Cayin CMS NTP Server 11.0 Remote Code Execution (0)
06-19: Gila CMS 1.1.18.1 SQL Injection / Shell Upload (0)
06-19: Cayin xPost 2.5 SQL Injection / Remote Code Execution (0)
06-19: Agent Tesla Panel Remote Code Execution (0)
06-18: http://necvep.go.th/1.php (0)
06-18: [webapps] Beauty Parlour Management System 1.0 – Authentication Bypass (0)
06-17: MJML 4.6.2 Path Traversal (0)
06-17: SOS JobScheduler 1.13.3 Stored Password Decryption (0)
06-17: Gila CMS 1.11.8 SQL Injection (0)
06-17: TP-LINK Cloud Cameras NCXXX Stack Overflow (0)
06-17: Netgear R7000 Router Remote Code Execution (0)
06-17: Arista Restricted Shell Escape / Privilege Escalation (0)
06-17: Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution (0)
06-17: Theft Of CIA's Vault 7 Secrets Tied To Woefully Lax Security (0)
06-17: [webapps] College-Management-System-Php 1.0 – Authentication Bypass (0)
06-16: http://reo10.moe.go.th/vz.txt (0)
06-16: OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation (0)
06-16: OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery (0)
06-16: SmarterMail 16 Arbitrary File Upload (0)
06-16: Sysax MultiServer 6.90 Cross Site Scripting (0)
06-16: PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection (0)
06-16: GOG GalaxyClientService Privilege Escalation (0)
06-16: 10-Strike Bandwidth Monitor 3.9 Unquoted Service Path (0)
06-16: Documalis Free PDF Editor Buffer Overflow (0)
06-16: Documalis Free PDF Scanner Buffer Overflow (0)
06-16: Neon LMS Shell Upload (0)
06-16: [webapps] Gila CMS 1.11.8 – 'query' SQL Injection (0)
06-16: [local] Bandwidth Monitor 3.9 – 'Svc10StrikeBandMontitor' Unquoted Service Path (0)
06-15: [webapps] Netgear R7000 Router – Remote Code Execution (0)
06-15: [remote] SOS JobScheduler 1.13.3 – Stored Password Decryption (0)
06-13: Frigate Professional 3.36.0.9 Buffer Overflow (0)
06-12: CallStranger UPnP Vulnerability Checker (0)
06-12: SMBleed / SMBGhost Pre-Authentication Remote Code Execution Proof Of Concept (0)
06-12: SMBleed Uninitialized Kernel Memory Read Proof Of Concept (0)
06-12: Background Intelligent Transfer Service Privilege Escalation (0)
06-12: [webapps] Sysax MultiServer 6.90 – Reflected Cross Site Scripting (0)
06-12: [webapps] SmarterMail 16 – Arbitrary File Upload (0)
06-11: Sistem Informasi Pengumuman Kelulusan Online 1.0 CSRF (0)
06-11: LinuxKI Toolset 6.01 Remote Command Execution (0)
06-11: Microsoft Windows Privilege Escalation / Code Execution (0)
06-11: [local] Frigate Professional 3.36.0.9 – 'Find Computer' Local Buffer Overflow (SEH) (PoC) (0)
06-10: Virtual Airlines Manager 2.6.2 SQL Injection (0)
06-10: Bludit 3.9.12 Directory Traversal (0)
06-10: Bandwidth Monitor 3.9 Full ROP Buffer Overflow (0)
06-10: WebUntis 2020.12.1 Cross Site Scripting (0)
06-10: Joomla J2 Store 3.3.11 SQL Injection (0)
06-10: CipherMail Community Virtual Appliance 4.6.2 Code Execution (0)
06-10: Pydio Cells 2.0.4 XSS / File Write / Code Execution (0)
06-10: [webapps] Virtual Airlines Manager 2.6.2 – 'id' SQL Injection (0)
06-10: [webapps] Joomla J2 Store 3.3.11 – 'filter_order_Dir' SQL Injection (Authenticated) (0)
06-10: [webapps] Sistem Informasi Pengumuman Kelulusan Online 1.0 – Cross-Site Request Forgery (Add Admin) (0)
06-10: [local] 10-Strike Bandwidth Monitor 3.9 – Buffer Overflow (SEH,DEP,ASLR) (0)
06-10: [remote] HFS Http File Server 2.3m Build 300 – Buffer Overflow (PoC) (0)
06-09: Online-Exam-System 2015 SQL Injection (0)
06-09: NeonLMS 4.6 Shell Upload (0)
06-09: Virtual Airlines Manager 2.6.2 SQL Injection (0)
06-09: Quick Player 1.3 Buffer Overflow (0)
06-09: Frigate 3.36.0.9 Local Buffer Overflow (0)
06-09: 10-Strike Bandwidth Monitor 3.9 Buffer Overflow (0)
06-09: HFS Http File Server 2.3m Build 300 Buffer Overflow (0)
06-09: [webapps] Virtual Airlines Manager 2.6.2 – 'airport' SQL Injection (0)
06-09: [webapps] Bludit 3.9.12 – Directory Traversal (0)
06-08: [local] Frigate 3.36.0.9 – 'Command Line' Local Buffer Overflow (SEH) (PoC) (0)
06-08: [webapps] Virtual Airlines Manager 2.6.2 – 'notam' SQL Injection (0)
06-08: [webapps] Kyocera Printer d-COPIA253MF – Directory Traversal (PoC) (0)
06-06: Quick Player 1.3 Denial Of Service (0)
06-06: Online Course Registration 1.0 SQL Injection (0)
06-06: Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure (0)
06-06: Cisco UCS Director Cloupia Script Remote Code Execution (0)
06-06: Avaya IP Office 11 Insecure Transit / Password Disclosure (0)
06-06: WinGate 9.4.1.5998 Insecure Permissions / Privilege Escalation (0)
06-05: http://www.lerdsin.go.th (0)
06-05: AirControl 1.4.2 Remote Code Execution (0)
06-05: IObit Uninstaller 9.5.0.15 Unquoted Service Path (0)
06-05: Clinic Management System 1.0 Remote Code Execution (0)
06-05: Navigate CMS 2.8.7 SQL Injection (0)
06-05: Oriol Espinal CMS 1.0 SQL Injection (0)
06-05: Hostel Management System 2.0 SQL Injection (0)
06-05: Clinic Management System 1.0 Shell Upload (0)
06-05: Underconstructionpage Cross Site Scripting (0)
06-05: D-Link DIR-615 T1 20.10 CAPTCHA Bypass (0)
06-05: Secure Computing SnapGear Management Console SG560 3.1.5 CSRF (0)
06-05: Online Marriage Registration System 1.0 Remote Code Execution (0)
06-05: Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write (0)
06-05: Navigate CMS 2.8.7 Directory Traversal (0)
06-05: NeonLMS Learning Management System PHP Laravel Script 4.6 File Download (0)
06-05: NeonLMS Learning Management System PHP Laravel Script 4.6 XSS (0)
06-05: Cayin Signage Media Player 3.0 Root Remote Command Injection (0)
06-05: Navigate CMS 2.8.7 Cross Site Request Forgery (0)
06-05: Cayin Content Management Server 11.0 Root Remote Command Injection (0)
06-05: VMWare vCloud Director 9.7.0.15498291 Remote Code Execution (0)
06-05: Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection (0)
06-05: WebLogic Server Deserialization Remote Code Execution (0)
06-05: WordPress Drag And Drop Multi File Uploader Remote Code Execution (0)
06-05: [webapps] Online-Exam-System 2015 – 'feedback' SQL Injection (0)
06-05: [webapps] Online Course Registration 1.0 – Authentication Bypass (0)
06-04: Clinic Management System 1.0 SQL Injection (0)
06-04: vCloud Director 9.7.0.15498291 Remote Code Execution (0)
06-04: OpenCart 3.0.3.2 Cross Site Scripting (0)
06-04: Bluetooth Impersonation Attack (BIAS) Proof Of Concept (0)
06-04: JSC JIT Out-Of-Bounds Access (0)
06-04: Sabberworm PHP CSS Code Injection (0)
06-04: Apache Tomcat CVE-2020-9484 Proof Of Concept (0)
06-04: Node.js Hostname Verification Bypass (0)
06-04: Apple Security Advisory 2020-06-01-1 (0)
06-04: Apple Security Advisory 2020-06-01-2 (0)
06-04: Apple Security Advisory 2020-06-01-3 (0)
06-04: Apple Security Advisory 2020-06-01-4 (0)
06-04: [webapps] Online Marriage Registration System 1.0 – Remote Code Execution (0)
06-04: [webapps] D-Link DIR-615 T1 20.10 – CAPTCHA Bypass (0)
06-04: [webapps] Navigate CMS 2.8.7 – Authenticated Directory Traversal (0)
06-04: [webapps] VMWAre vCloud Director 9.7.0.15498291 – Remote Code Execution (0)
06-04: [webapps] Clinic Management System 1.0 – Authenticated Arbitrary File Upload (0)
06-04: [webapps] Navigate CMS 2.8.7 – Cross-Site Request Forgery (Add Admin) (0)
06-04: [webapps] Navigate CMS 2.8.7 – ''sidx' SQL Injection (Authenticated) (0)
06-04: [webapps] Oriol Espinal CMS 1.0 – 'id' SQL Injection (0)
06-04: [local] IObit Uninstaller 9.5.0.15 – 'IObit Uninstaller Service' Unquoted Service Path (0)
06-04: [webapps] Clinic Management System 1.0 – Unauthenticated Remote Code Execution (0)
06-04: [webapps] Hostel Management System 2.0 – 'id' SQL Injection (Unauthenticated) (0)
06-04: [webapps] AirControl 1.4.2 – PreAuth Remote Code Execution (0)
06-03: VMware vCenter Server 6.7 Authentication Bypass (0)
06-03: QuickBox Pro 2.1.8 Remote Code Execution (0)
06-03: Microsoft Windows SMBGhost Remote Code Execution (0)
06-03: vBulletin 5.6.1 SQL Injection (0)
06-02: WordPress BBPress 2.5 Privilege Escalation (0)
06-02: We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection (0)
06-02: We-Com OpenData CMS 2.0 SQL Injection (0)
06-02: Avast Array.prototype.toString Out-Of-Bounds Copy (0)
06-02: Packet Storm New Exploits For May, 2020 (0)
06-02: [remote] vCloud Director 9.7.0.15498291 – Remote Code Execution (0)
06-02: [remote] Microsoft Windows – 'SMBGhost' Remote Code Execution (0)
06-01: [webapps] QuickBox Pro 2.1.8 – Authenticated Remote Code Execution (0)
06-01: [webapps] Wordpress Plugin BBPress 2.5 – Unauthenticated Privilege Escalation (0)

May 2020 (345)

05-30: PanaceaSoft Shell Upload (0)
05-30: WordPress Multi-Scheduler 1.0.0 Cross Site Request Forgery (0)
05-30: Crystal Shard http-protection 0.2.0 IP Spoofing Bypass (0)
05-30: Apple Security Advisory 2020-05-26-2 (0)
05-30: Apple Security Advisory 2020-05-26-1 (0)
05-30: Apple Security Advisory 2020-05-26-6 (0)
05-30: Apple Security Advisory 2020-05-26-7 (0)
05-30: Apple Security Advisory 2020-05-26-3 (0)
05-30: Apple Security Advisory 2020-05-26-8 (0)
05-30: Apple Security Advisory 2020-05-26-5 (0)
05-30: Apple Security Advisory 2020-05-26-9 (0)
05-30: Apple Security Advisory 2020-05-26-10 (0)
05-30: Apple Security Advisory 2020-05-26-11 (0)
05-30: Apple Security Advisory 2020-05-26-4 (0)
05-29: Kuicms PHP EE 2.0 Cross Site Scripting (0)
05-29: Online Marriage Registration System 1.0 Cross Site Scripting (0)
05-29: LimeSurvey 4.1.11 Cross Site Scripting (0)
05-29: osTicket 1.14.1 Cross Site Scripting (0)
05-29: NOKIA VitalSuite SPM 2020 SQL Injection (0)
05-29: EyouCMS 1.4.6 Cross Site Scripting (0)
05-29: Online-Exam-System 2015 SQL Injection (0)
05-29: QNAP QTS And Photo Station 6.0.3 Remote Command Execution (0)
05-29: Firefox Default Content Process DACL Sandbox Escape (0)
05-29: Pi-Hole 4.3.2 DHCP MAC OS Command Execution (0)
05-29: [webapps] Crystal Shard http-protection 0.2.0 – IP Spoofing Bypass (0)
05-29: [webapps] WordPress Plugin Multi-Scheduler 1.0.0 – Cross-Site Request Forgery (Delete User) (0)
05-28: BIND TSIG Denial Of Service (0)
05-28: WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload (0)
05-28: StreamRipper32 2.6 Buffer Overflow (0)
05-28: Pi-hole 4.4.0 Remote Code Execution (0)
05-28: http://www3.djop.moj.go.th/X-m3n.html (0)
05-28: http://www.tambonbandua.go.th/activity/images/ (0)
05-28: http://www.thayai.go.th/activity/images/ (0)
05-28: [webapps] QNAP QTS and Photo Station 6.0.3 – Remote Command Execution (0)
05-28: [webapps] Online-Exam-System 2015 – 'fid' SQL Injection (0)
05-28: [webapps] EyouCMS 1.4.6 – Persistent Cross-Site Scripting (0)
05-28: [webapps] NOKIA VitalSuite SPM 2020 – 'UserName' SQL Injection (0)
05-27: WordPress Form Maker 5.4.1 SQL Injection (0)
05-27: GoldWave 5.70 Buffer Overflow (0)
05-27: Victor CMS 1.0 Cross Site Scripting (0)
05-27: Online Discussion Forum Site 1.0 Remote Code Execution (0)
05-27: OpenEMR Remote Code Execution (0)
05-27: Joomla XCloner Backup 3.5.3 Local File Disclosure (0)
05-27: Pi-Hole 3.3 Command Execution (0)
05-27: [webapps] Kuicms PHP EE 2.0 – Persistent Cross-Site Scripting (0)
05-27: [webapps] osTicket 1.14.1 – 'Ticket Queue' Persistent Cross-Site Scripting (0)
05-27: [webapps] LimeSurvey 4.1.11 – 'Permission Roles' Persistent Cross-Site Scripting (0)
05-27: [webapps] Online Marriage Registration System 1.0 – Persistent Cross-Site Scripting (0)
05-27: [webapps] osTicket 1.14.1 – 'Saved Search' Persistent Cross-Site Scripting (0)
05-26: [webapps] WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 – Remote Code Execution (0)
05-26: [webapps] Joomla! Plugin XCloner Backup 3.5.3 – Local File Inclusion (Authenticated) (0)
05-26: [local] StreamRipper32 2.6 – Buffer Overflow (PoC) (0)
05-26: [webapps] Open-AudIT 3.3.0 – Reflective Cross-Site Scripting (Authenticated) (0)
05-26: [webapps] OpenEMR 5.0.1 – Remote Code Execution (0)
05-26: [webapps] Pi-hole 4.4.0 – Remote Code Execution (Authenticated) (0)
05-25: Composr CMS 10.0.30 Cross Site Scripting (0)
05-25: PHP-Fusion 9.03.50 Cross Site Scripting (0)
05-25: OpenEDX Ironwood 2.5 Remote Code Execution (0)
05-25: Forma.LMS 5.6.40 Cross Site Request Forgery (0)
05-25: AbsoluteTelnet 11.21 Denial Of Service (0)
05-25: WebLogic Server Deserialization Remote Code Execution (0)
05-25: Gym Management System 1.0 Remote Code Execution (0)
05-25: Qualys Security Advisory – Qmail Remote Code Execution (0)
05-25: VUPlayer 2.49 .m3u Local Buffer Overflow (0)
05-25: Druva inSync Windows Client 6.6.3 Local Privilege Escalation (0)
05-25: Synology DiskStation Manager smart.cgi Remote Command Execution (0)
05-25: Plesk / myLittleAdmin ViewState .NET Deserialization (0)
05-25: Apple Security Advisory 2020-05-20-1 (0)
05-25: http://charoenrat.go.th (0)
05-25: [webapps] Online Discussion Forum Site 1.0 – Remote Code Execution (0)
05-25: [local] GoldWave – Buffer Overflow (SEH Unicode) (0)
05-25: [remote] Plesk/myLittleAdmin – ViewState .NET Deserialization (Metasploit) (0)
05-25: [webapps] Wordpress Plugin Form Maker 5.4.1 – 's' SQL Injection (Authenticated) (0)
05-22: [remote] WebLogic Server – Deserialization RCE – BadAttributeValueExpException (Metasploit) (0)
05-22: [webapps] Gym Management System 1.0 – Unauthenticated Remote Code Execution (0)
05-22: [local] Druva inSync Windows Client 6.6.3 – Local Privilege Escalation (0)
05-22: [webapps] Dolibarr 11.0.3 – Persistent Cross-Site Scripting (0)
05-22: [dos] Konica Minolta FTP Utility 1.0 – 'NLST' Denial of Service (PoC) (0)
05-22: [dos] Filetto 1.0 – 'FEAT' Denial of Service (PoC) (0)
05-22: [dos] Konica Minolta FTP Utility 1.0 – 'LIST' Denial of Service (PoC) (0)
05-22: [local] VUPlayer 2.49 .m3u – Local Buffer Overflow (DEP,ASLR) (0)
05-21: Craft CMS 3 vCard 1.0.0 Remote Code Execution (0)
05-21: CloudMe 1.11.2 SEH / DEP / ASLR Buffer Overflow (0)
05-21: http://ecocenter.diw.go.th/87.html (0)
05-21: [webapps] forma.lms 5.6.40 – Cross-Site Request Forgery (Change Admin Email) (0)
05-21: [dos] AbsoluteTelnet 11.21 – 'Username' Denial of Service (PoC) (0)
05-20: Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service (0)
05-20: Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization (0)
05-20: [webapps] CraftCMS 3 vCard Plugin 1.0.0 – Remote Code Execution (0)
05-19: Mikrotik Router Monitoring System 1.2.3 SQL Injection (0)
05-19: Konica Minolta FTP Utility 1.0 Denial Of Service (0)
05-19: Filetto 1.0 Denial Of Service (0)
05-19: HP LinuxKI 6.01 Remote Command Injection (0)
05-19: Forma.LMS The E-Learning Suite 2.3.0.2 Cross Site Scripting (0)
05-19: Online Examination System 1.0 SQL Injection (0)
05-19: Online Healthcare Patient Record Management System 1.0 SQL Injection (0)
05-19: Online Healthcare Management System 1.0 SQL Injection (0)
05-19: Online Chatting System 1.0 SQL Injection (0)
05-19: WordPress Ajax Load More 5.3.1 SQL Injection (0)
05-19: Oracle Hospitality RES 3700 5.7 Remote Code Execution (0)
05-19: Pi-Hole heisenbergCompensator Blocklist OS Command Execution (0)
05-19: Dolibarr 11.0.3 Cross Site Scripting (0)
05-19: Victor CMS 1.0 Cross Site Scripting (0)
05-19: Victor CMS 1.0 SQL Injection (0)
05-19: qdPM 9.1 Cross Site Scripting (0)
05-19: Submitty 20.04.01 Cross Site Scripting (0)
05-19: NukeViet VMS 4.4.00 Cross Site Request Forgery (0)
05-19: PHP-Fusion 9.03.50 SQL Injection (0)
05-19: Victor CMS 1.0 Shell Upload (0)
05-19: [remote] Pi-Hole – heisenbergCompensator Blocklist OS Command Execution (Metasploit) (0)
05-19: [webapps] Victor CMS 1.0 – Authenticated Arbitrary File Upload (0)
05-19: [webapps] Victor CMS 1.0 – 'comment_author' Persistent Cross-Site Scripting (0)
05-19: [webapps] NukeViet VMS 4.4.00 – Cross-Site Request Forgery (Change Admin Password) (0)
05-19: [webapps] Submitty 20.04.01 – Persistent Cross-Site Scripting (0)
05-19: [webapps] php-fusion 9.03.50 – 'ctype' SQL Injection (0)
05-19: [webapps] Victor CMS 1.0 – 'cat_id' SQL Injection (0)
05-19: [webapps] qdPM 9.1 – 'cfg[app_app_name]' Persistent Cross-Site Scripting (0)
05-18: [remote] HP LinuxKI 6.01 – Remote Command Injection (0)
05-18: [webapps] Online Healthcare management system 1.0 – Authentication Bypass (0)
05-18: [webapps] Mikrotik Router Monitoring System 1.2.3 – 'community' SQL Injection (0)
05-18: [webapps] Online Healthcare Patient Record Management System 1.0 – Authentication Bypass (0)
05-18: [webapps] online Chatting System 1.0 – 'id' SQL Injection (0)
05-18: [webapps] Monstra CMS 3.0.4 – Authenticated Arbitrary File Upload (0)
05-18: [webapps] Oracle Hospitality RES 3700 5.7 – Remote Code Execution (0)
05-18: [webapps] forma.lms The E-Learning Suite 2.3.0.2 – Persistent Cross-Site Scripting (0)
05-18: [webapps] Wordpress Plugin Ajax Load More 5.3.1 – '#1' Authenticated SQL Injection (0)
05-18: [webapps] Online Examination System 1.0 – 'eid' SQL Injection (0)
05-16: vBulletin 5.6.1 SQL Injection (0)
05-16: ManageEngine Service Desk 10.0 Cross Site Scripting (0)
05-16: SecureCRT Memory Corruption (0)
05-16: ACal 2.2.6 Remote Code Execution (0)
05-16: Microsoft Windows Task Scheduler Security Feature Bypass (0)
05-16: ManageEngine AssetExplorer Authenticated Command Execution (0)
05-16: http://odpc1.ddc.moph.go.th/LPHJ/public/site/images/zbi/Ma.gif (0)
05-15: Subrion CMS 4.2.1 Cross Site Scripting (0)
05-15: Subrion CMS 4.2.1 Cross Site Request Forgery (0)
05-15: Dameware Remote Support 12.1.1.273 Buffer Overflow (0)
05-15: Netlink XPON 1GE WiFi V2801RGW Remote Command Execution (0)
05-15: E-Commerce System 1.0 Remote Code Execution (0)
05-15: Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation (0)
05-15: https://www.sansalee.go.th/coli.txt (0)
05-15: iOS Exploits Prices Crash Significantly (0)
05-15: [webapps] vBulletin 5.6.1 – 'nodeId' SQL Injection (0)
05-15: [webapps] ManageEngine Service Desk 10.0 – Cross-Site Scripting (0)
05-14: Remote Desktop Audit 2.3.0.157 Buffer Overflow (0)
05-14: Tryton 5.4 Cross Site Scripting (0)
05-14: Sellacious eCommerce Shop Cross Site Scripting (0)
05-14: http://yardfon.go.th/images/mendy.txt (0)
05-14: [webapps] E-Commerce System 1.0 – Unauthenticated Remote Code Execution (0)
05-14: [local] Dameware Remote Support 12.1.1.273 – Buffer Overflow (SEH) (0)
05-14: [webapps] Netlink XPON 1GE WiFi V2801RGW – Remote Command Execution (0)
05-14: [webapps] Complaint Management System 1.0 – 'username' SQL Injection (0)
05-13: Chrome Typer::Visitor::TypeInductionVariablePhi Type Inference (0)
05-13: Orchard Core RC1 Cross Site Scripting (0)
05-13: WordPress ChopSlider3 3.4 SQL Injection (0)
05-13: TylerTech Eagle 2018.3.11 Remote Code Execution (0)
05-13: macOS 320.whatis Script Privilege Escalation (0)
05-13: CuteNews 2.1.2 Authenticated Shell Upload (0)
05-13: Cisco Digital Network Architecture Center 1.3.1.4 Cross Site Scripting (0)
05-13: qdPM 9.1 Arbitrary File Upload (0)
05-13: LanSend 3.2 Buffer Overflow (0)
05-13: Adobe DNG SDK dng_lossless_decoder::DecodeImage Out-Of-Bounds Read (0)
05-13: Adobe DNG SDK Memory Corruption (0)
05-13: SaltStack Salt Master/Minion Unauthenticated Remote Code Execution (0)
05-13: Netsweeper WebAdmin unixlogin.php Python Code Injection (0)
05-13: Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation (0)
05-13: [local] Remote Desktop Audit 2.3.0.157 – Buffer Overflow (SEH) (0)
05-12: Kartris 1.6 Arbitrary File Upload (0)
05-12: Pi-hole 4.4 Remote Code Execution (0)
05-12: Pi-hole 4.4 Remote Code Execution / Privilege Escalation (0)
05-12: Online AgroCulture Farm Management System 1.0 SQL Injection (0)
05-12: Victor CMS 1.0 SQL Injection (0)
05-12: CuteNews 2.1.2 Arbitrary File Deletion (0)
05-12: Complaint Management System 1.0 SQL Injection (0)
05-12: LibreNMS 1.46 SQL Injection (0)
05-12: [local] MacOS 320.whatis Script – Privilege Escalation (0)
05-12: [local] LanSend 3.2 – Buffer Overflow (SEH) (0)
05-12: [webapps] Cisco Digital Network Architecture Center 1.3.1.4 – Persistent Cross-Site Scripting (0)
05-12: [webapps] CuteNews 2.1.2 – Authenticated Arbitrary File Upload (0)
05-12: [webapps] ChopSlider3 Wordpress Plugin3.4 – 'id' SQL Injection (0)
05-12: [webapps] qdPM 9.1 – Arbitrary File Upload (0)
05-12: [webapps] Orchard Core RC1 – Persistent Cross-Site Scripting (0)
05-11: [webapps] LibreNMS 1.46 – 'search' SQL Injection (0)
05-11: [webapps] Complaint Management System 1.0 – Authentication Bypass (0)
05-11: [webapps] Online AgroCulture Farm Management System 1.0 – 'uname' SQL Injection (0)
05-11: [webapps] Victor CMS 1.0 – 'post' SQL Injection (0)
05-11: [webapps] OpenZ ERP 3.6.60 – Persistent Cross-Site Scripting (0)
05-11: [local] SolarWinds MSP PME Cache Service 1.1.14 – Insecure File Permissions (0)
05-11: [webapps] Sentrifugo CMS 3.2 – Persistent Cross-Site Scripting (0)
05-11: [webapps] CuteNews 2.1.2 – Arbitrary File Deletion (0)
05-11: [webapps] Kartris 1.6 – Arbitrary File Upload (0)
05-10: cpCommerce v1.2.8 – (id_document) Blind SQL Injection (0)
05-10: [webapps] Pi-hole < 4.4 – Remote Code Execution / Privileges Escalation (0)
05-10: [webapps] Pi-hole < 4.4 – Remote Code Execution (0)
05-09: ManageEngine DataSecurity Plus Path Traversal / Code Execution (0)
05-09: Tiny MySQL Cross Site Scripting (0)
05-09: Qik Chat 3.0 Command Injection (0)
05-09: WordPress ChopSlider 3 SQL Injection (0)
05-09: WebTareas 2.0p8 Cross Site Scripting (0)
05-09: ManageEngine DataSecurity Plus Authentication Bypass (0)
05-09: WordPress Dosimple Theme 2.0 Cross Site Scripting (0)
05-09: Creative Zone SQL Injection (0)
05-09: ManageEngine Asset Explorer Windows Agent Remote Code Execution (0)
05-09: Service Tracing Privilege Escalation (0)
05-09: Microsoft Windows NtUserMNDragOver Local Privilege Escalation (0)
05-09: Samsung Android Remote Code Execution (0)
05-09: Linux futex+VFS Use-After-Free (0)
05-09: Linux 5.6 IORING_OP_MADVISE Race Condition (0)
05-09: http://e-mining.dpim.go.th/java.html (0)
05-09: http://www.nanual.go.th/m-1.html (0)
05-09: https://www.phanomphrailocal.go.th/m-1.html (0)
05-09: http://www.koksawang.go.th/m-1.html (0)
05-09: http://www.hora.go.th/m-1.html (0)
05-09: http://pnpmuni.go.th/m-1.html (0)
05-08: Online AgroCulture Farm Management System 1.0 SQL Injection (0)
05-08: School File Management System 1.0 SQL Injection (0)
05-08: SolarWinds MSP PME Cache Service Insecure File Permissions / Code Execution (0)
05-08: Sentrifugo CMS 3.2 Cross Site Scripting (0)
05-08: Car Park Management System 1.0 SQL Injection (0)
05-08: iChat 1.6 Cross Site Scripting (0)
05-08: KeeWeb 1.14.0 HTML Injection (0)
05-08: OpenZ ERP 3.6.60 Cross Site Scripting (0)
05-08: Online Clothing Store 1.0 Arbitrary File Upload (0)
05-08: Create-Project Manager 1.07 Cross Site Scripting / HTML Injection (0)
05-08: Draytek VigorAP Cross Site Scripting (0)
05-08: LANCOM WLAN Controller Cross Site Scripting (0)
05-08: http://www.manangdalam.go.th/y.htm (0)
05-08: http://www.danmakhamtiahospital.go.th (0)
05-08: http://www.khamhai.go.th/m-1.html (0)
05-08: http://srinonngam.go.th/m-1.html (0)
05-08: http://www.narathiwat2.go.th/m-1.html (0)
05-08: http://www.yaplonglocal.go.th/m-1.html (0)
05-08: Sellacious eCommerce – Multiple Persistent Vulnerabilities (0)
05-08: http://phoyai.go.th/m-1.html (0)
05-08: http://www.chanuwan.go.th/m-1.html (0)
05-08: http://keelek.go.th/m-1.html (0)
05-08: http://www.dongdang.go.th/m-1.html (0)
05-08: http://www.phochai.go.th/m-1.html (0)
05-08: http://www.nom101.go.th/m-1.html (0)
05-08: http://www.sawang.go.th/m-1.html (0)
05-08: http://kutnamsai.go.th/m-1.html (0)
05-08: http://wareesawat.go.th/m-1.html (0)
05-08: http://www.khoyai.go.th/m-1.html (0)
05-08: http://www.toomsisaket.go.th/m-1.html (0)
05-08: http://www.srakaew-phanomphai.go.th/m-1.html (0)
05-08: http://www.mueangnoi.go.th/m-1.html (0)
05-08: http://www.nongphok101.go.th/m-1.html (0)
05-08: http://thawatburi.go.th/m-1.html (0)
05-08: [dos] Extreme Networks Aerohive HiveOS 11.0 – Remote Denial of Service (PoC) (0)
05-07: GitLab 12.9.0 Arbitrary File Read (0)
05-07: i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion (0)
05-07: Booked Scheduler 2.7.7 Directory Traversal (0)
05-07: MPC Sharj 3.11.1 Arbitrary File Download (0)
05-07: Pisay Online E-Learning System 1.0 SQL Injection / Code Execution (0)
05-07: YesWiki cercopitheque 2020.04.18.1 SQL Injection (0)
05-07: webTareas 2.0.p8 Arbitrary File Deletion (0)
05-07: Online Clothing Store 1.0 SQL Injection (0)
05-07: Online Clothing Store 1.0 Cross Site Scripting (0)
05-07: Extreme Networks Aerohive HiveOS 11.x Denial Of Service (0)
05-07: Kentico CMS 12.0.14 Remote Command Execution (0)
05-07: Draytek VigorAP – (RADIUS) Persistent XSS Vulnerability (0)
05-07: Creative Zone – (id) Remote SQL Injection Vulnerability (0)
05-07: Wordpress Theme Dosimple v2.0 – XSS Web Vulnerability (0)
05-07: Tiny MySQL – Cross Site Scripting Vulnerability (0)
05-07: [webapps] Online AgroCulture Farm Management System 1.0 – 'pid' SQL Injection (0)
05-07: [webapps] Pisay Online E-Learning System 1.0 – Remote Code Execution (0)
05-07: [webapps] Online Clothing Store 1.0 – Arbitrary File Upload (0)
05-07: [webapps] School File Management System 1.0 – 'username' SQL Injection (0)
05-07: [webapps] Draytek VigorAP 1000C – Persistent Cross-Site Scripting (0)
05-07: [dos] FlashGet 1.9.6 – Denial of Service (PoC) (0)
05-07: [webapps] Car Park Management System 1.0 – Authentication Bypass (0)
05-06: OpenZ v3.6.60 ERP – Employee Persistent XSS Vulnerability (0)
05-06: KeeWeb v1.14.0 – (Notes) Html Inject Web Vulnerability (0)
05-06: Oracle Database 11g Release 2 Unquoted Service Path (0)
05-06: Online Scheduling System 1.0 SQL Injection (0)
05-06: PhreeBooks ERP 5.2.5 Remote Command Execution (0)
05-06: SimplePHPGal 0.7 Remote File Inclusion (0)
05-06: WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting (0)
05-06: NEC Electra Elite IPK II WebPro 01.03.01 Session Enumeration (0)
05-06: Saltstack 3000.1 Remote Code Execution (0)
05-06: webERP 4.15.1 Backup Disclosure (0)
05-06: ATutor LMS 2.2.4 Weak Password Reset Hash (0)
05-06: TrixBox CE 2.8.0.4 Command Execution (0)
05-06: IBM Data Risk Manager 2.0.3 Default Password (0)
05-06: IBM Data Risk Manager 2.0.3 Remote Code Execution (0)
05-06: http://www.laoluang101.go.th/datafile/JT.html (0)
05-06: [webapps] GitLab 12.9.0 – Arbitrary File Read (0)
05-06: [webapps] webTareas 2.0.p8 – Arbitrary File Deletion (0)
05-06: [webapps] Online Clothing Store 1.0 – 'username' SQL Injection (0)
05-06: [webapps] Booked Scheduler 2.7.7 – Authenticated Directory Traversal (0)
05-06: [webapps] i-doit Open Source CMDB 1.14.1 – Arbitrary File Deletion (0)
05-06: [webapps] YesWiki cercopitheque 2020.04.18.1 – 'id' SQL Injection (0)
05-06: [webapps] Online Clothing Store 1.0 – Persistent Cross-Site Scripting (0)
05-05: xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control (0)
05-05: OpenSSL signature_algorithms_cert Denial Of Service (0)
05-05: TP-LINK Cloud Cameras NCXXX Bonjour Command Injection (0)
05-05: TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key (0)
05-05: TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection (0)
05-05: FlashGet 1.9.6 Buffer Overflow Proof Of Concept (0)
05-05: iJoomla AdAgency 6.0.9 SQL Injection (0)
05-05: BlogEngine 3.3 XML Injection (0)
05-05: osTicket 1.14.1 Cross Site Scripting (0)
05-05: Fishing Reservation System SQL Injection (0)
05-05: BoltWire 6.03 Local File Inclusion (0)
05-05: HP Performance Monitoring xglance Privilege Escalation (0)
05-05: Veeam ONE Agent .NET Deserialization (0)
05-05: Outline Service 1.3.3 Unquoted Service Path (0)
05-05: Frigate 3.36 SEH Buffer Overflow (0)
05-05: addressbook 9.0.0.1 SQL Injection (0)
05-05: File Explorer 1.4 Access Bypass (0)
05-05: Sentrifugo v3.2 CMS – Persistent XSS Web Vulnerability (0)
05-05: Qik Chat v3.0 iOS – (Name) Command Inject Vulnerability (0)
05-05: [webapps] NEC Electra Elite IPK II WebPro 01.03.01 – Session Enumeration (0)
05-05: [webapps] SimplePHPGal 0.7 – Remote File Inclusion (0)
05-05: [webapps] BlogEngine 3.3 – 'syndication.axd' XML External Entity Injection (0)
05-05: [webapps] webERP 4.15.1 – Unauthenticated Backup File Access (0)
05-05: [webapps] Online Scheduling System 1.0 – 'username' SQL Injection (0)
05-05: [local] Oracle Database 11g Release 2 – 'OracleDBConsoleorcl' Unquoted Service Path (0)
05-05: [webapps] Fishing Reservation System 7.5 – 'uid' SQL Injection (0)
05-05: [remote] Saltstack 3000.2 – Remote Code Execution (0)
05-04: File Explorer v1.4 iOS – Multiple Persistent Vulnerabilities (0)
05-04: Fishing Reservation System – SQL Injection Vulnerabilities (0)
05-04: [webapps] addressbook 9.0.0.1 – 'id' SQL Injection (0)
05-04: [local] Frigate 3.36 – Buffer Overflow (SEH) (0)
05-04: [local] Outline Service 1.3.3 – 'Outline Service ' Unquoted Service Path (0)
05-04: [webapps] osTicket 1.14.1 – Persistent Authenticated Cross-Site Scripting (0)
05-04: [webapps] BoltWire 6.03 – Local File Inclusion (0)
05-03: FlashGet v1.9.6 – Remote Buffer Overflow Vulnerability (0)
05-03: iJoomla com_adagency v6.0.9 – SQL Injection Vulnerabilities (0)
05-03: Joomla com_content v1.5 – Blind SQL-Injection Vulnerability (0)
05-02: VirtualTablet Server 3.0.2 Denial Of Service (0)
05-02: Online Scheduling System 1.0 Cross Site Scripting (0)
05-02: Online Scheduling System 1.0 Authentication Bypass (0)
05-02: PHP-Fusion 9.03.50 Cross Site Scripting (0)
05-02: Apache OFBiz 17.12.03 Cross Site Request Forgery (0)
05-02: Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access (0)
05-02: Packet Storm New Exploits For April, 2020 (0)
05-02: http://lpa.nfe.go.th/gotcha.php (0)
05-01: ChemInv 1 Cross Site Scripting (0)
05-01: HardDrive 2.1 Arbitrary File Upload (0)
05-01: [webapps] Super Backup 2.0.5 for iOS – Directory Traversal (0)
05-01: [webapps] Online Scheduling System 1.0 – Persistent Cross-Site Scripting (0)
05-01: [dos] VirtualTablet Server 3.0.2 – Denial of Service (PoC) (0)
05-01: [webapps] php-fusion 9.03.50 – Persistent Cross-Site Scripting (0)
05-01: [webapps] ChemInv 1.0 – Authenticated Persistent Cross-Site Scripting (0)

