:: Deepquest :: » Archives

rss feed

Archives

October 2023 (1)

10-04: https://danmakhamtiahospital.go.th/rL.htm (0)

September 2023 (24)

09-30: https://trimspublic.tourismauthority.go.ke/a.txt (0)
09-29: https://doithoaidn.hochiminhcity.gov.vn/assets/bootstrap/fonts/saudi.txt (0)
09-27: https://omc.roietmunicipal.go.th/images/defaced.txt (0)
09-27: https://slc.go.th/chana/images/defaced.txt (0)
09-26: http://sillapa.secondarytak.go.th/6enj0t.txt (0)
09-26: https://www.makhuduthamaga.gov.za/documents/luv.htm (0)
09-24: https://mahasarakham.police.go.th (0)
09-21: https://roietmunicipal.go.th (0)
09-21: https://www.ksh.go.th/readme.html (0)
09-21: https://www.amathole.gov.za/index.php (0)
09-20: https://donglakhon.go.th/xmlrpc.php (0)
09-19: http://pte.nfe.go.th/LICENSE.txt (0)
09-15: http://www.kksec.go.th/info/news/news/ (0)
09-15: http://www.sanmaka.go.th/templates/ (0)
09-14: https://spmnonthaburi.go.th/users.php (0)
09-07: https://staging.intranet.albertluthuli.gov.za/kurd1943.html (0)
09-07: https://intranet.albertluthuli.gov.za/kurd1943.html (0)
09-05: http://certificate.phitsanulok3.go.th/ina.htm (0)
09-05: http://iud.namnaohospital.go.th/document/ (0)
09-05: http://website.namnaohospital.go.th/ina.htm (0)
09-05: https://thietkeweb.tuangiao.gov.vn/kurd.html (0)
09-05: https://news.onwr.go.th/kurd.html (0)
09-05: https://content.onwr.go.th/kurd.html (0)
09-02: https://kum-moph.go.th (0)

August 2023 (18)

08-22: http://immchonburi.go.th/Cyb3r.html (0)
08-20: http://digitalethiopia.gov.et/syx1337.html (0)
08-18: https://md.go.th/stat/wh.html (0)
08-18: http://ayutthaya2.go.th/bucin.html (0)
08-15: http://lopburi.drr.go.th/3g86.txt (0)
08-15: http://maintenance.drr.go.th/3g86.txt (0)
08-15: http://mec.drr.go.th/3g86.txt (0)
08-15: http://mukdahan.drr.go.th/3g86.txt (0)
08-15: http://nakhonphanom.drr.go.th/3g86.txt (0)
08-15: http://nan.drr.go.th/3g86.txt (0)
08-15: http://nongkhai.drr.go.th/3g86.txt (0)
08-15: http://nonthaburi.drr.go.th/3g86.txt (0)
08-15: http://opdc.drr.go.th/3g86.txt (0)
08-15: http://uttaradit.drr.go.th/3g86.txt (0)
08-12: https://www.banchop.go.th (0)
08-07: https://tcs.go.th/wp-admin/loli.html (0)
08-01: http://www.ngwathe.fs.gov.za/2.txt (0)
08-01: https://sampaoloon.go.th/galau.html (0)

July 2023 (4)

07-25: https://health.kdsg.gov.ng/kurd.html (0)
07-25: http://www.atg.go.th/gacor.html (0)
07-22: http://mueang.chaiyaphum.doae.go.th (0)
07-22: http://bamnetnarong.chaiyaphum.doae.go.th (0)

June 2023 (12)

06-26: http://sftp.southandvale.gov.uk/026.txt (0)
06-22: https://banmaiphayao.go.th/mek.html (0)
06-22: https://charoenrat.go.th/mek.html (0)
06-18: http://tbmccs.go.th (0)
06-15: http://health.gov.fj/o.htm (0)
06-14: https://nayangklak.go.th/AnonSec.php (0)
06-07: http://www.haec01.doae.go.th/wp-content/ (0)
06-07: https://bangkok.doae.go.th/province/ (0)
06-07: https://surat2.go.th/milo.html (0)
06-05: https://mthqk.islam.gov.my (0)
06-02: http://kapho.pattani.doae.go.th/index.html (0)
06-02: http://maelan.pattani.doae.go.th/kurd.html (0)

May 2023 (3)

05-30: https://bigdata.surat3.go.th/db.txt (0)
05-22: http://portal.dol.go.th/documents/116/link (0)
05-14: https://ayutthaya2.go.th/yokoso.php (0)

April 2023 (302)

04-30: https://www.maeyom.go.th/content-24-286.html (0)
04-27: https://www.tpqi.go.th/xx.html (0)
04-26: https://reg-users.dft.go.th (0)
04-26: https://sla.skhospital.go.th/marketplace/xx.txt (0)
04-26: GoAnywhere MFT Zero Day Disclosures Seem Slow (0)
04-26: Crims Exploit Microsoft, Fortinet Flaws Before Any Patches Exist (0)
04-26: 18 Zero-Day Flaws Impact Samsung Android Handsets, Wearables And Telematics (0)
04-26: Nation-State Threat Actors Exploited Zero Days The Most In 2022 (0)
04-26: Hackers Drain Bitcoin ATMs Of $1.5 Million By Exploiting 0-Day Bug (0)
04-26: Now Patched Outlook Zero Day Gains PoC And Growing Concerns (0)
04-26: QuaDream Apple Spyware Maker Just Popped Up On The Radar Again (0)
04-26: Microsoft Patches Zero Day Under Active Attack (0)
04-26: Zero Day In Google Chrome Patched: Bug Exploited In The Wild (0)
04-26: TXAdvance: An RF Transmitter Manager Android App that uses RTL-SDR (0)
04-26: RSGB 2022: The UK Meteor Beacon Project (0)
04-26: SDRplay RSP1A Metal Enclosure Upgrade Set Reduced in Price (0)
04-26: Linus Tech Tips Reviews the Flipper Zero (0)
04-26: Amazon Bans the Flipper Zero (0)
04-26: The RFNM: A Next Generation SDR with 10 MHz to 7200 MHz tuning range, 12-Bit ADCs and up to 612 MHz Bandwidth (0)
04-26: Maverick-603 Project Suspended Indefinitely (0)
04-26: A Simulated Aircraft RADAR with Real Radar Scope Tube and ADS-B Data from an RTL-SDR (0)
04-26: https://www.alcaldiadecolon.gob.ve/T.html (0)
04-26: https://pt-semarang.go.id/chi.php (0)
04-26: https://kebonsari-wonoboyo.temanggungkab.go.id (0)
04-26: https://lungge-temanggung.temanggungkab.go.id (0)
04-26: https://kwadunganjurang-kledung.temanggungkab.go.id (0)
04-26: https://kwadungangunung-kledung.temanggungkab.go.id (0)
04-26: https://barang-jumo.temanggungkab.go.id (0)
04-26: https://karangseneng-gemawang.temanggungkab.go.id (0)
04-26: https://ngabeyan-candiroto.temanggungkab.go.id (0)
04-26: https://nampirejo-temanggung.temanggungkab.go.id (0)
04-25: Chitor CMS 1.1.2 SQL Injection (0)
04-25: Multi-Vendor Online Groceries Management System 1.0 Remote Code Execution (0)
04-25: Telit Cinterion IoT Traversal / Escalation / Bypass / Heap Overflow (0)
04-25: http://www.namkrai.go.th (0)
04-25: http://www.koisoong.go.th (0)
04-25: [webapps] KodExplorer 4.49 – CSRF to Arbitrary File Upload (0)
04-22: Chrome media::mojom::VideoFrame Missing Validation (0)
04-22: Chrome GL_ShaderBinary Untrusted Process Exposure (0)
04-22: Chrome SpvGetMappedSamplerName Out-Of-Bounds String Copy (0)
04-22: KODExplorer 4.49 Cross Site Request Forgery / Shell Upload (0)
04-22: Nokia OneNDS 17 Insecure Permissions / Privilege Escalation (0)
04-22: Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation (0)
04-21: http://www.taladnikomprasat.go.th (0)
04-21: Serendipity 2.4.0 Shell Upload (0)
04-21: Serendipity 2.4.0 Cross Site Scripting (0)
04-21: Lilac-Reloaded For Nagios 2.0.8 Remote Code Execution (0)
04-21: Swagger UI 4.1.3 Critical Information Misrepresentation (0)
04-21: Franklin Fueling Systems TS-550 Hash Disclosure / Default Credentials (0)
04-21: Piwigo 13.6.0 Cross Site Scripting (0)
04-21: ProjeQtOr Project Management System 10.3.2 Shell Upload (0)
04-21: Chitor-CMS 1.1.2 SQL Injection (0)
04-21: FUXA 1.1.13-1186 Remote Code Execution (0)
04-20: VMware Workspace ONE Access Privilege Escalation (0)
04-20: https://dltkorat.go.th/net.html (0)
04-20: https://dltkorat.go.th/net.html (0)
04-20: [webapps] Serendipity 2.4.0 – Cross-Site Scripting (XSS) (0)
04-20: [webapps] Piwigo 13.6.0 – Stored Cross-Site Scripting (XSS) (0)
04-20: [webapps] Serendipity 2.4.0 – Remote Code Execution (RCE) (Authenticated) (0)
04-20: [webapps] ProjeQtOr Project Management System 10.3.2 – Remote Code Execution (RCE) (0)
04-20: [webapps] Lilac-Reloaded for Nagios 2.0.8 – Remote Code Execution (RCE) (0)
04-20: [local] File Replication Pro 7.5.0 – Privilege Escalation/Password reset due Incorrect Access Control (0)
04-20: [webapps] FUXA V.1.1.13-1186 – Unauthenticated Remote Code Execution (RCE) (0)
04-20: [local] Linux Kernel 6.2 – Userspace Processes To Enable Mitigation (0)
04-20: [webapps] Chitor-CMS v1.1.2 – Pre-Auth SQL Injection (0)
04-20: [webapps] GDidees CMS 3.9.1 – Local File Disclosure (0)
04-20: [remote] Franklin Fueling Systems TS-550 – Default Password (0)
04-20: [webapps] Swagger UI 4.1.3 – User Interface (UI) Misrepresentation of Critical Information (0)
04-20: [local] AspEmail v5.6.0.2 – Local Privilege Escalation (0)
04-20: [webapps] Bang Resto v1.0 – Stored Cross-Site Scripting (XSS) (0)
04-20: [webapps] Bang Resto v1.0 – 'Multiple' SQL Injection (0)
04-20: [remote] Microsoft Word 16.72.23040900 – Remote Code Execution (RCE) (0)
04-19: http://division.dwr.go.th/bic/ (0)
04-19: CentOS Stream 9 Missing Kernel Security Fix (0)
04-19: WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting (0)
04-19: VMware Workspace ONE Remote Code Execution (0)
04-19: SPIP Remote Command Execution (0)
04-19: SecurePoint UTM 12.x Session ID Leak (0)
04-19: SecurePoint UTM 12.x Memory Leak (0)
04-19: SecurePoint UTM 12.x Memory Leak (0)
04-18: GDidees CMS 3.9.1 Local File Disclosure / Directory Traversal (0)
04-18: Bang Resto 1.0 Cross Site Scripting (0)
04-18: Bang Resto 1.0 SQL Injection (0)
04-18: AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation (0)
04-18: http://data.skc.go.th/crush.html (0)
04-17: Zero Day In Google Chrome Patched: Bug Exploited In The Wild (0)
04-17: AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation (0)
04-15: Microsoft Word Remote Code Execution (0)
04-14: Microsoft Word Remote Code Execution (0)
04-14: Microsoft Windows Kernel Transactional Registry Key Rename Issues (0)
04-14: Microsoft Windows Kernel New Registry Key name Insufficient Validation (0)
04-14: File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation (0)
04-14: [webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 – Account Takeover / Lockout / EoP (0)
04-14: [webapps] Sielco Analog FM Transmitter 2.12 – 'id' Cookie Brute Force Session Hijacking (0)
04-14: [webapps] Bludit 4.0.0-rc-2 – Account takeover (0)
04-14: [webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 – Radio Data System POST Manipulation (0)
04-14: [webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 – Authorization Bypass Factory Reset (0)
04-14: [webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 – Authentication Bypass Exploit (0)
04-14: [webapps] Sielco Analog FM Transmitter 2.12 – Improper Access Control Change Admin Password (0)
04-14: [remote] Sielco Analog FM Transmitter 2.12 – Remote Privilege Escalation (0)
04-14: [webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 – Unauthenticated Information Disclosure (0)
04-14: [webapps] Sielco Analog FM Transmitter 2.12 – Cross-Site Request Forgery (0)
04-14: [local] Google Chrome Browser 111.0.5563.64 – AXPlatformNodeCocoa Fatal OOM/Crash (macOS) (0)
04-14: [webapps] InnovaStudio WYSIWYG Editor 5.4 – Unrestricted File Upload / Directory Traversal (0)
04-13: File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation (0)
04-13: InnovaStudio WYSIWYG Editor Asset Manager 5.4 Shell Upload (0)
04-13: WordPress Limit Login Attempts 1.7.1 Cross Site Scripting (0)
04-13: WordPress WP Data Access 5.3.7 Privilege Escalation (0)
04-13: Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Denial Of Service (0)
04-13: Sielco Analog FM Transmitter 2.12 Cookie Brute Force (0)
04-13: Sielco Analog FM Transmitter 2.12 Cross Site Request Forgery (0)
04-13: Sielco Analog FM Transmitter 2.12 Improper Access Control (0)
04-13: Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation (0)
04-13: Sielco Radio Link 2.06 Cookie Brute Force (0)
04-13: Sielco Radio Link 2.06 Cross Site Request Forgery (0)
04-13: Sielco Radio Link 2.06 Improper Access Control (0)
04-13: Sielco Radio Link 2.06 Remote Privilege Escalation (0)
04-13: Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass (0)
04-13: Rocket Software Unidata 8.2.4 Build 3003 Buffer Overflow (0)
04-13: Rocket Software Unidata udadmin_server Authentication Bypass (0)
04-13: Sielco PolyEco Digital FM Transmitter 2.0.6 Authorization Bypass (0)
04-13: Sielco PolyEco Digital FM Transmitter 2.0.6 POST Manipulation (0)
04-13: Sielco PolyEco Digital FM Transmitter 2.0.6 Information Disclosure (0)
04-13: Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass (0)
04-13: Sielco PolyEco Digital FM Transmitter 2.0.6 Cookie Brute Force (0)
04-13: Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials (0)
04-13: QuaDream Apple Spyware Maker Just Popped Up On The Radar Again (0)
04-13: Microsoft Patches Zero Day Under Active Attack (0)
04-13: Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials (0)
04-12: Bludit 4.0.0-rc-2 Privilege Escalation (0)
04-12: Apple Security Advisory 2023-04-07-1 (0)
04-12: Apple Security Advisory 2023-04-07-2 (0)
04-12: Apple Security Advisory 2023-04-07-3 (0)
04-12: Apple Security Advisory 2023-04-10-2 (0)
04-12: Apple Security Advisory 2023-04-10-1 (0)
04-12: Apple Security Advisory 2023-04-10-3 (0)
04-11: Bludit 4.0.0-rc-2 Privilege Escalation (0)
04-11: Icinga Web 2.10 Arbitrary File Disclosure (0)
04-11: Altenergy Power Control Software C1.2.5 Command Injection (0)
04-11: Restaurant Management System 1.0 SQL Injection (0)
04-11: ENTAB ERP 1.0 Information Disclosure (0)
04-11: Online Appointment System 1.0 Cross Site Scripting (0)
04-11: ActFax 10.10 Unquoted Service Path (0)
04-11: Medicine Tracker System 1.0 SQL Injection (0)
04-11: Symantec Messaging Gateway 10.7.4 Cross Site Scripting (0)
04-11: Palo Alto Cortex XSOAR 6.5.0 Cross Site Scripting (0)
04-11: Paradox Security Systems IPR512 Denial Of Service (0)
04-11: dotclear 2.25.3 Shell Upload (0)
04-11: ESET Service 16.0.26.0 Unquoted Service Path (0)
04-11: ZCBS / ZBBS / ZPBS 4.14k Cross Site Scripting (0)
04-11: WebsiteBaker 2.13.3 Cross Site Scripting (0)
04-11: Goanywhere Encryption Helper 7.1.1 Remote Code Execution (0)
04-11: Online Computer And Laptop Store 1.0 Shell Upload (0)
04-11: pfsenseCE 2.6.0 Protection Bypass (0)
04-11: X2CRM 6.6 / 6.9 Cross Site Scripting (0)
04-11: BrainyCP 1.0 Remote Code Execution (0)
04-11: Windows Kernel Registry Key Issue (0)
04-11: Chrome base::debug::ActivityUserData::ActivityUserData Heap Buffer Overflow (0)
04-11: Chrome base::SampleVectorBase::MoveSingleSampleToCounts Heap Buffer Overflow (0)
04-11: Roxy Fileman 1.4.5 Shell Upload (0)
04-11: NotrinosERP 0.7 SQL Injection (0)
04-11: ChurchCRM 4.5.1 SQL Injection (0)
04-11: ChurchCRM 4.5.1 SQL Injection (0)
04-10: https://bumnetnarong.chaiyaphum.police.go.th/kurd.html (0)
04-10: https://lifelibrary.m-society.go.th/kurd.html (0)
04-10: http://mjob.ocsc.go.th/ma.html (0)
04-10: https://job.ocsc.go.th/ma.html (0)
04-10: [local] Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 – Spoofing (0)
04-10: [webapps] Online Computer and Laptop Store 1.0 – Remote Code Execution (RCE) (0)
04-10: [webapps] BrainyCP V1.0 – Remote Code Execution (0)
04-10: [webapps] ever gauzy v0.281.9 – JWT weak HMAC secret (0)
04-10: [dos] Paradox Security Systems IPR512 – Denial Of Service (0)
04-10: [webapps] Roxy Fileman 1.4.5 – Arbitrary File Upload (0)
04-08: [webapps] dotclear 2.25.3 – Remote Code Execution (RCE) (Authenticated) (0)
04-08: [remote] Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit – Remote Code Execution (RCE) (0)
04-08: [dos] FortiRecorder 6.4.3 – Denial of Service (0)
04-08: [webapps] Goanywhere Encryption helper 7.1.1 – Remote Code Execution (RCE) (0)
04-08: [webapps] pfsenseCE v2.6.0 – Anti-brute force protection bypass (0)
04-08: [webapps] Suprema BioStar 2 v2.8.16 – SQL Injection (0)
04-08: [webapps] Restaurant Management System 1.0 – SQL Injection (0)
04-08: [local] Stonesoft VPN Client 6.2.0 / 6.8.0 – Local Privilege Escalation (0)
04-08: [local] ActFax 10.10 – Unquoted Path Services (0)
04-08: [webapps] Symantec Messaging Gateway 10.7.4 – Stored Cross-Site Scripting (XSS) (0)
04-08: [webapps] Joomla! v4.2.8 – Unauthenticated information disclosure (0)
04-08: [webapps] Palo Alto Cortex XSOAR 6.5.0 – Stored Cross-Site Scripting (XSS) (0)
04-08: [local] RSA NetWitness Platform 12.2 – Incorrect Access Control / Code Execution (0)
04-08: [webapps] Online-Pizza-Ordering -1.0 – Remote Code Execution (RCE) (0)
04-08: [webapps] Online Appointment System V1.0 – Cross-Site Scripting (XSS) (0)
04-08: [local] ESET Service 16.0.26.0 – 'Service ekrn' Unquoted Service Path (0)
04-08: [webapps] Pentaho BA Server EE 9.3.0.0-428 – Remote Code Execution (RCE) (Unauthenticated) (0)
04-08: [webapps] WebsiteBaker v2.13.3 – Cross-Site Scripting (XSS) (0)
04-08: [webapps] ZCBS/ZBBS/ZPBS v4.14k – Reflected Cross-Site Scripting (XSS) (0)
04-08: [dos] Microsoft Windows 11 – 'cmd.exe' Denial of Service (0)
04-08: [webapps] X2CRM v6.6/6.9 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
04-08: [webapps] X2CRM v6.6/6.9 – Reflected Cross-Site Scripting (XSS) (Authenticated) (0)
04-08: [local] Lucee Scheduled Job v1.0 – Command Execution (0)
04-08: [webapps] ENTAB ERP 1.0 – Username PII leak (0)
04-08: [webapps] Icinga Web 2.10 – Arbitrary File Disclosure (0)
04-08: [local] Google Chrome 109.0.5414.74 – Code Execution via missing lib file (Ubuntu) (0)
04-08: [webapps] Altenergy Power Control Software C1.2.5 – OS command injection (0)
04-08: [webapps] Adobe Connect 11.4.5 – Local File Disclosure (0)
04-08: [webapps] Medicine Tracker System v1.0 – Sql Injection (0)
04-07: Froxlor 2.0.3 Stable Remote Code Execution (0)
04-07: ERPNext 12.29 Cross Site Scripting (0)
04-07: itech TrainSmart r1044 SQL Injection (0)
04-07: BTCPay Server 1.7.4 HTML Injection (0)
04-07: Answerdev 1.0.3 Account Takeover (0)
04-07: Provide Server 14.4 XSS / Cross Site Request Forgery / Code Execution (0)
04-07: EasyNas 1.1.0 Command Injection (0)
04-07: FileZilla Client 3.63.1 DLL Hijacking (0)
04-07: Titan FTP Path Traversal (0)
04-07: Dompdf 1.2.1 Remote Code Execution (0)
04-07: Simple Task Managing System 1.0 SQL Injection (0)
04-07: Intern Record System 1.0 SQL Injection (0)
04-07: LDAP Tool Box Self Service Password 1.5.2 Account Takeover (0)
04-07: Auto Dealer Management System 1.0 Broken Access Control (0)
04-07: POLR URL 2.3.0 Shortener Admin Takeover (0)
04-07: modoboa 2.0.4 Admin Takeover (0)
04-07: flatnux 2021-03.25 Remote Code Execution (0)
04-07: pdfkit 0.8.7.2 Command Injection (0)
04-07: WIMAX SWC-5100W Remote Command Execution (0)
04-07: HospitalRun 1.0.0-beta macOS Local Root (0)
04-07: Unified Remote 3.13.0 Remote Code Execution (0)
04-07: Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI (0)
04-07: Microsoft Excel Spoofing (0)
04-07: BulletProof FTP Server 2019.0.0.51 Denial Of Service (0)
04-07: Universal Media Server 13.2.1 Cross Site Scripting (0)
04-07: [local] Wondershare Dr Fone 12.9.6 – Privilege Escalation (0)
04-07: [remote] Docker based datastores for IBM Instana 241-2 243-0 – No Authentication (0)
04-07: [webapps] Snitz Forum v1.0 – Blind SQL Injection (0)
04-07: [webapps] Rukovoditel 3.3.1 – Remote Code Execution (RCE) (0)
04-07: [remote] Franklin Fueling Systems TS-550 – Exploit and Default Password (0)
04-07: [remote] Schneider Electric v1.0 – Directory traversal & Broken Authentication (0)
04-07: [webapps] NotrinosERP 0.7 – Authenticated Blind SQL Injection (0)
04-07: [webapps] ChurchCRM 4.5.1 – Authenticated SQL Injection (0)
04-07: [remote] IBM Aspera Faspex 4.4.1 – YAML deserialization (RCE) (0)
04-07: [remote] Tenda N300 F3 12.01.01.48 – Malformed HTTP Request Header Processing (0)
04-07: [webapps] MAC 1200R – Directory Traversal (0)
04-06: Universal Media Server 13.2.1 Cross Site Scripting (0)
04-06: PhotoShow 3.0 Remote Code Execution (0)
04-06: Sales Tracker Management System 1.0 Cross Site Scripting (0)
04-06: Kardex Mlog MCC 5.7.12 Remote Code Execution (0)
04-06: Sales Tracker Management System 1.0 Insecure Direct Object Reference (0)
04-06: Calendar Event Multi View 1.4.07 Cross Site Scripting (0)
04-06: Uptime Kuma 1.19.6 Cross Site Scripting (0)
04-06: Liferay Portal 6.2.5 Insecure Permissions (0)
04-06: Monitorr 1.7.6 Cross Site Scripting (0)
04-06: projectSend r1605 Remote Code Execution (0)
04-06: D-Link DIR-846 Remote Command Execution (0)
04-06: Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution (0)
04-06: Bus Pass Management System 1.0 Cross Site Scripting (0)
04-06: Citrix 22.2.1.103 / 23.1.1.11 Local Privilege Escalation (0)
04-06: http://tskhos.moph.go.th/web/images/images/xx.jpg (0)
04-06: [webapps] craftercms 4.x.x – CORS (0)
04-06: [webapps] Purchase Order Management-1.0 – Local File Inclusion (0)
04-06: [remote] WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) – Authenticated RCE (0)
04-06: [local] HospitalRun 1.0.0-beta – Local Root Exploit for macOS (0)
04-06: [remote] Unified Remote 3.13.0 – Remote Code Execution (RCE) (0)
04-06: [webapps] Agilebio Lab Collector Electronic Lab Notebook v4.234 – Remote Code Execution (RCE) (0)
04-06: [webapps] Mitel MiCollab AWV 8.1.2.4 and 9.1.3 – Directory Traversal and LFI (0)
04-06: [remote] Osprey Pump Controller 1.0.1 – Unauthenticated Remote Code Execution Exploit (0)
04-06: [remote] Osprey Pump Controller 1.0.1 – (eventFileSelected) Command Injection (0)
04-06: [remote] Osprey Pump Controller 1.0.1 – Cross-Site Request Forgery (0)
04-05: Citrix 22.2.1.103 / 23.1.1.11 Local Privilege Escalation (0)
04-04: Chromacam 4.0.3.0 Unquoted Service Path (0)
04-04: Nacos 2.0.3 Access Control (0)
04-04: HotKey Clipboard 2.1.0.6 Unquoted Service Path (0)
04-04: Microsoft Exchange Active Directory Topology 15.02.1118.007 Unquoted Service Path (0)
04-04: MyBB 1.8.32 Remote Code Execution (0)
04-04: Art Gallery Management System Project 1.0 Cross Site Scripting (0)
04-04: Art Gallery Management System Project 1.0 SQL Injection (0)
04-04: sudo 1.9.12p1 Privilege Escalation (0)
04-04: ManageEngine Access Manager Plus 4.3.0 Path Traversal (0)
04-04: Grand Theft Auto III Vice City Skin File 1.1 Buffer Overflow (0)
04-04: SQL Monitor 12.1.31.893 Cross Site Scripting (0)
04-04: Roxy WI 6.1.0.0 Improper Authentication Control (0)
04-04: Sleuthkit 4.11.1 Command Injection (0)
04-04: WordPress File Manager 6.9 Shell Upload (0)
04-04: Roxy WI 6.1.0.0 Remote Code Execution (0)
04-04: Roxy WI 6.1.1.0 Remote Code Execution (0)
04-04: GLPI Manageentities Local File Inclusion (0)
04-04: GLPI Glpiinventory 1.0.1 Local File Inclusion (0)
04-04: GLPI Activity Local File Inclusion (0)
04-04: GLPI 10.0.2 SQL Injection / Remote Code Execution (0)
04-04: GLPI Cartography Shell Upload (0)
04-04: WordPress Paid Memberships Pro 2.9.8 SQL Injection (0)
04-04: Online Pizza Ordering 1.0 Shell Upload (0)
04-04: WordPress Accessibility Help Button 1.1 Cross Site Scripting (0)
04-04: ChatGPT Cross Site Scripting (0)
04-04: ChatGPT Cross Site Scripting (0)
04-01: Bludit 3-14-1 Shell Upload (0)
04-01: Textpattern 4.8.8 Remote Code Execution (0)
04-01: Cacti 1.2.22 Remote Command Execution (0)
04-01: WordPress WooCommerce 7.1.0 Remote Code Execution (0)
04-01: Qubes Mirage Firewall 0.8.3 Denial Of Service (0)
04-01: CoolerMaster MasterPlus 1.8.5 Unquoted Service Path (0)
04-01: rconfig 3.9.7 SQL Injection (0)
04-01: Online Pizza Ordering 1.0 SQL Injection (0)
04-01: EQ Enterprise Management System 2.2.0 SQL Injection (0)
04-01: Judging Management System 1.0 SQL Injection (0)
04-01: Judging Management System 1.0 Shell Upload (0)
04-01: https://www.nongnamsaisao.go.th/kurd.html (0)