April 2020 (344)

04-30: Andrea ST Filters Service 1.0.64.7 Unquoted Service Path (0)
04-30: School ERP Pro 1.0 SQL Injection (0)
04-30: School ERP Pro 1.0 Remote Code Execution (0)
04-30: School ERP Pro 1.0 Arbitrary File Read (0)
04-30: Open-AudIT 3.2.2 Command Injection / SQL Injection (0)
04-30: Open-AudIT Professional 3.3.1 Remote Code Execution (0)
04-30: NVIDIA Update Service Daemon 1.0.21 Unquoted Service Path (0)
04-30: Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload (0)
04-30: EmEditor 19.8 Insecure File Permissions (0)
04-30: hits script 1.0 SQL Injection (0)
04-30: Druva inSync Windows Client 6.5.2 Privilege Escalation (0)
04-30: Apache Shiro 1.2.4 Remote Code Execution (0)
04-30: POS PHP v17.5 – (Employees) Persistent Web Vulnerability (0)
04-30: Super Backup v2.0.5 iOS – Directory Traversal Vulnerability (0)
04-29: CloudMe 1.11.2 Buffer Overflow (0)
04-29: Source Engine CS:GO Build 4937372 Arbitrary Code Execution (0)
04-29: Project Open CMS 5.0.3 Cross Site Scripting / SQL Injection (0)
04-29: POS PHP 17.5 Cross Site Scripting (0)
04-29: Easy Transfer 1.7 Cross Site Scripting / Directory Traversal (0)
04-29: File Sharing And Chat 1.0 Denial Of Service (0)
04-29: Internet Download Manager 6.37.11.1 Buffer Overflow (0)
04-29: Transfer Master 3.3 Denial Of Service (0)
04-29: File Explorer 1.4 Information Disclosure (0)
04-29: Chrome ReadableStream::Close Out-Of-Bounds Access (0)
04-29: HardDrive v2.1 iOS – Arbitrary File Upload Vulnerability (0)
04-29: OpenCATS v0.9.4-3 – Multiple Cross Site Web Vulnerabilities (0)
04-29: Microsoft Windows 2012 R2 (x64) – (MMC) DoS Vulnerability (0)
04-29: [webapps] hits script 1.0 – 'item_name' SQL Injection (0)
04-29: [local] Internet Download Manager 6.37.11.1 – Stack Buffer Overflow (PoC) (0)
04-29: [webapps] Easy Transfer 1.7 for iOS – Directory Traversal (0)
04-29: [webapps] School ERP Pro 1.0 – Arbitrary File Read (0)
04-29: [webapps] Open-AudIT Professional 3.3.1 – Remote Code Execution (0)
04-29: [local] Andrea ST Filters Service 1.0.64.7 – 'Andrea ST Filters Service ' Unquoted Service Path (0)
04-28: jQuery html() Cross Site Scripting (0)
04-28: Open-AudIT 3.3.0 Cross Site Scripting (0)
04-28: Netis E1+ 1.2.32533 Hardcoded Backdoor Account (0)
04-28: PHP-Fusion 9.03.50 Arbitrary File Upload (0)
04-28: Netis E1+ 1.2.32533 Password Leak (0)
04-28: Geeklog 2.2.1 Cross Site Scripting (0)
04-28: Online Shopping System Advanced 1.0 SQL Injection (0)
04-28: Online Course Registration 2.0 SQL Injection (0)
04-28: Maian Support Helpdesk 4.3 Cross Site Request Forgery (0)
04-28: Geeklog 2.2.1 SQL Injection (0)
04-28: Docker-Credential-Wincred.exe Privilege Escalation (0)
04-28: File Explorer v1.4 iOS – Information Disclosure Vulnerability (0)
04-28: Transfer Master v3.3 iOS – Denial of Service Vulnerability (0)
04-28: POS PHP v17.5 – Persistent Cross Site Web Vulnerability (0)
04-28: IDM v6.37.11.1 – Stack Buffer Overflow Vulnerabilities (0)
04-28: [webapps] School ERP Pro 1.0 – Remote Code Execution (0)
04-28: [local] NVIDIA Update Service Daemon 1.0.21 – 'nvUpdatusService' Unquoted Service Path (0)
04-28: [webapps] School ERP Pro 1.0 – 'es_messagesid' SQL Injection (0)
04-28: [remote] CloudMe 1.11.2 – Buffer Overflow (PoC) (0)
04-28: [local] Docker-Credential-Wincred.exe – Privilege Escalation (Metasploit) (0)
04-27: Project Open v5.0.3 CMS – Multiple Web Vulnerabilities (0)
04-27: File Sharing & Chat v1.0 iOS – Denial of Service Vulnerability (0)
04-27: Easy Transfer v1.7 iOS – Multiple Web Vulnerabilities (0)
04-27: [webapps] Netis E1+ V1.2.32533 – Unauthenticated WiFi Password Leak (0)
04-27: [webapps] PHP-Fusion 9.03.50 – 'Edit Profile' Arbitrary File Upload (0)
04-27: [local] Source Engine CS:GO BuildID: 4937372 – Arbitrary Code Execution (0)
04-27: [webapps] Maian Support Helpdesk 4.3 – Cross-Site Request Forgery (Add Admin) (0)
04-27: [webapps] Online Course Registration 2.0 – Authentication Bypass (0)
04-27: [webapps] Online shopping system advanced 1.0 – 'p' SQL Injection (0)
04-27: [webapps] Netis E1+ 1.2.32533 – Backdoor Account (root) (0)
04-25: Popcorn Time 6.2 Unquoted Service Path (0)
04-25: EspoCRM 5.8.5 Privilege Escalation (0)
04-25: Edimax EW-7438RPn 1.13 Remote Code Execution (0)
04-25: Air Sender 1.0.2 Arbitrary File Upload (0)
04-25: Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution (0)
04-24: Apple Disputes Recent iOS Zero Day Claim (0)
04-24: User Management System 2.0 Cross Site Scripting (0)
04-24: User Management System 2.0 SQL Injection (0)
04-24: Complaint Management System 4.2 Cross Site Scripting (0)
04-24: AMD Radeon DirectX 11 Driver 8.17.10.0871 Memory Corruption (0)
04-24: Complaint Management System 4.2 SQL Injection (0)
04-24: Complaint Management System 4.2 Cross Site Request Forgery (0)
04-24: Zen Load Balancer 3.10.1 Directory Traversal (0)
04-24: WebRTC FEC Extension Processing Out-Of-Bounds Write (0)
04-24: Chrome AudioArray::Allocate Data Race / Out-Of-Bounds Access (0)
04-24: WebRTC Layer Info Out-Of-Bounds Write (0)
04-24: WebKit AudioArray::allocate Data Race / Out-Of-Bounds Access (0)
04-24: Air Sender v1.0.2 iOS – Arbitrary File Upload Vulnerability (0)
04-24: Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks (0)
04-24: [webapps] Furukawa Electric ConsciusMAP 2.8.1 – Remote Code Execution (0)
04-24: [local] Popcorn Time 6.2 – 'Update service' Unquoted Service Path (0)
04-24: [webapps] Edimax EW-7438RPn 1.13 – Remote Code Execution (0)
04-24: [webapps] EspoCRM 5.8.5 – Privilege Escalation (0)
04-23: Edimax EW-7438RPn Cross Site Request Forgery (0)
04-23: Edimax EW-7438RPn Information Disclosure (0)
04-23: RM Downloader 3.1.3.2.2010.06.13 Buffer Overflow (0)
04-23: http://cheewan.go.th/def.html (0)
04-23: SuperBackup v2.0.5 – Multiple Site Scripting Vulnerabilities (0)
04-23: [webapps] Complaint Management System 4.2 – Persistent Cross-Site Scripting (0)
04-23: [webapps] Sky File 2.1.0 iOS – Directory Traversal (0)
04-23: [webapps] Zen Load Balancer 3.10.1 – Directory Traversal (Metasploit) (0)
04-23: [webapps] Complaint Management System 4.2 – Cross-Site Request Forgery (Delete User) (0)
04-23: [webapps] Complaint Management System 4.2 – Authentication Bypass (0)
04-23: [webapps] User Management System 2.0 – Persistent Cross-Site Scripting (0)
04-23: [webapps] User Management System 2.0 – Authentication Bypass (0)
04-22: Folder Lock 3.4.5 Cross Site Scripting (0)
04-22: IBM Data Risk Manager Authentication Bypass / Command Injection / File Download (0)
04-22: CSZ CMS 1.2.7 Cross Site Scripting (0)
04-22: CSZ CMS 1.2.7 HTML Injection (0)
04-22: IQrouter 3.3.1 Remote Code Execution (0)
04-22: NSClient++ 0.5.2.35 Authenticated Remote Code Execution (0)
04-22: Spiderman2 2.1.1 Buffer Overflow (0)
04-22: jizhi CMS 1.6.7 Arbitrary File Download (0)
04-22: Sysaid 20.1.11 b26 Remote Command Execution (0)
04-22: PMB 5.6 SQL Injection (0)
04-22: P5 FNIP-8x16A/FNIP-4xSH CSRF / Cross Site Scripting (0)
04-22: Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption (0)
04-22: haproxy hpack-tbl.c Out-Of-Bounds Write (0)
04-22: Mahara 19.10.2 Cross Site Scripting (0)
04-22: Sky File 2.1.0 Cross Site Scripting / Directory Traversal (0)
04-22: QRadar Community Edition 7.3.1.6 Default Credentials (0)
04-22: QRadar Community Edition 7.3.1.6 Server Side Request Forgery (0)
04-22: QRadar Community Edition 7.3.1.6 CSRF / Weak Access Control (0)
04-22: QRadar Community Edition 7.3.1.6 Cross Site Scripting (0)
04-22: QRadar Community Edition 7.3.1.6 Insecure File Permissions (0)
04-22: QRadar Community Edition 7.3.1.6 PHP Object Injection (0)
04-22: QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation (0)
04-22: QRadar Community Edition 7.3.1.6 Authorization Bypass (0)
04-22: QRadar Community Edition 7.3.1.6 Path Traversal (0)
04-22: Cisco AnyConnect Secure Mobility Client 4.8.01090 Privilege Escalation (0)
04-22: Air Share v1.2 iOS – Multiple Cross Site Web Vulnerabilities (0)
04-22: [webapps] Mahara 19.10.2 CMS – Persistent Cross-Site Scripting (0)
04-22: [webapps] Edimax EW-7438RPn – Information Disclosure (WiFi Password) (0)
04-22: [local] RM Downloader 3.1.3.2.2010.06.13 – 'Load' Buffer Overflow (SEH) (0)
04-22: [webapps] Edimax EW-7438RPn – Cross-Site Request Forgery (MAC Filtering) (0)
04-21: Atomic Alarm Clock 6.3 Unquoted Service Path (0)
04-21: Rubo DICOM Viewer 2.0 Buffer Overflow (0)
04-21: Atomic Alarm Clock 6.3 Stack Overflow (0)
04-21: ALLPlayer 7.6 Buffer Overflow (0)
04-21: Nsauditor 3.2.1.0 Buffer Overflow (0)
04-21: Xinfire TV Player 6.0.1.2 Buffer Overflow (0)
04-21: Xinfire DVD Player 5.5.0.0 Buffer Overflow (0)
04-21: Centreon 19.10.5 SQL Injection (0)
04-21: Sky File v2.1.0 iOS – Multiple Web Vulnerabilities (0)
04-21: Mahara v19.10.2 CMS – Persistent Cross Site Vulnerability (0)
04-21: [webapps] PMB 5.6 – 'logid' SQL Injection (0)
04-21: [webapps] CSZ CMS 1.2.7 – Persistent Cross-Site Scripting (0)
04-21: [remote] Neowise CarbonFTP 1.4 – Insecure Proprietary Password Encryption (0)
04-21: [webapps] P5 FNIP-8x16A FNIP-4xSH 1.0.20 – Cross-Site Request Forgery (Add Admin) (0)
04-21: [webapps] jizhi CMS 1.6.7 – Arbitrary File Download (0)
04-21: [webapps] NSClient++ 0.5.2.35 – Authenticated Remote Code Execution (0)
04-21: [local] Oracle Solaris Common Desktop Environment 1.6 – Local Privilege Escalation (0)
04-21: [webapps] IQrouter 3.3.1 Firmware – Remote Code Execution (0)
04-21: [webapps] CSZ CMS 1.2.7 – 'title' HTML Injection (0)
04-20: Folder Lock v3.4.5 iOS – Multiple Web Vulnerabilities (0)
04-20: Phpgurukul User Registration v2.0 – Multiple Vulnerabilities (0)
04-20: [remote] Unraid 6.8.0 – Auth Bypass PHP Code Execution (Metasploit) (0)
04-20: [local] Atomic Alarm Clock x86 6.3 – 'AtomicAlarmClock' Unquoted Service Path (0)
04-20: [local] Rubo DICOM Viewer 2.0 – Buffer Overflow (SEH) (0)
04-20: [local] Nsauditor 3.2.1.0 – Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite)) (0)
04-20: [webapps] Fork CMS 5.8.0 – Persistent Cross-Site Scripting (0)
04-20: [webapps] Centreon 19.10.5 – 'id' SQL Injection (0)
04-20: [local] Atomic Alarm Clock 6.3 – Stack Overflow (Unicode+SEH) (0)
04-19: Bundeswehr Karriere – Cross Site Scripting Vulnerability (0)
04-18: Easy MPEG To DVD Burner 1.7.11 Buffer Overflow (0)
04-18: Cisco IP Phone 11.7 Denial Of Service (0)
04-18: Playable 9.18 Script Insertion / Arbitrary File Upload (0)
04-18: Code Blocks 16.01 Buffer Overflow (0)
04-18: TAO Open Source Assessment Platform 3.3.0 RC02 Cross Site Scripting (0)
04-18: SMACom 1.2.0 Insecure Transit / Password Disclosure (0)
04-18: Metasploit Libnotify Arbitrary Command Execution (0)
04-18: Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution (0)
04-18: Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution (0)
04-18: Swift File Transfer Mobile Cross Site Scripting / Information Disclosure (0)
04-18: Fork CMS 5.8.0 Script Insertion (0)
04-18: Common Desktop Environment 1.6 Local Privilege Escalation (0)
04-18: Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow (0)
04-18: Oracle Solaris 11.x / 10 whodo / w Buffer Overflow (0)
04-17: http://www.rb2.go.th/admin/pic_title/1700400107041202004171587057757.jpg (0)
04-17: Swift File Transfer Mobile – Multiple Web Vulnerabilities (0)
04-17: Fork CMS v5.8.0 – Multiple Persistent Web Vulnerbilities (0)
04-17: Nexus Repository Manager 3.21.1-01 Remote Code Execution (0)
04-17: Microsoft Windows Unquoted Service Path Privilege Escalation (0)
04-17: [local] Code Blocks 16.01 – Buffer Overflow (SEH) UNICODE (0)
04-17: [remote] Nexus Repository Manager – Java EL Injection RCE (Metasploit) (0)
04-16: Pinger 1.0 Remote Code Execution (0)
04-16: BlazeDVD 7.0.2 Buffer Overflow (0)
04-16: Bundeswehr Karriere Cross Site Scripting (0)
04-16: DedeCMS 7.5 SP2 Cross Site Scripting (0)
04-16: DedeCMS 7.5 SP2 Persistent Cross Site Scripting (0)
04-16: SuperBackup 2.0.5 Persistent Cross Site Scripting (0)
04-16: File Transfer iFamily 2.1 Directory Traversal (0)
04-16: Macs Framework 1.14f Cross Site Scripting / SQL Injection (0)
04-16: SeedDMS 5.1.18 Persistent Cross Site Scripting (0)
04-16: AirDisk Pro 5.5.3 Persistent Cross Site Scripting (0)
04-16: Microsoft Windows NtFilterToken ParentTokenId Incorrect Setting Privilege Escalation (0)
04-16: Microsoft Windows SE_SERVER_SECURITY Security Descriptor Owner Privilege Escalation (0)
04-16: Git Credential Helper Protocol Newline Injection (0)
04-16: Liferay Portal Java Unmarshalling Remote Code Execution (0)
04-16: TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution (0)
04-16: Playable v9.18 iOS – Multiple Web Vulnerabilities (0)
04-16: TAO AP v3.3.0 RC02 – Multiple Web Vulnerabilities (0)
04-16: [remote] Apache Solr – Remote Code Execution via Velocity Template (Metasploit) (0)
04-16: [remote] DotNetNuke – Cookie Deserialization Remote Code Execution (Metasploit) (0)
04-16: [remote] PlaySMS – index.php Unauthenticated Template Injection Code Execution (Metasploit) (0)
04-16: [remote] Pandora FMS – Ping Authenticated Remote Code Execution (Metasploit) (0)
04-16: [remote] Liferay Portal – Java Unmarshalling via JSONWS RCE (Metasploit) (0)
04-16: [remote] ThinkPHP – Multiple PHP Injection RCEs (Metasploit) (0)
04-16: [remote] TP-Link Archer A7/C7 – Unauthenticated LAN Remote Code Execution (Metasploit) (0)
04-16: [local] VMware Fusion – USB Arbitrator Setuid Privilege Escalation (Metasploit) (0)
04-15: Free Desktop Clock 3.0 Stack Overflow (0)
04-15: Subex ROC Partner Settlement 10.5 Insecure Direct Object Reference (0)
04-15: Webtateas 2.0 Arbitrary File Read (0)
04-15: Huawei HG630 2 Router Authentication Bypass (0)
04-15: WSO2 API Manager Carbon Interface 3.0.0 File Delete (0)
04-15: WordPress Media Library Assistant 2.81 Local File Inclusion (0)
04-15: B64dec 1.1.2 Buffer Overflow (0)
04-15: WSO2 API Manager Carbon Interface 3.0.0 Cross Site Scripting (0)
04-15: TVT NVMS 1000 Directory Traversal (0)
04-15: Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution (0)
04-15: MOVEit Transfer 11.1.1 SQL Injection (0)
04-15: Cellebrite UFED 7.29 Hardcoded ADB Authentication Keys (0)
04-15: Oracle WebLogic Server 12.2.1.4.0 Remote Code Execution (0)
04-15: ThinkPHP 5.0.23 Remote Code Execution (0)
04-15: Vesta Control Panel Authenticated Remote Code Execution (0)
04-15: Matrix42 Workspace Management 9.1.2.2765 Cross Site Scripting (0)
04-15: SuperBackup v2.0.5 iOS – (VCF) Persistent XSS Vulnerability (0)
04-15: AirDisk Pro v5.5.3 iOS – Multiple Persistent Web Vulnerabilities (0)
04-15: SeedDMS v5.1.18 – Multiple Persistent Web Vulnerabilities (0)
04-15: Bundeswehr Karriere – Cross Site Scripting Vulnerability (0)
04-15: [webapps] Macs Framework 1.14f CMS – Persistent Cross-Site Scripting (0)
04-15: [webapps] SeedDMS 5.1.18 – Persistent Cross-Site Scripting (0)
04-15: [webapps] Pinger 1.0 – Remote Code Execution (0)
04-15: [webapps] AirDisk Pro 5.5.3 for iOS – Persistent Cross-Site Scripting (0)
04-15: [webapps] SuperBackup 2.0.5 for iOS – Persistent Cross-Site Scripting (0)
04-14: http://petburi.go.th (0)
04-14: File Transfer iFamily v2.1 – Directory Traversal Vulnerability (0)
04-14: Macs Framework v1.14f CMS – Multiple Web Vulnerabilities (0)
04-14: [local] B64dec 1.1.2 – Buffer Overflow (SEH Overflow + Egg Hunter) (0)
04-13: https://opec.go.th (0)
04-13: [local] Free Desktop Clock x86 Venetian Blinds Zipper 3.0 – Unicode Stack Overflow (SEH) (0)
04-13: [webapps] WSO2 3.1.0 – Arbitrary File Delete (0)
04-13: [webapps] Webtateas 2.0 – Arbitrary File Read (0)
04-13: [webapps] TVT NVMS 1000 – Directory Traversal (0)
04-13: [webapps] Huawei HG630 2 Router – Authentication Bypass (0)
04-11: Photoscape Textarea Denial Of Service (0)
04-11: AbsoluteTelnet 11.12 Denial Of Service (0)
04-11: Zen Load Balancer 3.10.1 Directory Traversal (0)
04-11: Windscribe 1.83 Build 20 Unquoted Service Path (0)
04-11: Xeroneit Library Management System 3.0 SQL Injection (0)
04-11: Linux 5.3 Insecure Root Path Handling (0)
04-11: Linux Omitted TID Increment (0)
04-10: NagiosXI 5.6.11 address Remote Code Execution (0)
04-10: Symantec Web Gateway 5.0.2.8 Remote Code Execution (0)
04-10: NagiosXI 5.6.11 start / end / step Remote Code Execution (0)
04-10: Centreon 19.11 SQL Injection (0)
04-10: NagiosXL 5.6.11 orderby SQL Injection (0)
04-10: Symantec Web Gateway 5.0.2.8 Remote Code Execution (0)
04-10: netABuse Insufficient Windows Authentication Logic Scanner (0)
04-10: http://www.spin.dss.go.th/bas/public/site/images/gonzofficial28/Simsimi.gif (0)
04-10: [dos] AbsoluteTelnet 11.12 – 'SSH1/username' Denial of Service (PoC) (0)
04-10: [local] Windscribe 1.83 – 'WindscribeService' Unquoted Service Path (0)
04-09: DedeCMS v7.5 SP2 – Multiple Persistent Web Vulnerabilities (0)
04-09: NagiosXI 5.6 Remote Command Execution (0)
04-09: Symantec Web Gateway 5.0.2.8 Remote Command Execution (0)
04-09: NagiosXI 5.6.11 Remote Command Execution (0)
04-09: ManageEngine 14 Remote Code Execution (0)
04-09: Django 3.0 Cross Site Request Forgery (0)
04-09: Symantec Web Gateway 5.0.2.8 Remote Code Execution (0)
04-09: Amcrest Dahua NVR Camera IP2M-841 Denial Of Service (0)
04-09: Centreon 19.10-3.el7 SQL Injection (0)
04-08: DedeCMS v7.5 SP2 – Multiple Cross Site Web Vulnerabilities (0)
04-08: Bundeswehr Karriere – Cross Site Scripting Vulnerability (0)
04-08: dnsmasq-utils 2.79-1 Denial Of Service (0)
04-08: ZOC Terminal 7.25.5 Denial Of Service (0)
04-08: Roaring Trade In Zero-Days Means More Vulns Are Falling Into The Hands Of State Spies (0)
04-08: [webapps] Amcrest Dahua NVR Camera IP2M-841 – Denial of Service (PoC) (0)
04-08: [webapps] Django 3.0 – Cross-Site Request Forgery Token Bypass (0)
04-07: LimeSurvey 4.1.11 Path Traversal (0)
04-07: Memu Play 7.1.3 Insecure Folder Permissions (0)
04-07: Nsauditor 3.2.0.0 Denial Of Service (0)
04-07: WordPress Hotel Booking System Pro 1.1 Cross Site Scripting (0)
04-07: Online Hotel Booking System Pro 1.3 Cross Site Scripting (0)
04-07: Product Key Explorer 4.2.2.0 Denial Of Service (0)
04-07: Triologic Media Player 8 Buffer Overflow (0)
04-07: WordPress Car Rental System 1.3 Cross Site Scripting (0)
04-07: Frigate 3.3.6 Denial Of Service (0)
04-07: Car Rental System 2.6 Cross Site Scripting (0)
04-07: UltraVNC Launcher 1.2.4.0 Denial Of Service (0)
04-07: UltraVNC Viewer 1.2.4.0 Denial Of Service (0)
04-07: UltraVNC Launcher 1.2.4.0 Denial Of Service (0)
04-07: SpotAuditor 5.3.4 Denial Of Service (0)
04-07: ZOC Terminal 7.25.5 Denial Of Service (0)
04-07: WhatsApp Desktop 0.3.9308 Cross Site Scripting (0)
04-07: Vanguard 2.1 Cross Site Scripting (0)
04-07: Bolt CMS 3.7.0 Remote Code Execution (0)
04-07: pfSense 2.4.4-P3 User Manager Cross Site Scripting (0)
04-07: PlaySMS index.php Unauthenticated Template Injection Code Execution (0)
04-07: Pandora FMS Ping Authenticated Remote Code Execution (0)
04-07: SMBv3 Compression Buffer Overflow (0)
04-07: Vesta Control Panel Authenticated Remote Code Execution (0)
04-07: LimeSurvey 4.1.11 Cross Site Scripting (0)
04-07: Microsoft Windows Net Use Insufficent Authentication (0)
04-07: [dos] dnsmasq-utils 2.79-1 – 'dhcp_release' Denial of Service (PoC) (0)
04-07: [dos] ZOC Terminal 7.25.5 – 'Script' Denial of Service (PoC) (0)
04-06: http://samutprakan1.go.th/lo.php (0)
04-06: http://www.maeku.go.th (0)
04-06: [webapps] LimeSurvey 4.1.11 – 'File Manager' Path Traversal (0)
04-06: [webapps] Bolt CMS 3.7.0 – Authenticated Remote Code Execution (0)
04-06: [webapps] WhatsApp Desktop 0.3.9308 – Persistent Cross-Site Scripting (0)
04-06: [local] Triologic Media Player 8 – '.m3l' Buffer Overflow (Unicode) (SEH) (0)
04-06: [webapps] Vesta Control Panel 0.9.8-26 – Authenticated Remote Code Execution (Metasploit) (0)
04-06: [dos] UltraVNC Viewer 1.2.4.0 – 'VNCServer' Denial of Service (PoC) (0)
04-06: [dos] ZOC Terminal v7.25.5 – 'Private key file' Denial of Service (PoC) (0)
04-06: [webapps] LimeSurvey 4.1.11 – 'Survey Groups' Persistent Cross-Site Scripting (0)
04-06: [dos] UltraVNC Launcher 1.2.4.0 – 'Password' Denial of Service (PoC) (0)
04-06: [dos] Frigate 3.36 – Denial of Service (PoC) (0)
04-06: [dos] UltraVNC Launcher 1.2.4.0 – 'RepeaterHost' Denial of Service (PoC) (0)
04-06: [dos] Nsauditor 3.2.0.0 – 'Name' Denial of Service (PoC) (0)
04-06: [dos] SpotAuditor 5.3.4 – 'Name' Denial of Service (PoC) (0)
04-06: [dos] Product Key Explorer 4.2.2.0 – 'Key' Denial of Service (PoC) (0)
04-06: [local] Memu Play 7.1.3 – Insecure Folder Permissions (0)
04-05: http://songphinongmunic.go.th (0)
04-04: Pandora FMS 7.0NG Remote Code Execution (0)
04-04: http://www.ictc.ops.go.th/images/ (0)
04-04: http://www.finance.ops.go.th/modules/ (0)
04-04: http://www.singburihosp.go.th/gotcha.gif (0)
04-03: http://aya1.go.th/lo.php (0)
04-03: DiskBoss 7.7.14 Local Buffer Overflow (0)
04-03: Oracle Coherence Fusion Middleware Remote Code Execution (0)
04-03: MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution (0)
04-03: multiOTP 5.0.4.4 Remote Code Execution (0)
04-03: AIDA64 Engineer 6.20.5300 Buffer Overflow (0)
04-03: Apache Solr 8.3.0 Velocity Template Remote Code Execution (0)
04-03: VMware Fusion USB Arbitrator Setuid Privilege Escalation (0)
04-03: DotNetNuke Cookie Deserialization Remote Code Execution (0)
04-03: [webapps] Pandora FMS 7.0NG – 'net_tools.php' Remote Code Execution (0)
04-03: [local] AIDA64 Engineer 6.20.5300 – 'Report File' filename Buffer Overflow (SEH) (0)
04-02: https://www.phanathos.go.th/ITA/KiLL3R.html (0)
04-02: KandNconcepts Club CMS 1.1 / 1.2 Cross Site Scripting / SQL Injection (0)
04-02: DiskBoss 7.7.14 Denial Of Service (0)
04-02: 10Strike LANState 9.32 Host Check hostname Buffer Overflow (0)
04-02: Packet Storm New Exploits For March, 2020 (0)
04-02: [local] DiskBoss 7.7.14 – 'Input Directory' Local Buffer Overflow (PoC) (0)
04-01: Grandstream UCM6200 Series WebSocket 1.0.20.20 SQL Injection (0)
04-01: Grandstream UCM6200 Series CTI Interface SQL Injection (0)
04-01: FlashFXP 4.2.0 Build 1730 Denial Of Service (0)
04-01: DrayTek Vigor2960 / Vigor3900 / Vigor300B Remote Command Execution (0)
04-01: Microsoft Windows 10 SMB 3.1.1 Local Privilege Escalation (0)
04-01: [local] 10Strike LANState 9.32 – 'Force Check' Buffer Overflow (SEH) (0)
04-01: [dos] DiskBoss 7.7.14 – Denial of Service (PoC) (0)