March 2023 (235)

03-31: EQ Enterprise Management System 2.2.0 SQL Injection (0)
03-31: Human Resource Management System 1.0 SQL Injection (0)
03-31: Outline 1.6.0 Unquoted Service Path (0)
03-31: WordPress WP All Import 3.6.7 Remote Code Execution (0)
03-31: Book Store Management System 1.0.0 Cross Site Scripting (0)
03-31: Inbit Messenger 4.9.0 SEH Overflow (0)
03-31: Inbit Messenger 4.9.0 Remote Command Execution (0)
03-31: Uniview NVR301-04S2-P4 Cross Site Scripting (0)
03-31: Helmet Store Showroom 1.0 SQL Injection (0)
03-31: Dreamer CMS 4.0.0 SQL Injection (0)
03-31: myBB forums 1.8.26 Cross Site Scripting (0)
03-31: DSL-124 Wireless N300 ADSL2+ Backup Disclosure (0)
03-31: Covenant 0.5 Remote Code Execution (0)
03-31: Virtual Reception 1.0 Directory Traversal (0)
03-31: Lavasoft 4.1.0.409 Unquoted Service Path (0)
03-31: CrowdStrike Falcon Agent 6.44.15806 Uninstall Issue (0)
03-31: Forcepoint (Stonesoft VPN Client) 6.2.0 / 6.8.0 Local Privilege Escalation (0)
03-31: WordPress WPForms 1.7.8 Cross Site Scripting (0)
03-31: Eve-ng 5.0.1-13 Cross Site Scripting (0)
03-31: Ancillary Function Driver (AFD) For Winsock Privilege Escalation (0)
03-31: Ancillary Function Driver (AFD) For Winsock Privilege Escalation (0)
03-30: http://sratong.go.th (0)
03-29: Beauty Salon 1.0 Remote Shell Upload (0)
03-29: YouPHPTube 7.8 Local File Inclusion / Directory Traversal (0)
03-29: SuperMailer 11.20 Buffer Overflow / Denial Of Service (0)
03-29: Online Shopping System Advanced 1.0 XSS / SQL Injection / Code Execution (0)
03-29: WordPress Jetpack 11.4 Cross Site Scripting (0)
03-29: HDD Health 4.2.0.112 Unquoted Service Path (0)
03-29: SugarSync 4.1.3 Unquoted Service Path (0)
03-29: Tapo C310 RTSP Server 1.3.0 Unauthorized Video Stream Access (0)
03-29: BoxBilling 4.22.1.5 Remote Code Execution (0)
03-29: Subrion CMS 4.2.1 Cross Site Scripting (0)
03-29: X-Skipper-Proxy 0.13.237 Server-Side Request Forgery (0)
03-29: Label Studio 1.5.0 Server-Side Request Forgery (0)
03-29: OPSWAT Metadefender Core 4.21.1 Privilege Escalation (0)
03-29: Tunnel Interface Driver Denial Of Service (0)
03-29: Moodle LMS 4.0 Cross Site Scripting (0)
03-29: Hashicorp Consul 1.0 Remote Command Execution (0)
03-29: Optergy Proton And Enterprise BMS 2.0.3a Command Injection (0)
03-29: ReQlogic 11.3 Cross Site Scripting (0)
03-29: iBooking 1.0.8 Remote Shell Upload (0)
03-29: rukovoditel 3.2.1 Cross Site Scripting (0)
03-29: SolarWinds Information Service (SWIS) Remote Command Execution (0)
03-29: Apple Security Advisory 2023-03-27-1 (0)
03-29: Apple Security Advisory 2023-03-27-2 (0)
03-29: Apple Security Advisory 2023-03-27-3 (0)
03-29: Apple Security Advisory 2023-03-27-4 (0)
03-29: Apple Security Advisory 2023-03-27-5 (0)
03-29: Apple Security Advisory 2023-03-27-6 (0)
03-29: Apple Security Advisory 2023-03-27-7 (0)
03-29: Apple Security Advisory 2023-03-27-8 (0)
03-29: Apple Security Advisory 2023-03-27-9 (0)
03-28: https://bkkchem.bangkok.go.th/webapp/storage/good.txt (0)
03-28: SolarWinds Information Service (SWIS) Remote Command Execution (0)
03-28: eXtplorer 2.1.14 Authentication Bypass / Remote Code Execution (0)
03-28: Google Chrome 109.0.5414.74 Unsafe Library Load (0)
03-28: FlatCore CMS 2.1.1 Cross Site Scripting (0)
03-28: Clansphere CMS 2011.4 Cross Site Scripting (0)
03-28: Zoneminder Log Injection / XSS / Cross Site Request Forgery (0)
03-28: WiFi Mouse 1.8.3.2 Remote Code Execution (0)
03-28: Grafana 6.2.4 HTML Injection (0)
03-28: Webgrind 1.1 Cross Site Scripting / Remote Code Execution (0)
03-28: Scdbg 1.0 Denial Of Service (0)
03-28: Hex Workshop 6.7 Buffer Overflow / Denial Of Service (0)
03-28: Resource Hacker 3.6.0.92 Buffer Overflow (0)
03-28: Frhed 1.6.0 Buffer Overflow (0)
03-28: Explorer32++ 1.3.5.531 Buffer Overflow (0)
03-28: Desktop Central 9.1.0 CRLF Injection / Server-Side Request Forgery (0)
03-28: Aero CMS 0.0.1 SQL Injection (0)
03-28: Aero CMS 0.0.1 Remote Shell Upload (0)
03-28: Atom CMS 2.0 SQL Injection (0)
03-28: Fortinet 7.2.1 Authentication Bypass (0)
03-28: WPN-XM Serverstack For Windows 0.8.6 XSS / LFI / Traversal (0)
03-28: Rental House Management System 1.0 Cross Site Scripting (0)
03-28: Tftpd32_SE 4.60 Unquoted Service Path (0)
03-28: WebTareas 2.4 Remote Shell Upload (0)
03-28: WebTareas 2.4 Cross Site Scripting (0)
03-28: WebTareas 2.4 SQL Injection (0)
03-28: Suprema BioStar 2 2.8.16 SQL Injection (0)
03-27: Suprema BioStar 2 2.8.16 SQL Injection (0)
03-25: Linksys AX3200 1.1.00 Command Injection (0)
03-25: MAN-EAM-0003 3.2.4 XML Injection (0)
03-25: wkhtmltopdf 0.12.6 Server-Side Request Forgery (0)
03-25: Bitbucket 7.0.0 Remote Command Execution (0)
03-25: Sales Tracker Management System 1.0 Cross Site Scripting (0)
03-25: Online Graduate Tracer System 1.0 SQL Injection (0)
03-25: Joomla! 4.2.7 Unauthenticated Information Disclosure (0)
03-25: RSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution (0)
03-25: http://www.klongkhwangsao.go.th/Scorpiol.html (0)
03-25: RSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution (0)
03-24: WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS (0)
03-24: Monitorr 1.7.6m / 1.7.7d Remote Code Execution (0)
03-23: Monitorr 1.7.6m / 1.7.7d Remote Code Execution (0)
03-23: http://www.tessabanthungyang.go.th/images/license.jpg (0)
03-23: Python CGI Documentation Cross Site Scripting (0)
03-23: MyBB Export User 2.0 Cross Site Scripting (0)
03-23: Zyxel Unauthenticated LAN Remote Code Execution (0)
03-23: Hackers Drain Bitcoin ATMs Of $1.5 Million By Exploiting 0-Day Bug (0)
03-23: Now Patched Outlook Zero Day Gains PoC And Growing Concerns (0)
03-22: https://www.hnonghaiud.go.th/kurd.html (0)
03-22: Zyxel Unauthenticated LAN Remote Code Execution (0)
03-22: Nation-State Threat Actors Exploited Zero Days The Most In 2022 (0)
03-21: Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure (0)
03-21: Yoga Class Registration 1.0 SQL Injection (0)
03-21: Human Resources Management System 1.0 SQL Injection (0)
03-21: Online Pizza Ordering System 1.0 SQL Injection (0)
03-21: Yoga Class Registration System 1.0 Cross Site Scripting (0)
03-21: Medicine Tracker System 1.0 Cross Site Scripting (0)
03-21: Music Gallery Site 1.0 Cross Site Scripting (0)
03-21: Shannon Baseband NrSmPcoCodec Intra-Object Overflow (0)
03-21: 101+ News Portal 1.0 SQL Injection (0)
03-21: MyBB Active Threads 1.3.0 Cross Site Scripting (0)
03-21: MyBB External Redirect Warning 1.3 Cross Site Scripting (0)
03-21: https://suphanburi.m-society.go.th (0)
03-21: https://ssock.go.th (0)
03-20: MyBB External Redirect Warning 1.3 Cross Site Scripting (0)
03-18: Shannon Baseband NrmmMsgCodec Emergency Number List Heap Buffer Overflow (0)
03-18: Shannon Baseband NrmmMsgCodec Extended Emergency Number List Heap Buffer Overflow (0)
03-18: Shannon Baseband NrmmMsgCodec Access Category Definitions Heap Buffer Overflow (0)
03-18: Riello UPS Restricted Shell Bypass (0)
03-18: Shannon Baseband NrmmMsgCodec Intra-Object Overflow (0)
03-18: Open Web Analytics 1.7.3 Remote Code Execution (0)
03-18: http://naya.go.th/q.txt (0)
03-18: 18 Zero-Day Flaws Impact Samsung Android Handsets, Wearables And Telematics (0)
03-17: http://www.haec03.doae.go.th/news_file/Mloki.htm (0)
03-17: http://www.royalagro.doae.go.th/knowledge/Mloki.htm (0)
03-17: http://www.edoae.doae.go.th/wp_person/Mloki.htm (0)
03-17: http://www.aopdt09.doae.go.th/wordpress_site18/Mloki.htm (0)
03-17: http://www.ppsf.doae.go.th/wordpress/Mloki.htm (0)
03-17: Shannon Baseband NrmmMsgCodec Intra-Object Overflow (0)
03-17: XNU NFSSVC Root Check Bypass / Use-After-Free (0)
03-17: Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure (0)
03-17: Bitbucket Environment Variable Remote Command Injection (0)
03-17: Microsoft Outlook CVE-2023-23397 Proof Of Concept (0)
03-17: Ubuntu Security Notice USN-5958-1 (0)
03-17: Microsoft Outlook CVE-2023-23397 Proof Of Concept (0)
03-17: http://drr10.drr.go.th/kurd.html (0)
03-17: http://chiangmai.drr.go.th/kurd.html (0)
03-17: http://drr13.drr.go.th/kurd.html (0)
03-17: http://drr14.drr.go.th/kurd.html (0)
03-17: http://drr15.drr.go.th/kurd.html (0)
03-17: http://drr17.drr.go.th/kurd.html (0)
03-17: http://drr18.drr.go.th/kurd.html (0)
03-17: http://drr3.drr.go.th/kurd.html (0)
03-17: http://drr4.drr.go.th/kurd.html (0)
03-17: http://drr5.drr.go.th/kurd.html (0)
03-17: http://drr6.drr.go.th/kurd.html (0)
03-17: http://drr8.drr.go.th/kurd.html (0)
03-17: http://drr9.drr.go.th/kurd.html (0)
03-17: http://drrcoop.drr.go.th/kurd.html (0)
03-17: http://internalaudit.drr.go.th/kurd.html (0)
03-17: http://kalasin.drr.go.th/kurd.html (0)
03-17: http://krabi.drr.go.th/kurd.html (0)
03-17: http://lampang.drr.go.th/kurd.html (0)
03-16: Oracle DB Broken PDB Isolation / Metadata Exposure (0)
03-16: WordPress Profile Builder 3.9.0 Missing Authorization (0)
03-16: Fortinet FortiNAC keyUpload.jsp Arbitrary File Write (0)
03-15: Crims Exploit Microsoft, Fortinet Flaws Before Any Patches Exist (0)
03-15: Fortinet FortiNAC keyUpload.jsp Arbitrary File Write (0)
03-15: Apache Tomcat Privilege Escalation (0)
03-15: http://phetchabun.drr.go.th/wp-story.php (0)
03-15: http://research.drr.go.th/wp-story.php (0)
03-15: http://road.drr.go.th/wp-story.php (0)
03-15: http://trafficsafety.drr.go.th/wp-story.php (0)
03-15: http://trang.drr.go.th/wp-story.php (0)
03-15: http://trat.drr.go.th/wp-story.php (0)
03-15: http://yala.drr.go.th/wp-story.php (0)
03-15: http://deac.drr.go.th/kurd.html (0)
03-15: http://design.drr.go.th/kurd.html (0)
03-15: http://drr11.drr.go.th/kurd.html (0)
03-15: http://drr12.drr.go.th/kurd.html (0)
03-15: http://drr16.drr.go.th/kurd.html (0)
03-15: http://drr2.drr.go.th/kurd.html (0)
03-15: http://drr7.drr.go.th/kurd.html (0)
03-15: http://drrtp.drr.go.th/kurd.html (0)
03-15: http://itc.drr.go.th/kurd.html (0)
03-15: http://lamphun.drr.go.th/kurd.html (0)
03-14: Apache Tomcat Privilege Escalation (0)
03-14: Shopify Cross Site Scripting (0)
03-14: Fastly Secret Disclosure (0)
03-14: Linux USB Use-After-Free (0)
03-13: http://selaphumhospital.go.th/ic.html (0)
03-13: Fastly Secret Disclosure (0)
03-12: https://www.thamaunglocal.go.th (0)
03-11: SugarCRM 12.x Remote Code Execution / Shell Upload (0)
03-10: SugarCRM 12.x Remote Code Execution / Shell Upload (0)
03-10: Purchase Order Management 1.0 Shell Upload (0)
03-10: Wondershare Dr Fone 12.9.6 Weak Permissions / Privilege Escalation (0)
03-10: Webpower UPS 5.53 Denial Of Service (0)
03-10: Real Time Automation 460MCBS 5.2.14 Cross Site Scripting (0)
03-09: Real Time Automation 460MCBS 5.2.14 Cross Site Scripting (0)
03-08: https://kalasin.police.go.th (0)
03-08: https://wiangkuk.nongkhai.police.go.th (0)
03-08: OpenBSD 7.2 ip_srcroute() Overflow (0)
03-08: ZwiiCMS 12.2.04 Remote Code Execution (0)
03-08: CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined (0)
03-08: Oracle 19c Access Bypass (0)
03-08: Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication (0)
03-08: Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication (0)
03-08: CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions (0)
03-07: Purchase Order Management 1.0 SQL Injection (0)
03-07: Purchase Order Management 1.0 Cross Site Scripting (0)
03-07: Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code (0)
03-07: Agilebio Lab Collector 4.234 Remote Code Execution (0)
03-07: https://www.onep.go.th/vz.txt (0)
03-07: GoAnywhere MFT Zero Day Disclosures Seem Slow (0)
03-06: Agilebio Lab Collector 4.234 Remote Code Execution (0)
03-04: NetBSD hfslib_reada_node_offset Overflow (0)
03-04: Barracuda CloudGen WAN OS Command Injection (0)
03-03: Barracuda CloudGen WAN OS Command Injection (0)
03-03: Real Estate CRM Pro 5.7 SQL Injection (0)
03-03: Lucee Authenticated Scheduled Job Code Execution (0)
03-02: Lucee Authenticated Scheduled Job Code Execution (0)
03-02: Packet Storm New Exploits For February, 2023 (0)
03-02: Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload (0)
03-01: Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload (0)
03-01: ChurchCRM 4.5.3 SQL Injection (0)
03-01: ME-FI DOT 2.2 Default Credentials (0)
03-01: ME-FI DOT 2.2 SQL Injection (0)
03-01: WordPress WoodMart Theme 7.1.0 Shortcodes Injection (0)
03-01: Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking (0)
03-01: WordPress Real Estate 7 Theme 3.3.4 Abuse Of Functionality (0)
03-01: Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure (0)
03-01: Osprey Pump Controller 1.0.1 Administrator Backdoor Access (0)
03-01: WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery (0)
03-01: Osprey Pump Controller 1.0.1 pseudonym Command Injection (0)
03-01: Osprey Pump Controller 1.0.1 userName Command Injection (0)
03-01: Osprey Pump Controller 1.0.1 eventFileSelected Command Injection (0)
03-01: Osprey Pump Controller 1.0.1 Cross Site Scripting (0)
03-01: Osprey Pump Controller 1.0.1 Authentication Bypass (0)
03-01: WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting (0)
03-01: Osprey Pump Controller 1.0.1 Cross Site Request Forgery (0)
03-01: WordPress WoodMart Theme 7.1.1 Cross Site Request Forgery (0)
03-01: Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution (0)
03-01: Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution (0)

February 2023 (102)

02-28: https://muangphanlocal.go.th/pwn.htm (0)
02-28: pfBlockerNG 2.1.4_26 Remote Code Execution (0)
02-28: Arm Mali CSF kbase_kcpu_command_queue Use-After-Free (0)
02-28: ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution (0)
02-28: ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root (0)
02-27: ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root (0)
02-25: Kshitish 2.0 Default Credentials (0)
02-25: Auto Dealer Management System 1.0 Privilege Escalation (0)
02-25: Auto Dealer Management System 1.0 SQL Injection (0)
02-25: Employee Task Management System 1.0 Privilege Escalation (0)
02-25: Employee Task Management System 1.0 SQL Injection (0)
02-25: Arm Mali Insufficient Cache Invalidation (0)
02-25: Music Gallery Site 1.0 Privilege Escalation / Missing Authentication (0)
02-25: Music Gallery Site 1.0 SQL Injection (0)
02-25: Simple Food Ordering System 1.0 Cross Site Scripting (0)
02-25: Simple Food Ordering System 1.0 Cross Site Scripting (0)
02-25: https://phafaek.go.th/pwn.htm (0)
02-24: Yoga Class Registration System 1.0 SQL Injection (0)
02-24: Froxlor 2.0.6 Remote Command Execution (0)
02-24: Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal (0)
02-23: Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal (0)
02-23: pyLoad js2py Python Execution (0)
02-22: pyLoad js2py Python Execution (0)
02-22: Sales Tracker System 1.0 SQL Injection (0)
02-22: https://leeled.go.th (0)
02-22: https://samkratai.go.th (0)
02-22: https://palmpattanacity.go.th (0)
02-22: https://tanyongmat.go.th (0)
02-22: https://donsakcity.go.th (0)
02-21: Sales Tracker System 1.0 SQL Injection (0)
02-20: [webapps] pfBlockerNG 2.1.4_26 – Remote Code Execution (RCE) (0)
02-18: Argon Dashboard 1.1.2 SQL Injection (0)
02-18: Demanzo Matrimony 1.5 Cross Site Request Forgery (0)
02-18: Zabbix Agent 6.2.7 Insecure Permissions / Privilege Escalation (0)
02-18: Best POS Management System 1.0 Cross Site Scripting (0)
02-18: Best POS Management System 1.0 SQL Injection (0)
02-18: Best POS Management System 1.0 Shell Upload (0)
02-18: Kardex Mlog MCC 5.7.12+0-a203c2a213-master File Inclusion / Remote Code Execution (0)
02-18: Debian Security Advisory 5351-1 (0)
02-18: Debian Security Advisory 5352-1 (0)
02-17: Kardex Mlog MCC 5.7.12+0-a203c2a213-master File Inclusion / Remote Code Execution (0)
02-17: Atrocore 1.5.25 Shell Upload (0)
02-16: Two Zero-Days Fixed In Patch Tuesday Can Escalate Privileges To SYSTEM (0)
02-16: Atrocore 1.5.25 Shell Upload (0)
02-16: Arris Router Firmware 9.1.103 Remote Code Execution (0)
02-16: Korenix JetWave Command Injection / Denial Of Service (0)
02-16: GitLab GitHub Repo Import Deserialization Remote Code Execution (0)
02-16: WordPress Quiz And Survey Master 8.0.8 Media Deletion (0)
02-16: WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery (0)
02-16: B&R Systems Diagnostics Manager Cross Site Scripting (0)
02-16: Apple Splats Zero-Day Bug, Other Gremlins In macOS, iOS (0)
02-16: Apple Security Advisory 2023-02-13-1 (0)
02-16: Apple Security Advisory 2023-02-13-2 (0)
02-16: Apple Security Advisory 2023-02-13-3 (0)
02-16: B&R Systems Diagnostics Manager Cross Site Scripting (0)
02-15: XWorm Trojan 2.1 NULL Pointer Dereference (0)
02-15: Cisco RV Series Authentication Bypass / Command Injection (0)
02-14: Cisco RV Series Authentication Bypass / Command Injection (0)
02-14: Global Infotech CMS 1.0 SQL Injection (0)
02-11: Windows Kernel Key Replication Issues (0)
02-11: Windows Kernsl SID Table Poisoning (0)
02-11: WEBY 1.2.5 Cross Site Request Forgery (0)
02-11: Windows Kernel Virtualizable Hive Key Deletion (0)
02-11: Windows Kernel Registry Virtualization Incompatibility (0)
02-11: Monitorr 1.7.6 Shell Upload (0)
02-11: ChiKoi 1.0 Cross Site Scripting (0)
02-11: ChiKoi 1.0 Directory Traversal (0)
02-10: ChiKoi 1.0 Directory Traversal (0)
02-10: http://udsangsawang.go.th/xstro0.jpg (0)
02-10: CKSource CKEditor5 35.4.0 Cross Site Scripting (0)
02-10: Windows Kernel Dangling Registry Link Node Use-After-Free (0)
02-10: Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution (0)
02-10: Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution (0)
02-10: SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow (0)
02-09: SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow (0)
02-09: Nagios XI 5.7.5 Remote Code Execution (0)
02-09: ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution (0)
02-08: ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution (0)
02-08: Material Dashboard 2 SQL Injection (1)
02-08: 101news By Mayuri K 1.0 SQL Injection (1)
02-08: Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution (0)
02-08: Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution (0)
02-07: Windows Kernel Registry Virtualization Memory Corruption (0)
02-07: Android Binder VMA Management Security Issues (0)
02-07: Apache Tomcat On Ubuntu Log Init Privilege Escalation (0)
02-06: Apache Tomcat On Ubuntu Log Init Privilege Escalation (0)
02-04: Oracle Database 12.1.0.2 Spatial Component Privilege Escalation (0)
02-04: F5 Big-IP Create Administrative User (0)
02-04: macOS Dirty Cow Arbitrary File Write Local Privilege Escalation (0)
02-04: Lenovo Diagnostics Driver Memory Access (0)
02-03: https://division4.immigration.go.th/xx.html (0)
02-03: http://namphonsao.go.th (0)
02-02: Online Eyewear Shop 1.0 SQL Injection (0)
02-02: eCommerce Marketplace Platform CMS 1.7 Cross Site Scripting (0)
02-02: eCommerce Marketplace Platform CMS 1.7 SQL Injection (0)
02-02: vmwgfx Driver File Descriptor Handling Privilege Escalation (0)
02-02: io_uring Same Type Object Reuse Privilege Escalation (0)
02-02: Packet Storm New Exploits For January, 2023 (0)
02-01: mRemoteNG 1.76.20 Privilege Escalation (0)
02-01: PHPJabbers Auto Classifieds Script 3.2 Cross Site Scripting (0)
02-01: PHPJabbers Business Directory Script 3.2 Cross Site Scripting (0)
02-01: Control Web Panel Unauthenticated Remote Command Execution (0)

January 2023 (155)

01-31: PHPJabbers Property Listing Script 3.1 Cross Site Scripting (0)
01-31: PHPJabbers Property Listing Script 3.1 SQL Injection (0)
01-31: PHPJabbers Travel Tours Script 1.0 Cross Site Scripting (0)
01-31: PHPJabbers Travel Tours Script 1.0 SQL Injection (1)
01-31: PHPJabbers Event Ticketing System Script 1.0 Cross Site Scripting (0)
01-31: Zstore 6.6.0 Cross Site Scripting (0)
01-31: PHPJabbers Car Park Booking System 2.0 Cross Site Scripting (0)
01-31: Broadcast Signal Intrusion – Hacking Radio Stations (0)
01-30: http://www.hanghong.go.th/poop.php (0)
01-30: https://nsw1.go.th/freedom.php (0)
01-28: Apple Security Advisory 2023-01-24-1 (0)
01-28: PHPJabbers Car Rental Script 3.0 SQL Injection (0)
01-28: Micro Focus GroupWise Session ID Disclosure (0)
01-28: Razer Synapse 3.7.0731.072516 Local Privilege Escalation (0)
01-27: Secure Web Gateway 10.2.11 Cross Site Scripting (0)
01-26: Inout Music 5.1.1 SQL Injection (0)
01-26: Inout Jobs Portal 2.2.2 SQL Injection (0)
01-26: Inout Jobs Portal 2.2.2 Cross Site Scripting (0)
01-25: Apple Security Advisory 2023-01-23-1 (0)
01-25: Apple Security Advisory 2023-01-23-2 (0)
01-25: Apple Security Advisory 2023-01-23-3 (0)
01-25: Apple Security Advisory 2023-01-23-4 (0)
01-25: Apple Security Advisory 2023-01-23-5 (0)
01-25: Apple Security Advisory 2023-01-23-6 (0)
01-25: Apple Security Advisory 2023-01-23-7 (0)
01-25: Apple Security Advisory 2023-01-23-8 (0)
01-25: Inout Homestay 2.2 SQL Injection (0)
01-25: Inout Search Engine 10.1.3 Cross Site Scripting (0)
01-25: Cacti 1.2.22 Command Injection (0)
01-24: http://kuedchang.go.th (0)
01-24: http://kcph.go.th (0)
01-24: AmazCart Laravel Ecommerce System CMS 3.4 Cross Site Scripting (0)
01-24: Food Ordering System 2 Shell Upload (0)
01-24: Inout RealEstate 2.1.3 SQL Injection (0)
01-24: ERPGo SaaS 3.9 CSV Injection (0)
01-24: Active eCommerce CMS 6.5.0 Cross Site Scripting (0)
01-21: Inout Multi-Vendor Shopping Cart 3.2.3 Cross Site Scripting (0)
01-21: Inout Multi-Vendor Shopping Cart 3.2.3 SQL Injection (0)
01-21: ASKEY RTF3505VW-N1 Privilege Escalation (0)
01-21: wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read (0)
01-21: NetChess 2.1 Buffer Overflow (0)
01-21: OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation (0)
01-21: Patient Record Management System 1.0 Authentication Bypass (0)
01-21: Solaris 10 dtprintinfo / libXm / libXpm Security Issues (0)
01-21: Solaris 10 dtprintinfo Local Privilege Escalation (0)
01-20: http://www.bnk.go.th/f7xp.html (0)
01-20: SLIMS 9.5.2 Cross Site Scripting (0)
01-19: http://www.sdm.dmr.go.th/b.htm (0)
01-19: KesionCMS X 1.5 Add Administrator (0)
01-19: Yazilimi Jettweb Haber 3 SQL Injection (0)
01-19: xcash 1.5 Insecure Settings (0)
01-19: WordPress WPtouch Pro 3.0.9.1 Open Redirection (0)
01-19: WordPress WPtouch 3.8.2 Open Redirection (0)
01-19: Active Matrimonial CMS 3.6 SQL Injection (0)
01-19: WordPress WPtouch Pro 3.3.4 Open Redirection (0)
01-19: WordPress WPtouch 4.3.47 Open Redirection (0)
01-19: WordPress WPtouch 3.7.5 Open Redirection (0)
01-19: Zstore 6.5.4 Cross Site Scripting (0)
01-19: PHP Hazir Haber Sitesi Scripti 3 SQL Injection (0)
01-19: Active eCommerce CMS 6.5.0 SQL Injection (0)
01-19: Chrome JSNativeContextSpecialization::BuildElementAccess Bypass (0)
01-19: Jettweb Ready Rent A Car Script 4 Cross Site Scripting (0)
01-19: Ivanti Cloud Services Appliance (CSA) Command Injection (0)
01-18: Yuvan Education CRM 3.0 SQL Injection (0)
01-18: Infokart 1.1 SQL Injection (0)
01-18: Global Infotech CMS 1.0 SQL Injection (0)
01-18: Infobool 3.0 SQL Injection (0)
01-18: KesionCMS X 1.5.160902 Insecure Settings (0)
01-18: Inlislite 3.2 Insecure Settings (0)
01-18: Incrementer CMS 0.1 Insecure Settings (0)
01-18: Yazilimi Jettweb 3 Cross Site Scripting (0)
01-18: Active Matrimonial CMS 3.5 Insecure Settings (0)
01-18: Citrix Workspace App For Linux 2212 Credential Leak (0)
01-18: XNU VM Copy-On-Write Bypass (0)
01-18: XNU vm_map_copy_overwrite_unaligned Race Condition (0)
01-18: BootCommerce 3.2.1 Cross Site Scripting (0)
01-18: BootCommerce 3.2.1 SQL Injection (0)
01-18: LISTSERV 17 Cross Site Scripting (0)
01-18: LISTSERV 17 Insecure Direct Object Reference (0)
01-17: http://www.webiad.moe.go.th/locked.txt (0)
01-15: http://www.research.doae.go.th/tak_ash4.htm (0)
01-14: http://www.plan.doae.go.th/tak_ash4.htm (0)
01-13: Laravel 9.47.0 Information Disclosure (0)
01-13: Global Education And Technoworld 4.1 Backup Disclosure (0)
01-13: WordPress Profile Builder 3.0.5 SQL Injection (0)
01-13: WordPress Slider Revolution 3.0.8 Directory Traversal (0)
01-13: WordPress Slider Revolution 4.1.2 Directory Traversal (0)
01-13: WordPress Slider Revolution 4.1.3 Directory Traversal (0)
01-13: WordPress Slider Revolution 4.6.5 Directory Traversal (0)
01-13: WordPress Slider Revolution 4.9.2 Directory Traversal (0)
01-13: WordPress Slider Revolution 4.x.x Shell Upload (0)
01-13: ChiKoi New-MVC-SHOP 1.0 Cross Site Scripting (0)
01-13: Academy LMS 5.11 Cross Site Scripting (0)
01-13: WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free (0)
01-13: libCoreEntitlements CEContextQuery Arbitrary Entitlement Returns (0)
01-12: Windows Kernel NtNotifyChangeMultipleKeys Use-After-Free (0)
01-12: Gold Filled CRM 2.0 Arbitrary File Upload (0)
01-12: Online Food Ordering System 2.0 SQL Injection (0)
01-12: 2ad Guestbook 2.0 Database Disclosure (0)
01-12: Blesta 5.4.1 Insecure Settings (0)
01-12: Deprixa Pro 7.5 Insecure Settings (0)
01-12: ChiKoi 1.0 SQL Injection (0)
01-12: Flex 5.22 Insecure Settings (0)
01-12: Foloosi Shopping 5.5.7 Insecure Settings (0)
01-12: Online Food Ordering System 2.0 Shell Upload (0)
01-12: eCart Web 5.0.0 Cross Site Scripting (0)
01-11: CMS Global-PC Technology 1.0 Insecure Settings (0)
01-11: Concepts Informatics CMS 7 SQL Injection (0)
01-11: eCart Multi Vendor eCommerce System 1.x Insecure Settings (0)
01-11: eCart Web 4.0.0 Insecure Settings (0)
01-11: ERPGo SaaS CRM 3.3 Arbitrary File Upload (0)
01-11: Medisense-Healthcare Solutions CRM 2.0 Cross Site Request Forgery (0)
01-11: Tiki Wiki CMS Groupware 25.0 Cross Site Scripting (0)
01-11: Online Food Ordering System 2.0 Cross Site Scripting (0)
01-11: Linux khugepaged Race Conditions (0)
01-11: WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls (0)
01-10: ADMINA BULGARIA Ltd 1.0 SQL Injection (0)
01-10: AdminSeg 2.15 Insecure Direct Object Reference (0)
01-10: BDWeb-Link LMS 1.11.5 Insecure Direct Object Reference (0)
01-10: Corpatech CMS 2 SQL Injection (0)
01-10: Dcastalia CMS 1.2 Insecure Direct Object Reference (0)
01-10: Deprixa Pro CMS 3.2.5 Insecure Settings (0)
01-10: WordPress Slider Revolution 4.6.5 Shell Upload (0)
01-10: WordPress Mega Main Menu 2.2.2 Information Disclosure (0)
01-10: Online Food Ordering System 2.0 Shell Upload (0)
01-10: Online Food Ordering System 2.0 SQL Injection (0)
01-10: Arm Mali CSF KBASE_REG_NO_USER_FREE Unsafe Use Use-After-Free (0)
01-10: Linux 4.10 Use-After-Free (0)
01-10: MOV.AI Robotics Engine 2.2.3-3 Cross Site Scripting (0)
01-10: Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery (0)
01-10: Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution (0)
01-10: Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection (0)
01-10: Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection (0)
01-09: Control Web Panel 7 Remote Code Execution (0)
01-09: Excel Net Computer Institute 4.1 SQL Injection (0)
01-09: Eatself 1.1.5 SQL Injection (0)
01-09: Linux videobuf2 Use-After-Free (0)
01-06: Rackspace Blames Ransomware Woes On Zero-Day Attack (0)
01-06: Linear eMerge E3-Series Access Controller Command Injection (0)
01-06: Oracle Database Vault Metadata Exposure (0)
01-06: Linux videobuf2 Use-After-Free (0)
01-05: Oracle Database Vault Metadata Exposure (0)
01-05: http://www.nokmuang.go.th (0)
01-04: Linux PT_SUSPEND_SECCOMP Permission Bypass / Ptracer Death Race (0)
01-04: Oracle DBMS_REDACT Dynamic Data Masking Bypass (0)
01-04: Nexxt Router Firmware 42.103.1.5095 Remote Code Execution (0)
01-03: Oracle DBMS_REDACT Dynamic Data Masking Bypass (0)
01-03: BDWeb-Link LMS 1.11.5 SQL Injection (0)
01-03: SugarCRM Shell Upload (0)
01-03: Oracle Unified Audit Policy Bypass (0)
01-03: crewjam/saml Signature Bypass (0)
01-03: Chrome Synchronous Mojo Use-After-Free (0)
01-03: Packet Storm New Exploits For December, 2022 (0)
01-03: Packet Storm New Exploits For 2022 (0)
01-02: Packet Storm New Exploits For 2022 (0)

December 2022 (134)

12-30: ProLink PRS1841 Backdoor Account (0)
12-30: Hughes Satellite Router Remote File Inclusion Cross Frame Scripting (0)
12-29: Hughes Satellite Router Remote File Inclusion Cross Frame Scripting (0)
12-29: https://www.ppao.go.th/a.htm (0)
12-29: http://www.sangkhacity.go.th (0)
12-28: ProLink PRS1841 PLDT Router Backdoor (0)
12-28: Student Attendance Management System 1.0 SQL Injection (0)
12-28: Active Ecommerce CMS 6.4.0 Backdoor Account (0)
12-28: Botble 5.28.3 Backdoor Account (0)
12-28: Car Dealer Pro 2.01 Backdoor Account (0)
12-28: Consultine Consulting Business And Finance Website CMS 1.8 Backdoor Account (0)
12-28: Courier Deprixa 2.5 Backdoor Account (0)
12-28: Enlightenment 0.25.3 Privilege Escalation (0)
12-27: Enlightenment 0.25.3 Privilege Escalation (0)
12-24: Stock Management System 2022 1.0 From Erick Cesar SQL Injection (0)
12-24: WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload (0)
12-24: OpenTSDB 2.4.0 Command Injection (0)
12-24: http://ecase.dopa.go.th (0)
12-24: http://khamyai-ks.go.th/public/ (0)
12-24: http://khaokhlung.go.th/public/dz.php (0)
12-24: http://sukhothaipao.go.th/public/ (0)
12-24: http://khaochangum.go.th/public/ (0)
12-23: OpenTSDB 2.4.0 Command Injection (0)
12-22: Senayan Library Management System 9.2.2 Cross Site Scripting (0)
12-22: Senayan Library Management System 9.2.2 SQL Injection (0)
12-22: 4images 1.9 Remote Command Execution (0)
12-22: Eclipse Business Intelligence Reporting Tool 4.11.0 Remote Code Execution (0)
12-22: Apple Security Advisory 2022-12-13-1 (0)
12-22: Apple Security Advisory 2022-12-13-2 (0)
12-22: Apple Security Advisory 2022-12-13-3 (0)
12-22: Apple Security Advisory 2022-12-13-4 (0)
12-22: Apple Security Advisory 2022-12-13-5 (0)
12-22: Apple Security Advisory 2022-12-13-6 (0)
12-22: Apple Security Advisory 2022-12-13-7 (0)
12-22: Apple Security Advisory 2022-12-13-8 (0)
12-22: Apple Security Advisory 2022-12-13-9 (0)
12-21: Senayan Library Management System 9.2.1 Cross Site Scripting (0)
12-21: Senayan Library Management System 9.2.1 SQL Injection (0)
12-20: Senayan Library Management System 9.2.1 SQL Injection (0)
12-20: Senayan Library Management System 9.1.1 Cross Site Scripting (0)
12-20: Senayan Library Management System 9.1.1 SQL Injection (0)
12-20: Senayan Library Management System 9.2.0 Cross Site Scripting (0)
12-20: Senayan Library Management System 9.2.0 SQL Injection (0)
12-20: http://tambontungpha.go.th (0)
12-20: http://www.kkpao.go.th/kkpao_plan/images/banner/ownz4.JPG (0)
12-20: http://web.kalasin3.go.th/web/members_pic/i2iskiness452.jpg (0)
12-19: Senayan Library Management System 9.2.0 SQL Injection (0)
12-18: http://pattani1.go.th/izy.txt (0)
12-17: Bangresta 1.0 SQL Injection (0)
12-17: http://muangchan.sisaket.police.go.th/readme.html (0)
12-16: Bangresta 1.0 SQL Injection (0)
12-16: Syncovery For Linux Web-GUI Authenticated Remote Command Execution (0)
12-16: Acronis TrueImage XPC Privilege Escalation (0)
12-16: SOUND4 Server Service 4.1.102 Local Privilege Escalation (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Cross Site Request Forgery (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Authorization Bypass (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Insufficient Session Expiration (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Disconnect Webmonitor User Denial Of Service (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x password SQL Injection (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x username SQL Injection (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ICMP Flood Attack (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Hardcoded Credentials (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Directory Traversal / File Write (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Persistent Cross Site Scripting (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Information Disclosure (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x dns.php Command Injection (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Radio Steam Disclosure (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ping.php Command Injection (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated File Disclosure (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x services Command Injection (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x password Command Injection (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x username Command Injection (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x traceroute.php Conditional Command Injection (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution (0)
12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated Factory Reset (0)
12-15: http://mnoi.takesa2.go.th/file_editor/ww.jpg (0)
12-15: Shoplazza 1.1 Cross Site Scripting (0)
12-15: Backdoor.Win32.InCommander.17.b MVID-2022-0665 Hardcoded Credentials (0)
12-15: Ransom.Win64.AtomSilo MVID-2022-0666 Cryptography Logic Flaw (0)
12-15: Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection (0)
12-15: SAP@ Host Agent Privilege Escalation (0)
12-14: SAP@ Host Agent Privilege Escalation (0)
12-13: CANAL+ / Microsoft PlayReady Cryptography Shortcomings / Authorization Bypass (0)
12-13: Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) MVID-2022-0664 Insecure Proprietary Password Encryption (0)
12-13: Judging Management System 1.0 SQL Injection (0)
12-13: Judging Management System 1.0 Shell Upload (0)
12-13: https://palm.dit.go.th/net.html (0)
12-11: http://nongbua.nfe.go.th/ok.htm (0)
12-10: Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS (0)
12-10: Delta Electronics DVW-W02W2-E2 2.42 Command Injection (0)
12-10: Planet eStream Code Execution / SQL Injection / XSS / Broken Control (0)
12-10: snap-confine must_mkdir_and_open_with_perms() Race Condition (0)
12-10: Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks (0)
12-10: Intel Data Center Manager 5.1 Local Privilege Escalation (0)
12-10: Intel Data Center Manager 4.1 SQL Injection (0)
12-10: ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect (0)
12-10: Senayan Library Management System 9.4.0 Cross Site Scripting (0)
12-10: Senayan Library Management System 9.0.0 Cross Site Scripting (0)
12-10: Senayan Library Management System 9.0.0 SQL Injection (0)
12-10: Senayan Library Management System 9.1.0 SQL Injection (0)
12-10: Spitfire CMS 1.0.475 PHP Object Injection (0)
12-09: ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect (0)
12-09: https://office.cpd.go.th/area2/ (0)
12-09: Windows HTTP.SYS Kerberos PAC Verification Bypass / Privilege Escalation (0)
12-08: pixman pixman_sample_floor_y Integer Overflow (0)
12-08: py7zr 0.20.0 Directory Traversal (0)
12-08: SentinelOne sentinelagent 22.3.2.5 Privilege Escalation (0)
12-08: http://nites.ayutthaya2.go.th/oni.html (0)
12-08: http://financial.ayutthaya2.go.th/oni.html (0)
12-08: http://director.ayutthaya2.go.th/oni.html (0)
12-08: http://ita.ayutthaya2.go.th/oni.html (0)
12-08: http://itaaya2.ayutthaya2.go.th/oni.html (0)
12-08: http://lawyer.ayutthaya2.go.th/oni.html (0)
12-08: http://pattana.ayutthaya2.go.th/oni.html (0)
12-08: http://planning.ayutthaya2.go.th/oni.html (0)
12-07: SentinelOne sentinelagent 22.3.2.5 Privilege Escalation (0)
12-07: https://ecd.police.go.th/Fighter.html (0)
12-07: Senayan Library Management System 9.5.1 SQL Injection (0)
12-07: VMware vCenter vScalation Privilege Escalation (0)
12-06: Zillya Total Security 3.0.2367.0 / 3.0.2368.0 Local Privilege Escalation (0)
12-06: Automotive Shop Management System 1.0 SQL Injection (0)
12-06: Drupal H5P Module 2.0.0 Zip Slip Traversal (0)
12-05: Drupal H5P Module 2.0.0 Zip Slip Traversal (0)
12-05: http://audit.ayutthaya2.go.th/oni.html (0)
12-05: http://ict.ayutthaya2.go.th/oni.html (0)
12-03: IBM Websphere Application Server 7.0 Cross Site Scripting (0)
12-03: Backdoor.Win32.Delf.gj MVID-2022-0663 Information Disclosure (0)
12-03: Packet Storm New Exploits For November, 2022 (0)
12-02: Browser Zero Days Linked To Commercial IT Firm In Spain (0)
12-01: Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection (0)
12-01: OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption (0)
12-01: Microsoft Exchange ProxyNotShell Remote Code Execution (0)
12-01: perfSONAR 4.4.4 Open Proxy / Relay (0)
12-01: perfSONAR 4.4.5 Cross Site Request Forgery (0)