March 2020 (260)

03-31: Odin Secure FTP Expert 7.6.3 Site Info Denial Of Service (0)
03-31: DesignMasterEvents CMS 1.0 SQL Injection / Cross Site Scripting (0)
03-31: WordPress Event-Registration 5.43 Arbitrary File Upload (0)
03-31: Zen Load Balancer 3.10.1 Remote Code Execution (0)
03-31: Joomla Fabrik 3.9.11 Directory Traversal (0)
03-31: 10-Strike Network Inventory Explorer 9.03 Buffer Overflow (0)
03-31: [remote] DLINK DWL-2600 – Authenticated Remote Command Injection (Metasploit) (0)
03-31: [webapps] Grandstream UCM6200 Series CTI Interface – 'user_password' SQL Injection (0)
03-31: [dos] FlashFXP 4.2.0 Build 1730 – Denial of Service (PoC) (0)
03-30: Redis Replication Code Execution (0)
03-30: [remote] Multiple DrayTek Products – Pre-authentication Remote Root Code Execution (0)
03-30: [webapps] Joomla! com_fabrik 3.9.11 – Directory Traversal (0)
03-30: [dos] Odin Secure FTP Expert 7.6.3 – 'Site Info' Denial of Service (PoC) (0)
03-29: Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting (0)
03-29: FreeCommander XE 2020 Pathname Buffer Overflow (0)
03-29: rConfig 3.9.4 searchField Remote Code Execution (0)
03-29: codeBeamer 9.5 Cross Site Scripting (0)
03-29: DLINK DWL-2600 Authenticated Remote Command Injection (0)
03-29: IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution (0)
03-29: Micro Focus Vibe 4.0.6 HTML Injection (0)
03-29: Micro Focus Vibe 4.0.6 Cross Site Scripting (0)
03-28: Apple Security Advisory 2020-03-25-1 (0)
03-28: Apple Security Advisory 2020-03-25-2 (0)
03-28: http://www.foreignaffairs.m-society.go.th/zx.htm (0)
03-28: http://www.minister.m-society.go.th/zx.htm (0)
03-28: https://tsd.m-society.go.th/zx.htm (0)
03-28: http://www.dl.m-society.go.th/zx.htm (0)
03-28: Soluzione Globale Ecommerce CMS 1 SQL Injection (0)
03-28: WordPress StatTraq 1.3.0 SQL Injection (0)
03-28: Easy RM To MP3 Converter 2.7.3.700 Local Buffer Overflow (0)
03-28: Jinfornet Jreport 15.6 Directory Traversal (0)
03-28: Everest 5.50.2100 Denial Of Service (0)
03-28: ECK Hotel 1.0 Cross Site Request Forgery (0)
03-27: Centreo 19.10.8 Remote Code Execution (0)
03-27: TP-Link Archer C50 V3 Denial of Service (0)
03-27: Linux PTRACE_TRACEME Local Root (0)
03-27: SharePoint Workflows XOML Injection (0)
03-27: [dos] Everest 5.50.2100 – 'Open File' Denial of Service (PoC) (0)
03-27: [local] Easy RM to MP3 Converter 2.7.3.700 – 'Input' Local Buffer Overflow (SEH) (0)
03-27: [webapps] ECK Hotel 1.0 – Cross-Site Request Forgery (Add Admin) (0)
03-26: SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection (0)
03-26: Joomla GMapFP 3.30 Arbitrary File Upload (0)
03-26: AVAST SecureLine 5.5.522.0 Unquoted Service Path (0)
03-26: Android Bluetooth Remote Denial Of Service (0)
03-26: HP ThinPro 6.x / 7.x Information Disclosure (0)
03-26: 10-Strike Network Inventory Explorer 8.54 Unquoted Service Path (0)
03-26: HP ThinPro 6.x / 7.x Filter Bypass (0)
03-26: HP ThinPro 6.x / 7.x Privilege Escalation (0)
03-26: 10-Strike Network Inventory Explorer 8.54 Buffer Overflow (0)
03-26: LeptonCMS 4.5.0 Cross Site Scripting (0)
03-26: HP ThinPro 6.x / 7.x Citrix Command Injection (0)
03-26: HP ThinPro 6.x / 7.x Privileged Command Injection (0)
03-26: http://renew.dede.go.th/Ali.txt (0)
03-26: [webapps] Centreo 19.10.8 – 'DisplayServiceStatus' Remote Code Execution (0)
03-26: [webapps] TP-Link Archer C50 3 – Denial of Service (PoC) (0)
03-25: Apple Security Advisory 2020-03-24-1 (0)
03-25: Apple Security Advisory 2020-03-24-2 (0)
03-25: Apple Security Advisory 2020-03-24-3 (0)
03-25: Apple Security Advisory 2020-03-24-4 (0)
03-25: Apple Security Advisory 2020-03-24-5 (0)
03-25: Apple Security Advisory 2020-03-24-6 (0)
03-25: Apple Security Advisory 2020-03-24-7 (0)
03-25: Veyon 4.3.4 Unquoted Service Path (0)
03-25: UliCMS 2020.1 Cross Site Scripting (0)
03-25: WordPress WPForms 1.5.9 Cross Site Scripting (0)
03-25: UCM6202 1.0.18.13 Remote Command Injection (0)
03-25: [webapps] LeptonCMS 4.5.0 – Persistent Cross-Site Scripting (0)
03-25: [webapps] Joomla! Component GMapFP 3.30 – Arbitrary File Upload (0)
03-25: [local] AVAST SecureLine 5.5.522.0 – 'SecureLine' Unquoted Service Path (0)
03-24: Microsoft Warns Of Windows Zero-Day Exploited In The Wild (0)
03-24: ProficySCADA For iOS 5.0.25920 Denial Of Service (0)
03-24: Google Chrome 80.0.3987.87 Denial Of Service (0)
03-24: CyberArk PSMP 10.9.1 Policy Restriction Bypass (0)
03-24: EnovaNet Chateau-Thierry FormaLog WebService02 eChampagne 7.0 Cross Site Scripting / SQL Injection (0)
03-24: rConfig 3.9.4 Remote Command Injection (0)
03-24: Joomla HDWPlayer 4.2 SQL Injection (0)
03-24: FIBARO System Home Center 5.021 Remote File Inclusion / XSS (0)
03-24: Horde 5.2.22 CSV Import Code Execution (0)
03-24: [webapps] UCM6202 1.0.18.13 – Remote Command Injection (0)
03-24: [local] Veyon 4.3.4 – 'VeyonService' Unquoted Service Path (0)
03-24: [webapps] Wordpress Plugin WPForms 1.5.9 – Persistent Cross-Site Scripting (0)
03-24: [webapps] UliCMS 2020.1 – Persistent Cross-Site Scripting (0)
03-23: http://nonpho.go.th (0)
03-23: http://laopruan.go.th (0)
03-23: http://nonnamtang.go.th (0)
03-23: [webapps] rConfig 3.9.4 – 'search.crud.php' Remote Command Injection (0)
03-23: [remote] CyberArk PSMP 10.9.1 – Policy Restriction Bypass (0)
03-23: [dos] Google Chrome 80.0.3987.87 – Heap-Corruption Remote Denial of Service (PoC) (0)
03-23: [dos] ProficySCADA for iOS 5.0.25920 – 'Password' Denial of Service (PoC) (0)
03-23: [webapps] FIBARO System Home Center 5.021 – Remote File Include (0)
03-22: http://secondary41.go.th/Ali.txt (0)
03-21: Exagate Sysguard 6001 Cross Site Request Forgery (0)
03-21: VMware Fusion 11.5.2 Privilege Escalation (0)
03-20: http://www4.diw.go.th/Ali.txt (0)
03-20: Broadcom Wi-Fi KR00K Proof Of Concept (0)
03-20: Easy File Sharing Web Server 7.2 Local Buffer Overflow (0)
03-20: [local] VMware Fusion 11.5.2 – Privilege Escalation (0)
03-20: [webapps] Exagate Sysguard 6001 – Cross-Site Request Forgery (Add Admin) (0)
03-19: NetBackup 7.0 Unquoted Service Path (0)
03-19: pppd 2.4.8 Buffer Overflow (0)
03-19: Netlink GPON Router 1.0.11 Remote Code Execution (0)
03-19: Microtik SSH Daemon 6.44.3 Denial Of Service (0)
03-19: Ivanti Workspace Manager Security Bypass (0)
03-19: VMware Fusion Local Privilege Escalation / Directory Traversal (0)
03-19: Microsoft VSCode Python Extension Code Execution (0)
03-19: Razer Synapse Service 1.0.0 DLL Injection (0)
03-19: ZoneAlarm TrueVector Internet Monitor Insecure NTFS Permissions (0)
03-19: Centreon Poller Authenticated Remote Command Execution (0)
03-18: UADMIN Botnet SQL Injection (0)
03-18: [webapps] Netlink GPON Router 1.0.11 – Remote Code Execution (0)
03-17: Enhanced Multimedia Router 3.0.4.27 Cross Site Request Forgery (0)
03-17: MiladWorkShop VIP System 1.0 SQL Injection (0)
03-17: PHPKB Multi-Language 9 Authenticated Remote Code Execution (0)
03-17: PHPKB Multi-Language 9 Authenticated Directory Traversal (0)
03-17: PHPKB Multi-Language 9 image-upload.php Code Execution (0)
03-17: ShaderCache Arbitrary File Creation / Privilege Escalation (0)
03-17: Rconfig 3.x Chained Remote Code Execution (0)
03-17: [remote] ManageEngine Desktop Central – Java Deserialization (Metasploit) (0)
03-17: [remote] Rconfig 3.x – Chained Remote Code Execution (Metasploit) (0)
03-16: CoronaBlue / SMBGhost Microsoft Windows 10 SMB 3.1.1 Proof Of Concept (0)
03-16: Microsoft Windows SMB 3.1.1 Remote Code Execution (0)
03-16: Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution (0)
03-16: [webapps] PHPKB Multi-Language 9 – 'image-upload.php' Authenticated Remote Code Execution (0)
03-16: [webapps] PHPKB Multi-Language 9 – Authenticated Remote Code Execution (0)
03-16: [webapps] MiladWorkShop VIP System 1.0 – 'lang' SQL Injection (0)
03-16: [webapps] PHPKB Multi-Language 9 – Authenticated Directory Traversal (0)
03-16: [webapps] Enhanced Multimedia Router 3.0.4.27 – Cross-Site Request Forgery (Add Admin) (0)
03-15: Revive Adserver 5.0.4 Security Bypass / Open Redirect (0)
03-15: Phoenix Contact TC Router / TC Cloud Client Command Injection (0)
03-15: ManageEngine Desktop Central Java Deserialization (0)
03-15: http://www.udonthani.go.th (0)
03-15: https://lawreform.go.th/t3x.htm (0)
03-15: http://ssobkl.go.th/t3x.htm (0)
03-14: AnyBurn 4.8 Buffer Overflow (0)
03-14: CentOS WebPanel 7 SQL Injection (0)
03-14: Drobo 5N2 4.1.1 Remote Command Injection (0)
03-14: http://royalrain.go.th/BD.txt (0)
03-14: http://www.saomuangkaopc.go.th (0)
03-14: [dos] Microsoft Windows 10 (1903/1909) – 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC) (0)
03-13: http://www.takesa1.go.th/bc7.html (0)
03-13: rConfig 3.9 SQL Injection (0)
03-13: rConfig 3.93 Authenticated Remote Code Execution (0)
03-13: ASUS AAHM 1.00.22 Unquoted Service Path (0)
03-13: HRSALE 1.1.8 Cross Site Request Forgery (0)
03-13: WordPress Appointment Booking Calendar 1.3.34 CSV Injection (0)
03-13: AtMail WebMail 4.61 Open Redirect (0)
03-13: WatchGuard Fireware AD Helper 5.8.5.10317 Credential Disclosure (0)
03-13: Horde Groupware Webmail Edition 5.2.22 PHAR Loading (0)
03-13: Horde Groupware Webmail Edition 5.2.22 PHP File Inclusion (0)
03-13: Chrome BlobURLStoreImpl::Register Site Isolation Bypass (0)
03-13: SQL Server Reporting Services (SSRS) ViewState Deserialization (0)
03-13: [webapps] Centos WebPanel 7 – 'term' SQL Injection (0)
03-13: [local] AnyBurn 4.8 – Buffer Overflow (SEH) (0)
03-12: Wing FTP Server 6.2.3 Cross Site Request Forgery (0)
03-12: ASUS AXSP 1.02.00 Unquoted Service Path (0)
03-12: WordPress Search Meter 2.13.2 CSV Injection (0)
03-12: [webapps] rConfig 3.93 – 'ajaxAddTemplate.php' Authenticated Remote Code Execution (0)
03-12: [webapps] Wordpress Plugin Appointment Booking Calendar 1.3.34 – CSV Injection (0)
03-12: [webapps] Joomla! Component com_newsfeeds 1.0 – 'feedid' SQL Injection (0)
03-12: [webapps] WatchGuard Fireware AD Helper Component 5.8.5.10317 – Credential Disclosure (0)
03-11: http://www.takong-sao.go.th/in.txt (0)
03-11: Counter Strike: GO Memory Control (0)
03-11: Sysaid 20.1.11 b26 Remote Command Execution (0)
03-11: YzmCMS 5.5 Cross Site Scripting (0)
03-11: Persian VIP Download Script 1.0 SQL Injection (0)
03-11: PHPStudy Backdoor Remote Code Execution (0)
03-11: Nagios XI Authenticated Remote Command Execution (0)
03-11: [webapps] Wordpress Plugin Search Meter 2.13.2 – CSV injection (0)
03-11: [local] ASUS AXSP 1.02.00 – 'asComSvc' Unquoted Service Path (0)
03-10: http://schoolmy2560.surat3.go.th (0)
03-10: Iskysoft Application Framework Service 2.4.3.241 Unquoted Service Path (0)
03-10: Microsoft Windows WizardOpium Local Privilege Escalation (0)
03-10: SpyHunter 4 Unquoted Service Path (0)
03-10: ManageEngine Desktop Central Deserialization / Remote Code Execution (0)
03-10: ASUS GiftBox Desktop 1.1.1.127 Unquoted Service Path (0)
03-10: Deep Instinct Windows Agent 1.2.29.0 Unquoted Service Path (0)
03-10: Sentrifugo HRMS 3.2 SQL Injection (0)
03-10: IRISgraphic 1.0 SQL Injection (0)
03-10: Creative Contact Form 4.6.2 Directory Traversal (0)
03-10: iOS / macOS AWDL Heap Corruption / Bounds Checking (0)
03-10: 60CycleCMS 2.5.2 SQL Injection (0)
03-10: Citrix Gateway 11.1 / 12.0 / 12.1 Information Disclosure (0)
03-10: Citrix Gateway 11.1 / 12.0 / 12.1 Cache Poisoning (0)
03-10: Citrix Gateway 11.1 / 12.0 / 12.1 Cache Bypass (0)
03-10: pppd 2.4.8 Buffer Overflow (0)
03-10: Richsploit RichFaces Exploitation Toolkit (0)
03-10: [webapps] Persian VIP Download Script 1.0 – 'active' SQL Injection (0)
03-10: [webapps] YzmCMS 5.5 – 'url' Persistent Cross-Site Scripting (0)
03-10: [webapps] Sysaid 20.1.11 b26 – Remote Command Execution (0)
03-09: [remote] PHP-FPM – Underflow Remote Code Execution (Metasploit) (0)
03-09: [remote] Apache ActiveMQ 5.x-5.11.1 – Directory Traversal Shell Upload (Metasploit) (0)
03-09: [local] Counter Strike: GO – '.bsp' Memory Control (PoC) (0)
03-09: [remote] Google Chrome 80 – JSCreate Side-effect Type Confusion (Metasploit) (0)
03-09: [local] OpenSMTPD – OOB Read Local Privilege Escalation (Metasploit) (0)
03-09: [remote] Google Chrome 67, 68 and 69 – Object.create Type Confusion (Metasploit) (0)
03-09: [remote] Google Chrome 72 and 73 – Array.map Out-of-Bounds Write (Metasploit) (0)
03-09: [webapps] Sentrifugo HRMS 3.2 – 'id' SQL Injection (0)
03-09: [webapps] 60CycleCMS – 'news.php' SQL Injection (0)
03-06: http://iud.phitsanulok3.go.th/t3x.htm (0)
03-06: http://iud.namnaohospital.go.th/t3x.htm (0)
03-06: http://maeyanghor.go.th/meh.php (0)
03-06: Google Chrome 80 JSCreate Side-Effect Type Confusion (0)
03-06: OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation (0)
03-06: netkit-telnet 0.17 Remote Code Execution (0)
03-06: Google Chrome 67 / 68 / 69 Object.create Type Confusion (0)
03-06: Google Chrome 72 / 73 Array.map Corruption (0)
03-06: PHP-FPM 7.x Remote Code Execution (0)
03-06: Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload (0)
03-06: [local] ASUS GiftBox Desktop 1.1.1.127 – 'ASUSGiftBoxDesktop' Unquoted Service Path (0)
03-06: [local] ASUS GiftBox Desktop 1.1.1.127 – 'ASUSGiftBoxDesktop' Unquoted Service Path (0)
03-06: [local] SpyHunter 4 – 'SpyHunter 4 Service' Unquoted Service Path (0)
03-06: [local] SpyHunter 4 – 'SpyHunter 4 Service' Unquoted Service Path (0)
03-06: [local] Iskysoft Application Framework Service 2.4.3.241 – 'IsAppService' Unquoted Service Path (0)
03-06: [local] Iskysoft Application Framework Service 2.4.3.241 – 'IsAppService' Unquoted Service Path (0)
03-06: [local] Deep Instinct Windows Agent 1.2.29.0 – 'DeepMgmtService' Unquoted Service Path (0)
03-06: [local] Deep Instinct Windows Agent 1.2.29.0 – 'DeepMgmtService' Unquoted Service Path (0)
03-05: UniSharp Laravel File Manager 2.0.0 Arbitrary File Read (0)
03-05: XOO Digital 2.1.0 SQL Injection (0)
03-05: Exchange Control Panel Viewstate Deserialization (0)
03-05: [remote] EyesOfNetwork – AutoDiscovery Target Command Execution (Metasploit) (0)
03-05: [remote] Exchange Control Panel – Viewstate Deserialization (Metasploit) (0)
03-04: RICOH Aficio SP 5200S Printer HTML Injection (0)
03-04: Alfresco 5.2.4 Cross Site Scripting (0)
03-04: RICOH Aficio SP 5210SF Printer HTML Injection (0)
03-04: GUnet OpenEclass 1.7.3 SQL Injection (0)
03-04: EyesOfNetwork AutoDiscovery Target Command Execution (0)
03-04: [webapps] UniSharp Laravel File Manager 2.0.0 – Arbitrary File Read (0)
03-03: Joplin Desktop 1.0.184 Cross Site Scripting (0)
03-03: Wing FTP Server 6.2.5 Privilege Escalation (0)
03-03: TP-Link TL-WR849N Remote Code Execution (0)
03-03: WordPress Tutor LMS 1.5.3 Cross Site Request Forgery (0)
03-03: TP-Link TL-WR849N 0.9.1 4.16 Authentication Bypass (0)
03-03: Cyberoam Authentication Client 2.1.2.7 Buffer Overflow (0)
03-03: Netis WF2419 2.2.36123 Remote Code Execution (0)
03-03: Intelbras Wireless N 150Mbps WRN240 Authentication Bypass (0)
03-03: Wing FTP Server 6.2.3 Privilege Escalation (0)
03-03: Microsoft Exchange 2019 15.2.221.12 Remote Code Execution (0)
03-03: Cacti 1.2.8 Unauthenticated Remote Code Execution (0)
03-03: JSC DFG ObjectAllocationSinkingPhase Crash (0)
03-03: macOS / iOS ImageIO OpenEXR Image Processing Memory Issues (0)
03-03: [webapps] RICOH Aficio SP 5210SF Printer – 'entryNameIn' HTML Injection (0)
03-03: [webapps] Alfresco 5.2.4 – Persistent Cross-Site Scripting (0)
03-03: [webapps] RICOH Aficio SP 5200S Printer – 'entryNameIn' HTML Injection (0)
03-03: [webapps] GUnet OpenEclass 1.7.3 E-learning platform – 'month' SQL Injection (0)
03-02: Nimsoft nimcontroller 7.80 Remote Code Execution (0)
03-02: qdPM Remote Code Execution (0)
03-02: MITREid 1.3.3 Cross Site Scripting (0)
03-02: Microsoft Windows Kernel Privilege Escalation (0)
03-02: Packet Storm New Exploits For February, 2020 (0)
03-02: [webapps] Wordpress Plugin Tutor LMS 1.5.3 – Cross-Site Request Forgery (Add User) (0)
03-02: [webapps] Intelbras Wireless N 150Mbps WRN240 – Authentication Bypass (Config Upload) (0)
03-02: [remote] CA Unified Infrastructure Management Nimsoft 7.80 – Remote Buffer Overflow (0)
03-02: [webapps] TP LINK TL-WR849N – Remote Code Execution (0)
03-02: [remote] Microsoft Exchange 2019 15.2.221.12 – Authenticated Remote Code Execution (0)
03-02: [webapps] Wing FTP Server 6.2.5 – Privilege Escalation (0)
03-02: [webapps] TL-WR849N 0.9.1 4.16 – Authentication Bypass (Upload Firmware) (0)
03-02: [webapps] Netis WF2419 2.2.36123 – Remote Code Execution (0)
03-02: [webapps] Joplin Desktop 1.0.184 – Cross-Site Scripting (0)
03-02: [local] Cyberoam Authentication Client 2.1.2.7 – Buffer Overflow (SEH) (0)
03-01: http://old.ddc.moph.go.th/data/pwn(94).gif (0)