November 2022 (102)

11-30: Concrete CMS 9.1.3 XPATH Injection (0)
11-30: Remote Control Collection Remote Code Execution (0)
11-29: vBulletin 5.5.2 PHP Object Injection (0)
11-27: http://r10.ldd.go.th/0x.html (0)
11-26: XNU Dangling PTE Entry (0)
11-26: XNU vm_object Use-After-Free (0)
11-26: Chrome blink::LocalFrameView::PerformLayout Use-After-Free (0)
11-26: Sanitization Management System 1.0 SQL Injection (0)
11-26: Helmet Store Showroom 1.0 SQL Injection (0)
11-26: Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL (0)
11-26: Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw (0)
11-26: Backdoor.Win32.Autocrat.b MVID-2022-0660 Weak Hardcoded Credential (0)
11-25: Ecommerce 1.0 Cross Site Scripting / Open Redirect (0)
11-25: F5 BIG-IP iControl Remote Command Execution (0)
11-24: F5 BIG-IP iControl Remote Command Execution (0)
11-24: Backdoor.Win32.Serman.a MVID-2022-0659 Unauthenticated Open Proxy (0)
11-22: Trojan.Win32.Platinum.gen MVID-2022-0657 Code Execution (0)
11-22: ClicShopping 3.402 Cross Site Scripting (0)
11-22: ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service (0)
11-22: Backdoor.Win32.Oblivion.01.a MVID-2022-0658 Insecure Transit (0)
11-22: WordPress BeTheme 26.5.1.4 PHP Object Injection (0)
11-22: ZTE ZXHN-H108NS Authentication Bypass (0)
11-22: Microsoft Outlook 2019 16.0.12624.20424 Out-Of-Bounds Read (0)
11-22: Microsoft Outlook 2019 16.0.13231.20262 Remote Code Execution (0)
11-22: Boa Web Server 0.94.13 / 0.94.14 Authentication Bypass (0)
11-22: Roxy Fileman 1.4.6 Remote Shell Upload (0)
11-22: F5 BIG-IP iControl Cross Site Request Forgery (0)
11-22: ChurchInfo 1.2.13-1.3.0 Remote Code Execution (0)
11-19: AppleAVD deallocateKernelMemoryInternal Missing Surface Lock (0)
11-19: AppleAVD AppleAVDUserClient::decodeFrameFig Memory Corruption (0)
11-19: https://naluangsen.go.th/fine.html (0)
11-18: Gitea Git Fetch Remote Code Execution (0)
11-18: http://tpso4.m-society.go.th/bdkr.htm (0)
11-17: Gitea Git Fetch Remote Code Execution (0)
11-17: Internet Download Manager 6.41 Build 3 Man-In-The-Middle (0)
11-17: Backdoor.Win32.Quux MVID-2022-0656 Hardcoded Credential (0)
11-17: Revenue Collection System 1.0 SQL Injection / Remote Code Execution (0)
11-17: Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass (0)
11-16: VMware NSX Manager XStream Unauthenticated Remote Code Execution (0)
11-16: Cisco Secure Email Gateway Malware Detection Evasion (0)
11-16: WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery (0)
11-16: Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass (0)
11-16: BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection (0)
11-16: Payara Platform Path Traversal (0)
11-16: Apple Security Advisory 2022-11-09-1 (0)
11-16: Apple Security Advisory 2022-11-09-2 (0)
11-15: Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution (0)
11-15: libxml2 Attribute Parsing Double-Free (0)
11-15: libxml2 xmlParseNameComplex Integer Overflow (0)
11-15: Node-saml Root Element Signature Bypass (0)
11-15: https://www.kohsichang.go.th/vz.txt (0)
11-12: Open Web Analytics 1.7.3 Remote Code Execution (0)
11-12: IOTransfer 4 Unquoted Service Path (0)
11-12: CVAT 2.0 Server-Side Request Forgery (0)
11-12: SmartRG Router SR510n 2.6.13 Remote Code Execution (0)
11-12: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal (0)
11-12: MSNSwitch Firmware MNT.2408 Remote Code Execution (0)
11-11: Windows Kernel Long Registry Path Memory Corruption (0)
11-11: HEUR:Trojan.MSIL.Agent.gen MVID-2022-0654 Information Disclosure (0)
11-11: Windows Kernel Long Registry Key / Value Out-Of-Bounds Read (0)
11-11: Backdoor.Win32.Aphexdoor.LiteSock MVID-2022-0653 Buffer Overflow (0)
11-11: Chrome password_manager::WellKnownChangePasswordState::SetChangePasswordResponseCode Use-After-Free (0)
11-11: [remote] SmartRG Router SR510n 2.6.13 – RCE (Remote Code Execution) (0)
11-11: [local] IOTransfer V4 – Unquoted Service Path (0)
11-11: [remote] AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 – Path Traversal (0)
11-11: [remote] MSNSwitch Firmware MNT.2408 – Remote Code Exectuion (RCE) (0)
11-11: [webapps] CVAT 2.0 – SSRF (Server Side Request Forgery) (0)
11-11: [webapps] Open Web Analytics 1.7.3 – Remote Code Execution (RCE) (0)
11-10: http://bankoksuwan.go.th/p.htm (0)
11-10: http://www.thungyai-ssk.go.th/p.htm (0)
11-10: WordPress Blog2Social 6.9.11 Missing Authorization (0)
11-10: Microsoft Squashes 6 Security Bugs Already Exploited In The Wild (0)
11-09: Forma SPOT-LMS 3.2.1 Cross Site Scripting (0)
11-09: Forma SPOT-LMS 3.2.1 Cross Site Scripting (0)
11-09: Windows Kernel Type Confusion Memory Corruption (0)
11-09: Windows Kernel Type Confusion Memory Corruption (0)
11-09: http://lpa.nfe.go.th/net.html (0)
11-08: Apple Security Advisory 2022-11-01-1 (0)
11-08: Windows Kernel Registry Use-After-Free (0)
11-07: http://lansakae.go.th (0)
11-05: Senayan Library Management System 9.5.0 SQL Injection (0)
11-05: WebKit HTMLSelectElement Use-After-Free (0)
11-04: Automated Tank Gauge (ATG) Remote Configuration Disclosure (0)
11-03: http://korat4.go.th/zah.txt (0)
11-03: http://ssd.go.th/read.html (0)
11-03: Webmin 1.984 File Manager Remote Code Execution (0)
11-03: FLIR AX8 1.46.16 Remote Command Injection (0)
11-03: Apache CouchDB Erlang Remote Code Execution (0)
11-02: Packet Storm New Exploits For October, 2022 (0)
11-02: https://www.dwf-lampang.go.th/fine.html (0)
11-01: Ecommerce CodeIgniter Bootstrap 1.0 Cross Site Scripting (0)
11-01: wolfSSL Buffer Overflow (0)
11-01: Train Scheduler App 1.0 Insecure Direct Object Reference (0)
11-01: Simple Cold Storage Management System 1.0 SQL Injection (0)
11-01: Leeloo Multipath Authorization Bypass / Symlink Attack (0)
11-01: Apple Security Advisory 2022-10-27-9 (0)
11-01: Apple Security Advisory 2022-10-27-10 (0)
11-01: Apple Security Advisory 2022-10-27-11 (0)
11-01: Apple Security Advisory 2022-10-27-12 (0)
11-01: Apple Security Advisory 2022-10-27-13 (0)
11-01: Apple Security Advisory 2022-10-27-14 (0)
11-01: Apple Security Advisory 2022-10-27-15 (0)

October 2022 (124)

10-31: Apple Security Advisory 2022-10-24-1 (0)
10-31: Apple Security Advisory 2022-10-24-2 (0)
10-31: Apple Security Advisory 2022-10-24-3 (0)
10-31: Apple Security Advisory 2022-10-24-4 (0)
10-31: Apple Security Advisory 2022-10-24-5 (0)
10-31: Apple Security Advisory 2022-10-24-6 (0)
10-31: Apple Security Advisory 2022-10-24-7 (0)
10-31: Apple Security Advisory 2022-10-27-1 (0)
10-31: Apple Security Advisory 2022-10-27-2 (0)
10-31: Apple Security Advisory 2022-10-27-3 (0)
10-31: Apple Security Advisory 2022-10-27-4 (0)
10-31: Apple Security Advisory 2022-10-27-5 (0)
10-31: Apple Security Advisory 2022-10-27-6 (0)
10-31: Apple Security Advisory 2022-10-27-7 (0)
10-31: Apple Security Advisory 2022-10-27-8 (0)
10-29: Siemens APOGEE PXC / TALON TC Authentication Bypass (0)
10-28: https://tamkrataitong.go.th (0)
10-28: Vagrant Synced Folder Vagrantfile Breakout (0)
10-27: ERP Sankhya 4.13.x Cross Site Scripting (0)
10-27: Dinstar FXO Analog VoIP Gateway DAG2000-16O Cross Site Scripting (0)
10-27: http://kalasin.nfe.go.th/bdkr.htm (0)
10-26: Apple Releases Patch For iPhone And iPad Zero Day (0)
10-26: ZKTeco ZEM500-510-560-760 / ZEM600-800 / ZEM720 / ZMM Missing Authentication (0)
10-26: GLPI 10.0.2 Command Injection (0)
10-25: Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass (0)
10-25: Pega Platform 8.7.3 Remote Code Execution (0)
10-25: Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution (0)
10-25: Backdoor.Win32.Psychward.10 MVID-2022-0651 Remote Command Execution (0)
10-23: http://wangrongyai.go.th (0)
10-23: http://nongfan.go.th (0)
10-23: http://donlocal.go.th (0)
10-23: http://muangnat.go.th (0)
10-23: http://dongklang.go.th (0)
10-23: http://nongbuawnoi.go.th (0)
10-22: https://www.donwaicity.go.th/read.txt (0)
10-21: Chrome offline_items_collection::OfflineContentAggregator::OnItemRemoved Heap Buffer Overflow (0)
10-21: Cisco Jabber XMPP Stanza Smuggling (0)
10-21: Chrome AccountSelectionBubbleView::OnAccountImageFetched Heap Use-After-Free (0)
10-21: Zimbra Collaboration Suite TAR Path Traversal (0)
10-20: https://npt-2.go.th (0)
10-20: AVS Audio Converter 10.3 Stack Overflow (0)
10-20: Zimbra Privilege Escalation (0)
10-20: Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass (0)
10-18: Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection (0)
10-18: Joomla OSG Courts Reservation 1.4.9 SQL Injection (0)
10-18: Knap Advanced PHP Login 3.1.3 Cross Site Scripting (0)
10-18: Vicidial 2.14-783a Cross Site Scripting (0)
10-18: Garage Management System 1.0 Cross Site Scripting (0)
10-18: Stripe Green Downloads 2.03 Cross Site Scripting (0)
10-18: WordPress ImageMagick-Engine 1.7.4 Remote Code Execution (0)
10-18: Windows Kernel Registry Subkey Lists Integer Overflow (0)
10-18: MapTool 1.11.5 Denial Of Service (0)
10-18: MapTool 1.11.5 Cross Site Scripting (0)
10-18: Joomla Vik Appointments 1.7.3 Cross Site Scripting (0)
10-18: MiniDVBLinux 5.4 Configuration Download (0)
10-18: MiniDVBLinux 5.4 SVDRP Control (0)
10-18: MiniDVBLinux 5.4 Change Root Password (0)
10-18: Backdoor.Win32.DarkSky.23 MVID-2022-0648 Buffer Overflow (0)
10-18: MiniDVBLinux 5.4 Unauthenticated Stream Disclosure (0)
10-18: Webile 1.0.1 Directory Traversal (0)
10-18: Spring Cloud Gateway 3.1.0 Remote Code Execution (0)
10-18: pfSense pfBlockerNG 2.1.4_26 Shell Upload (0)
10-18: MiniDVBLinux 5.4 Remote Root Command Injection (0)
10-18: Backdoor.Win32.Redkod.d MVID-2022-0649 Hardcoded Credential (0)
10-18: WiFi File Transfer 1.0.8 Cross Site Scripting (0)
10-18: MiniDVBLinux 5.4 Remote Root Command Execution (0)
10-18: WordPress Photo Gallery 1.8.0 Cross Site Scripting (0)
10-18: MiniDVBLinux 5.4 Arbitrary File Read (0)
10-18: Apple Security Advisory 2022-10-10-1 (0)
10-18: Apple Music Android Application 3.10.2 Man-In-The-Middle (0)
10-17: [webapps] Wordpress Plugin ImageMagick-Engine 1.7.4 – Remote Code Execution (RCE) (Authenticated) (0)
10-13: http://kaokum.go.th/m6.htm (0)
10-13: http://wianglocal.go.th/m6.htm (0)
10-11: macOS 12.3.1 Local Root (0)
10-11: Zentao Project Management System 17.0 Remote Code Execution (0)
10-11: Crealogix EBICS Cross Site Scripting (0)
10-11: Web Based Student Clearance 1.0 Shell Upload (0)
10-11: Joomla Vik Rent Car 1.14 Cross Site Scripting (0)
10-11: WordPress / Joomla JReviews 4.1.5 Cross Site Scripting (0)
10-11: WordPress eCommerce Product Catalog 3.0.70 Cross Site Scripting (0)
10-11: Online Shopping System Advanced 1.0 SQL Injection (0)
10-11: Linux munmap() Race Condition / Use-After-Free (0)
10-08: WordPress Zephyr Project Manager 3.2.42 SQL Injection (0)
10-08: Joomla Vik Booking 1.15.0 Cross Site Scripting (0)
10-07: Joomla JoomBri Freelance 4.5.0 Cross Site Scripting (0)
10-07: Joomla JoomBri Careers 3.3.0 Cross Site Scripting (0)
10-07: Linux 3.19 anon_vma Use-After-Free (0)
10-07: Joomla KSAdvertiser 2.5.37 Cross Site Scripting (0)
10-07: http://ped.go.th (0)
10-07: https://www.lripeo.go.th/robots.txt (0)
10-06: Canteen Management 1.0-2022 Cross Site Scripting (0)
10-06: Ubuntu 22.04.1 X64 Desktop Enlightenment 0.25.3-1 Privilege Escalation (0)
10-06: Remote Mouse 4.110 Remote Code Execution (0)
10-06: [webapps] Wordpress Plugin Zephyr Project Manager 3.2.42 – Multiple SQLi (0)
10-05: http://ict.krabihospital.go.th/read.html (0)
10-05: Joomla Solidres 2.12.9 Cross Site Scripting (0)
10-05: Canteen Management 1.0-2022 SQL Injection (0)
10-05: Joomla RAXO All-Mode PRO 2.01 Cross Site Scripting (0)
10-05: WordPress Elementor 3.6.2 Shell Upload (0)
10-05: WordPress WPvivid Backup Path Traversal (0)
10-04: http://www.kksec.go.th/read.html (0)
10-04: Joomla JUX Charity Hub 1.0.4 SQL Injection (0)
10-04: Joomla Easy Shop 1.4.1 Cross Site Scripting (0)
10-04: Joomla JKassa ShoppingCart 2.0.0 SQL Injection (0)
10-04: Google Chrome 103.0.5060.53 Autofill Assistant Universal Cross Site Scripting (0)
10-04: Google Chrome 103.0.5060.53 network::URLLoader::NotifyCompleted Heap Use-After-Free (0)
10-04: Joomla MarvikShop ShoppingCart 3.4 SQL Injection (0)
10-04: Joomla MarvikShop ShoppingCart 3.4 Cross Site Scripting (0)
10-04: Password Manager For IIS 2.0 Cross Site Scripting (0)
10-04: Backdoor.Win32.NTRC MVID-2022-0646 Hardcoded Credential (0)
10-04: Joomla Rentalot Plus 19.05 Cross Site Scripting (0)
10-04: Backdoor.Win32.Delf.eg MVID-2022-0647 Remote Command Execution (0)
10-02: Joomla jMarket 5.15 Cross Site Scripting (0)
10-02: Joomla JS Jobs Pro 1.3.6 SQL Injection (0)
10-02: Joomla MyMuse 4.3.0 SQL Injection (0)
10-02: GuppY CMS 6.00.10 Shell Upload (0)
10-02: Centreon 22.04.0 Cross Site Scripting (0)
10-02: ZKSecurity BIO 4.1.2 SQL Injection / Code Execution (0)
10-02: ZKSecurity BIO 3.0.5.0_R Privilege Escalation (0)
10-02: Packet Storm New Exploits For September, 2022 (0)
10-01: http://www.krabihospital.go.th (0)
10-01: Joomla JoomRecipe 4.2.2 Cross Site Scripting (0)
10-01: jCart For OpenCart 3.0.3.19 Cross Site Scripting (0)
10-01: Joomla DJ-Classifieds Ads 3.9 Cross Site Scripting (0)