February 2020 (320)

02-29: Cacti 1.2.8 Unauthenticated Remote Code Execution (0)
02-29: Cacti 1.2.8 Authenticated Remote Code Execution (0)
02-29: DirectWeb 0.4.0 Cross Site Scripting (0)
02-29: Easy2Pilot 8 SQL Injection / Cross Site Request Forgery (0)
02-29: Apache Tomcat AJP Ghostcat File Read / Inclusion (0)
02-29: Core FTP LE 2.2 Denial Of Service (0)
02-29: PhpIX 2012 Professional (Beta) SQL Injection (0)
02-29: Business Live Chat Software 1.0 Cross Site Request Forgery (0)
02-29: PHP-Fusion CMS 9.03 Cross Site Scripting (0)
02-29: Comtrend VR-3033 Command Injection (0)
02-29: Samsung Kernel /dev/vipx Pointer Leak (0)
02-29: Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition (0)
02-29: XNU tcp_input Use-After-Free (0)
02-29: Samsung Kernel Arbitrary /dev/vipx / /dev/vertex kfree (0)
02-29: Chrome DesktopMediaPickerController::WebContentsDestroyed Use-After-Free (0)
02-29: http://www.banann.go.th/vuln.gif (0)
02-28: [webapps] qdPM < 9.1 – Remote Code Execution (0)
02-27: [webapps] Comtrend VR-3033 – Command Injection (0)
02-27: [webapps] Business Live Chat Software 1.0 – Cross-Site Request Forgery (Add Admin) (0)
02-26: SpotFTP-FTP Password Recover 2.4.8 Denial Of Service (0)
02-26: aSc TimeTables 2020.11.4 Denial Of Service (0)
02-26: WordPress WooCommerce CardGate Payment Gateway 3.1.15 Bypass (0)
02-26: Magento WooCommerce CardGate Payment Gateway 2.0.30 Bypass (0)
02-26: Odin Secure FTP Expert 7.6.3 Denial Of Service (0)
02-26: Astak CM-818T3 Remote Configuration Disclosure (0)
02-26: OpenSMTPD Local Information Disclosure (0)
02-26: OpenSMTPD Out-Of-Bounds Read (0)
02-26: [remote] OpenSMTPD 6.6.3 – Arbitrary File Read (0)
02-26: [webapps] PhpIX 2012 Professional – 'id' SQL Injection (0)
02-26: [dos] Core FTP LE 2.2 – Denial of Service (PoC) (0)
02-25: http://nonsanga.go.th/web1/file_editor/dbx.txt (0)
02-25: http://www.nasameng.go.th (0)
02-25: Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure (0)
02-25: ESCAM QD-900 WIFI HD Camera Remote Configuration Disclosure (0)
02-25: SecuSTATION SC-831 HD Camera Remote Configuration Disclosure (0)
02-25: Aptina AR0130 Camera Remote Configuration Disclosure (0)
02-25: AMSS++ 4.7 Backdoor Account (0)
02-25: Go SSH 0.0.2 Denial Of Service (0)
02-25: ATutor 2.2.4 SQL Injection (0)
02-25: ManageEngine EventLog Analyzer 10.0 Information Disclosure (0)
02-25: Avaya IP Office Application Server 11.0.0.0 Cross Site Scripting (0)
02-25: Quick N Easy Web Server 3.3.8 Denial Of Service (0)
02-25: DotNetNuke CMS 9.5.0 Cross Site Scripting (0)
02-25: DotNetNuke CMS 9.5.0 File Extension Check Bypass (0)
02-25: eLection 2.0 SQL Injection (0)
02-25: DotNetNuke CMS 9.4.4 Zip Directory Traversal (0)
02-25: CandidATS 2.1.0 Cross Site Request Forgery (0)
02-25: Android Binder Use-After-Free (0)
02-25: SecuSTATION IPCAM-130 HD Camera Remote Configuration Disclosure (0)
02-25: ACE SECURITY WiP-90113 HD Camera Remote Configuration Disclosure (0)
02-25: Revotech I6032B-P Remote Configuration Disclosure (0)
02-25: http://news.sesao8.go.th/X-m3n.php (0)
02-25: http://amssplus.rayong1.go.th/X-m3n.html (0)
02-25: http://cpp.rayong1.go.th/X-m3n.html (0)
02-25: http://smssplus.rayong1.go.th/X-m3n.html (0)
02-25: [dos] aSc TimeTables 2020.11.4 – Denial of Service (PoC) (0)
02-25: [dos] SpotFTP-FTP Password Recover 2.4.8 – Denial of Service (PoC) (0)
02-24: http://www.phraepeo.go.th (0)
02-24: http://www.kohsathon.go.th/wir.html (0)
02-24: http://jobok.go.th/wir.html (0)
02-24: [webapps] CandidATS 2.1.0 – Cross-Site Request Forgery (Add Admin) (0)
02-24: [webapps] AMSS++ 4.7 – Backdoor Admin Account (0)
02-24: [dos] Quick N Easy Web Server 3.3.8 – Denial of Service (PoC) (0)
02-24: [webapps] Cacti 1.2.8 – Remote Code Execution (0)
02-24: [webapps] Aptina AR0130 960P 1.3MP Camera – Remote Configuration Disclosure (0)
02-24: [webapps] SecuSTATION SC-831 HD Camera – Remote Configuration Disclosure (0)
02-24: [webapps] ATutor 2.2.4 – 'id' SQL Injection (0)
02-24: [webapps] DotNetNuke 9.5 – File Upload Restrictions Bypass (0)
02-24: [webapps] DotNetNuke 9.5 – Persistent Cross-Site Scripting (0)
02-24: [webapps] eLection 2.0 – 'id' SQL Injection (0)
02-24: [webapps] ManageEngine EventLog Analyzer 10.0 – Information Disclosure (0)
02-24: [dos] Go SSH servers 0.0.2 – Denial of Service (PoC) (0)
02-24: [webapps] I6032B-P POE 2.0MP Outdoor Camera – Remote Configuration Disclosure (0)
02-24: [webapps] SecuSTATION IPCAM-130 HD Camera – Remote Configuration Disclosure (0)
02-24: [webapps] AMSS++ v 4.31 – 'id' SQL Injection (0)
02-24: [webapps] Real Web Pentesting Tutorial Step by Step – [Persian] (0)
02-24: [webapps] Avaya IP Office Application Server 11.0.0.0 – Reflective Cross-Site Scripting (0)
02-24: [webapps] ESCAM QD-900 WIFI HD Camera – Remote Configuration Disclosure (0)
02-23: http://nbc.dip.go.th/rx.html (0)
02-23: http://nec.dip.go.th/rx.html (0)
02-22: AMSS++ 4.31 SQL Injection (0)
02-22: Online Birth Certificate System 1.0 Cross Site Scripting (0)
02-22: D-Link DGS-1250 Header Injection (0)
02-22: Open-Xchange App Suite / Documents Server-Side Request Forgery (0)
02-22: OpenNetAdmin Ping Command Injection (0)
02-21: http://sahathat.go.th/file_editor/db.txt (0)
02-21: WordPress Default-Featured-Image 1.6.1 Cross Site Scripting (0)
02-21: WordPress Events-Manager 5.9.7.3 Cross Site Scripting (0)
02-21: WordPress Forminator 1.11.2 Remote File Upload (0)
02-21: WordPress Forminator 1.11.2 Cross Site Scripting (0)
02-21: WordPress Jetpack 8.2 Cross Site Scripting (0)
02-21: Easy2Pilot 7 Cross Site Request Forgery (0)
02-21: WordPress Ultimate-Member 2.1.3 Cross Site Scripting (0)
02-21: Core FTP Lite 1.3 Denial Of Service (0)
02-21: WordPress Popup-Builder 3.61.1 Cross Site Scripting (0)
02-21: WordPress Prismatic 2.3 Cross Site Scripting (0)
02-21: WordPress Really-Simple-SSL 3.2.9 Cross Site Scripting (0)
02-21: WordPress TinyMCE-Advanced 5.3.0 Cross Site Scripting (0)
02-21: WordPress WooCommerce 3.9.2 Cross Site Scripting (0)
02-21: XNU ip6_notify_pmtu Remote mbuf Double-Free (0)
02-21: WordPress Wordfence 7.4.6 Cross Site Scripting (0)
02-21: OpenEXR Memory Safety Issues (0)
02-21: WordPress WPForms-Lite 1.5.8.2 Cross Site Scripting (0)
02-21: WordPress Yikes Inc Easy Mailchimp Extender 6.6.2 Cross Site Scripting (0)
02-21: Diamorphine Rootkit Signal Privilege Escalation (0)
02-21: Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write (0)
02-20: http://ccit.go.th (0)
02-20: Virtual Freer 1.58 Remote Command Execution (0)
02-20: SmartClient 120 Information Disclosure / XML Injection / LFI / Code Execution (0)
02-20: Nanometrics Centaur 4.3.23 Memory Leak (0)
02-20: WordPress Contact-Form-7 5.1.6 Cross Site Scripting (0)
02-20: DBPower C300 HD Camera Remote Configuration Disclosure (0)
02-20: [webapps] Easy2Pilot 7 – Cross-Site Request Forgery (Add User) (0)
02-20: [dos] Core FTP Lite 1.3 – Denial of Service (PoC) (0)
02-19: http://nlaradio.senate.go.th/my.ini (0)
02-19: WordPress WP Sitemap Page 1.6.2 Cross Site Scripting (0)
02-19: [webapps] DBPower C300 HD Camera – Remote Configuration Disclosure (0)
02-19: [webapps] Virtual Freer 1.58 – Remote Command Execution (0)
02-18: http://dnprg15.dnp.go.th/007.html (0)
02-18: SOPlanning 1.45 SQL Injection (0)
02-18: SOPlanning 1.45 Cross Site Request Forgery (0)
02-18: Easy File Sharing Web Server 7.2 Unquoted Service Path (0)
02-18: Easy File Management Web Server 5.6 Unquoted Service Path (0)
02-18: HP System Event 1.2.9.0 Unquoted Service Path (0)
02-18: Disk Pulse Enterprise 12.4.18 Unquoted Service Path (0)
02-18: Ice HRM 26.2.0 Cross Site Request Forgery (0)
02-18: DiskBoss Enterprise 11.0.24 Unquoted Service Path (0)
02-18: Easy Chat Server 3.1 Unquoted Service Path (0)
02-18: VX Search Enterprise 12.4.16 Unquoted Service Path (0)
02-18: BOOTP Turbo 2.0.1214 Unquoted Service Path (0)
02-18: DHCP Turbo 4.61298 Unquoted Service Path (0)
02-18: TFTP Turbo 4.6.1273 Unquoted Service Path (0)
02-18: Cuckoo Clock 5.0 Buffer Overflow (0)
02-18: Easy File Sharing Web Server 7.2 Buffer Overflow (0)
02-18: FTPShell Server 6.85 Buffer Overflow (0)
02-18: WordPress Strong Testimonials 2.40.1 Cross Site Scripting (0)
02-18: Avaya Aura Communication Manager 5.2 Remote Code Execution (0)
02-18: Microsoft Windows 10 MSI Privilege Escalation (0)
02-18: LabVantage 8.3 Information Disclosure (0)
02-18: Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak (0)
02-18: WordPress Fruitful 3.8 Cross Site Scripting (0)
02-18: Microsoft Windows Modules Installer Service Information Disclosure (0)
02-18: [webapps] WordPress Plugin WP Sitemap Page 1.6.2 – Persistent Cross-Site Scripting (0)
02-17: [webapps] Wordpress Plugin Strong Testimonials 2.40.1 – Persistent Cross-Site Scripting (0)
02-17: [local] HP System Event 1.2.9.0 – 'HPWMISVC' Unquoted Service Path (0)
02-17: [local] Cuckoo Clock v5.0 – Buffer Overflow (0)
02-17: [webapps] SOPlanning 1.45 – 'users' SQL Injection (0)
02-17: [webapps] Avaya Aura Communication Manager 5.2 – Remote Code Execution (0)
02-17: [local] BOOTP Turbo 2.0.1214 – 'BOOTP Turbo' Unquoted Service Path (0)
02-17: [webapps] SOPlanning 1.45 – Cross-Site Request Forgery (Add User) (0)
02-17: [local] TFTP Turbo 4.6.1273 – 'TFTP Turbo 4' Unquoted Service Path (0)
02-17: [webapps] WordPress Theme Fruitful 3.8 – Persistent Cross-Site Scripting (0)
02-17: [local] DHCP Turbo 4.61298 – 'DHCP Turbo 4' Unquoted Service Path (0)
02-17: [webapps] Ice HRM 26.2.0 – Cross-Site Request Forgery (Add User) (0)
02-17: [local] MSI Packages Symbolic Links Processing – Windows 10 Privilege Escalation (0)
02-17: [webapps] SOPlanning 1.45 – 'by' SQL Injection (0)
02-15: SWAPGS Attack Proof Of Concept (0)
02-15: phpMyChat Plus 1.98 SQL Injection (0)
02-15: HomeGuard Pro 9.3.1 Insecure Folder Permissions (0)
02-15: EPSON EasyMP Network Projection 2.81 Unquoted Service Path (0)
02-15: SprintWork 2.3.1 Local Privilege Escalation (0)
02-14: SweynTooth Bluetooth Exploits (0)
02-14: WordPress Ultimate-Member 2.1.3 Local File Inclusion (0)
02-14: SuiteCRM 7.11.11 Second-Order PHP Object Injection (0)
02-14: SuiteCRM 7.11.11 Phar Deserialization (0)
02-14: Pandora FMS 7.0 Authenticated Remote Code Execution (0)
02-14: SuiteCRM 7.11.11 Bean Manipulation (0)
02-14: OpenTFTP 1.66 Local Privilege Escalation (0)
02-14: SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion (0)
02-14: SuiteCRM 7.11.10 SQL Injection (0)
02-14: macOS / iOS launchd XPC Message Parsing Memory Corruption (0)
02-14: XPC Memory Disclosure / Corruption (0)
02-14: Samsung /dev/tsmux Heap Out-Of-Bounds Write (0)
02-14: Anviz CrossChex Buffer Overflow (0)
02-14: [local] EPSON EasyMP Network Projection 2.81 – 'EMP_NSWLSV' Unquoted Service Path (0)
02-14: [local] HomeGuard Pro 9.3.1 – Insecure Folder Permissions (0)
02-14: [webapps] phpMyChat Plus 1.98 – 'pmc_username' SQL Injection (0)
02-13: WordPress Contact-Form-7 5.1.6 File Upload (0)
02-13: MyVideoConverter Pro 3.14 Buffer Overflow (0)
02-13: WordPress Tutor 1.5.3 Cross Site Scripting (0)
02-13: HP System Event Utility Local Privilege Escalation (0)
02-13: WordPress Wordfence 7.4.5 Local File Disclosure (0)
02-13: WordPress Tutor 1.5.3 Local File Inclusion (0)
02-13: Samsung Kernel PROCA Use-After-Free / Double-Free (0)
02-13: Samsung SEND_FILE_WITH_HEADER Use-After-Free (0)
02-13: [webapps] PANDORAFMS 7.0 – Authenticated Remote Code Execution (0)
02-13: [local] OpenTFTP 1.66 – Local Privilege Escalation (0)
02-13: [webapps] Wordpress Plugin tutor.1.5.3 – Local File Inclusion (0)
02-13: [webapps] Wordpress Plugin tutor.1.5.3 – Persistent Cross-Site Scripting (0)
02-12: Torrent iPod Video Converter 1.51 Stack Overflow (0)
02-12: freeFTPd 1.0.13 Unquoted Service Path (0)
02-12: Disk Sorter Enterprise 12.4.16 Unquoted Service Path (0)
02-12: Disk Savvy Enterprise 12.3.18 Unquoted Service Path (0)
02-12: Sync Breeze Enterprise 12.4.18 Unquoted Service Path (0)
02-12: FreeSSHd 1.3.1 Unquoted Service Path (0)
02-12: CHIYU BF430 TCP IP Converter Cross Site Scripting (0)
02-12: DVD Photo Slideshow Professional 8.07 Buffer Overflow (0)
02-12: Wedding Slideshow Studio 1.36 Buffer Overflow (0)
02-12: OpenSMTPD 6.6.1 Local Privilege Escalation (0)
02-12: Google Chrome PannerHandler::TailTime Heap Use-After-Free (0)
02-12: Google Chrome PasswordFormManager::OnGeneratedPasswordAccepted Heap Buffer Overflow (0)
02-12: [local] HP System Event Utility – Local Privilege Escalation (0)
02-12: [local] MyVideoConverter Pro 3.14 – 'Output Folder' Buffer Overflow (0)
02-12: [local] MyVideoConverter Pro 3.14 – 'Movie' Buffer Overflow (0)
02-12: [local] MyVideoConverter Pro 3.14 – 'TVSeries' Buffer Overflow (0)
02-11: VehicleWorkshop 1.0 SQL Injection (0)
02-11: EyesOfNetwork 5.3 Remote Code Execution (0)
02-11: Dota 2 7.23f Denial Of Service (0)
02-11: PackWeb Formap E-learning 1.0 SQL Injection (0)
02-11: Forcepoint WebSecurity 8.5 Cross Site Scripting (0)
02-11: QuickDate 1.3.2 SQL Injection (0)
02-11: Google Invisible RECAPTCHA 3 Spoof Bypass (0)
02-11: ExpertGPS 6.38 XML Injection (0)
02-11: Wedding Slideshow Studio 1.36 Buffer Overflow (0)
02-11: LearnDash WordPress LMS 3.1.2 Cross Site Scripting (0)
02-11: WordPress InfiniteWP Client Authentication Bypass (0)
02-11: Vanilla Forum 2.6.3 Cross Site Scripting (0)
02-11: [remote] OpenSMTPD 6.4.0 < 6.6.1 – Local Privilege Escalation + Remote Code Execution (0)
02-11: [local] Wedding Slideshow Studio 1.36 – 'Name' Buffer Overflow (0)
02-11: [local] Disk Savvy Enterprise 12.3.18 – Unquoted Service Path (0)
02-11: [webapps] WordPress InfiniteWP – Client Authentication Bypass (Metasploit) (0)
02-11: [local] Disk Sorter Enterprise 12.4.16 – 'Disk Sorter Enterprise' Unquoted Service Path (0)
02-11: [local] Sync Breeze Enterprise 12.4.18 – 'Sync Breeze Enterprise' Unquoted Service Path (0)
02-11: [local] DVD Photo Slideshow Professional 8.07 – 'Name' Buffer Overflow (0)
02-11: [local] FreeSSHd 1.3.1 – 'FreeSSHDService' Unquoted Service Path (0)
02-11: [webapps] Vanilla Forums 2.6.3 – Persistent Cross-Site Scripting (0)
02-11: [local] DVD Photo Slideshow Professional 8.07 – 'Key' Buffer Overflow (0)
02-11: [webapps] CHIYU BF430 TCP IP Converter – Stored Cross-Site Scripting (0)
02-11: [local] freeFTPd v1.0.13 – 'freeFTPdService' Unquoted Service Path (0)
02-11: [local] Torrent iPod Video Converter 1.51 – Stack Overflow (0)
02-10: [webapps] LearnDash WordPress LMS Plugin 3.1.2 – Reflective Cross-Site Scripting (0)
02-10: [webapps] Forcepoint WebSecurity 8.5 – Reflective Cross-Site Scripting (0)
02-10: [local] Wedding Slideshow Studio 1.36 – 'Key' Buffer Overflow (0)
02-08: OpenSMTPD MAIL FROM Remote Code Execution (0)
02-08: D-Link ssdpcgi Unauthenticated Remote Command Execution (0)
02-08: Ricoh Driver Privilege Escalation (0)
02-08: macOS/iOS ImageIO DDS Image Out-Of-Bounds Read (0)
02-08: macOS/iOS kern_stack_snapshot_internal() Userspace Share Issue (0)
02-08: macOS ImageIO JPEG Out-Of-Bounds Write (0)
02-08: libx264 H264 Conversion Out-Of-Bounds Write (0)
02-08: macOS/iOS XNU mk_timer_create_trap() Race Condition (0)
02-08: XNU OUserClient::_sendAsyncResult64() ipc_port Pointer Disclosure (0)
02-08: systemd-machined Incorrect Reference Decrement (0)
02-08: macOS/iOS ImageIO PVR Image Processing Heap Corruption (0)
02-08: macOS/iOS ImageIO PVR Processing Out-Of-Bounds Read (0)
02-08: macOS/iOS IOAccelCommandQueue2::processSegmentKernelCommand() Out-Of-Bounds Timestamp Write (0)
02-08: usersctp sctp_load_addresses_from_init Out-Of-Bounds Read (0)
02-07: ELAN Smart-Pad 11.10.15.1 Unquoted Service Path (0)
02-07: VIM 8.2 Denial Of Service (0)
02-07: AbsoluteTelnet 11.12 Denial Of Service (0)
02-07: TapinRadio 2.12.3 Denial Of Service (0)
02-07: RarmaRadio 2.72.4 Denial Of Service (0)
02-07: Online Job Portal 1.0 SQL Injection (0)
02-07: Online Job Portal 1.0 Code Execution (0)
02-07: Online Job Portal 1.0 Cross Site Request Forgery (0)
02-07: Ecommerce Systempay 1.0 Brute Force (0)
02-07: Cisco Data Center Network Manager 11.2 Remote Code Execution (0)
02-07: Cisco Data Center Network Manager 11.2.1 SQL Injection (0)
02-07: Cisco Data Center Network Manager 11.2.1 Command Injection (0)
02-07: [webapps] QuickDate 1.3.2 – SQL Injection (0)
02-07: [webapps] ExpertGPS 6.38 – XML External Entity Injection (0)
02-07: [local] Windscribe – WindscribeService Named Pipe Privilege Escalation (Metasploit) (0)
02-06: HiSilicon DVR/NVR hi3520d Firmware Backdoor Account (0)
02-06: xglance-bin Local Root Privilege Escalation (0)
02-06: AVideo Platform 8.1 Cross Site Request Forgery (0)
02-06: AVideo Platform 8.1 User Enumeration (0)
02-06: Verodin Director Web Console 3.5.4.0 Password Disclosure (0)
02-06: Kronos WebTA 4.0 Privilege Escalation / Cross Site Scripting (0)
02-06: Socat 1.7.3.4 Heap Overflow (0)
02-06: Wago PFC200 Remote Code Execution (0)
02-06: Windscribe WindscribeService Named Pipe Privilege Escalation (0)
02-06: [dos] AbsoluteTelnet 11.12 – 'license name' Denial of Service (PoC) (0)
02-06: [webapps] Cisco Data Center Network Manager 11.2.1 – 'LanFabricImpl' Command Injection (0)
02-06: [dos] AbsoluteTelnet 11.12 – "license name" Denial of Service (PoC) (0)
02-06: [webapps] Cisco Data Center Network Manager 11.2.1 – 'getVmHostData' SQL Injection (0)
02-06: [webapps] Online Job Portal 1.0 – 'user_email' SQL Injection (0)
02-06: [dos] VIM 8.2 – Denial of Service (PoC) (0)
02-06: [webapps] Cisco Data Center Network Manager 11.2 – Remote Code Execution (0)
02-06: [webapps] Ecommerce Systempay 1.0 – Production KEY Brute Force (0)
02-06: [webapps] Online Job Portal 1.0 – Cross Site Request Forgery (Add User) (0)
02-06: [dos] RarmaRadio 2.72.4 – 'username' Denial of Service (PoC) (0)
02-06: [dos] RarmaRadio 2.72.4 – 'server' Denial of Service (PoC) (0)
02-06: [webapps] Online Job Portal 1.0 – Remote Code Execution (0)
02-06: [dos] TapinRadio 2.12.3 – 'username' Denial of Service (PoC) (0)
02-06: [dos] AbsoluteTelnet 11.12 – 'SSH2/username' Denial of Service (PoC) (0)
02-06: [dos] TapinRadio 2.12.3 – 'address' Denial of Service (PoC) (0)
02-06: [local] ELAN Smart-Pad 11.10.15.1 – 'ETDService' Unquoted Service Path (0)
02-05: Sudo 1.8.25p Buffer Overflow (0)
02-05: F-Secure Internet Gatekeeper 5.40 Heap Overflow (0)
02-05: SMB DOUBLEPULSAR Remote Code Execution (0)
02-05: RDP DOUBLEPULSAR Remote Code Execution (0)
02-05: Centreon 19.10.5 Pollers Remote Command Execution (0)
02-05: [remote] HiSilicon DVR/NVR hi3520d firmware – Remote Backdoor Account (0)
02-05: [webapps] Verodin Director Web Console 3.5.4.0 – Remote Authenticated Password Disclosure (PoC) (0)
02-05: [webapps] Kronos WebTA 4.0 – Authenticated Remote Privilege Escalation (0)
02-05: [local] xglance-bin 11.00 – Privilege Escalation (0)
02-05: [webapps] Wago PFC200 – Authenticated Remote Code Execution (Metasploit) (0)
02-05: [local] Socat 1.7.3.4 – Heap-Based Overflow (PoC) (0)
02-05: [webapps] AVideo Platform 8.1 – Cross Site Request Forgery (Password Reset) (0)
02-05: [webapps] AVideo Platform 8.1 – Information Disclosure (User Enumeration) (0)
02-04: BearFTP 0.1.0 Denial Of Service (0)
02-04: Jira 8.3.4 Information Disclosure (0)
02-04: Packet Storm New Exploits For January, 2020 (0)
02-04: phpList 3.5.0 Authentication Bypass (0)
02-04: School ERP System 1.0 Cross Site Request Forgery (0)
02-04: P2PWIFICAM2 For iOS 10.4.1 Denial Of Service (0)
02-04: Schneider Electric U.Motion Builder 1.3.4 Command Injection (0)
02-04: [local] Sudo 1.8.25p – Buffer Overflow (0)
02-04: [webapps] Centreon 19.10.5 – 'Pollers' Remote Command Execution (Metasploit) (0)
02-03: [dos] P2PWIFICAM2 for iOS 10.4.1 – 'Camera ID' Denial of Service (PoC) (0)
02-03: [webapps] Schneider Electric U.Motion Builder 1.3.4 – Authenticated Command Injection (0)
02-03: [webapps] ira 8.3.4 – Information Disclosure (Username Enumeration) (0)
02-03: [webapps] phpList 3.5.0 – Authentication Bypass (0)
02-03: [dos] BearFTP 0.1.0 – 'PASV' Denial of Service (0)
02-03: [webapps] IceWarp WebMail 11.4.4.1 – Reflective Cross-Site Scripting (0)
02-03: [webapps] School ERP System 1.0 – Cross Site Request Forgery (Add Admin) (0)
02-01: Lotus Core CMS 1.0.1 Local File Inclusion (0)
02-01: FlexNet Publisher 11.12.1 Cross Site Request Forgery (0)
02-01: Intel Processor Identification Utility 6.0.0211 Privilege Escalation (0)
02-01: http://psschool.obec.go.th/007.html (0)

January 2020 (291)

01-31: XMLBlueprint 16.191112 XML Injection (0)
01-31: Centreon 19.10.5 Remote Command Execution (0)
01-31: Cups Easy 1.0 Cross Site Request Forgery (0)
01-31: Centreon 19.10.5 Remote Command Execution (0)
01-31: OpenSMTPD 6.6.2 Remote Code Execution (0)
01-31: rConfig 3.9.3 Remote Code Execution (0)
01-31: TrendMicro Anti-Threat Toolkit Improper Fix (0)
01-31: [webapps] Lotus Core CMS 1.0.1 – Local File Inclusion (0)
01-30: Apple Security Advisory 2020-1-29-2 (0)
01-30: Apple Security Advisory 2020-1-29-1 (0)
01-30: Apple Security Advisory 2020-1-28-6 (0)
01-30: Apple Security Advisory 2020-1-28-5 (0)
01-30: Apple Security Advisory 2020-1-28-3 (0)
01-30: Apple Security Advisory 2020-1-28-4 (0)
01-30: Apple Security Advisory 2020-1-28-2 (0)
01-30: Apple Security Advisory 2020-1-28-1 (0)
01-30: Fifthplay S.A.M.I Cross Site Request Forgery / Cross Site Scripting (0)
01-30: OpenBSD OpenSMTPD Privilege Escalation / Code Execution (0)
01-30: [webapps] rConfig 3.9.3 – Authenticated Remote Code Execution (0)
01-30: [remote] OpenSMTPD 6.6.2 – Remote Code Execution (0)
01-29: Torrent 3GP Converter 1.51 Stack Overflow (0)
01-29: SolarWinds n-Central Dumpster Diver (0)
01-29: FusionAuth 1.10 Remote Command Execution (0)
01-29: IceWarp WebMail 11.4.4.1 Cross Site Scripting (0)
01-29: macOS / iOS ImageIO Heap Corruption (0)
01-29: Adive Framework 2.0.8 Cross Site Request Forgery (0)
01-29: Centreon 19.10.5 Credential Disclosure (0)
01-29: Centreon 19.10.5 Remote Command Execution (0)
01-29: Octeth Oempro 4.8 SQL Injection (0)
01-29: [webapps] Centreon 19.10.5 – 'Pollers' Remote Command Execution (0)
01-29: [webapps] Satellian 1.12 – Remote Code Execution (0)
01-29: [local] Microsoft Windows 10 – Theme API 'ThemePack' File Parsing (0)
01-29: [webapps] Cups Easy 1.0 – Cross Site Request Forgery (Password Reset) (0)
01-29: [local] XMLBlueprint 16.191112 – XML External Entity Injection (0)
01-29: [webapps] Liferay CE Portal 6.0.2 – Remote Command Execution (0)
01-29: [webapps] Kibana 6.6.1 – CSV Injection (0)
01-28: [dos] macOS/iOS ImageIO – Heap Corruption when Processing Malformed TIFF Image (0)
01-28: [webapps] Centreon 19.10.5 – Database Credentials Disclosure (0)
01-28: [webapps] Octeth Oempro 4.8 – 'CampaignID' SQL Injection (0)
01-28: [webapps] Adive Framework 2.0.8 – Cross-Site Request Forgery (Change Admin Password) (0)
01-28: [webapps] Centreon 19.10.5 – Remote Command Execution (0)
01-27: [local] Torrent 3GP Converter 1.51 – Stack Overflow (SEH) (0)
01-26: Ricoh Printer Driver Local Privilege Escalation (0)
01-26: Realtek SDK Information Disclosure / Code Execution (0)
01-25: Genexis Platinum-4410 2.1 Authentication Bypass (0)
01-25: TP-Link TP-SG105E 1.0.0 Unauthenticated Remote Reboot (0)
01-25: Webtareas 2.0 SQL Injection (0)
01-25: OLK Web Store 2020 Cross Site Request Forgery (0)
01-24: http://bamras.ddc.moph.go.th/Ali.txt (0)
01-24: http://special.obec.go.th/by_agent.php (0)
01-24: http://www.dsd.go.th/0.html (0)
01-24: BOOTP Turbo 2.0 Denial Of Service (0)
01-24: Pachev FTP Server 1.0 Path Traversal (0)
01-24: Umbraco CMS 8.2.2 Cross Site Request Forgery (0)
01-24: qdPM 9.1 Remote Code Execution (0)
01-24: [webapps] Genexis Platinum-4410 2.1 – Authentication Bypass (0)
01-24: [webapps] OLK Web Store 2020 – Cross-Site Request Forgery (0)
01-24: [webapps] Webtareas 2.0 – 'id' SQL Injection (0)
01-24: [webapps] TP-Link TP-SG105E 1.0.0 – Unauthenticated Remote Reboot (0)
01-23: Microsoft Windows Media Center .wmv Security Bypass / Code Execution (0)
01-23: ManageEngine Network Configuration Manager 12.2 SQL Injection (0)
01-23: Microsoft Windows Theme API File Parsing (0)
01-23: Park Ticketing Management System 1.0 Cross Site Scripting (0)
01-23: SolarWindows MSP n-Central Information Disclosure (0)
01-23: ECTouch ECShop 2.7.3 SQL Injection (0)
01-23: KeePass 2.44 Denial Of Service (0)
01-23: XNU vm_map_copy Insufficient Fix (0)
01-23: Citrix XenMobile Server 10.8 XML Injection (0)
01-23: Employee Leaves Management System 2.0 Cross Site Request Forgery (0)
01-23: ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting (0)
01-23: Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation (0)
01-23: D-Link DIR-859 Unauthenticated Remote Command Execution (0)
01-23: [remote] Pachev FTP Server 1.0 – Path Traversal (0)
01-23: [webapps] qdPM 9.1 – Remote Code Execution (0)
01-23: [dos] BOOTP Turbo 2.0 – Denial of Service (SEH)(PoC) (0)
01-22: Microsoft Zero Day Actively Exploited, Patch Forthcoming (0)
01-22: WordPress WP Fanzone 3.1 SQL Injection (0)
01-22: Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption (0)
01-22: [dos] KeePass 2.44 – Denial of Service (PoC) (0)
01-22: [webapps] Citrix XenMobile Server 10.8 – XML External Entity Injection (0)
01-21: Hospital Management System 4.0 Cross Site Scripting (0)
01-21: Easy XML Editor 1.7.8 XML Injection (0)
01-21: Advie Framework 2.0.8 Cross Site Scripting (0)
01-21: Sysax Multi Server 5.50 Denial Of Service (0)
01-21: Centreon 19.04 Remote Code Execution (0)
01-21: [local] NEOWISE CARBONFTP 1.4 – Weak Password Encryption (0)
01-21: [webapps] ManageEngine Network Configuration Manager 12.2 – 'apiKey' SQL Injection (0)
01-20: [webapps] Centreon 19.04 – Authenticated Remote Code Execution (Metasploit) (0)
01-20: [dos] Sysax Multi Server 5.50 – Denial of Service (PoC) (0)
01-20: [webapps] Adive Framework 2.0.8 – Persistent Cross-Site Scripting (0)
01-20: [local] Easy XML Editor 1.7.8 – XML External Entity Injection (0)
01-19: Microsoft .diagcab Directory Traversal / Code Execution (0)
01-18: APKF Product Key Finder 2.5.8.0 Denial Of Service (0)
01-18: Torrent FLV Converter 1.51 Build 117 Stack Overflow (0)
01-18: WordPress InfiniteWP Client 1.9.4.5 Authentication Bypass (0)
01-18: GTalk Password Finder 2.2.1 Denial Of Service (0)
01-18: WordPress Time Capsule 1.21.16 Authentication Bypass (0)
01-18: Solaris xlock Information Disclosure (0)
01-18: Common Desktop Environment 2.3.1 Buffer Overflow (0)
01-18: Trend Micro Security 2019 Security Bypass Protected Service Tampering (0)
01-18: Trend Micro Security (Consumer) Arbitrary Code Execution (0)
01-17: WordPress Postie 1.9.40 Cross Site Scripting (0)
01-17: SunOS 5.10 Generic_147148-26 Local Privilege Escalation (0)
01-17: Online Book Store 1.0 Arbitrary File Upload (0)
01-17: Tautulli 2.1.9 Denial Of Service (0)
01-17: CurveBall Microsoft Windows CryptoAPI Spoofing Proof Of Concept (0)
01-17: CurveBall Microsoft Windows CryptoAPI Spoofing Proof Of Concept (0)
01-17: Jenkins Gitlab Hook 1.4.2 Cross Site Scripting (0)
01-17: Citrix ADC / Gateway Path Traversal (0)
01-17: WordPress Resim ara 1.0 Cross Site Scripting (0)
01-17: [local] Trend Micro Maximum Security 2019 – Privilege Escalation (0)
01-17: [dos] GTalk Password Finder 2.2.1 – 'Key' Denial of Service (PoC) (0)
01-17: [webapps] Wordpress Time Capsule Plugin 1.21.16 – Authentication Bypass (0)
01-17: [local] Trend Micro Maximum Security 2019 – Arbitrary Code Execution (0)
01-17: [webapps] Wordpress Plugin InfiniteWP Client 1.9.4.5 – Authentication Bypass (0)
01-17: [dos] APKF Product Key Finder 2.5.8.0 – 'Name' Denial of Service (PoC) (0)
01-17: [local] Torrent FLV Converter 1.51 Build 117 – Stack Oveflow (SEH partial overwrite) (0)
01-16: The NSA Has Discovered A Major Flaw In Windows 10 (0)
01-16: Plantronics Hub SpokesUpdateService Privilege Escalation (0)
01-16: Online Book Store 1.0 SQL Injection (0)
01-16: Huawei HG255 Directory Traversal (0)
01-16: [webapps] WordPress Plugin Postie 1.9.40 – Persistent Cross-Site Scripting (0)
01-16: [webapps] Rukovoditel Project Management CRM 2.5.2 – 'entities_id' SQL Injection (0)
01-16: [webapps] Citrix Application Delivery Controller (ADC) and Gateway 13.0 – Path Traversal (0)
01-16: [webapps] Tautulli 2.1.9 – Denial of Service ( Metasploit ) (0)
01-16: [webapps] Jenkins Gitlab Hook Plugin 1.4.2 – Reflected Cross-Site Scripting (0)
01-16: [webapps] Online Book Store 1.0 – Arbitrary File Upload (0)
01-16: [local] SunOS 5.10 Generic_147148-26 – Local Privilege Escalation (0)
01-16: [webapps] Rukovoditel Project Management CRM 2.5.2 – 'reports_id' SQL Injection (0)
01-15: Citrix Application Delivery Controller / Gateway Remote Code Execution (0)
01-15: Citrix Application Delivery Controller / Gateway Remote Code Execution / Traversal (0)
01-15: Top Password Firefox Password Recovery 2.8 Denial Of Service (0)
01-15: Top Password Software Dialup Password Recovery 1.30 Denial Of Service (0)
01-15: Allok Video Converter 4.6.1217 Stack Overflow (0)
01-15: Allok RM RMVB To AVI MPEG DVD Converter 3.6.1217 Stack Overflow (0)
01-15: Chevereto 3.13.4 Core Remote Code Execution (0)
01-15: SpotDialup 1.6.7 Denial Of Service (0)
01-15: SpotOutlook 1.2.6 Denial Of Service (0)
01-15: Advanced System Repair Pro 1.9.1.7 Insecure File Permissions (0)
01-15: TaskCanvas 1.4.0 Denial Of Service (0)
01-15: Freelancy 1.0.0 Remote Code Execution (0)
01-15: Car Rental Project 1.0 Remote Code Execution (0)
01-15: Digi AnywhereUSB 14 Cross Site Scripting (0)
01-15: Hospital Management System 4.0 Cross Site Scripting (0)
01-15: Citrix Application Delivery Controller / Gateway 10.5 Remote Code Execution (0)
01-15: VPN Unlimited 6.1 Unquoted Service Path (0)
01-15: IBM RICOH InfoPrint 6500 Printer HTML Injection (0)
01-15: WordPress 5.3 Denial Of Service (0)
01-15: Sagemcom Fast 3890 Remote Code Execution (0)
01-15: Redir 3.3 Denial Of Service (0)
01-15: IBM RICOH 6400 Printer HTML Injection (0)
01-15: Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution (0)
01-15: Barco WePresent file_transfer.cgi Command Injection (0)
01-15: [webapps] Huawei HG255 – Directory Traversal ( Metasploit ) (0)
01-15: [webapps] Online Book Store 1.0 – 'bookisbn' SQL Injection (0)
01-14: [dos] WeChat – Memory Corruption in CAudioJBM::InputAudioFrameToJBM (0)
01-14: [dos] Redir 3.3 – Denial of Service (PoC) (0)
01-14: [webapps] IBM RICOH InfoPrint 6500 Printer – HTML Injection (0)
01-14: [webapps] IBM RICOH 6400 Printer – HTML Injection (0)
01-14: [local] VPN unlimited 6.1 – Unquoted Service Path (0)
01-13: [local] Allok Video Converter 4.6.1217 – Stack Overflow (SEH) (0)
01-13: [dos] SpotOutlook 1.2.6 – 'Name' Denial of Service (PoC) (0)
01-13: [local] Advanced System Repair Pro 1.9.1.7 – Insecure File Permissions (0)
01-13: [dos] SpotDialup 1.6.7 – 'Name' Denial of Service (PoC) (0)
01-13: [dos] Top Password Software Dialup Password Recovery 1.30 – Denial of Service (PoC) (0)
01-13: [webapps] Chevereto 3.13.4 Core – Remote Code Execution (0)
01-12: TotalAV 2020 4.14.31 Privilege Escalation (0)
01-12: Pandora 7.0NG Remote Code Execution (0)
01-12: PixelStor 5000 K:4.0.1580-20150629 Remote Code Execution (0)
01-12: ASTPP 4.0.1 Database Disclosure (0)
01-12: WeChat CAudioJBM::InputAudioFrameToJBM Memory Corruption (0)
01-12: Android ashmem Read-Only Bypasses (0)
01-11: [webapps] Citrix Application Delivery Controller and Citrix Gateway – Remote Code Execution (0)
01-11: [webapps] Citrix Application Delivery Controller and Citrix Gateway – Remote Code Execution (PoC) (0)
01-10: https://www.huaikrachaohospital.go.th/0day.html (0)
01-10: [webapps] ASTPP 4.0.1 VoIP Billing – Database Backup Download (0)
01-10: [webapps] Pandora 7.0NG – Remote Code Execution (0)
01-10: [local] TotalAV 2020 4.14.31 – Privilege Escalation (0)
01-10: [webapps] PixelStor 5000 K:4.0.1580-20150629 – Remote Code Execution (0)
01-09: Cisco DCNM JBoss 10.4 Credential Leakage (0)
01-09: Sony Playstation 4 Webkit Code Execution (0)
01-09: Django Account Hijack (0)
01-09: Tomcat 9.0.0.M1 Sandbox Escape (0)
01-09: JetBrains TeamCity 2018.2.4 Remote Code Execution (0)
01-09: Codoforum 4.8.3 Cross Site Scripting (0)
01-09: EBBISLAND EBBSHAVE 6100-09-04-1441 Remote Buffer Overflow (0)
01-09: ASTPP VoIP 4.0.1 Remote Code Execution (0)
01-09: Online Book Store 1.0 Remote Code Execution (0)
01-09: ZIP Password Recovery 2.30 Denial Of Service (0)
01-09: Oracle Weblogic 10.3.6.0.0 Remote Command Execution (0)
01-09: MSN Password Recovery 1.30 XML Injection (0)
01-09: Firefox Gets Patch For Critical 0-Day That's Being Actively Exploited (0)
01-09: [local] MSN Password Recovery 1.30 – XML External Entity Injection (0)
01-09: [dos] ZIP Password Recovery 2.30 – 'ZIP File' Denial of Service (PoC) (0)
01-09: [webapps] Oracle Weblogic 10.3.6.0.0 – Remote Command Execution (0)
01-08: AnyDesk 5.4.0 Unquoted Service Path (0)
01-08: Complaint Management System 4.0 Remote Code Execution (0)
01-08: piSignage 2.6.4 Directory Traversal (0)
01-08: Dairy Farm Shop Management System 1.0 SQL Injection (0)
01-08: Dairy Farm Shop Management System 1.0 Cross Site Scripting (0)
01-08: Job Portal 1.0 Shell Upload (0)
01-08: Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key (0)
01-08: http://server91.labour.go.th/kurd.html (0)
01-08: [webapps] Tomcat proprietaryEvaluate 9.0.0.M1 – Sandbox Escape (0)
01-08: [remote] JetBrains TeamCity 2018.2.4 – Remote Code Execution (0)
01-08: [remote] ASTPP VoIP 4.0.1 – Remote Code Execution (0)
01-08: [remote] EBBISLAND EBBSHAVE 6100-09-04-1441 – Remote Buffer Overflow (0)
01-08: [webapps] Online Book Store 1.0 – Unauthenticated Remote Code Execution (0)
01-08: [remote] Cisco DCNM JBoss 10.4 – Credential Leakage (0)
01-08: [webapps] Codoforum 4.8.3 – 'input_txt' Persistent Cross-Site Scripting (0)
01-07: Adaware Web Companion 4.9.2159 WCAssistantService Unquoted Service Path (0)
01-07: Duplicate Cleaner Pro 4 Denial Of Service (0)
01-07: Voyager 1.3.0 Directory Traversal (0)
01-07: SpotFTP FTP Password Recovery 3.0.0.0 Denial Of Service (0)
01-07: Office Product Key Finder 1.5.4 Denial Of Service (0)
01-07: NBMonitor 1.6.6.0 Denial Of Service (0)
01-07: RemShutdown 2.9.0.0 Denial Of Service (0)
01-07: Backup Key Recovery 2.2.5 Denial Of Service (0)
01-07: TextCrawler Pro 3.1.1 Denial Of Service (0)
01-07: Hostel Management System 2.0 SQL Injection (0)
01-07: Dairy Farm Shop Management System 1.0 SQL Injection (0)
01-07: Complaint Management System 4.0 SQL Injection (0)
01-07: IBM RICOH Infoprint 1532 Printer Cross Site Scripting (0)
01-07: ERPNext 11.1.47 Cross Site Scripting (0)
01-07: [webapps] Complaint Management System 4.0 – Remote Code Execution (0)
01-07: [webapps] piSignage 2.6.4 – Directory Traversal (0)
01-07: [local] AnyDesk 5.4.0 – Unquoted Service Path (0)
01-07: [webapps] Job Portal 1.0 – Remote Code Execution (0)
01-06: [dos] BlueAuditor 1.7.2.0 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] Dnss Domain Name Search Software – 'Key' Denial of Service (PoC) (0)
01-06: [dos] SpotIE 2.9.5 – 'Key' Denial of Service (PoC) (0)
01-06: [webapps] Hostel Management System 2.0 – 'id' SQL Injection (0)
01-06: [local] Adaware Web Companion 4.9.2159 – 'WCAssistantService' Unquoted Service Path (0)
01-06: [dos] NetworkSleuth 3.0.0.0 – 'Key' Denial of Service (PoC) (0)
01-06: [webapps] IBM RICOH Infoprint 1532 Printer – Persistent Cross-Site Scripting (0)
01-06: [webapps] Subrion CMS 4.0.5 – Cross-Site Request Forgery (Add Admin) (0)
01-06: [webapps] Complaint Management System 4.0 – 'cid' SQL injection (0)
01-06: [dos] NetShareWatcher 1.5.8.0 – 'Name' Denial Of Service (0)
01-06: [dos] SpotIM 2.2 – 'Name' Denial Of Service (0)
01-06: [webapps] Dairy Farm Shop Management System 1.0 – 'username' SQL Injection (0)
01-06: [dos] FTPGetter Professional 5.97.0.223 – Denial of Service (PoC) (0)
01-06: [webapps] elaniin CMS 1.0 – Authentication Bypass (0)
01-06: [dos] ShareAlarmPro Advanced Network Access Control – 'Key' Denial of Service (PoC) (0)
01-06: [dos] SpotMSN 2.4.6 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] SpotFTP FTP Password Recovery 3.0.0.0 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] Office Product Key Finder 1.5.4 – Denial of Service (PoC) (0)
01-06: [dos] RemShutdown 2.9.0.0 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] NBMonitor 1.6.6.0 – 'Key' Denial of Service (PoC) (0)
01-06: [dos] RemShutdown 2.9.0.0 – 'Key' Denial of Service (PoC) (0)
01-06: [dos] Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 – 'Key' Denial of Service (PoC) (0)
01-06: [dos] Dnss Domain Name Search Software – 'Name' Denial of Service (PoC) (0)
01-06: [dos] TextCrawler Pro3.1.1 – Denial of Service (PoC) (0)
01-06: [dos] NetShareWatcher 1.5.8.0 – 'Key' Denial of Service (PoC) (0)
01-05: Microsoft Windows VCF Denial Of Service (0)
01-05: http://www.wanyai.go.th (0)
01-04: MSN Password Recovery 1.30 Denial Of Service (0)
01-04: Hospital Management System 4.0 searchdata SQL Injection (0)
01-04: Mozilla Firefox Denial Of Service (0)
01-04: AppLocker Policy Bypass (0)
01-04: Hospital Management System 4.0 Cross Site Scripting (0)
01-04: CTFd 2.1.5 Administrator Account Takeover (0)
01-04: OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control (0)
01-04: Online Course Registration 2.0 Remote Code Execution (0)
01-04: IceWarp 12.2.0 / 12.1.x Cross Site Scripting (0)
01-04: Karakuzu ERP Management Web 5.7.0 SQL Injection (0)
01-04: Plantronics Hub 3.13.2 Local Privilege Escalation (0)
01-04: IceWarp 12.2.0 / 12.1.x Cross Site Scripting (0)
01-04: http://doa.go.th/readme.htm (0)
01-04: https://pbhospital.go.th (0)
01-03: [local] Plantronics Hub 3.13.2 – Local Privilege Escalation (0)
01-03: [webapps] Karakuzu ERP Management Web 5.7.0 – 'k_adi_duz' SQL Injection (0)
01-03: [webapps] Online Course Registration 2.0 – Remote Code Execution (0)
01-02: NextVPN 4.10 Insecure File Permissions (0)
01-02: WordPress Ultimate Addons For Beaver Builder 1.2.4.1 Authentication Bypass (0)
01-02: nostromo 1.9.6 Remote Code Execution (0)
01-02: Shopping Portal ProVersion 3.0 SQL Injection (0)
01-02: IBM InfoPrint 4247-Z03 Impact Matrix Printer Directory Traversal (0)
01-02: Hospital Management System 4.0 SQL Injection (0)
01-02: Microsoft Windows .Group File URL Field Code Execution (0)
01-02: Packet Storm New Exploits For December, 2019 (0)
01-02: Packet Storm New Exploits For 2019 (0)
01-02: [webapps] BloodX 1.0 – Authentication Bypass (0)
01-02: [webapps] Hospital Management System 4.0 – Persistent Cross-Site Scripting (0)
01-02: [webapps] Hospital Management System 4.0 – 'searchdata' SQL Injection (0)
01-02: [dos] MSN Password Recovery 1.30 – Denial of Service (PoC) (0)
01-01: http://www.abtbankuan.go.th/krd.html (0)
01-01: [local] Microsoft Windows .Group File – Code Execution (0)
01-01: [remote] nostromo 1.9.6 – Remote Code Execution (0)
01-01: [webapps] Hospital Management System 4.0 – Authentication Bypass (0)
01-01: [webapps] Shopping Portal ProVersion 3.0 – Authentication Bypass (0)
01-01: [webapps] IBM InfoPrint 4247-Z03 Impact Matrix Printer – Directory Traversal (0)

December 2019 (222)