September 2022 (165)

09-30: Exchange Server Zero-Day Being Actively Exploited (0)
09-30: Exchange Server Zero-Day Being Actively Exploited (0)
09-30: Online Examination System 1.0 Cross Site Scripting (0)
09-30: Joomla EDocman 1.23.3 Cross Site Scripting (0)
09-30: Online Examination System 1.0 SQL Injection (0)
09-30: Bus Pass Management System 1.0 Cross Site Scripting (0)
09-30: Joomla AdsManager 3.2.0 SQL Injection (0)
09-30: qdPM 9.1 Authenticated Shell Upload (0)
09-29: WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting (0)
09-29: EShop Joomla Shopping-Cart 3.6.0 Cross Site Scripting (0)
09-29: Netfilter nft_set_elem_init Heap Overflow Privilege Escalation (0)
09-29: Mobile Mouse Remote Code Execution (0)
09-28: http://pbns.go.th/robots.txt (0)
09-28: http://www.spin.dss.go.th/bas/public/site/images/admin1/mwhehe.gif (0)
09-28: Food Ordering Management System 1.0 SQL Injection (0)
09-28: Online Birth Certificate Management System 1.0 Cross Site Request Forgery (0)
09-28: Online Birth Certificate Management System 1.0 Insecure Direct Object Reference (0)
09-28: Online Birth Certificate Management System 1.0 Cross Site Scripting (0)
09-28: Online Birth Certificate Management System 1.0 Cross Site Scripting (0)
09-28: COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read (0)
09-27: pfBlockerNG 2.1.4_26 Shell Upload (0)
09-27: osCommerce Shopping Cart 4 Cross Site Scripting (0)
09-27: LivelyCart Pro 3 Cross Site Scripting (0)
09-27: Active eCommerce CMS 6.3.0 Arbitrary File Download (0)
09-27: Active eCommerce CMS 6.3.0 Cross Site Scripting (0)
09-27: Backdoor.Win32.Bingle.b MVID-2022-0643 Hardcoded Credential (0)
09-27: Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential (0)
09-27: WooCommerce BRW Booking Rental 1.3.1 Cross Site Scripting (0)
09-27: Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload (0)
09-27: WordPress Sabai Discuss 1.4.13 Cross Site Scripting (0)
09-27: WordPress Forym 1.5.7 Cross Site Scripting (0)
09-27: Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution (0)
09-27: Veritas Backup Exec Agent Remote Code Execution (0)
09-27: WiFi Mouse 1.8.3.4 Remote Code Execution (0)
09-24: TP-Link Tapo c200 1.1.15 Remote Code Execution (0)
09-24: Testa 3.5.1 Cross Site Scripting (0)
09-24: Feehi CMS 2.1.1 Remote Code Execution (0)
09-24: Teleport 10.1.1 Remote Code Execution (0)
09-24: WordPress WP-UserOnline 2.88.0 Cross Site Scripting (0)
09-24: WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting (0)
09-23: Multix 2.4 Cross Site Scripting (0)
09-23: Multix 2.4 Cross Site Request Forgery (0)
09-23: WorkOrder CMS 0.1.0 SQL Injection (0)
09-23: WorkOrder CMS 0.1.0 Cross Site Scripting (0)
09-23: Linux Stable 5.4 / 5.10 Use-After-Free / Race Condition (0)
09-23: Bitbucket Git Command Injection (0)
09-23: [webapps] Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS) (0)
09-23: [webapps] Aero CMS v0.0.1 – SQLi (0)
09-23: [webapps] Wordpress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS) (0)
09-23: [webapps] Wordpress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS) (0)
09-23: [remote] Teleport v10.1.1 – Remote Code Execution (RCE) (0)
09-23: [webapps] TP-Link Tapo c200 1.1.15 – Remote Code Execution (RCE) (0)
09-23: [webapps] Feehi CMS 2.1.1 – Remote Code Execution (RCE) (Authenticated) (0)
09-22: WiFiMouse 1.8.3.4 Remote Code Execution (0)
09-22: Unified Remote Authentication Bypass / Code Execution (0)
09-21: Trojan-Dropper.Win32.Corty.10 MVID-2022-0639 Insecure Credential Storage (0)
09-21: Bookwyrm 0.4.3 Authentication Bypass (0)
09-21: Trojan.Ransom.Ryuk.A MVID-2022-0640 Code Execution (0)
09-21: Buffalo TeraStation Network Attached Storage (NAS) 1.66 Authentication Bypass (0)
09-21: ProcessMaker Privilege Escalation (0)
09-21: Blink1Control2 2.2.7 Weak Password Encryption (0)
09-21: Backdoor.Win32.Hellza.120 MVID-2022-0642 Authentication Bypass (0)
09-21: Backdoor.Win32.Hellza.120 MVID-2022-0641 Remote Command Execution (0)
09-21: Arm Mali Released Buffer Use-After-Free (0)
09-21: Arm Mali Physical Address Exposure (0)
09-21: Arm Mali Race Condition (0)
09-21: Arm Mali CSF Missing Buffer Size Check (0)
09-21: [remote] Wifi HD Wireless Disk Drive 11 – Local File Inclusion (0)
09-21: [remote] WiFiMouse 1.8.3.4 – Remote Code Execution (RCE) (0)
09-20: Genesys PureConnect Cross Site Scripting (0)
09-20: WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting (0)
09-20: OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection (0)
09-20: Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion (0)
09-20: PhotoSync 4.7 Local File Inclusion (0)
09-20: SoX 14.4.2 Division-By-Zero / Denial Of Service (0)
09-20: VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload (0)
09-20: [local] Blink1Control2 2.2.7 – Weak Password Encryption (0)
09-20: [webapps] Buffalo TeraStation Network Attached Storage (NAS) 1.66 – Authentication Bypass (0)
09-20: [remote] Airspan AirSpot 5410 version 0.3.4.1 – Remote Code Execution (RCE) (0)
09-20: [webapps] Bookwyrm v0.4.3 – Authentication Bypass (0)
09-20: [remote] Mobile Mouse 3.6.0.4 – Remote Code Execution (RCE) (0)
09-19: https://www.nongpailom.go.th/index.html (0)
09-19: http://nonsomboonlocal.go.th (0)
09-18: https://www.cntpeo.go.th/o.htm (0)
09-17: Chrome LinkToTextMenuObserver::CompleteWithError Heap Use-After-Free (0)
09-17: Rocket LMS 1.6 SQL Injection (0)
09-17: Social Share Button 2.2.3 SQL Injection (0)
09-17: SAP SAProuter Improper Access Control (0)
09-17: Palo Alto Networks Authenticated Remote Code Execution (0)
09-17: SAP SAPControl Web Service Interface Local Privilege Escalation (0)
09-16: Gitea 1.16.6 Remote Code Execution (0)
09-16: News247 News Magazine 1.0 Cross Site Scripting (0)
09-15: WordPress WPGateway 3.5 Privilege Escalation (0)
09-15: [webapps] Gitea 1.16.6 – Remote Code Execution (RCE) (Metasploit) (0)
09-14: http://itservice.fpo.go.th/z.php (0)
09-14: http://www.rattanaburilocal.go.th/!.php (0)
09-14: Rocket LMS 1.6 Shell Upload (0)
09-14: Rocket LMS 1.6 Cross Site Scripting (0)
09-14: Academy Learning Management System 5.7 Shell Upload (0)
09-14: TIBCO JasperReports Server 8.0.2 Community Edition Code Execution (0)
09-14: Apple Security Advisory 2022-09-12-1 (0)
09-14: Apple Security Advisory 2022-09-12-2 (0)
09-14: Apple Security Advisory 2022-09-12-4 (0)
09-14: Apple Security Advisory 2022-09-12-5 (0)
09-13: SmartRG Router 2.6.13 Remote Code Execution (0)
09-13: Infix LMS 4.3.0 IFRAME Injection (0)
09-13: Infix LMS 4.3.0 Shell Upload (0)
09-13: ETAP Safety Manager 1.0.0.32 Cross Site Scripting (0)
09-12: http://myoffice.suratpeo.go.th/2563/laysen/55.jpg (0)
09-12: http://myoffice.surin3.go.th/2563/laysen/658.jpg (0)
09-12: http://myoffice.surat1.go.th/2563/laysen/1999.jpg (0)
09-12: http://www.ska2.go.th/myoffice/2563/laysen/2282.jpg (0)
09-12: http://myoffice.takesa2.go.th/myoffice/2563/laysen/10.jpg (0)
09-12: https://phonics.lamphuncity.go.th/index.txt (0)
09-12: https://www.pongphrae.go.th/r.htm (0)
09-10: SACCO-2022 SQL Injection (0)
09-10: Windows Kernel Refcount Overflow Use-After-Free (0)
09-10: Windows Kernel Unchecked Blink Cell Index Invalid Read/Write (0)
09-10: Windows Kernel Registry Hive Memory Problems (0)
09-10: Windows Credential Guard ASN1 Decoder Type Confusion Privilege Escalation (0)
09-10: Windows Credential Guard BCrypt Context Use-After-Free Privilege Escalation (0)
09-10: @Drive 2.8 Local File Inclusion (0)
09-10: Windows Credential Guard Insufficient Checks On Kerberos Encryption Type Use (0)
09-10: Windows Credential Guard Kerberos Change Password Privilege Escalation (0)
09-10: AirDisk 7.5.5 Cross Site Scripting (0)
09-10: mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting (0)
09-10: Online Notice Board 2022 SQL Injection (0)
09-10: Windows Credential Guard KerbIumCreateApReqAuthenticator Key Information Disclosure (0)
09-10: Windows Credential Guard KerbIumGetNtlmSupplementalCredential Information Disclosure (0)
09-10: InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal (0)
09-10: Windows Credential Guard TGT Renewal Information Disclosure (0)
09-10: .NET XML Signature Verification External Entity Injection (0)
09-10: Sagemath 9.0 Overflow / Denial Of Service (0)
09-10: http://amss.ayutthaya2.go.th/read.html (0)
09-10: http://salary.ayutthaya2.go.th/read.html (0)
09-10: http://sawat.ayutthaya2.go.th/read.html (0)
09-10: http://smss.ayutthaya2.go.th/read.html (0)
09-09: Apache Spark Unauthenticated Command Injection (0)
09-08: Trojan.Win32.Autoit.fhj MVID-2022-0637 Insecure Permissions (0)
09-08: FTPManager 8.2 Local File Inclusion / Directory Traversal (0)
09-08: Backdoor.Win32.Winshell.5_0 MVID-2022-0633 Hardcoded Credential (0)
09-08: Backdoor.Win32.Hupigon.aspg MVID-2022-0634 Unquoted Service Path (0)
09-08: Trojan-Spy.Win32.Pophot.bsl MVID-2022-0635 Insecure Permissions (0)
09-08: FE File Explorer 11.0.4 Local File Inclusion (0)
09-08: Trojan.Win32.Autoit.fhj MVID-2022-0638 NULL DACL (0)
09-08: Trojan-Ransom.Win32.Hive.bv MVID-2022-0636 Code Execution (0)
09-07: http://phpmyadmin.ayutthaya2.go.th/read.html (0)
09-07: http://new.ayutthaya2.go.th/read.html (0)
09-07: Online Employee Leave Management System 1.0 Cross Site Request Forgery (0)
09-07: Wifi HD Wireless Disk Drive 11 Local File Inclusion (0)
09-06: Apple macOS Remote Events Memory Corruption (0)
09-06: Mobile Mouse 3.6.0.4 Remote Code Execution (0)
09-06: Online Market Place Site 1.0 SQL Injection (0)
09-06: Online Market Place Site 1.0 Cross Site Scripting (0)
09-06: Cisco ASA-X With FirePOWER Services Authenticated Command Injection (0)
09-03: WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting (0)
09-02: Apple Security Advisory 2022-08-31-1 (0)
09-02: Doctor's Appointment System 1.0 Cross Site Scripting (0)
09-02: Doctor's Appointment System 1.0 SQL Injection (0)
09-02: [webapps] WordPress Plugin Netroics Blog Posts Grid 1.0 – Stored Cross-Site Scripting (XSS) (0)
09-02: [webapps] WordPress Plugin Testimonial Slider and Showcase 2.2.6 – Stored Cross-Site Scripting (XSS) (0)
09-02: [webapps] Sophos XG115w Firewall 17.0.10 MR-10 – Authentication Bypass (0)
09-01: WordPress Core Cross Site Scripting / SQL Injection (0)
09-01: Zyxel Firewall SUID Binary Privilege Escalation (0)
09-01: Packet Storm New Exploits For August, 2022 (0)

August 2022 (148)