12-31: AVS Audio Converter 9.1.2.600 Stack Overflow (0)
12-31: FTP Navigator 8.03 Stack Overflow (0)
12-31: Cera Intranet Community Theme 1.0.1 SQL Injection (0)
12-31: elearning-script 1.0 SQL Injection (0)
12-31: Wave 2.0 SQL Injection (0)
12-31: RICOH SP 4510SF Printer HTML Injection (0)
12-31: Wing FTP Server 6.0.7 Unquoted Service Path (0)
12-31: Heatmiser Netmonitor 3.03 Hardcoded Credentials (0)
12-31: WEMS Enterprise Manager 2.58 Cross Site Scripting (0)
12-31: WEMS BEMS 21.3.1 Undocumented Backdoor Account (0)
12-31: HomeAutomation 3.3.2 Cross Site Scripting (0)
12-31: MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Information Disclosure (0)
12-31: FreeBSD mqueuefs Privilege Escalation (0)
12-31: HomeAutomation 3.3.2 Authentication Bypass (0)
12-31: FreeBSD fd Privilege Escalation (0)
12-31: HomeAutomation 3.3.2 Cross Site Request Forgery (0)
12-31: HomeAutomation 3.3.2 CSRF / Code Execution (0)
12-31: HomeAutomation 3.3.2 Open Redirect (0)
12-31: Thrive Smart Home 1.1 Cross Site Scripting (0)
12-31: Thrive Smart Home 1.1 SQL Injection (0)
12-31: [local] NextVPN v4.10 – Insecure File Permissions (0)
12-31: [webapps] Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 – Authentication Bypass (0)
12-30: [local] AVS Audio Converter 9.1.2.600 – Stack Overflow (PoC) (0)
12-30: [webapps] HomeAutomation 3.3.2 – Cross-Site Request Forgery (Add Admin) (0)
12-30: [webapps] HomeAutomation 3.3.2 – Authentication Bypass (0)
12-30: [webapps] HomeAutomation 3.3.2 – Persistent Cross-Site Scripting (0)
12-30: [local] Reptile Rootkit – reptile_cmd Privilege Escalation (Metasploit) (0)
12-30: [local] Microsoft UPnP – Local Privilege Elevation (Metasploit) (0)
12-30: [local] OpenBSD – Dynamic Loader chpass Privilege Escalation (Metasploit) (0)
12-30: [webapps] HomeAutomation 3.3.2 – Remote Code Execution (0)
12-28: AVE DOMINAplus 1.10.x Cross Site Request Forgery / Cross Site Scripting (0)
12-28: AVE DOMINAplus 1.10.x Unauthenticated Remote Reboot (0)
12-28: AVE DOMINAplus 1.10.x Authentication Bypass (0)
12-28: AVE DOMINAplus 1.10.x Credential Disclosure (0)
12-28: OpenBSD Dynamic Loader chpass Privilege Escalation (0)
12-27: http://www.reo15.moe.go.th/web/ (0)
12-25: Prime95 29.8 Build 6 Buffer Overflow (0)
12-24: Microsoft Windows 10 BasicRender.sys Denial Of Service (0)
12-24: phpMyChat-Plus 1.98 Cross Site Scripting (0)
12-24: FreeSWITCH 1.10.1 Command Execution (0)
12-24: vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation (0)
12-24: Reptile Rootkit reptile_cmd Privilege Escalation (0)
12-23: http://sanpong.go.th (0)
12-23: http://sanpayang.go.th (0)
12-23: [local] Prime95 Version 29.8 build 6 – Buffer Overflow (SEH) (0)
12-21: FaceTime _RSU_DecodeByteBuffer Out-Of-Bounds Read (0)
12-20: FTP Navigator 8.03 Denial Of Service (0)
12-20: Deutsche Bahn Ticket Vending Machine Privilege Escalation (0)
12-20: [remote] FreeSWITCH 1.10.1 – Command Execution (0)
12-20: [webapps] phpMyChat-Plus 1.98 – 'pmc_username' Reflected Cross-Site Scripting (0)
12-20: [dos] Microsoft Windows 10 BasicRender.sys – Denial of Service (PoC) (0)
12-19: XnView 2.49.1 Denial Of Service (0)
12-19: AVS Audio Converter 9.1 Buffer Overflow (0)
12-19: Rumpus FTP Web File Manager 8.2.9.1 Cross Site Scripting (0)
12-19: Telerik UI Remote Code Execution (0)
12-19: macOS Kernel wait_for_namespace_event() Race Condition / Use-After-Free (0)
12-19: Microsoft UPnP Local Privilege Elevation (0)
12-19: [dos] FTP Navigator 8.03 – 'Custom Command' Denial of Service (SEH) (0)
12-19: [webapps] Deutsche Bahn Ticket Vending Machine Local Kiosk – Privilege Escalation (0)
12-18: Metasploit Sample Linux Privilege Escalation Exploit (0)
12-18: Metasploit Sample Webapp Exploit (0)
12-18: OpenMRS Java Deserialization Remote Code Execution (0)
12-18: Zendesk SweetHawk Survey 1.6 Cross Site Scripting (0)
12-18: NopCommerce 4.2.0 Privilege Escalation (0)
12-18: Xerox AltaLink C8035 Printer Cross Site Request Forgery (0)
12-18: Tautulli 2.1.9 Cross Site Request Forgery (0)
12-18: Serv-U FTP Server 15.1.7 Cross Site Scripting (0)
12-18: Netgear R6400 Remote Code Execution (0)
12-18: [webapps] Telerik UI – Remote Code Execution via Insecure Deserialization (0)
12-18: [remote] OpenMRS – Java Deserialization RCE (Metasploit) (0)
12-18: [dos] macOS 10.14.6 (18G87) – Kernel Use-After-Free due to Race Condition in wait_for_namespace_event() (0)
12-18: [webapps] Rumpus FTP Web File Manager 8.2.9.1 – Reflected Cross-Site Scripting (0)
12-18: [local] AVS Audio Converter 9.1 – 'Exit folder' Buffer Overflow (0)
12-18: [webapps] Xerox AltaLink C8035 Printer – Cross-Site Request Forgery (Add Admin) (0)
12-18: [webapps] Tautulli 2.1.9 – Cross-Site Request Forgery (ShutDown) (0)
12-17: http://necsystem.dip.go.th/index.html (0)
12-17: http://angelfund.dip.go.th/index.html (0)
12-17: Squiz Matrix CMS 5.5.x.x Code Execution / Information Disclosure (0)
12-17: D-Link DIR-615 Privilege Escalation (0)
12-17: Linux sendmsg() Privilege Escalation (0)
12-17: Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting (0)
12-17: Serv-U FTP Server 15.1.7 CSV Injection (0)
12-17: Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure (0)
12-17: Microsoft Teams Instant Messenger DLL Hijacking (0)
12-17: Bash Profile Persistence (0)
12-17: Apple Security Advisory 2019-12-10-1 (0)
12-17: [webapps] NopCommerce 4.2.0 – Privilege Escalation (0)
12-17: [webapps] Netgear R6400 – Remote Code Execution (0)
12-17: [webapps] Zendesk App SweetHawk Survey 1.6 – Persistent Cross-Site Scripting (0)
12-16: https://www.sme.go.th/readme.htm (0)
12-16: [webapps] Roxy Fileman 1.4.5 – Directory Traversal (0)
12-16: [webapps] D-Link DIR-615 Wireless Router – Persistent Cross-Site Scripting (0)
12-16: [local] Linux 5.3 – Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds (0)
12-16: [webapps] D-Link DIR-615 – Privilege Escalation (0)
12-15: Apple iOS v13.x Webkit VCF – Denial of Service Vulnerability (0)
12-15: DB Ticket Vending Machine WinXP – Privilege Escalation (0)
12-15: Apple iOS v13.x (AirDrop) – (AirDoS) Denial of Service PoC (0)
12-14: NVMS-1000 Directory Traversal (0)
12-14: FTP Commander Pro 8.03 Local Stack Overflow (0)
12-14: Roxy Fileman 1.4.5 For .NET Directory Traversal (0)
12-13: Bullwark Momentum Series JAWS 1.0 Directory Traversal (0)
12-13: OpenNetAdmin 18.1.1 Command Injection (0)
12-13: Qualys Security Advisory – OpenBSD Dynamic Loader Privilege Escalation (0)
12-13: Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing (0)
12-13: http://bangnampriao.chachoengsao.doae.go.th (0)
12-13: http://angthong.nfe.go.th/kurd.html (0)
12-13: http://dop.go.th/kurd.html (0)
12-13: [local] FTP Commander Pro 8.03 – Local Stack Overflow (0)
12-13: [webapps] NVMS 1000 – Directory Traversal (0)
12-12: http://pon.go.th/kurd.html (0)
12-12: http://suksamran.go.th/kurd.html (0)
12-12: http://tumbonnontan.go.th/kurd.html (0)
12-12: http://www.samutsakhon.doae.go.th/krd.html (0)
12-12: http://www.nakhonphanom.doae.go.th/krd.html (0)
12-12: http://www.chachoengsao.doae.go.th/krd.html (0)
12-12: Lenovo Power Management Driver Buffer Overflow (0)
12-12: Product Key Explorer 4.2.0.0 Name Denial Of Service (0)
12-12: AppXSvc 17763 Arbitrary File Overwrite (0)
12-12: Adobe Acrobat Reader DC For Windows Memory Corruption (0)
12-12: Product Key Explorer 4.2.0.0 Key Denial Of Service (0)
12-12: Apple Security Advisory 2019-12-10-7 (0)
12-12: Apple Security Advisory 2019-12-10-8 (0)
12-12: Apple Security Advisory 2019-12-10-6 (0)
12-12: Apple Security Advisory 2019-12-10-5 (0)
12-12: Apple Security Advisory 2019-12-10-2 (0)
12-12: Apple Security Advisory 2019-12-10-3 (0)
12-12: Apple Security Advisory 2019-12-10-4 (0)
12-12: [webapps] Bullwark Momentum Series JAWS 1.0 – Directory Traversal (0)
12-12: [webapps] OpenNetAdmin 18.1.1 – Command Injection Exploit (Metasploit) (0)
12-12: [dos] Lenovo Power Management Driver 1.67.17.48 – 'pmdrvs.sys' Denial of Service (PoC) (0)
12-11: http://www.hrm.m-society.go.th/kurd.html (0)
12-11: WordPress Scoutnet Kalender 1.1.0 Cross Site Scripting (0)
12-11: Inim Electronics SmartLiving SmartLAN/G/SI 6.x Remote Root (0)
12-11: Inim Electronics Smartliving SmartLAN/G/SI 6.x SSRF (0)
12-11: Inim Electronics Smartliving SmartLAN/G/SI 6.x Hard-Coded Credentials (0)
12-11: Apache Olingo OData 4.6.x XML Injection (0)
12-11: DAViCal CalDAV Server 1.1.8 Persistent Cross Site Scripting (0)
12-11: DAViCal CalDAV Server 1.1.8 Cross Site Request Forgery (0)
12-11: DAViCal CalDAV Server 1.1.8 Reflective Cross Site Scripting (0)
12-11: vBulletin 5.5.4 Remote Command Execution (0)
12-11: [dos] Adobe Acrobat Reader DC – Heap-Based Memory Corruption due to Malformed TTF Font (0)
12-11: [dos] AppXSvc 17763 – Arbitrary File Overwrite (DoS) (0)
12-11: [dos] Product Key Explorer 4.2.0.0 – 'Key' Denial of Service (PoC) (0)
12-11: [dos] Product Key Explorer 4.2.0.0 – 'Name' Denial of Service (POC) (0)
12-10: Mozilla Firefox Windows 64-Bit Chain Exploit (0)
12-10: Microsoft Windows Windows 10 UAC Bypass (0)
12-10: SpotAuditor 5.3.2 Local Buffer Overflow (0)
12-10: PRO-7070 Hazir Profesyonel Web Sitesi 1.0 SQL Injection (0)
12-10: Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting (0)
12-10: Alcatel-Lucent Omnivista 8770 Remote Code Execution (0)
12-10: Oracle Siebel Sales 8.1 Cross Site Scripting (0)
12-10: [local] Inim Electronics Smartliving SmartLAN 6.x – Hard-coded Credentials (0)
12-09: [webapps] Alcatel-Lucent Omnivista 8770 – Remote Code Execution (0)
12-09: [local] SpotAuditor 5.3.2 – 'Base64' Local Buffer Overflow (SEH) (0)
12-09: [dos] Omron PLC 1.0.0 – Denial of Service (PoC) (0)
12-09: [webapps] Snipe-IT Open Source Asset Management 4.7.5 – Persistent Cross-Site Scripting (0)
12-09: [webapps] PRO-7070 Hazır Profesyonel Web Sitesi 1.0 – Authentication Bypass (0)
12-08: [local] Microsoft Windows – Multiple UAC Protection Bypasses (0)
12-07: Microsoft Skype For Business DNS Query (0)
12-07: Verot 2.0.3 Remote Code Execution (0)
12-07: Integard Pro NoJs 2.2.0.9026 Remote Buffer Overflow (0)
12-07: Trend Micro Deep Security Agent 11 Arbitrary File Overwrite (0)
12-07: Yachtcontrol 2019-10-06 Remote Code Execution (0)
12-07: SiteVision 4.x / 5.x Insufficient Module Access Control (0)
12-07: SiteVision 4.x / 5.x Remote Code Execution (0)
12-07: OkayCMS 2.3.4 Remote Code Execution (0)
12-07: [local] Mozilla FireFox (Windows 10 x64) – Full Chain Client Side Attack (0)
12-06: NETGATE Data Backup 3.0.620 Unquoted Service Path (0)
12-06: Amiti Antivirus 25.0.640 Unquoted Service Path (0)
12-06: Qualys Security Advisory – OpenBSD Authentication Bypass / Privilege Escalation (0)
12-06: Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution (0)
12-06: [local] Trend Micro Deep Security Agent 11 – Arbitrary File Overwrite (0)
12-06: [remote] Integard Pro NoJs 2.2.0.9026 – Remote Buffer Overflow (0)
12-06: [webapps] Verot 2.0.3 – Remote Code Execution (0)
12-05: Online Invoicing System 2.6 Cross Site Scripting (0)
12-05: Intelbras Router RF1200 1.1.3 Cross Site Request Forgery (0)
12-05: Online Clinic Management System 2.2 HTML Injection (0)
12-05: Cisco WLC 2504 8.9 Denial Of Service (0)
12-05: Microsoft Windows BasicRender.sys WARPGPUCMDSYNC NULL Pointer (0)
12-05: Microsoft Visual Basic 2010 Express XML Injection (0)
12-05: BMC Smart Reporting 7.3 20180418 XML Injection (0)
12-05: Microsoft Windows Media Center XML Injection (0)
12-05: WordPress CSS Hero 4.0.3 Cross Site Scripting (0)
12-05: Revive Adserver 4.2 Remote Code Execution (0)
12-05: SSDWLAB 6.1 Authentication Bypass (0)
12-05: Fronius Solar Inverter Series Insecure Communication / Path Traversal (0)
12-05: YouPHPTube 7.7 SQL Injection (0)
12-05: [webapps] Broadcom CA Privilged Access Manager 2.8.2 – Remote Command Execution (0)
12-05: [local] Amiti Antivirus 25.0.640 – Unquoted Service Path (0)
12-05: [local] NETGATE Data Backup 3.0.620 – 'NGDatBckpSrv' Unquoted Service Path (0)
12-04: https://labanimals.nrct.go.th/index.html (0)
12-04: [webapps] OwnCloud 8.1.8 – Username Disclosure (0)
12-04: [webapps] Cisco WLC 2504 8.9 – Denial of Service (PoC) (0)
12-04: [local] Microsoft Visual Basic 2010 Express – XML External Entity Injection (0)
12-04: [webapps] Online Clinic Management System 2.2 – HTML Injection (0)
12-04: [webapps] SSDWLAB 6.1 – Authentication Bypass (0)
12-03: http://www.srn2.go.th/fca.html (0)
12-03: NSAuditor 3.1.8.0 Name Denial Of Service (0)
12-03: NSAuditor 3.1.8.0 Key Denial Of Service (0)
12-03: Anviz CrossChex 4.3.12 Local Buffer Overflow (0)
12-03: Dokuwiki 2018-04-22b Username Enumeration (0)
12-03: Microsoft Visual Studio 2008 Express IDE XML Injection (0)
12-03: Ajenti 2.1.31 Command Injection (0)
12-03: Packet Storm New Exploits For November, 2019 (0)
12-03: SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass (0)
12-03: http://www.silalang.go.th/o.htm (0)
12-03: [webapps] Intelbras Router RF1200 1.1.3 – Cross-Site Request Forgery (0)
12-03: [webapps] Online Invoicing System 2.6 – 'description' Persistent Cross-Site Scripting (0)
12-02: http://ncd.ddc.moph.go.th (0)
12-02: [local] Microsoft Excel 2016 1901 – XML External Entity Injection (0)
12-02: [local] Max Secure Anti Virus Plus 19.0.4.020 – Insecure File Permissions (0)
12-02: [dos] Nsauditor 3.1.8.0 – 'Key' Denial of Service (PoC) (0)
12-02: [webapps] Dokuwiki 2018-04-22b – Username Enumeration (0)
12-02: [local] Visual Studio 2008 – XML External Entity Injection (0)
12-02: [webapps] SmartHouse Webapp 6.5.33 – Cross-Site Request Forgery (0)
12-02: [local] Anviz CrossChex 4.3.12 – Local Buffer Overflow (0)
12-02: [dos] Nsauditor 3.1.8.0 – 'Name' Denial of Service (PoC) (0)
12-01: Allied Telesis AT-GS950/8 Directory Traversal (0)
12-01: Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection (0)
12-01: Max Secure Anti Virus Plus 19.0.4.020 Insecure Permissions (0)
12-01: Microsoft Excel 2016 1901 Import Error XML Injection (0)
12-01: Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery (0)

November 2019 (326)

11-30: http://nbcsystem.dip.go.th/x3.html (0)
11-30: WordPress 5.3 Username Enumeration (0)
11-30: TexasSoft CyberPlanet 6.4.131 Unquoted Service Path (0)
11-30: GHIA CamIP 1.2 For iOS Denial Of Service (0)
11-30: Mersive Solstice 2.8.0 Remote Code Execution (0)
11-30: SpotAuditor 5.3.2 Denial Of Service (0)
11-30: Online Inventory Manager 3.2 Cross Site Scripting (0)
11-30: Bash 5.0 Patch 11 Privilege Escalation (0)
11-30: OwnCloud 8.1.8 Username Disclosure (0)
11-30: WordPress Plainview Activity Monitor 20161228 Remote Command Execution (0)
11-29: [dos] SpotAuditor 5.3.2 – 'Name' Denial of Service (0)
11-29: [webapps] Online Inventory Manager 3.2 – Persistent Cross-Site Scripting (0)
11-29: [local] TexasSoft CyberPlanet 6.4.131 – 'CCSrvProxy' Unquoted Service Path (0)
11-29: [local] Bash 5.0 Patch 11 – SUID Priv Drop Exploit (0)
11-29: [dos] SpotAuditor 5.3.2 – 'Key' Denial of Service (0)
11-28: http://bokaew.go.th/images/0x1998.txt (0)
11-28: http://www.lungtakian.go.th/activity/images/8623.jpg (0)
11-28: Microsoft DirectX SDK 2010 Denial Of Service (0)
11-28: SpotAuditor 5.3.2 Denial Of Service (0)
11-28: Xiaomi Mi Box Display Corruption (0)
11-28: Grub2 grub2-set-bootflag Environment Corruption (0)
11-28: [dos] GHIA CamIP 1.2 for iOS – 'Password' Denial of Service (PoC) (0)
11-28: [webapps] Wordpress 5.3 – User Disclosure (0)
11-27: Microsoft Windows AppXsvc Deployment Extension Privilege Escalation (0)
11-27: Easy-Hide-IP 5.0.0.3 Unquoted Service Path (0)
11-27: SMPlayer 19.5.0 Denial Of Service (0)
11-27: InTouch Machine Edition 8.1 SP1 Denial Of Service (0)
11-27: Waves MaxxAudio Drivers 1.1.6.0 Unquoted Service Path (0)
11-27: InduSoft Web Studio 8.1 SP1 Denial Of Service (0)
11-27: iNetTools For iOS 8.20 Denial Of Service (0)
11-27: FortiOS 6.0.6 / FortiClientWindows 6.0.6 / FortiClientMac 6.2.1 XOR Encryption (0)
11-27: pari/gp 2.x Arbitrary File Overwrite (0)
11-27: [dos] SpotAuditor 5.3.2 – 'Base64' Denial Of Service (PoC) (0)
11-27: [dos] Microsoft DirectX SDK 2010 – '.PIXrun' Denial Of Service (PoC) (0)
11-26: http://www.phrae.m-society.go.th/zx.htm (0)
11-26: http://www.samutsakhon.m-society.go.th/zx.htm (0)
11-26: http://www.rayong.m-society.go.th/zx.htm (0)
11-26: http://www.narathiwat.m-society.go.th/zx.htm (0)
11-26: http://www.loei.m-society.go.th/zx.htm (0)
11-26: http://www.nakhonratchasima.m-society.go.th/zx.htm (0)
11-26: http://tpso2.m-society.go.th/zx.htm (0)
11-26: http://www.saraburi.m-society.go.th/zx.htm (0)
11-26: http://www.chiangrai.m-society.go.th/zx.htm (0)
11-26: http://www.lampang.m-society.go.th/zx.htm (0)
11-26: [dos] InduSoft Web Studio 8.1 SP1 – "Atributos" Denial of Service (PoC) (0)
11-26: [dos] iNetTools for iOS 8.20 – 'Whois' Denial of Service (PoC) (0)
11-25: Free MP3 CD Ripper 2.8 Buffer Overflow / Denial Of Service (0)
11-25: Free MP3 CD Ripper 2.8 Buffer Overflow (0)
11-25: [local] Microsoft Windows AppXsvc Deployment Extension – Privilege Escalation (0)
11-25: [local] Easy-Hide-IP 5.0.0.3 – 'EasyRedirect' Unquoted Service Path (0)
11-25: [dos] InTouch Machine Edition 8.1 SP1 – 'Atributos' Denial of Service (PoC) (0)
11-25: [local] Waves MaxxAudio Drivers 1.1.6.0 – 'WavesSysSvc64' Unquoted Service Path (0)
11-25: [dos] SMPlayer 19.5.0 – Denial of Service (PoC) (0)
11-23: ProShow Producer 9.0.3797 Unquoted Service Path (0)
11-23: LiteManager 4.5.0 Insecure File Permissions (0)
11-22: TestLink 1.9.19 Cross Site Scripting (0)
11-22: GNU Mailutils 3.7 Privilege Escalation (0)
11-22: Pagekit CMS 1.0.17 Cross Site Request Forgery (0)
11-22: Network Management Card 6.2.0 Host Header Injection (0)
11-22: macOS update_dyld_shared_cache Privilege Escalation (0)
11-22: Microsoft Internet Explorer Use-After-Free (0)
11-22: Skype v8.x – History Export v7 Web Vulnerability (0)
11-22: [local] macOS 10.14.6 – root->kernel Privilege Escalation via update_dyld_shared_cache (0)
11-22: [local] LiteManager 4.5.0 – Insecure File Permissions (0)
11-22: [local] ProShow Producer 9.0.3797 – ('ScsiAccess') Unquoted Service Path (0)
11-22: [dos] Internet Explorer – Use-After-Free in JScript Arguments During toJSON Callback (0)
11-21: http://banboek.lopburi.police.go.th (0)
11-21: OpenNetAdmin 18.1.1 Remote Code Execution (0)
11-21: ipPulse 1.92 Denial Of Service (0)
11-21: [webapps] Network Management Card 6.2.0 – Host Header Injection (0)
11-21: [local] GNU Mailutils 3.7 – Privilege Escalation (0)
11-21: [webapps] TestLink 1.9.19 – Persistent Cross-Site Scripting (0)
11-20: https://bakruea.go.th/images/0x1998.txt (0)
11-20: http://www.sidalocal.go.th/kurd.html (0)
11-20: BartVPN 1.2.2 Unquoted Service Path (0)
11-20: Microsoft Windows 7 (x86) BlueKeep RDP Use-After-Free (0)
11-20: XMedia Recode 3.4.8.6 Denial Of Service (0)
11-20: Studio 5000 Logix Designer 30.01.00 Unquoted Service Path (0)
11-20: Centova Cast 3.2.12 Denial Of Service (0)
11-20: scadaApp For iOS 1.1.4.0 Denial Of Service (0)
11-20: Windows Escalate UAC Protection Bypass Via Dot Net Profiler (0)
11-20: [local] Xorg X11 Server – Local Privilege Escalation (Metasploit) (0)
11-20: [remote] Pulse Secure VPN – Arbitrary Command Execution (Metasploit) (0)
11-20: [remote] Bludit – Directory Traversal Image File Upload (Metasploit) (0)
11-20: [remote] FreeSWITCH – Event Socket Command Execution (Metasploit) (0)
11-20: [remote] FusionPBX – Operator Panel exec.php Command Execution (Metasploit) (0)
11-20: [local] Windows – Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) (0)
11-20: [local] Windows – Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) (0)
11-20: [dos] iOS 12.4 – Sandbox Escape due to Integer Overflow in mediaserverd (0)
11-20: [dos] Ubuntu 19.10 – Refcount Underflow and Type Confusion in shiftfs (0)
11-20: [dos] Ubuntu 19.10 – ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path (0)
11-20: [webapps] OpenNetAdmin 18.1.1 – Remote Code Execution (0)
11-19: iSmartViewPro 1.3.34 Denial Of Service (0)
11-19: NCP_Secure_Entry_Client 9.2 Unquoted Service Path (0)
11-19: Emerson PAC Machine Edition 9.70 Build 8595 Unquoted Service Path (0)
11-19: ASUS HM Com Service 1.00.31 Unquoted Service Path (0)
11-19: Lexmark Services Monitor 2.27.4.0.39 Directory Traversal (0)
11-19: Open Proficy HMI-SCADA 5.0.0.25920 Denial Of Service (0)
11-19: Crystal Live HTTP Server 6.01 Directory Traversal (0)
11-19: TemaTres 3.0 Cross Site Request Forgery (0)
11-19: Foscam Video Management System 1.1.4.9 Denial Of Service (0)
11-19: TemaTres 3.0 Cross Site Scripting (0)
11-19: nipper-ng 0.11.10 Remote Buffer Overflow (0)
11-19: MobileGo 8.5.0 Insecure File Permissions (0)
11-19: Centova Cast 3.2.11 Arbitrary File Download (0)
11-19: Windows Escalate UAC Protection Bypass (0)
11-19: [dos] scadaApp for iOS 1.1.4.0 – 'Servername' Denial of Service (PoC) (0)
11-19: [dos] ipPulse 1.92 – 'Enter Key' Denial of Service (PoC) (0)
11-19: [local] Studio 5000 Logix Designer 30.01.00 – 'FactoryTalk Activation Service' Unquoted Service Path (0)
11-19: [dos] Centova Cast 3.2.12 – Denial of Service (PoC) (0)
11-19: [dos] XMedia Recode 3.4.8.6 – '.m3u' Denial Of Service (0)
11-19: [remote] Microsoft Windows 7 (x86) – 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free (0)
11-19: [local] BartVPN 1.2.2 – 'BartVPNService' Unquoted Service Path (0)
11-18: [remote] nipper-ng 0.11.10 – Remote Buffer Overflow (PoC) (0)
11-18: [dos] iSmartViewPro 1.3.34 – Denial of Service (PoC) (0)
11-18: [local] Emerson PAC Machine Edition 9.70 Build 8595 – 'FxControlRuntime' Unquoted Service Path (0)
11-18: [dos] Foscam Video Management System 1.1.4.9 – 'Username' Denial of Service (PoC) (0)
11-18: [webapps] TemaTres 3.0 – Cross-Site Request Forgery (Add Admin) (0)
11-18: [webapps] Centova Cast 3.2.11 – Arbitrary File Download (0)
11-18: [local] MobileGo 8.5.0 – Insecure File Permissions (0)
11-18: [local] NCP_Secure_Entry_Client 9.2 – Unquoted Service Paths (0)
11-18: [dos] Open Proficy HMI-SCADA 5.0.0.25920 – 'Password' Denial of Service (PoC) (0)
11-18: [webapps] Crystal Live HTTP Server 6.01 – Directory Traversal (0)
11-18: [webapps] Lexmark Services Monitor 2.27.4.0.39 – Directory Traversal (0)
11-18: [local] ASUS HM Com Service 1.00.31 – 'asHMComSvc' Unquoted Service Path (0)
11-18: [webapps] TemaTres 3.0 – 'value' Persistent Cross-site Scripting (0)
11-17: http://rayong1.go.th/readme.html (0)
11-16: Shrew Soft VPN Client 2.2.2 Unquoted Service Path (0)
11-16: iOS mediaserverd Integer Overflow Sandbox Escape (0)
11-16: WordPress Social Photo Gallery 1.0 Remote Code Execution (0)
11-16: TP-Link Archer VR300 1 Cross Site Scripting (0)
11-16: Raritan CommandCenter Secure Gateway Cross Site Scripting (0)
11-16: FreeRadius 3.0.19 Logrotate Privilege Escalation (0)
11-16: http://chainat.nfe.go.th/vz.txt (0)
11-15: SMPlayer 19.5.0 Buffer Overflow / Denial Of Service (0)
11-15: oXygen XML Editor 21.1.1 XML Injection (0)
11-15: Xfilesharing 2.5.1 Local File Inclusion / Shell Upload (0)
11-15: Ubuntu shiftfs refcount Underflow / Type Confusion (0)
11-15: FreeSWITCH Event Socket Command Execution (0)
11-15: FusionPBX Command exec.php Command Execution (0)
11-15: FusionPBX Operator Panel exec.php Command Execution (0)
11-15: http://inderm.go.th (0)
11-15: [local] Shrew Soft VPN Client 2.2.2 – 'iked' Unquoted Service Path (0)
11-14: Technicolor TD5130.2 Remote Command Execution (0)
11-14: Technicolor TC7300.B0 Cross Site Scripting (0)
11-14: Fastweb Fastgate 0.00.81 Remote Code Execution (0)
11-14: gSOAP 2.8 Directory Traversal (0)
11-14: ScanGuard Antivirus Insecure Permissions (0)
11-14: Siemens Desigo PX 6.00 Denial Of Service (0)
11-14: CMS Made Simple 2.2.8 Remote Code Execution (0)
11-14: [webapps] Xfilesharing 2.5.1 – Arbitrary File Upload (0)
11-14: [local] oXygen XML Editor 21.1.1 – XML External Entity Injection (0)
11-14: [dos] Siemens Desigo PX 6.00 – Denial of Service (PoC) (0)
11-13: Linear eMerge E3 1.00-06 Directory Traversal (0)
11-13: Linear eMerge E3 1.00-06 Cross Site Scripting (0)
11-13: Linear eMerge E3 1.00-06 Arbitrary File Upload Remote Root Code Execution (0)
11-13: Linear eMerge E3 1.00-06 card_scan.php Command Injection (0)
11-13: Linear eMerge E3 1.00-06 card_scan_decoder.php Command Injection (0)
11-13: Computrols CBAS-Web 19.0.0 Cross Site Scripting (0)
11-13: Optergy BMS 2.0.3a Remote Root (0)
11-13: Optergy BMS 2.0.3a Account Reset / Username Disclosure (0)
11-13: Linear eMerge E3 1.00-06 Privilege Escalation (0)
11-13: FUDForum 3.0.9 Code Execution / Cross Site Scripting (0)
11-13: Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name (0)
11-13: Nortek Linear eMerge E3 Access Control Cross Site Request Forgery (0)
11-13: Optergy Proton/Enterprise BMS 2.0.3a Cross Site Request Forgery (0)
11-13: Computrols CBAS-Web 19.0.0 Username Enumeration (0)
11-13: Nortek Linear eMerge E3 Access Controller 1.00-06 SSH/FTP Remote Root (0)
11-13: Optergy Proton/Enterprise BMS 2.3.0a Open Redirect (0)
11-13: Optergy 2.3.0a Remote Root (0)
11-13: FlexAir Access Control 2.3.38 Command Injection (0)
11-13: FlexAir Access Control 2.3.38 Remote Root (0)
11-13: Linear eMerge E3 Access Controller Command Injection (0)
11-13: Prima Access Control 2.3.35 Script Upload Remote Code Execution (0)
11-13: Prima Access Control 2.3.35 Cross Site Scripting (0)
11-13: Xorg X11 Server Local Privilege Escalation (0)
11-13: Pulse Secure VPN Arbitrary Command Execution (0)
11-13: Bludit Directory Traversal Image File Upload (0)
11-13: [webapps] Linear eMerge E3 1.00-06 – Remote Code Execution (0)
11-13: [local] ScanGuard Antivirus 2020 – Insecure Folder Permissions (0)
11-13: [webapps] Fastweb Fastgate 0.00.81 – Remote Code Execution (0)
11-13: [webapps] gSOAP 2.8 – Directory Traversal (0)
11-13: [webapps] Technicolor TC7300.B0 – 'hostname' Persistent Cross-Site Scripting (0)
11-13: [webapps] Technicolor TD5130.2 – Remote Command Execution (0)
11-13: [webapps] FUDForum 3.0.9 – Remote Code Execution (0)
11-12: GCafe 3.0 Unquoted Service Path (0)
11-12: Alps HID Monitor Service 8.1.0.10 Unquoted Service Path (0)
11-12: PunBB 1.4.4 Database Disclosure (0)
11-12: XML Notepad 2.8.0.4 XML External Entity Injection (0)
11-12: iOS IOUSBDeviceFamily 12.4.1 Heap Corruption Proof Of Concept (0)
11-12: iMessage NSSharedKeyDictionary Decode Incorrect Address Read (0)
11-12: Adobe Acrobat Reader DC For Windows Malformed JBIG2Globals Stream Uninitialized Pointer (0)
11-12: Adobe Acrobat Reader DC For Windows Malformed OTF Font Uninitialized Pointer (0)
11-12: Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure (0)
11-12: Eset Mobile Security 5.2.18.0 Lock Bypass (0)
11-12: [local] Wondershare Application Framework Service 2.4.3.231 – 'WsAppService' Unquote Service Path (0)
11-12: [webapps] eMerge E3 1.00-06 – Unauthenticated Directory Traversal (0)
11-12: [local] Acronis True Image OEM 19.0.5128 – 'afcdpsrv' Unquoted Service Path (0)
11-12: [webapps] Computrols CBAS-Web 19.0.0 – 'username' Reflected Cross-Site Scripting (0)
11-12: [webapps] Prima FlexAir Access Control 2.3.38 – Remote Code Execution (0)
11-12: [webapps] Adrenalin Core HCM 5.4.0 – 'prntDDLCntrlName' Reflected Cross-Site Scripting (0)
11-12: [webapps] Adrenalin Core HCM 5.4.0 – 'strAction' Reflected Cross-Site Scripting (0)
11-12: [webapps] CBAS-Web 19.0.0 – 'id' Boolean-based Blind SQL Injection (0)
11-12: [webapps] Joomla 3.9.13 – 'Host' Header Injection (0)
11-12: [webapps] eMerge E3 1.00-06 – Privilege Escalation (0)
11-12: [webapps] eMerge E3 1.00-06 – Remote Code Execution (0)
11-12: [webapps] CBAS-Web 19.0.0 – Username Enumeration (0)
11-12: [remote] CBAS-Web 19.0.0 – Information Disclosure (0)
11-12: [webapps] CBAS-Web 19.0.0 – Cross-Site Request Forgery (Add Super Admin) (0)
11-12: [remote] eMerge E3 Access Controller 4.6.07 – Remote Code Execution (Metasploit) (0)
11-12: [webapps] CBAS-Web 19.0.0 – Remote Code Execution (0)
11-12: [webapps] eMerge50P 5000P 4.6.07 – Remote Code Execution (0)
11-12: [remote] eMerge E3 Access Controller 4.6.07 – Remote Code Execution (0)
11-12: [webapps] eMerge E3 1.00-06 – Arbitrary File Upload (0)
11-12: [webapps] eMerge E3 1.00-06 – 'layout' Reflected Cross-Site Scripting (0)
11-12: [webapps] eMerge E3 1.00-06 – Cross-Site Request Forgery (0)
11-12: [webapps] Atlassian Confluence 6.15.1 – Directory Traversal (0)
11-11: [dos] iOS IOUSBDeviceFamily 12.4.1 – 'IOInterruptEventSource' Heap Corruption (PoC) (0)
11-11: [local] _GCafé 3.0 – 'gbClienService' Unquoted Service Path (0)
11-11: [dos] Adobe Acrobat Reader DC for Windows – Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table) (0)
11-11: [dos] Adobe Acrobat Reader DC for Windows – Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream (0)
11-11: [dos] iMessage – Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address (0)
11-11: [local] XML Notepad 2.8.0.4 – XML External Entity Injection (0)
11-11: [local] Alps HID Monitor Service 8.1.0.10 – 'ApHidMonitorService' Unquote Service Path (0)
11-09: Jenkins Build-Metrics 1.3 Cross Site Scripting (0)
11-09: SolarWinds Kiwi Syslog Server 8.3.52 Unquoted Service Path (0)
11-09: Adive Framework 2.0.7 Privilege Escalation (0)
11-09: Nextcloud 17 Cross Site Request Forgery (0)
11-09: Chrome Site Isolation Bypass / File Disclosure (0)
11-08: Adaware Web Companion 4.8.2078.3950 Unquoted Service Path (0)
11-08: WebKit NodeRareData::m_connectedFrameCount Integer Overflow / UXSS / Type Confusion (0)
11-08: Adobe ColdFusion RDS Authentication Bypass (0)
11-08: rConfig 3.9.2 Command Injection (0)
11-08: Android Janus APK Signature Bypass (0)
11-08: Net-SNMPd Write Access SNMP-EXTEND-MIB Arbitrary Code Execution (0)
11-08: http://nueaklong.go.th/kurd.html (0)
11-08: http://www.pattaya.chonburi.police.go.th/README.txt (0)
11-08: [webapps] Nextcloud 17 – Cross-Site Request Forgery (0)
11-08: [remote] rConfig – install Command Execution (Metasploit) (0)
11-08: [local] Android Janus – APK Signature Bypass (Metasploit) (0)
11-08: [webapps] Adive Framework 2.0.7 – Privilege Escalation (0)
11-08: [local] SolarWinds Kiwi Syslog Server 8.3.52 – 'Kiwi Syslog Server' Unquoted Service Path (0)
11-08: [webapps] Jenkins build-metrics plugin 1.3 – 'label' Cross-Site Scripting (0)
11-07: http://moonbon.rid.go.th (0)
11-07: http://lumchae-omp.rid.go.th (0)
11-07: Wacom WTabletService 6.6.7-3 Unquoted Service Path (0)
11-07: QNAP NetBak Replicator 4.5.6.0607 Unquoted Service Path (0)
11-07: Parallels Plesk Panel 9.5 Cross Site Scripting (0)
11-07: Smartwares HOME Easy 1.0.9 Authentication Bypass (0)
11-07: Smartwares HOME Easy 1.0.9 Database Backup Information Disclosure (0)
11-07: [local] Adaware Web Companion version 4.8.2078.3950 – 'WCAssistantService' Unquoted Service Path (0)
11-06: thejshen Globitek CMS 1.4 SQL Injection (0)
11-06: Blue Stacks App Player 2.4.44.62.57 Unquoted Service Path (0)
11-06: Network Inventory Advisor 5.0.26.0 Unquoted Service Path (0)
11-06: File Optimizer 14.00.2524 Denial Of Service (0)
11-06: rimbalinux AhadPOS 1.11 SQL Injection (0)
11-06: thrsrossi Millhouse-Project 1.414 Cross Site Scripting (0)
11-06: JSC Argument Object Reconstruction Type Confusion (0)
11-06: SD.NET RIM 4.7.3c SQL Injection (0)
11-06: WebKit JSObject::putInlineSlow / JSValue::putToPrimitive Universal XSS (0)
11-06: XNU Missing Locking Race Condition (0)
11-06: html5_snmp 1.11 Cross Site Scripting (0)
11-06: html5_snmp 1.11 SQL Injection (0)
11-06: [webapps] Smartwares HOME easy 1.0.9 – Database Backup Information Disclosure (0)
11-06: [webapps] Smartwares HOME easy 1.0.9 – Client-Side Authentication Bypass (0)
11-06: [local] QNAP NetBak Replicator 4.5.6.0607 – 'QVssService' Unquoted Service Path (0)
11-06: [local] Wacom WTabletService 6.6.7-3 – 'WTabletServicePro' Unquoted Service Path (0)
11-05: Microsoft Office365 Integrity Validation / Remote Code Execution (0)
11-05: Launch Manager 6.1.7600.16385 Unquoted Service Path (0)
11-05: Ayukov NFTP 1.71 Buffer Overflow (0)
11-05: Microsoft Office365 Protection Bypass / Remote Code Execution (0)
11-05: ilchCMS 2.1.23 Cross Site Scripting (0)
11-05: BlueKeep Attacks Have Arrived, Are Initially Underwhelming (0)
11-05: Apple macOS 10.15.1 Denial Of Service (0)
11-05: Apple Security Advisory 2019-11-01-1 (0)
11-05: [local] Blue Stacks App Player 2.4.44.62.57 – "BstHdLogRotatorSvc" Unquote Service Path (0)
11-05: [dos] macOS XNU – Missing Locking in checkdirs_callback() Enables Race with fchdir_common() (0)
11-05: [dos] WebKit – Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive (0)
11-05: [webapps] thrsrossi Millhouse-Project 1.414 – 'content' Persistent Cross-Site Scripting (0)
11-05: [webapps] thejshen Globitek CMS 1.4 – 'id' SQL Injection (0)
11-05: [local] Network Inventory Advisor 5.0.26.0 – 'niaservice' Unquoted Service Path (0)
11-05: [dos] JavaScriptCore – Type Confusion During Bailout when Reconstructing Arguments Objects (0)
11-05: [webapps] SD.NET RIM 4.7.3c – 'idtyp' SQL Injection (0)
11-05: [webapps] html5_snmp 1.11 – 'Router_ID' SQL Injection (0)
11-05: [dos] FileOptimizer 14.00.2524 – Denial of Service (PoC) (0)
11-05: [webapps] html5_snmp 1.11 – 'Remark' Persistent Cross-Site Scripting (0)
11-05: [webapps] rimbalinux AhadPOS 1.11 – 'alamatCustomer' SQL Injection (0)
11-04: http://thamyaicity.go.th (0)
11-04: [local] Micro Focus (HPE) Data Protector – SUID Privilege Escalation (Metasploit) (0)
11-04: [dos] Apple macOS 10.15.1 – Denial of Service (PoC) (0)
11-04: [local] Launch Manager 6.1.7600.16385 – 'DsiWMIService' Unquoted Service Path (0)
11-04: [remote] Ayukov NFTP client 1.71 – 'SYST' Buffer Overflow (0)
11-04: [local] OpenVPN Connect 3.0.0.272 – 'agent_ovpnconnect' Unquoted Service Path (0)
11-04: [local] Aida64 6.10.5200 – Buffer Overflow (SEH) (0)
11-02: Carel pCOWeb HVAC Modbus Interface Authentication Bypass (0)
11-02: Carel pCOWeb HVAC Insecure Credential Storage (0)
11-02: Scripteen Image Upload Shell Upload (0)
11-02: Mr Blog PHP Cross Site Scripting / SQL Injection (0)
11-02: TheJshen contentManagementSystem 1.04 SQL Injection (0)
11-02: OpenVPN Private Tunnel 2.8.4 Unquoted Service Path (0)
11-02: ownCloud 10.3.0 Stable Cross Site Request Forgery (0)
11-02: Apache Solr 8.2.0 Remote Code Execution (0)
11-02: eIDAS-Node 2.3 Authentication Bypass (0)
11-02: Packet Storm New Exploits For October, 2019 (0)
11-02: Micro Focus (HPE) Data Protector SUID Privilege Escalation (0)
11-02: On Halloween Night, Google Discloses Chrome Zero-Day Exploited In The Wild (0)
11-02: Apple Security Advisory 2019-10-29-7 (0)
11-02: Apple Security Advisory 2019-10-29-1 (0)
11-02: Apple Security Advisory 2019-10-29-5 (0)
11-02: Apple Security Advisory 2019-10-29-9 (0)
11-02: Apple Security Advisory 2019-10-29-6 (0)
11-02: Apple Security Advisory 2019-10-29-8 (0)
11-02: Apple Security Advisory 2019-10-29-4 (0)
11-02: Apple Security Advisory 2019-10-29-10 (0)
11-02: Apple Security Advisory 2019-10-29-2 (0)
11-02: Apple Security Advisory 2019-10-29-11 (0)
11-02: Apple Security Advisory 2019-10-29-3 (0)
11-01: MikroTik RouterOS 6.45.6 DNS Cache Poisoning (0)
11-01: WMV To AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow (0)
11-01: WordPress Google Review Slider 6.1 SQL Injection (0)
11-01: Nostromo 1.9.6 Directory Traversal / Remote Command Execution (0)
11-01: [remote] Nostromo – Directory Traversal Remote Command Execution (Metasploit) (0)
11-01: [webapps] ownCloud 10.3.0 stable – Cross-Site Request Forgery (0)
11-01: [local] OpenVPN Private Tunnel 2.8.4 – 'ovpnagent' Unquoted Service Path (0)
11-01: [webapps] TheJshen contentManagementSystem 1.04 – 'id' SQL Injection (0)
11-01: [webapps] Apache Solr 8.2.0 – Remote Code Execution (0)