08-31: Linux KVM Instruction Emulation Issue (0)
08-30: AeroCMS 0.0.1 SQL Injection (0)
08-28: http://ss-muni.go.th/index.php (0)
08-28: http://tambonbansong.go.th/index.php (0)
08-28: http://www.khokyanglocal.go.th/index.php (0)
08-28: http://donmuang-local.go.th/index.php (0)
08-26: Xalan-J XSLTC Integer Truncation (0)
08-26: http://www.sungnoenabt.go.th/read.html (0)
08-25: Zimbra Zip Path Traversal (0)
08-25: Arm Mali CSF VMA Split Mishandling (0)
08-25: PrestaShop Ap Pagebuilder 2.4.4 SQL Injection (0)
08-25: Centreon 22.04.0 Cross Site Scripting (0)
08-24: Zimbra Zip Path Traversal (0)
08-23: 10-Strike Network Inventory Explorer 9.3 Buffer Overflow (0)
08-23: WordPress Duplicator 1.4.7.2 Backup Disclosure (0)
08-23: Teleport 9.3.6 Command Injection (0)
08-23: http://www.wangdaeng.go.th/capcha/read.html (0)
08-22: AppleAVD AVC_RBSP::parseSliceHeader ref_pic_list_modification Overflow (0)
08-22: Personnel Property Equipment 2015-2022 SQL Injection (0)
08-22: Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution (0)
08-22: https://cri.nfe.go.th (0)
08-20: FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS (0)
08-20: Transposh WordPress Translation 1.0.8.1 Incorrect Authorization (0)
08-20: Apple Security Advisory 2022-08-17-2 (0)
08-20: Apple Security Advisory 2022-08-17-1 (0)
08-20: Apple Security Advisory 2022-08-18-1 (0)
08-20: Transposh WordPress Translation 1.0.8.1 Incorrect Authorization (0)
08-19: FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation (0)
08-19: Polar Flow Android 5.7.1 Secret Disclosure (0)
08-19: Advantech iView NetworkServlet Command Injection (0)
08-19: FLIX AX8 1.46.16 Remote Command Execution (0)
08-19: Chrome content::ServiceWorkerVersion::MaybeTimeoutRequest Heap Use-After-Free (0)
08-18: Advantech iView NetworkServlet Command Injection (0)
08-18: Update Chrome Now To Patch Actively Exploited Zero Day (0)
08-17: TypeORM 0.3.7 Information Disclosure (0)
08-17: Race Against The Sandbox (0)
08-16: Race Against The Sandbox (0)
08-16: Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure (0)
08-16: Inout SiteSearch 2.0.1 Cross Site Scripting (0)
08-16: Inout RealEstate 2.1.2 SQL Injection (0)
08-16: Win32.Ransom.BlueSky MVID-2022-0632 Code Execution (0)
08-16: Windows Credential Guard Domain-Joined Device Public Key Privilege Escalation (0)
08-15: Windows Credential Guard Domain-Joined Device Public Key Privilege Escalation (0)
08-13: Readymade Job Portal Script SQL Injection (0)
08-13: Gas Agency Management 2022 SQL Injection / XSS / Shell Upload (0)
08-13: Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow (0)
08-13: Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow (0)
08-12: Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow (0)
08-12: Intelbras ATA 200 Cross Site Scripting (0)
08-12: Fiberhome AN5506-02-B Cross Site Scripting (0)
08-12: http://www.yangngam.go.th/index.php (0)
08-12: http://www.tungluang.go.th/index.php (0)
08-12: http://www.sajorakhea.go.th/index.php (0)
08-12: https://www.secpt.go.th (0)
08-12: http://www.bankruatcity.go.th/index.php (0)
08-11: Fiberhome AN5506-02-B Cross Site Scripting (0)
08-11: Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass (0)
08-11: AirSpot 5410 0.3.4.1-4 Remote Command Injection (0)
08-11: Zimbra zmslapd Privilege Escalation (0)
08-11: Webmin Package Updates Command Injection (0)
08-10: Microsoft Patches Dogwalk Zero Day And 17 Critical Flaws (0)
08-10: Webmin Package Updates Command Injection (0)
08-10: Prestashop Blockwishlist 2.1.0 SQL Injection (0)
08-10: Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage (0)
08-10: PAN-OS 10.0 Remote Code Execution (0)
08-10: Matrimonial PHP Script 1.0 SQL Injection (0)
08-10: Feehi CMS 2.1.1 Cross Site Scripting (0)
08-09: http://www.kasetwisai.go.th/index.php (0)
08-09: http://www.kukasinglocal.go.th/index.php (0)
08-09: http://kham-saengcity.go.th/index.php (0)
08-09: http://www.nongjabok.go.th/index.php (0)
08-09: http://www.mabkrad.go.th/index.php (0)
08-09: http://www.muangmailocal.go.th/index.php (0)
08-09: http://ptb.go.th/index.php (0)
08-09: http://www.plubpla101.go.th/index.php (0)
08-09: http://www.nongyueng.go.th/index.php (0)
08-09: http://www.muangphoe.go.th/index.php (0)
08-09: http://www.prasuk.go.th/index.php (0)
08-09: http://rmchaiyaphum.go.th/index.php (0)
08-09: http://www.borthong.go.th/index.php (0)
08-09: Feehi CMS 2.1.1 Cross Site Scripting (0)
08-09: Nortek Linear eMerge E3-Series Credential Disclosure (0)
08-09: Nortek Linear eMerge E3-Series Command Injection (0)
08-09: Nortek Linear eMerge E3-Series Account Takeover (0)
08-09: WordPress Duplicator 1.4.7.1 Backup Disclosure (0)
08-09: ManageEngine ADAudit Plus Path Traversal / XML Injection (0)
08-09: Thingsboard 3.3.1 Cross Site Scripting (0)
08-09: [remote] PAN-OS 10.0 – Remote Code Execution (RCE) (Authenticated) (0)
08-09: [webapps] ThingsBoard 3.3.1 'name' – Stored Cross-Site Scripting (XSS) (0)
08-09: [webapps] Feehi CMS 2.1.1 – Stored Cross-Site Scripting (XSS) (0)
08-09: [webapps] Prestashop blockwishlist module 2.1.0 – SQLi (0)
08-09: [webapps] ThingsBoard 3.3.1 'description' – Stored Cross-Site Scripting (XSS) (0)
08-08: Thingsboard 3.3.1 Cross Site Scripting (0)
08-06: WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting (0)
08-06: Online Admission System 1.0 SQL Injection (0)
08-06: Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass (0)
08-06: Backdoor.Win32.Bushtrommel.122 MVID-2022-0630 Remote Command Execution (0)
08-06: WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery (0)
08-06: Zimbra UnRAR Path Traversal (0)
08-05: Zimbra UnRAR Path Traversal (0)
08-05: WordPress Duplicator 1.4.7 Unauthenticated Backup Download (0)
08-05: WordPress Download Manager 3.2.50 Arbitrary File Deletion (0)
08-05: Backdoor.Win32.Jokerdoor MVID-2022-0628 Buffer Overflow (0)
08-05: Chrome WebGL Uniform Integer Overflows (0)
08-05: VMware Workspace ONE Access Privilege Escalation (0)
08-05: https://khamtalayso.go.th/Sec.html (0)
08-05: https://nonyor.go.th/Sec.html (0)
08-05: https://samrong.go.th/Sec.html (0)
08-05: https://kangplu.go.th/Sec.html (0)
08-05: https://naimeung.go.th/Sec.html (0)
08-04: VMware Workspace ONE Access Privilege Escalation (0)
08-04: IObit Malware Fighter 9.2 Tampering / Privilege Escalation (0)
08-04: Multi-Language Hotel Management 2022 1.0 SQL Injection (0)
08-04: MobileIron Log4Shell Remote Command Execution (0)
08-04: Zoho Password Manager Pro XML-RPC Java Deserialization (0)
08-03: Zoho Password Manager Pro XML-RPC Java Deserialization (0)
08-03: uftpd 2.10 Directory Traversal (0)
08-02: uftpd 2.10 Directory Traversal (0)
08-02: Crime Reporting System 1.0 SQL Injection (0)
08-02: WordPress SeatReg 1.23.0 Open Redirect (0)
08-02: Wavlink WN533A8 Cross Site Scripting (0)
08-02: Wavlink WN533A8 Password Disclosure (0)
08-02: Wavlink WN530HG4 Password Disclosure (0)
08-02: Easy Chat Server 3.1 Buffer Overflow (0)
08-02: CodeIgniter CMS 4.2.0 SQL Injection (0)
08-02: Webmin 1.996 Remote Code Execution (0)
08-02: WordPress Duplicator 1.4.7 Information Disclosure (0)
08-02: WordPress Duplicator 1.4.6 Backup Disclosure (0)
08-02: mPDF 7.0 Local File Inclusion (0)
08-02: Backdoor.Win32.Destrukor.20 MVID-2022-0626 Authentication Bypass / Code Execution (0)
08-02: CuteEditor For PHP 6.6 Directory Traversal (0)
08-02: NanoCMS 0.4 Remote Code Execution (0)
08-02: Omnia MPX 1.5.0+r1 Path Traversal (0)
08-02: Backdoor.Win32.Destrukor.20 MVID-2022-0627 Remote Command Execution (0)
08-02: Packet Storm New Exploits For July, 2022 (0)
08-02: [remote] uftpd 2.10 – Directory Traversal (Authenticated) (0)
08-01: Packet Storm New Exploits For July, 2022 (0)
08-01: [webapps] Wavlink WN533A8 – Password Disclosure (0)
08-01: [webapps] Wavlink WN533A8 – Cross-Site Scripting (XSS) (0)
08-01: [remote] Easy Chat Server 3.1 – Remote Stack Buffer Overflow (SEH) (0)
08-01: [webapps] Wavlink WN530HG4 – Password Disclosure (0)
08-01: [webapps] WordPress Plugin Duplicator 1.4.6 – Unauthenticated Backup Download (0)
08-01: [webapps] Webmin 1.996 – Remote Code Execution (RCE) (Authenticated) (0)
08-01: [webapps] NanoCMS v0.4 – Remote Code Execution (RCE) (Authenticated) (0)
08-01: [remote] Omnia MPX 1.5.0+r1 – Path Traversal (0)
08-01: [webapps] mPDF 7.0 – Local File Inclusion (0)
08-01: [webapps] CuteEditor for PHP 6.6 – Directory Traversal (0)
08-01: [webapps] WordPress Plugin Duplicator 1.4.7 – Information Disclosure (0)

July 2022 (197)

07-30: WordPress WP-UserOnline 2.87.6 Cross Site Scripting (0)
07-30: Transposh WordPress Translation 1.0.7 Cross Site Scripting (0)
07-30: Transposh WordPress Translation 1.0.7 Cross Site Scripting (0)
07-30: Dingtian-DT-R002 3.1.276A Authentication Bypass (0)
07-30: Transposh WordPress Translation 1.0.7 Incorrect Authorization (0)
07-30: rpc.py 0.6.0 Remote Code Execution (0)
07-30: Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery (0)
07-30: Crime Reporting System 1.0 Cross Site Scripting (0)
07-30: Transposh WordPress Translation 1.0.8.1 Information Disclosure (0)
07-30: Geonetwork 4.2.0 XML Injection (0)
07-30: Transposh WordPress Translation 1.0.8.1 Improper Authorization (0)
07-30: Transposh WordPress Translation 1.0.8.1 SQL Injection (0)
07-30: Transposh WordPress Translation 1.0.8.1 Remote Code Execution (0)
07-30: http://www.pasanghospital.go.th/404.php (0)
07-29: http://www.tago.go.th/tago/gallery/hai.html (0)
07-29: http://www.arpon.go.th/arpon/mainfile/hai.html (0)
07-29: http://www.krabuang.go.th/krabuang/file_editor/hai.html (0)
07-29: http://srinarong.go.th/srinarong/mainfile/hai.html (0)
07-29: http://nanuan.go.th/nanuan/module_eservice1/ (0)
07-29: Transposh WordPress Translation 1.0.8.1 Remote Code Execution (0)
07-29: Loan Management System 1.0 SQL Injection (0)
07-29: Loan Management System 1.0 Cross Site Scripting (0)
07-29: [webapps] WordPress Plugin WP-UserOnline 2.87.6 – Stored Cross-Site Scripting (XSS) (0)
07-29: [remote] Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) – Remote Code Execution (0)
07-29: [webapps] Geonetwork 4.2.0 – XML External Entity (XXE) (0)
07-29: [webapps] Carel pCOWeb HVAC BACnet Gateway 2.1.0 – Directory Traversal (0)
07-29: [local] Asus GameSDK v1.0.0.4 – 'GameSDK.exe' Unquoted Service Path (0)
07-29: [webapps] Dingtian-DT-R002 3.1.276A – Authentication Bypass (0)
07-29: [remote] rpc.py 0.6.0 – Remote Code Execution (RCE) (0)
07-28: http://www.kalasin-pao.go.th/antidrug//images/id.gif (0)
07-27: PCProtect Endpoint 5.17.470 Tampering / Privilege Escalation (0)
07-27: Expert X Jobs Portal And Resume Builder 1.0 SQL Injection (0)
07-27: Garage Management System 1.0 Shell Upload (0)
07-27: Hospital Information System 1.0 SQL Injection (0)
07-27: Roxy-WI Remote Command Execution (0)
07-26: Roxy-WI Remote Command Execution (0)
07-26: Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection (0)
07-26: Patlite 1.46 Buffer Overflow (0)
07-26: [webapps] WordPress Plugin Visual Slide Box Builder 3.2.9 – SQLi (0)
07-25: Patlite 1.46 Buffer Overflow (0)
07-23: Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential (0)
07-23: http://www.kokkrabuang.go.th/index.php (0)
07-23: Apple Security Advisory 2022-07-20-1 (0)
07-23: Apple Security Advisory 2022-07-20-2 (0)
07-23: Apple Security Advisory 2022-07-20-3 (0)
07-23: Apple Security Advisory 2022-07-20-4 (0)
07-23: Apple Security Advisory 2022-07-20-5 (0)
07-23: Apple Security Advisory 2022-07-20-6 (0)
07-23: Apple Security Advisory 2022-07-20-7 (0)
07-22: Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential (0)
07-22: DASDEC Cross Site Scripting / HTML Injection (0)
07-22: IOTransfer 4.0 Remote Code Execution (0)
07-22: Dr. Fone 4.0.8 Unquoted Service Path (0)
07-22: Kite 1.2021.610.0 Unquoted Service Path (0)
07-22: OctoBot WebInterface 0.4.3 Remote Code Execution (0)
07-22: CodoForum 5.1 Remote Code Execution (0)
07-22: Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root (0)
07-22: Chrome Scope Break (0)
07-22: Chrome Scope Break (0)
07-21: http://khlongkhwai.go.th/counter.txt (0)
07-21: http://monnanglocal.go.th/counter.txt (0)
07-21: http://www.naleng.go.th/index.php (0)
07-21: http://www.cheewuek.go.th/index.php (0)
07-21: Emporium eCommerce Online Shopping CMS 1.2 SQL Injection (0)
07-21: http://www.bannalocal.go.th (0)
07-21: http://www.tungkula.go.th (0)
07-21: http://www.tonglang.go.th (0)
07-21: http://www.tamafaiwan.go.th (0)
07-21: http://www.muangkae.go.th (0)
07-21: http://www.huaycan.go.th (0)
07-21: [webapps] OctoBot WebInterface 0.4.3 – Remote Code Execution (RCE) (0)
07-21: [webapps] CodoForum v5.1 – Remote Code Execution (RCE) (0)
07-21: [local] Dr. Fone 4.0.8 – 'net_updater32.exe' Unquoted Service Path (0)
07-21: [remote] IOTransfer 4.0 – Remote Code Execution (RCE) (0)
07-21: [webapps] Magnolia CMS 6.2.19 – Stored Cross-Site Scripting (XSS) (0)
07-21: [local] Kite 1.2021.610.0 – Unquoted Service Path (0)
07-20: Emporium eCommerce Online Shopping CMS 1.2 SQL Injection (0)
07-20: http://www.muangfak.go.th (0)
07-20: http://www.makha-sm.go.th (0)
07-20: http://www.nonpradoo.go.th (0)
07-20: http://rangam.go.th (0)
07-20: http://nongbuakhok.go.th (0)
07-20: http://www.kohloybanghak-chonburi.go.th (0)
07-20: http://hinkhon.go.th (0)
07-20: http://www.lumpeak.go.th/index.php (0)
07-20: http://www.thungchanghan.go.th (0)
07-20: http://www.nongdon.go.th (0)
07-20: http://nongkham.go.th (0)
07-20: http://www.samrit.go.th (0)
07-20: http://www.chiangkhwan.go.th (0)
07-20: http://www.banbua.go.th/index.php (0)
07-20: http://www.pakthongchai.go.th/index.php (0)
07-20: http://www.songchan.go.th/index.php (0)
07-20: http://koksoong.go.th/index.php (0)
07-20: http://www.sisuk.go.th (0)
07-20: http://www.kwianhug.go.th (0)
07-20: http://www.sao-nongbua.go.th (0)
07-20: Asus GameSDK 1.0.0.4 Unquoted Service Path (0)
07-20: Spryker Commerce OS Remote Command Execution (0)
07-20: https://www.medcannabis.go.th (0)
07-20: http://nongpluang.go.th/coremain/images/theme/hai.html (0)
07-20: http://sawanpraya.go.th/coremain/images/border/ (0)
07-19: Spryker Commerce OS Remote Command Execution (0)
07-19: http://takook.go.th (0)
07-19: Travel Tours Script 1.0 SQL Injection (0)
07-19: Property Listing Script 3.1 SQL Injection (0)
07-19: Orange Station 1.0 SQL Injection (0)
07-19: Backdoor.Win32.HoneyPot.a MVID-2022-0622 Weak Hardcoded Password (0)
07-19: Builder XtremeRAT 3.7 MVID-2022-0623 Insecure Permissions (0)
07-19: Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass (0)
07-18: Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass (0)
07-18: http://lumkhaw.go.th/index.php (0)
07-18: http://www.khokkung.go.th/index.php (0)
07-18: http://khokmamuang.go.th/index.php (0)
07-18: http://klongtabchan.go.th/index.php (0)
07-18: http://www.dontanin.go.th/index.php (0)
07-17: http://www.soengsanglocal.go.th/index.php (0)
07-17: http://www.sakot.go.th/index.php (0)
07-17: http://www.sampanieng.go.th/index.php (0)
07-17: http://www.srapra.go.th/index.php (0)
07-16: Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation (0)
07-16: Windows Kernel nt!MiRelocateImage Invalid Read (0)
07-15: http://www.bankangcity.go.th/index.php (0)
07-15: http://www.tungsawang.go.th/index.php (0)
07-15: Windows Kernel nt!MiRelocateImage Invalid Read (0)
07-15: PrestaShop 1.7.6.7 Cross Site Scripting (0)
07-14: PrestaShop 1.7.6.7 Cross Site Scripting (0)
07-14: Sourcegraph gitserver sshCommand Remote Command Execution (0)
07-14: Sourcegraph gitserver sshCommand Remote Command Execution (0)
07-13: http://amss.ses26.go.th (0)
07-13: http://amssplus.ses26.go.th (0)
07-13: JBOSS EAP/AS 6.x Remote Code Execution (0)
07-13: JBOSS EAP/AS 6.x Remote Code Execution (0)
07-12: Mutt mutt_decode_uuencoded() Memory Disclosure (0)
07-12: Xen TLB Flush Bypass (0)
07-12: Chrome PaintImage Deserialization Out-Of-Bounds Read (0)
07-12: Nginx 1.20.0 Denial Of Service (0)
07-12: Sashimi Evil OctoBot Tentacle (0)
07-12: WordPress Visual Slide Box Builder 3.2.9 SQL Injection (0)
07-11: WordPress Visual Slide Box Builder 3.2.9 SQL Injection (0)
07-11: https://sanpong.go.th/riz.htm (0)
07-11: [remote] Nginx 1.20.0 – Denial of Service (DOS) (0)
07-08: Windows Kerberos KerbRetrieveEncodedTicketMessage AppContainer Privilege Escalation (0)
07-08: http://www.plailocal.go.th/index.php (0)
07-07: Windows Kerberos KerbRetrieveEncodedTicketMessage AppContainer Privilege Escalation (0)
07-07: Magnolia CMS 6.2.19 Cross Site Scripting (0)
07-07: EQS Integrity Line Cross Site Scripting / Information Disclosure (0)
07-07: Xen PV Guest Non-SELFSNOOP CPU Memory Corruption (0)
07-07: Windows Kerberos Redirected Logon Buffer Privilege Escalation (0)
07-06: Windows Kerberos Redirected Logon Buffer Privilege Escalation (0)
07-06: http://www.sptn.dss.go.th/bas/public/site/images/zbiok/Ox.gif (0)
07-06: Windows Defender Remote Credential Guard Authentication Relay Privilege Escalation (0)
07-06: Advanced Testimonials Manager 5.6 SQL Injection (0)
07-06: Ransom Lockbit 3.0 MVID-2022-0621 Code Execution (0)
07-05: Google: Half Of Zero-Day Exploits Linked To Poor Software Fixes (0)
07-05: Ransom Lockbit 3.0 MVID-2022-0621 Code Execution (0)
07-05: Stock Management System 2020 SQL Injection (0)
07-05: Paymoney 3.3 Cross Site Scripting (0)
07-05: DouPHP 1.2 Release 20141027 SQL Injection (0)
07-05: Ransom Lockbit 3.0 MVID-2022-0620 Buffer Overflow (0)
07-04: https://web.sakon2.go.th/daka.htm (0)
07-04: https://bigdata.sakon2.go.th/daka.htm (0)
07-04: https://emoney.sakon2.go.th/daka.htm (0)
07-04: https://material.sakon2.go.th/daka.htm (0)
07-04: Ransom Lockbit 3.0 MVID-2022-0620 Buffer Overflow (0)
07-03: https://www.khaochot.go.th/Matigan.php (0)
07-02: TypeORM SQL Injection (0)
07-02: Classified Listing 2.2.9 Cross Site Scripting (0)
07-02: BigBlueButton 2.3 / 2.4.7 Cross Site Scripting (0)
07-02: PHP Library Remote Code Execution (0)
07-02: Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal (0)
07-02: Packet Storm New Exploits For June, 2022 (0)
07-01: Packet Storm New Exploits For June, 2022 (0)
07-01: Backdoor.Win32.Cafeini.b MVID-2022-0617 Hardcoded Credential (0)
07-01: Backdoor.Win32.EvilGoat.b MVID-2022-0619 Hardcoded Credential (0)
07-01: Backdoor.Win32.Coredoor.10.a MVID-2022-0618 Authentication Bypass (0)
07-01: http://keumchad.go.th/zz.html (0)
07-01: http://namatoom.go.th/zz.html (0)
07-01: http://nkt.go.th/zz.html (0)
07-01: http://sridonpai.go.th/zz.html (0)
07-01: http://phimainuea.go.th/zz.html (0)
07-01: http://pimoon.go.th/zz.html (0)
07-01: http://phanokkhao.go.th/zz.html (0)
07-01: http://sammuang.go.th/zz.html (0)
07-01: http://simeun.go.th/zz.html (0)
07-01: http://preakasamai.go.th/zz.html (0)
07-01: http://tal.go.th/zz.html (0)
07-01: http://phanthongnongkakha.go.th/zz.html (0)
07-01: http://thanonkhad.go.th/zz.html (0)
07-01: http://thangphra.go.th/zz.html (0)
07-01: http://suansom.go.th/zz.html (0)
07-01: http://tasala-loei.go.th/zz.html (0)
07-01: http://tasawang.go.th/zz.html (0)
07-01: http://whd.go.th/zz.html (0)
07-01: http://tln.go.th/zz.html (0)
07-01: http://yaicha.go.th/zz.html (0)
07-01: [remote] WiFi Mouse 1.7.8.5 – Remote Code Execution(v2) (0)

June 2022 (179)

06-30: http://myoffice.sesao14.go.th/myoffice/2565/laysen/2007.jpg (0)
06-30: https://myoffice.sesaskss.go.th/laysen/89.jpg (0)
06-30: https://web.sesao8.go.th/myoffice/2565/laysen/3827.jpg (0)
06-30: http://myoffice.nonpeo.go.th/laysen/31.jpg (0)
06-30: http://office.sea12.go.th/2564/laysen/734.jpg (0)
06-30: http://buengkan.immigration.go.th/admin/pic/3a7f0cb8f403f782e9d9fd0c4514aa0b.jpg (0)
06-30: Backdoor.Win32.Coredoor.10.a MVID-2022-0618 Authentication Bypass (0)
06-30: http://ict.utd2.go.th/readme.txt (0)
06-30: http://e-salary2.utd2.go.th/readme.txt (0)
06-30: https://ww.utd2.go.th/readme.txt (0)
06-30: http://amss.utd2.go.th/readme.txt (0)
06-30: https://smss.aya1.go.th/daka.htm (0)
06-30: https://bigdata.nb2.go.th/daka.htm (0)
06-30: https://amss-old.nb2.go.th/daka.htm (0)
06-30: https://e-salary.nb2.go.th/daka.htm (0)
06-30: https://e-bamnan.nb2.go.th/daka.htm (0)
06-30: https://amss.nb2.go.th/daka.htm (0)
06-30: Laundry Management System 1.0 SQL Injection (0)
06-30: Fruits-Bazar 2021 1.0 SQL Injection (0)
06-30: Fruits-Bazar 2021 1.0 SQL Injection (0)
06-29: Zoo Management System 1.0 Cross Site Scripting (0)
06-29: OpenCart 3.x So Filter Shop By SQL Injection (0)
06-29: AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service (0)
06-28: AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service (0)
06-28: WSO2 Management Console Cross Site Scripting (0)
06-28: Library Management System With QR Code 1.0 Shell Upload (0)
06-28: Library Management System With QR Code 1.0 Cross Site Scripting (0)
06-28: Library Management System With QR Code 1.0 SQL Injection (0)
06-28: Coffee Shop Cashiering System 1.0 SQL Injection (0)
06-28: WordPress Weblizar 8.9 Code Execution (0)
06-28: WordPress W-DALIL 2.0 Cross Site Scripting (0)
06-28: Mailhog 1.0.1 Cross Site Scripting (0)
06-28: WordPress Simple Page Transition 1.4.1 Cross Site Scripting (0)
06-27: WordPress Simple Page Transition 1.4.1 Cross Site Scripting (0)
06-27: [webapps] Mailhog 1.0.1 – Stored Cross-Site Scripting (XSS) (0)
06-27: [webapps] WSO2 Management Console (Multiple Products) – Unauthenticated Reflected Cross-Site Scripting (XSS) (0)
06-27: [webapps] WordPress Plugin Weblizar 8.9 – Backdoor (0)
06-25: Yashma Ransomware Builder 1.2 MVID-2022-0613 Insecure Permissions (0)
06-25: Backdoor.Win32.Shark.btu MVID-2022-0615 Insecure Permissions (0)
06-25: Trojan-Mailfinder.Win32.VB.p MVID-2022-0616 Insecure Permissions (0)
06-25: Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions (0)
06-24: Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions (0)
06-23: Zoo Management System 1.0 Cross Site Scripting (0)
06-23: WordPress Download Manager 3.2.43 Cross Site Scripting (0)
06-22: WordPress Download Manager 3.2.43 Cross Site Scripting (0)
06-22: SAP Fiori Launchpad Cross Site Scripting (0)
06-22: SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal (0)
06-22: SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal (0)
06-22: SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication (0)
06-22: SAP FRUN 2.00 / 3.00 Cross Site Scripting (0)
06-21: http://phonkho.go.th/back.txt (0)
06-21: Marval MSM 14.19.0.12476 Remote Code Execution (0)
06-21: Kitty 0.76.0.8 Stack Buffer Overflow (0)
06-21: Marval MSM 14.19.0.12476 Cross Site Request Forgery (0)
06-21: Warehouse Management System 2022 SQL Injection (0)
06-21: Virtua Software Cobranca 12S SQL Injection (0)
06-21: ChurchCRM 4.4.5 SQL Injection (0)
06-21: JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect (0)
06-21: HP LaserJet Professional M1210 MFP Series Receive Fax Service Unquoted Service Path (0)
06-21: Algo 8028 Control Panel Remote Code Execution (0)
06-21: Pandora FMS 7.0NG.742 Remote Code Execution (0)
06-21: Sourcegraph Gitserver 3.36.3 Remote Code Execution (0)
06-21: Multi Language Pharmacy Management System 1.0 Shell Upload (0)
06-21: Old Age Home Management System 1.0 SQL Injection (0)
06-21: Chrome WebGPUDecoderImpl::DoRequestDevice Missing Bounds Check (0)
06-21: Chrome CVE-2022-1096 Incomplete Fix (0)
06-21: XNU Flow Divert Race Condition Use-After-Free (0)
06-21: phpIPAM 1.4.5 Remote Code Execution (0)
06-21: TP-Link AX50 Remote Code Execution (0)
06-21: SolarView Compact 6.00 Cross Site Scripting (0)
06-21: Gentics CMS 5.36.29 Cross Site Scripting / Deserialization (0)
06-21: SoftGuard SNMP Network Management Extension HTML Injection / File Download (0)
06-21: Mitel 6800/6900 Series SIP Phones Backdoor Access (0)
06-21: Lepin EP-KP001 KP001_V19 Authentication Bypass (0)
06-21: Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor (0)
06-21: SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting (0)
06-20: SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting (0)
06-19: http://nonedu2.go.th/kz.html (0)
06-19: https://sakon2.go.th/daka.htm (0)
06-18: http://www7.djop.go.th/index2.html (0)
06-16: http://nongjom.go.th (0)
06-15: http://bookshelf.senate.go.th/lol.txt (0)
06-15: http://questionnaire.senate.go.th/lol.txt (0)
06-15: http://legalxml.senate.go.th/lol.txt (0)
06-15: http://question.senate.go.th/lol.txt (0)
06-15: http://budget.senate.go.th/lol.txt (0)
06-15: http://mail3.senate.go.th/lol.txt (0)
06-15: http://act.senate.go.th/lol.txt (0)
06-15: http://money.senate.go.th/lol.txt (0)
06-14: http://mueangkhaen.go.th/zz.php (0)
06-14: http://sanc.go.th/zz.php (0)
06-14: https://www.phukethealthfund.go.th/zz.php (0)
06-14: [local] Real Player 16.0.3.51 – 'external::Import()' Directory Traversal to Remote Code Execution (RCE) (0)
06-14: [webapps] SolarView Compact 6.00 – 'pow' Cross-Site Scripting (XSS) (0)
06-14: [local] Real Player v.20.0.8.310 G2 Control – 'DoGoToURL()' Remote Code Execution (RCE) (0)
06-14: [webapps] SolarView Compact 6.00 – 'time_begin' Cross-Site Scripting (XSS) (0)
06-14: [webapps] Avantune Genialcloud ProJ 10 – Cross-Site Scripting (XSS) (0)
06-14: [remote] Marval MSM v14.19.0.12476 – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [webapps] Old Age Home Management System 1.0 – SQLi Authentication Bypass (0)
06-14: [webapps] ChurchCRM 4.4.5 – SQLi (0)
06-14: [remote] Sourcegraph Gitserver 3.36.3 – Remote Code Execution (RCE) (0)
06-14: [remote] TP-Link Router AX50 firmware 210730 – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [webapps] phpIPAM 1.4.5 – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [remote] Algo 8028 Control Panel – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [webapps] Pandora FMS v7.0NG.742 – Remote Code Execution (RCE) (Authenticated) (0)
06-14: [remote] Virtua Software Cobranca 12S – SQLi (0)
06-14: [local] HP LaserJet Professional M1210 MFP Series Receive Fax Service – Unquoted Service Path (0)
06-14: [remote] Marval MSM v14.19.0.12476 – Cross-Site Request Forgery (CSRF) (0)
06-11: https://taladlocal.go.th/kz.html (0)
06-11: WordPress Motopress Hotel Booking Lite 4.2.4 Cross Site Scripting (0)
06-11: Kik Messenger XMPP Stanza Smuggling (0)
06-10: https://wangsomboonhospital.go.th/1975.html (0)
06-10: Kik Messenger XMPP Stanza Smuggling (0)
06-10: https://khamthoa.go.th/kz.html (0)
06-10: https://sikhiotown.go.th/kz.html (0)
06-10: [webapps] Confluence Data Center 7.18.0 – Remote Code Execution (RCE) (0)
06-10: [webapps] WordPress Plugin Motopress Hotel Booking Lite 4.2.4 – Stored Cross-Site Scripting (XSS) (0)
06-09: WordPress Download Manager 3.2.42 Cross Site Scripting (0)
06-09: Atlassian Confluence Namespace OGNL Injection (0)
06-08: Atlassian Confluence Namespace OGNL Injection (0)
06-08: Confluence OGNL Injection Remote Code Execution (0)
06-08: Through The Wire CVE-2022-26134 Confluence Proof Of Concept (0)
06-08: Confluence OGNL Injection Proof Of Concept (0)
06-08: Trojan-Banker.Win32.Banker.agzg MVID-2022-0608 Insecure Permissions (0)
06-08: Trojan-Banker.Win32.Banbra.cyt MVID-2022-0611 Insecure Permissions (0)
06-08: Trojan-Proxy.Win32.Symbab.o MVID-2022-0610 Heap Corruption (0)
06-08: Ransom.Haron MVID-2022-0609 Code Execution (0)
06-08: Backdoor.Win32.Cabrotor.10.d MVID-2022-0612 Remote Command Execution (0)
06-08: Microsoft Office Word MSDTJS Code Execution (0)
06-07: Microsoft Office Word MSDTJS Code Execution (0)
06-07: http://www.singburihosp.go.th/0x.jpg (0)
06-07: http://satun.nfe.go.th/t_khokoa/web1/file_editor/0x.txt (0)
06-07: http://www.sahathat.go.th/obec/web1/file_editor/0x.txt (0)
06-07: Apache 2.4.50 Remote Code Execution (0)
06-07: Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure (0)
06-07: Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure (0)
06-07: Korenix JetPort 5601V3 Backdoor Account (0)
06-07: dbus-broker-29 Memory Corruption (0)
06-07: Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass (0)
06-07: Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection (0)
06-06: Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection (0)
06-04: http://spb3.go.th/rz.php (0)
06-04: Zyxel USG FLEX 5.21 Command Injection (0)
06-04: Microweber CMS 1.2.15 Account Takeover (0)
06-04: Contao 4.13.2 Cross Site Scripting (0)
06-04: SolarView Compact 6.00 Directory Traversal (0)
06-04: Telesquare SDT-CW3B1 1.1.0 Command Injection (0)
06-04: IIPImage Remote Memory Corruption (0)
06-04: Real Player 20.1.0.312 / 20.0.3.317 DLL Hijacking (0)
06-04: NVIDIA Data Center GPU Manager Remote Memory Corruption (0)
06-03: Zero-Day Exploitation Of Atlassian Confluence (0)
06-03: NVIDIA Data Center GPU Manager Remote Memory Corruption (0)
06-03: dotCMS Shell Upload (0)
06-03: Product Show Room Site 1.0 Cross Site Scripting (0)
06-03: libMeshb Buffer Overflow (0)
06-03: libMeshb Buffer Overflow (0)
06-03: [remote] SolarView Compact 6.00 – Directory Traversal (0)
06-03: [remote] Telesquare SDT-CW3B1 1.1.0 – OS Command Injection (0)
06-03: [webapps] Microweber CMS 1.2.15 – Account Takeover (0)
06-03: [remote] Zyxel USG FLEX 5.21 – OS Command Injection (0)
06-03: [webapps] Contao 4.13.2 – Cross-Site Scripting (XSS) (0)
06-03: [remote] Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 – Remote Code Execution (RCE) (0)
06-02: Real Player 20.0.8.310 G2 Control DoGoToURL() Remote Code Execution (0)
06-02: Real Player 16.00.282 / 16.0.3.51 / Cloud 17.0.9.17 / 20.0.7.309 Remote Code Execution (0)
06-02: Real Player 16.0.3.51 / Cloud 17.0.9.17 / 20.0.7.309 DCP URI Remote Code Execution (0)
06-02: Avantune