October 2019 (342)

10-31: Ajenti 2.1.31 Remote Code Execution (0)
10-31: WMV To AVI MPEG DVD WMV Converter 4.6.1217 Denial Of Service (0)
10-31: Citrix StoreFront Server 7.15 XML Injection (0)
10-31: JavaScriptCore GetterSetter Type Confusion (0)
10-31: iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure (0)
10-31: Facebook Sues NSO Group Over WhatsApp Zero Day (0)
10-31: [local] WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Buffer OverFlow (SEH) (0)
10-31: [webapps] Wordpress Plugin Google Review Slider 6.1 – 'tid' SQL Injection (0)
10-31: [remote] MikroTik RouterOS 6.45.6 – DNS Cache Poisoning (0)
10-30: Intelligent Security System SecurOS Enterprise 10.2 Unquoted Service Path (0)
10-30: Win10 MailCarrier 2.51 Buffer Overflow (0)
10-30: rConfig 3.9.2 Remote Code Execution (0)
10-30: Microsoft Windows Server 2012 Group Policy Remote Code Execution (0)
10-30: Microsoft Windows Server 2012 Group Policy Security Feature Bypass (0)
10-30: WordPress 5.2.4 Cross Origin Resource Sharing (0)
10-30: Craft CMS Rate Limiting / Brute Force (0)
10-30: [dos] JavaScriptCore – GetterSetter Type Confusion During DFG Compilation (0)
10-30: [dos] WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Denial of Service (0)
10-30: [webapps] iSeeQ Hybrid DVR WH-H4 2.0.0.P – (get_jpeg) Stream Disclosure (0)
10-30: [webapps] Citrix StoreFront Server 7.15 – XML External Entity Injection (0)
10-30: [webapps] Ajenti 2.1.31 – Remote Code Exection (Metasploit) (0)
10-29: ham3d 1.1 Information Disclosure / Default Credentials (0)
10-29: ClonOs WEB UI 19.09 Improper Access Control (0)
10-29: Sahi Pro 8.x Cross Site Scripting (0)
10-29: CWP 0.9.8.885 Cross Site Scripting (0)
10-29: Part-DB 0.4 Authentication Bypass (0)
10-29: JumpStart 0.6.0.0 Unquoted Service Path (0)
10-29: Intelbras Router WRN150 1.0.18 Cross Site Request Forgery (0)
10-29: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 SQL Injection (0)
10-29: delpino73 Blue-Smiley-Organizer 1.32 SQL Injection (0)
10-29: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 Cross Site Scripting (0)
10-29: ChaosPro 2.0 Buffer Overflow (0)
10-29: Infosysta Jira 1.6.13_J8 Push Notification Authentication Bypass (0)
10-29: Infosysta Jira 1.6.13_J8 Project List Authentication Bypass (0)
10-29: Infosysta Jira 1.6.13_J8 User Name Disclosure (0)
10-29: WebKit HTMLFrameElementBase::isURLAllowed Universal Cross Site Scripting (0)
10-29: Microsoft Windows Insecure CSharedStream Object Privilege Escalation (0)
10-29: [remote] Win10 MailCarrier 2.51 – 'POP3 User' Remote Buffer Overflow (0)
10-29: [remote] Microsoft Windows Server 2012 – 'Group Policy' Security Feature Bypass (0)
10-29: [remote] Microsoft Windows Server 2012 – 'Group Policy' Remote Code Execution (0)
10-29: [webapps] Wordpress 5.2.4 – Cross-Origin Resource Sharing (0)
10-29: [local] Intelligent Security System SecurOS Enterprise 10.2 – 'SecurosCtrlService' Unquoted Service Path (0)
10-29: [webapps] rConfig 3.9.2 – Remote Code Execution (0)
10-28: [dos] WebKit – Universal XSS in HTMLFrameElementBase::isURLAllowed (0)
10-28: [local] ChaosPro 2.0 – Buffer Overflow (SEH) (0)
10-28: [webapps] delpino73 Blue-Smiley-Organizer 1.32 – 'datetime' SQL Injection (0)
10-28: [local] JumpStart 0.6.0.0 – 'jswpbapi' Unquoted Service Path (0)
10-28: [webapps] waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 – 'description' Cross-Site Scripting (0)
10-28: [webapps] waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 – 'start' SQL Injection (0)
10-28: [webapps] Part-DB 0.4 – Authentication Bypass (0)
10-28: [webapps] Intelbras Router WRN150 1.0.18 – Cross-Site Request Forgery (0)
10-25: PHP-FPM Remote Code Execution (0)
10-25: AUO SunVeillance Monitoring System 1.1.9e Incorrect Access Control (0)
10-25: AUO SunVeillance Monitoring System 1.1.9e SQL Injection (0)
10-25: [webapps] ClonOs WEB UI 19.09 – Improper Access Control (0)
10-24: Moxa EDR-810 Command Injection / Information Disclosure (0)
10-24: Rocket.Chat 2.1.0 Cross Site Scripting (0)
10-24: IObit Uninstaller 9.1.0.8 IObitUnSvr Unquoted Service Path (0)
10-24: WordPress Sliced Invoices 3.8.2 Cross Site Scripting (0)
10-24: WordPress Sliced Invoices 3.8.2 SQL Injection (0)
10-24: Linux Polkit pkexec Helper PTRACE_TRACEME Local Root (0)
10-24: Solaris xscreensaver Privilege Escalation (0)
10-24: Rusty Joomla Unauthenticated Remote Code Execution (0)
10-24: [webapps] AUO SunVeillance Monitoring System 1.1.9e – 'MailAdd' SQL Injection (0)
10-24: [webapps] AUO SunVeillance Monitoring System 1.1.9e – Incorrect Access Control (0)
10-24: [webapps] Wordpress Sliced Invoices 3.8.2 – 'post' SQL Injection (0)
10-24: [local] Linux Polkit – pkexec helper PTRACE_TRACEME local root (Metasploit) (0)
10-23: Xorg X11 Server SUID modulepath Privilege Escalation (0)
10-23: [webapps] Joomla! 3.4.6 – Remote Code Execution (Metasploit) (0)
10-23: [local] IObit Uninstaller 9.1.0.8 – 'IObitUnSvr' Unquoted Service Path (0)
10-23: [webapps] Rocket.Chat 2.1.0 – Cross-Site Scripting (0)
10-22: https://ic.nbtc.go.th/xampp/lang.tmp (0)
10-22: Total.js CMS 12 Widget JavaScript Code Injection (0)
10-22: [remote] Total.js CMS 12 – Widget JavaScript Code Injection (Metasploit) (0)
10-21: https://nonghuafancity.go.th/o.htm (0)
10-21: http://www.pamat.go.th/o.htm (0)
10-21: Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 Remote Code Execution (0)
10-21: [local] Solaris 11.4 – xscreensaver Privilege Escalation (0)
10-21: [dos] winrar 5.80 64bit – Denial of Service (0)
10-21: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow due to Malformed JP2 Stream (2) (0)
10-21: [local] Trend Micro Anti-Threat Toolkit 1.62.0.1218 – Remote Code Execution (0)
10-21: [local] winrar 5.80 – XML External Entity Injection (0)
10-20: Android Binder Use-After-Free (0)
10-20: WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF (0)
10-20: Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation (0)
10-20: Sangoma SBC 2.3.23-119-GA Authentication Bypass (0)
10-18: BlackMoon FTP Server 3.1.2.1731 BMFTP-RELEASE Unquoted Service Path (0)
10-18: Web Companion 5.1.1035.1047 WCAssistantService Unquoted Service Path (0)
10-18: WorkgroupMail 7.5.1 WorkgroupMail Unquoted Service Path (0)
10-18: WordPress FooGallery 1.8.12 Cross Site Scripting (0)
10-18: WordPress Soliloquy Lite 2.5.6 Cross Site Scripting (0)
10-18: VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass (0)
10-18: WordPress Popup Builder 3.49 Cross Site Scripting (0)
10-18: ThinVNC 1.0b1 Authentication Bypass (0)
10-18: VIM 8.1.2135 Use-After-Free (0)
10-18: Restaurant Management System 1.0 Shell Upload (0)
10-18: http://civec.vec.go.th/index.html (0)
10-18: http://dvec.vec.go.th/index.html (0)
10-18: http://gfmis.vec.go.th/index.html (0)
10-18: http://hr.vec.go.th/index.html (0)
10-18: http://iau.vec.go.th/index.html (0)
10-18: http://ipa.vec.go.th/index.html (0)
10-18: http://ivec.vec.go.th/index.html (0)
10-18: http://new.vec.go.th/index.html (0)
10-18: http://nited.vec.go.th/index.html (0)
10-18: http://pdo.vec.go.th/index.html (0)
10-18: http://psdg.vec.go.th/index.html (0)
10-18: http://sbd.vec.go.th/index.html (0)
10-18: http://techno.vec.go.th/index.html (0)
10-18: http://vecrspg.vec.go.th/index.html (0)
10-18: http://vecp.vec.go.th/index.html (0)
10-18: http://ver.vec.go.th/index.html (0)
10-18: http://www2.vec.go.th/index.html (0)
10-18: [webapps] Joomla! 3.4.6 – Remote Code Execution (0)
10-17: Zilab Remote Console Server 3.2.9 zrcs Unquoted Service Path (0)
10-17: Lavasoft 2.3.4.7 LavasoftTcpService Unquoted Service Path (0)
10-17: Whatsapp 2.19.216 Remote Code Execution (0)
10-17: X.Org X Server 1.20.4 Local Stack Overflow (0)
10-17: CyberArk Password Vault 10.6 Authentication Bypass (0)
10-17: Tomedo Server 1.7.3 Information Disclosure / Weak Cryptography (0)
10-17: Mikogo 5.2.2.150317 Mikogo-Service Unquoted Service Path (0)
10-17: WordPress Broken Link Checker 1.11.8 Cross Site Scripting (0)
10-17: Solaris 11.4 xscreensaver Privilege Escalation (0)
10-17: LiteManager 4.5.0 romservice Unquoted Service Path (0)
10-17: Accounts Accounting 7.02 Cross Site Scripting (0)
10-17: Adobe Acrobat Reader DC For Windows JP2 Stream Buffer Overflow (0)
10-17: [local] WorkgroupMail 7.5.1 – 'WorkgroupMail' Unquoted Service Path (0)
10-17: [webapps] Wordpress FooGallery 1.8.12 – Persistent Cross-Site Scripting (0)
10-17: [webapps] Wordpress Soliloquy Lite 2.5.6 – Persistent Cross-Site Scripting (0)
10-17: [local] Web Companion versions 5.1.1035.1047 – 'WCAssistantService' Unquoted Service Path (0)
10-17: [local] BlackMoon FTP Server 3.1.2.1731 – 'BMFTP-RELEASE' Unquoted Serive Path (0)
10-17: [webapps] Restaurant Management System 1.0 – Remote Code Execution (0)
10-17: [remote] ThinVNC 1.0b1 – Authentication Bypass (0)
10-17: [webapps] Wordpress Popup Builder 3.49 – Persistent Cross-Site Scripting (0)
10-16: https://numbering.nbtc.go.th/security/lang.tmp (0)
10-16: ActiveFax Server 6.92 Build 0316 ActiveFaxServiceNT Unquoted Service Path (0)
10-16: sudo 1.8.28 Security Bypass (0)
10-16: Bolt CMS 3.6.10 Cross Site Request Forgery (0)
10-16: http://wangyai.sec40.go.th (0)
10-16: http://web.namnaohospital.go.th (0)
10-16: [remote] Whatsapp 2.19.216 – Remote Code Execution (0)
10-16: [local] Mikogo 5.2.2.150317 – 'Mikogo-Service' Unquoted Serive Path (0)
10-16: [local] Solaris xscreensaver 11.4 – Privilege Escalation (0)
10-16: [local] LiteManager 4.5.0 – 'romservice' Unquoted Serive Path (0)
10-16: [local] Zilab Remote Console Server 3.2.9 – 'zrcs' Unquoted Service Path (0)
10-16: [local] X.Org X Server 1.20.4 – Local Stack Overflow (0)
10-16: [local] Lavasoft 2.3.4.7 – 'LavasoftTcpService' Unquoted Service Path (0)
10-16: [webapps] Accounts Accounting 7.02 – Persistent Cross-Site Scripting (0)
10-16: [webapps] CyberArk Password Vault 10.6 – Authentication Bypass (0)
10-15: Joomla SwPhotoGallery 1.5.26 SQL Injection (0)
10-15: Joomla Cactus 1.2.0 SQL Injection (0)
10-15: Joomla Mad4Joomla 1.1.x SQL Injection (0)
10-15: Joomla Google Maps 1.0.4 SQL Injection (0)
10-15: Joomla MisterEstate 1.5.26 SQL Injection (0)
10-15: Joomla MediaLibrary 1.5.26 SQL Injection (0)
10-15: Joomla Vemod News Mailer 1.0 SQL Injection (0)
10-15: Joomla Sumoku 3.9.8 SQL Injection (0)
10-15: Uplay 92.0.0.6280 Local Privilege Escalation (0)
10-15: SpotAuditor 5.3.1.0 Denial Of Service (0)
10-15: Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls (0)
10-15: ActiveFax Server 6.92 Build 0316 Denial Of Service (0)
10-15: Express Invoice 7.12 Cross Site Scripting (0)
10-15: Kirona-DRS 5.5.3.5 Information Disclosure (0)
10-15: ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution (0)
10-15: OpenProject 10.0.1 / 9.0.3 Cross Site Scripting (0)
10-15: Podman / Varlink Remote Code Execution (0)
10-15: [local] ActiveFax Server 6.92 Build 0316 – 'ActiveFaxServiceNT' Unquoted Service Path (0)
10-15: [remote] Podman & Varlink 1.5.1 – Remote Code Execution (0)
10-15: [local] sudo 1.2.27 – Security Bypass (0)
10-15: [webapps] Bolt CMS 3.6.10 – Cross-Site Request Forgery (0)
10-14: http://mproject.rid.go.th/mainwp/wp-snapshots/index.php (0)
10-14: http://rio15.rid.go.th/engineering/configuration.php (0)
10-14: http://telecom.rid.go.th/configuration.php (0)
10-14: http://hydrology.rid.go.th/hyd/README.txt (0)
10-14: Apple Security Advisory 2019-10-11-1 (0)
10-14: [webapps] Express Invoice 7.12 – 'Customer' Persistent Cross-Site Scripting (0)
10-14: [webapps] Kirona-DRS 5.5.3.5 – Information Disclosure (0)
10-14: [local] Uplay 92.0.0.6280 – Local Privilege Escalation (0)
10-14: [webapps] Ajenti 2.1.31 – Remote Code Execution (0)
10-14: [dos] ActiveFax Server 6.92 Build 0316 – 'POP3 Server' Denial of Service (0)
10-14: [dos] SpotAuditor 5.3.1.0 – Denial of Service (0)
10-12: http://srb1.go.th/c0d3.html (0)
10-12: MiniShare 1.4.1 CONNECT Remote Buffer Overflow (0)
10-12: WordPress Arforms 3.7.1 Directory Traversal (0)
10-12: Intelbras Router WRN150 1.0.18 Cross Site Scripting (0)
10-12: National Instruments Circuit Design Suite 14.0 Privilege Escalation (0)
10-12: Ajenti Remote Command Execution (0)
10-12: SugarCRM 9.0.1 Cross Site Scripting (0)
10-12: SugarCRM 9.0.1 SQL Injection (0)
10-12: SugarCRM 9.0.1 Broken Access Controls (0)
10-12: Visual Studio Code Remote Debugger Enabled (0)
10-12: SugarCRM 9.0.1 Path Traversal (0)
10-12: SugarCRM 9.0.1 PHP Code Injection (0)
10-12: SugarCRM 9.0.1 PHP Object Injection (0)
10-12: SugarCRM 9.0.1 Phar Deserialization (0)
10-12: Openfire 4.4.1 Cross Site Scripting (0)
10-12: http://live.cdd.go.th/love.txt (0)
10-11: TP-Link TL-WR1043ND 2 Authentication Bypass (0)
10-11: ASX To MP3 Converter 3.1.3.7 Stack Overflow (0)
10-11: SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery (0)
10-11: Microsoft Windows Kernel win32k.sys TTF Font Processing win32k!ulClearTypeFilter Pool Corruption (0)
10-11: Microsoft Windows Kernel nt!MiOffsetToProtos NULL Pointer Dereference (0)
10-11: Microsoft Windows Kernel CI!CipFixImageType Out-Of-Bounds Read (0)
10-11: Microsoft Windows Kernel nt!MiParseImageLoadConfig Out-Of-Bounds Read (0)
10-11: Microsoft Windows Kernel CI!HashKComputeFirstPageHash Out-Of-Bounds Read (0)
10-11: Microsoft Windows Kernel nt!MiRelocateImage Out-Of-Bounds Read (0)
10-11: [webapps] WordPress Arforms 3.7.1 – Directory Traversal (0)
10-11: [webapps] Intelbras Router WRN150 1.0.18 – Persistent Cross-Site Scripting (0)
10-11: [local] National Instruments Circuit Design Suite 14.0 – Local Privilege Escalation (0)
10-10: Ransomware Gang Uses iTunes Zero-Day (0)
10-10: DeviceViewer 3.12.0.1 Local Buffer Overflow (0)
10-10: Foscam Video Management System 1.1.6.6 Denial Of Service (0)
10-10: PBS Professional 19.2.3 Authentication Bypass (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File (0)
10-10: [webapps] SMA Solar Technology AG Sunny WebBox device – 1.6 – Cross-Site Request Forgery (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File (0)
10-10: [dos] Windows Kernel – NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File (0)
10-10: [webapps] TP-Link TL-WR1043ND 2 – Authentication Bypass (0)
10-10: [dos] Windows Kernel – win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter (0)
10-10: [local] ASX to MP3 converter 3.1.3.7 – '.asx' Local Stack Overflow (Metasploit, DEP Bypass) (0)
10-09: http://www.chaophaka.go.th/activity/images/ (0)
10-09: http://www.huayyaijiw.go.th/activity/images/ (0)
10-09: http://kampang.go.th/activity/images/ (0)
10-09: http://www.wangthongnb.go.th/activity/images/ (0)
10-09: RENPHO 3.0.0 Information Disclosure (0)
10-09: Socomec DIRIS A-40 Password Disclosure (0)
10-09: WebKit FrameLoader::clear Same-Origin Policy Bypass (0)
10-09: File Sharing Wizard 1.5.0 POST SEH Overflow (0)
10-09: Apple Security Advisory 2019-10-07-1 (0)
10-09: Apple Security Advisory 2019-10-07-2 (0)
10-09: Apple Security Advisory 2019-10-07-3 (0)
10-09: Apple Security Advisory 2019-10-07-4 (0)
10-09: [dos] XNU – Remote Double-Free via Data Race in IPComp Input Path (0)
10-09: [local] DeviceViewer 3.12.0.1 – 'add user' Local Buffer Overflow (DEP Bypass) (0)
10-09: [dos] Foscam Video Management System 1.1.6.6 – 'UID' Denial of Service (PoC) (0)
10-08: Thailand Union Library Management 6.2 SQL Injection / XSS (0)
10-08: ASX To MP3 Converter 3.1.3.7 Local Stack Overflow (0)
10-08: CheckPoint Endpoint Security Client / ZoneAlarm Privilege Escalation (0)
10-08: Joomla 3.4.6 Remote Code Execution (0)
10-08: Logrotate 3.15.1 Privilege Escalation (0)
10-08: Subrion 4.2.1 Cross Site Scripting (0)
10-08: IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution (0)
10-08: IcedTeaWeb Validation Bypass / Directory Traversal / Code Execution (0)
10-08: Zabbix 4.2 Authentication Bypass (0)
10-08: Zabbix 4.4 Authentication Bypass (0)
10-08: freeFTP 1.0.8 Remote Buffer Overflow (0)
10-08: Tellion HN-2204AP Router Remote Configuration Disclosure (0)
10-08: vBulletin 5.5.4 SQL Injection (0)
10-08: vBulletin 5.5.4 Remote Code Execution (0)
10-08: XNU Data Race Remote Double-Free (0)
10-08: [webapps] Zabbix 4.4 – Authentication Bypass (0)
10-07: https://www.ditp.go.th (0)
10-07: [remote] freeFTP 1.0.8 – Remote Buffer Overflow (0)
10-07: [webapps] IBM Bigfix Platform 9.5.9.62 – Arbitrary File Upload (0)
10-07: [webapps] Subrion 4.2.1 – 'Email' Persistant Cross-Site Scripting (0)
10-07: [local] ASX to MP3 converter 3.1.3.7 – '.asx' Local Stack Overflow (DEP) (0)
10-07: [local] logrotten 3.15.1 – Privilege Escalation (0)
10-07: [webapps] Zabbix 4.2 – Authentication Bypass (0)
10-07: [webapps] Joomla 3.4.6 – 'configuration.php' Remote Code Execution (0)
10-07: [local] CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 – Privilege Escalation (0)
10-06: http://www.sisaketspecial.go.th/index.php (0)
10-06: ParantezTeknoloji Library Software 16.0519000 Open Redirection (0)
10-06: Devinim Library Software 19.0504000 Open Redirection (0)
10-06: File Sharing Wizard 1.5.0 DELETE SEH Buffer Overflow (0)
10-06: Microsoft Windows Silent Process Exit Persistence (0)
10-06: Signal Forced Call Acceptance (0)
10-06: GitLab Omnibus 12.2.1 Logrotate Privilege Escalation (0)
10-05: PHP 7.3 disable_functions Bypass (0)
10-05: LabCollector 5.423 SQL Injection (0)
10-05: Android Binder Driver Use-After-Free (0)
10-04: mintinstall 7.9.9 Code Execution (0)
10-04: Anchor CMS 0.12.3a Information Disclosure (0)
10-04: Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure (0)
10-04: Hisilicon Hi3518 HD Camera Remote Configuration Disclosure (0)
10-04: Researchers Say They Uncovered Uzbekistan Hacking Operations Due To Spectacularly Bad OPSEC (0)
10-04: [webapps] LabCollector 5.423 – SQL Injection (0)
10-03: ipwndfu Jailbreaking Tool (0)
10-03: Counter-Strike Global Offensive Code Execution / Denial Of Service (0)
10-03: Notepad++ Code Execution / Denial Of Service (0)
10-03: Detrix EDMS 1.2.3.1505 SQL Injection (0)
10-03: Tellion TE01-005H HomeHub Router Remote Configuration Disclosure (0)
10-03: vBulletin Zero Day KOs Comodo User Forums (0)
10-03: [webapps] PHP 7.0 < 7.3 – 'gc' Disable Functions Bypass (0)
10-03: [webapps] AnchorCMS < 0.12.3a – Information Disclosure (0)
10-03: [webapps] mintinstall 7.9.9 – Code Execution (0)
10-02: https://webdev.excise.go.th/007.html (0)
10-02: http://hrm.excise.go.th/007.html (0)
10-02: http://reo15.go.th/tmp/007.html (0)
10-02: https://qsds.go.th/monmai/007.html (0)
10-02: http://www.spm7.go.th/spm7/007.html (0)
10-02: Apple Security Advisory 2019-9-26-1 (0)
10-02: Apple Security Advisory 2019-9-26-2 (0)
10-02: Apple Security Advisory 2019-9-26-3 (0)
10-02: Apple Security Advisory 2019-9-26-4 (0)
10-02: Apple Security Advisory 2019-9-26-5 (0)
10-02: Apple Security Advisory 2019-9-26-6 (0)
10-02: Apple Security Advisory 2019-9-26-7 (0)
10-02: Apple Security Advisory 2019-9-26-9 (0)
10-02: Apple Security Advisory 2019-9-26-8 (0)
10-02: Apple Security Advisory 2019-9-27-1 (0)
10-02: Digitus DN-16048 Camera Remote Configuration Disclosure (0)
10-02: thesystem App 1.0 SQL Injection (0)
10-02: FOSCAM FI8608W Camera Remote Configuration Disclosure (0)
10-02: PHP 7.x disable_functions Bypass (0)
10-02: vBulletin 5.x Pre-Auth Remote Code Execution (0)
10-02: thesystem 1.0 Command Injection (0)
10-02: GFI Kerio Control 9.3.0 Cross Site Scripting (0)
10-02: Akaunting 1.3.17 Cross Site Scripting (0)
10-02: Duplicator Pro 1.3.14 Local Information Disclosure (0)
10-02: phpIPAM 1.4 SQL Injection (0)
10-02: thesystem 1.0 Cross Site Scripting (0)
10-02: GoAhead 2.5.0 Host Header Injection (0)
10-02: Realtek Managed Switch Controller (RTL83xx) Stack Overflow (0)
10-02: DameWare Remote Support 12.1.0.34 Buffer Overflow (0)
10-02: kic 2.4a Denial Of Service (0)
10-02: DotNetNuke Cross Site Scripting (0)
10-02: WebKit URI / Synchronous Page Loads Universal Cross Site Scripting (0)
10-02: WebKit WebCore::command Universal Cross Site Scripting (0)
10-02: WebKit WebCore::ReplacementFragment::ReplacementFragment User-Agent Shadow Root Leak (0)
10-02: WebKit Cached Pages Universal Cross Site Scripting (0)
10-02: DOUBLEPULSAR Payload Execution / Neutralization (0)
10-02: Rocket.Chat Cross Site Scripting (0)
10-02: Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation (0)
10-02: LG-ERICSSON LN202-003H HomeHub Router Remote Configuration Disclosure (0)
10-02: Packet Storm New Exploits For September, 2019 (0)
10-02: [remote] DOUBLEPULSAR – Payload Execution and Neutralization (Metasploit) (0)
10-02: [webapps] Detrix EDMS 1.2.3.1505 – SQL Injection (0)
10-01: https://buriram4.go.th//zx.htm (0)
10-01: http://odgo.buriram4.go.th/zx.htm (0)
10-01: http://eff.buriram4.go.th//zx.htm (0)
10-01: http://gda.buriram4.go.th//zx.htm (0)
10-01: http://gdabr4.buriram4.go.th//zx.htm (0)
10-01: http://primarydata.buriram4.go.th//zx.htm (0)
10-01: [dos] WebKit – Universal XSS Using Cached Pages (0)
10-01: [dos] kic 2.4a – Denial of Service (0)
10-01: [dos] WebKit – Universal XSS in WebCore::command (0)
10-01: [dos] WebKit – UXSS Using JavaScript: URI and Synchronous Page Loads (0)
10-01: [webapps] DotNetNuke < 9.4.0 – Cross-Site Scripting (0)
10-01: [local] DameWare Remote Support 12.1.0.34 – Buffer Overflow (SEH) (0)
10-01: [dos] WebKit – User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment (0)

September 2019 (250)

09-30: [remote] Cisco Small Business 220 Series – Multiple Vulnerabilities (0)
09-30: [webapps] thesystem 1.0 – Cross-Site Scripting (0)
09-30: [remote] GoAhead 2.5.0 – Host Header Injection (0)
09-30: [webapps] phpIPAM 1.4 – SQL Injection (0)
09-30: [webapps] TheSystem 1.0 – Command Injection (0)
09-30: [webapps] vBulletin 5.x – Remote Command Execution (Metasploit) (0)
09-28: https://www.sukhothai1.go.th/wS0.php (0)
09-28: http://www.banmaeka.go.th/007.html (0)
09-27: citecodecrashers Pic-A-Point 1.1 SQL Injection (0)
09-27: inoERP 4.15 SQL Injection (0)
09-27: all-in-one-seo-pack 3.2.7 Cross Site Scripting (0)
09-27: Duplicate-Post 3.2.3 Cross Site Scripting (0)
09-27: vBulletin 5.x 0-Day Pre-Auth Remote Command Execution (0)
09-27: eBrigade SQL Injection (0)
09-27: ACTi ACD-2100 Video Encoder Remote Command Execution (0)
09-27: ACTi ACM-5611 Video Camera Remote Command Execution (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Remote Privilege Escalation (0)
09-27: [webapps] WordPress Theme Zoner Real Estate – 4.1.1 Persistent Cross-Site Scripting (0)
09-27: [webapps] V-SOL GPON/EPON OLT Platform 2.03 – Remote Privilege Escalation (0)
09-27: [webapps] V-SOL GPON/EPON OLT Platform 2.03 – Cross-Site Request Forgery (0)
09-27: [webapps] V-SOL GPON/EPON OLT Platform 2.03 – Unauthenticated Configuration Download (0)
09-27: [webapps] thesystem App 1.0 – 'username' SQL Injection (0)
09-27: [webapps] thesystem App 1.0 – 'server_name' SQL Injection (0)
09-27: [webapps] thesystem App 1.0 – Persistent Cross-Site Scripting (0)
09-27: [webapps] InoERP 0.7.2 – Persistent Cross-Site Scripting (0)
09-27: [remote] Mobatek MobaXterm 12.1 – Buffer Overflow (SEH) (0)
09-26: Chamilo LMS 1.11.8 Shell Upload (0)
09-26: SpotIE Internet Explorer Password Recovery 2.9.5 Denial Of Service (0)
09-26: WP Server Log Viewer 1.0 Cross Site Scripting (0)
09-26: NPMJS gitlabhook 0.0.17 Remote Command Execution (0)
09-26: YzmCMS 5.3 Host Header Injection (0)
09-26: Chrome ~LevelDBIteratorImpl Use-After-Free (0)
09-26: Chrome IndexedDBConnection::Close Use-After-Free (0)
09-26: ACTi ACM-3100 Camera Remote Command Execution (0)
09-26: [webapps] Chamillo LMS 1.11.8 – Arbitrary File Upload (0)
09-26: [webapps] citecodecrashers Pic-A-Point 1.1 – 'Consignment' SQL Injection (0)
09-26: [webapps] inoERP 4.15 – 'download' SQL Injection (0)
09-26: [webapps] all-in-one-seo-pack 3.2.7 – Persistent Cross-Site Scripting (0)
09-26: [webapps] Duplicate-Post 3.2.3 – Persistent Cross-Site Scripting (0)
09-25: http://ses26.go.th (0)
09-25: DeviceViewer 3.12.0.1 Denial Of Service (0)
09-25: Easy File Sharing Web Server 7.2 SEH Buffer Overflow (0)
09-25: File Sharing Wizard 1.5.0 SEH Buffer Overflow (0)
09-25: pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection (0)
09-25: iMessage NSSharedKeyDictionary Decoding Out Of Bounds Read (0)
09-25: Microsoft SharePoint 2013 SP1 Cross Site Scripting (0)
09-25: ABRT sosreport Privilege Escalation (0)
09-25: vBulletin 5.x Pre-Auth Remote Code Execution (0)
09-25: [dos] SpotIE Internet Explorer Password Recovery 2.9.5 – 'Key' Denial of Service (0)
09-25: [webapps] Microsoft SharePoint 2013 SP1 – 'DestinationFolder' Persistant Cross-Site Scripting (0)
09-24: http://www.muang-bua.go.th/html/ (0)
09-24: Gila CMS Local File Inclusion (0)
09-24: HPE Intelligent Management Center Information Disclosure (0)
09-24: Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution (0)
09-24: BlueKeep RDP Remote Windows Kernel Use-After-Free (0)
09-24: How Google Changed The Secretive Market For The Most Dangerous Hacks In The World (0)
09-24: http://smss.chaiyaphum3.go.th/web62/susu.html (0)
09-24: http://www.ksn1.go.th/susu.html (0)
09-24: [dos] iMessage – Decoding NSSharedKeyDictionary Can Read Object Out of Bounds (0)
09-24: [webapps] Pfsense 2.3.4 / 2.4.4-p3 – Remote Code Injection (0)
09-24: [remote] File Sharing Wizard 1.5.0 – POST SEH Overflow (0)
09-24: [local] Easy File Sharing Web Server 7.2 – 'New User' Local SEH Overflow (0)
09-24: [dos] Microsoft Windows cryptoapi – SymCrypt Modular Inverse Algorithm Denial of Service (0)
09-24: [dos] DeviceViewer 3.12.0.1 – 'creating user' Denial of Service (0)
09-23: http://sec40.go.th/counter.txt (0)
09-23: [remote] Hisilicon HiIpcam V100R003 Remote ADSL – Credentials Disclosure (0)
09-22: Palo Alto Networks Cross Site Request Forgery (0)
09-22: Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload (0)
09-21: http://www.atsc.doae.go.th (0)
09-21: http://sirattana.sisaket.doae.go.th (0)
09-21: http://phusing.sisaket.doae.go.th (0)
09-21: http://huaithapthan.sisaket.doae.go.th (0)
09-21: http://sukhothai2.go.th/007.html (0)
09-21: DIGIT CENTRIS 4 ERP SQL Injection (0)
09-21: GOautodial 4.0 Cross Site Scripting (0)
09-21: LayerBB 1.1.3 Cross Site Request Forgery (0)
09-21: Hisilicon HiIpcam V100R003 Remote ADSL Credential Disclosure (0)
09-20: macOS 18.7.0 Kernel Local Privilege Escalation (0)
09-20: Western Digital My Book World II NAS 1.02.12 Hardcoded Credential (0)
09-20: [webapps] LayerBB < 1.1.4 – Cross-Site Request Forgery (0)
09-19: Oracle Mojarra JSF / Eclipse Mojarra JSF 2.2 / 2.3 Cross Site Scripting (0)
09-19: Hospital-Management 1.26 SQL Injection (0)
09-19: [webapps] GOautodial 4.0 – 'CreateEvent' Persistent Cross-Site Scripting (0)
09-19: [webapps] Western Digital My Book World II NAS 1.02.12 – Authentication Bypass / Command Execution (0)
09-18: http://www.elum.go.th/jp.htm (0)
09-18: http://amnatpao.go.th (0)
09-18: http://keelek-phatumrat.go.th (0)
09-18: V8 Map Migration Type Confusion (0)
09-18: Microsoft Windows Internet Settings Security Feature Bypass (0)
09-18: Google Chrome Password Disclosure (0)
09-18: [webapps] Hospital-Management 1.26 – 'fname' SQL Injection (0)
09-17: http://immchonburi.go.th/main (0)
09-17: https://www.kpp2.go.th/index.php (0)
09-17: http://ntwo.moph.go.th (0)
09-17: http://kpi.ntwo.moph.go.th (0)
09-17: http://pns.ntwo.moph.go.th (0)
09-17: http://healthws.ntwo.moph.go.th (0)
09-17: Ticket-Booking 1.4 Authentication Bypass (0)
09-17: College-Management-System 1.2 Authentication Bypass (0)
09-17: Webmin 1.920 Remote Code Execution (0)
09-17: AppXSvc 17763.1.amd64fre.rs5_release.180914-1434 Privilege Escalation (0)
09-17: docPrint Pro 8.0 SEH Buffer Overflow (0)
09-17: Inteno IOPSYS Gateway 3DES Key Extraction Improper Access (0)
09-17: LastPass Credential Leak From Previous Site (0)
09-16: [webapps] Symantec Advanced Secure Gateway (ASG) / ProxySG – Unrestricted File Upload (0)
09-16: [local] AppXSvc – Privilege Escalation (0)
09-16: [remote] Inteno IOPSYS Gateway – Improper Access Restrictions (0)
09-14: FTPShell Client 6.74 Buffer Overflow (0)
09-14: Folder Lock 7.7.9 Denial Of Service (0)
09-14: Dolibarr ERP-CRM 10.0.1 Cross Site Scripting (0)
09-14: phpMyAdmin 4.9.0.1 Cross Site Request Forgery (0)
09-14: Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting (0)
09-14: [webapps] College-Management-System 1.2 – Authentication Bypass (0)
09-14: [webapps] Ticket-Booking 1.4 – Authentication Bypass (0)
09-13: Opencart 2.3.0.2 Pre-Auth Remote Command Execution (0)
09-13: Generic Zip Slip Traversal (0)
09-13: LimeSurvey 3.17.13 Cross Site Scripting (0)
09-13: [webapps] LimeSurvey 3.17.13 – Cross-Site Scripting (0)
09-13: [webapps] phpMyAdmin 4.9.0.1 – Cross-Site Request Forgery (0)
09-13: [webapps] Dolibarr ERP-CRM 10.0.1 – 'User-Agent' Cross-Site Scripting (0)
09-13: [dos] Folder Lock 7.7.9 – Denial of Service (0)
09-12: http://smss.ksn1.go.th/susu.html (0)
09-12: http://amss.ksn1.go.th/susu.html (0)
09-12: WordPress Photo Gallery 1.5.34 SQL Injection (0)
09-12: WordPress Photo Gallery 1.5.34 Cross Site Scripting (0)
09-12: WordPress Checklist 1.1.5 Cross Site Scripting (0)
09-12: AVCON6 Systems Management Platform Remote Root (0)
09-12: WordPress SlickQuiz 1.3.7.1 Cross Site Scripting (0)
09-12: WordPress SlickQuiz 1.3.7.1 SQL Injection (0)
09-12: OpenEdx Ironwood.1 Cross Site Scripting (0)
09-12: eWON Flexy 13.0 Authentication Bypass (0)
09-12: Microsoft DirectWrite SplicePixel Invalid Read (0)
09-12: Microsoft DirectWrite sfac_GetSbitBitmap Out-Of-Bounds Read (0)
09-12: [dos] Microsoft DirectWrite – Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts (0)
09-12: [dos] Microsoft DirectWrite – Invalid Read in SplicePixel While Processing OTF Fonts (0)
09-11: http://dws.fpo.go.th/support.htm (0)
09-11: WordPress Ellipsis Human Presence Technology 2.0.8 Cross Site Scripting (0)
09-11: Windows File Enumeration Intel Gathering Tool 2.1 (0)
09-11: Control Web Panel 0.9.8.851 Privilege Escalation (0)
09-11: Enigma NMS 65.0.0 Cross Site Request Forgery (0)
09-11: Dolibarr ERP-CRM 10.0.1 SQL Injection (0)
09-11: Enigma NMS 65.0.0 OS Command Injection (0)
09-11: WordPress Sell Downloads 1.0.86 Cross Site Scripting (0)
09-11: Dolibarr ERP-CRM 10.0.1 SQL Injection (0)
09-11: Dolibarr ERP-CRM 10.0.1 SQL Injection (0)
09-11: Enigma NMS 65.0.0 SQL Injection (0)
09-11: Dabman And Imperial Web Radio Devices Undocumented Telnet Backdoor (0)
09-11: WordPress Qwiz Online Quizzes And Flashcards 3.36 Cross Site Scripting (0)
09-11: Cisco Content Security Virtual Appliance M380 IronPort Remote Cross Site Host Modification (0)
09-11: Tibco JasperSoft Path Traversal (0)
09-11: Core FTP LE Version 2.2 Build 1935 Buffer Overflow (0)
09-11: Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure (0)
09-11: [webapps] AVCON6 systems management platform – OGNL Remote Command Execution (0)
09-10: Researchers Expose Another Instance Of Chrome Patch Gapping (0)
09-10: Apple, Angry At Google, Hits Back At Hack Claims (0)
09-10: [local] Windows 10 – UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) (0)
09-10: [remote] October CMS – Upload Protection Bypass Code Execution (Metasploit) (0)
09-10: [remote] LibreNMS – Collectd Command Injection (Metasploit) (0)
09-10: [webapps] WordPress Plugin Photo Gallery 1.5.34 – Cross-Site Scripting (2) (0)
09-10: [webapps] WordPress Plugin Photo Gallery 1.5.34 – SQL Injection (0)
09-10: [webapps] WordPress Plugin Photo Gallery 1.5.34 – Cross-Site Scripting (0)
09-10: [local] Windows 10 – UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) (0)
09-09: Dabman & Imperial (i&d) – Multiple Vulnerabilities (0)
09-09: Dabman & Imperial (i&d) – Undocumented Telnet Backdoor (0)
09-09: [webapps] WordPress 5.2.3 – Cross-Site Host Modification (0)
09-09: [webapps] Dolibarr ERP-CRM 10.0.1 – 'elemid' SQL Injection (0)
09-08: October CMS Upload Protection Bypass Code Execution (0)
09-08: LibreNMS Collectd Command Injection (0)
09-07: WordPress Ecpay Logistics For WooCommerce 1.2.181030 Cross Site Scripting (0)
09-07: Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) And Registry (0)
09-07: Pulse Secure 8.1R15.1 / 8.2 / 8.3 / 9.0 SSL VPN Remote Code Execution (0)
09-07: FusionPBX 4.4.8 Remote Code Execution (0)
09-07: Microsoft Windows NTFS Privileged File Access Enumeration (0)
09-07: Facebook Messenger Denial Of Service (0)
09-07: WordPress 5.2.3 Remote Cross Site Host Modification (0)
09-07: Microsoft Windows 10 UAC Protection Bypass Via Windows Store (0)
09-06: Zero-Day Privilege Escalation Disclosed For Android (0)
09-06: Cisco Device Hardcoded Credentials / GNU glibc / BusyBox (0)
09-06: AwindInc SNMP Service Command Injection (0)
09-06: WordPress API Bearer Auth 20181229 Cross Site Scripting (0)
09-06: [remote] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Remote Code Execution (0)
09-05: FileThingie 2.5.7 Remote Shell Upload (0)
09-05: Totaljs CMS 12.0 Path Traversal (0)
09-05: Totaljs CMS 12.0 Insecure Admin Session Cookie (0)
09-05: WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting (0)
09-05: Totaljs CMS 12.0 Widget Creation Code Injection (0)
09-05: Totaljs CMS 12.0 Improper Access Control (0)
09-05: One Identity Defender 5.9.3 Insecure Cryptographic Storage (0)
09-05: WordPress Download Manager 2.9.93 Cross Site Scripting (0)
09-05: DASAN Zhone ZNID GPON 2426A EU Cross Site Scripting (0)
09-05: Cisco Content Security Management Virtual Appliance M600V IronPort Header Injection (0)
09-05: Cisco Email Security Virtual Appliance C300V IronPort Header Injection (0)
09-05: Cisco Email Security Virtual Appliance C380 IronPort Header Injection (0)
09-05: WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting (0)
09-05: [remote] AwindInc SNMP Service – Command Injection (Metasploit) (0)
09-04: http://haisokbr.go.th/zx.htm (0)
09-04: Cisco M1070 Content Security Management Appliance IronPort Header Injection (0)
09-04: Cisco C170 Email Security Appliance 10.0.3-003 IronPort Header Injection (0)
09-04: Cisco Email Security Virtual Appliance C100V IronPort Header Injection (0)
09-04: Cisco C690 Email Security Appliance 11.0.2-044 IronPort Header Injection (0)
09-04: Cisco Email Security Virtual Appliance C600V IronPort Header Injection (0)
09-04: Cisco Email Security Virtual Appliance C370 IronPort Header Injection (0)
09-04: Cisco IronPort C350 Header Injection (0)
09-04: Microsoft Outlook Web Access 14.3.224.2 Header Injection (0)
09-04: [webapps] DASAN Zhone ZNID GPON 2426A EU – Multiple Cross-Site Scripting (0)
09-04: [webapps] WordPress Plugin Download Manager 2.9.93 – Cross-Site Scripting (0)
09-03: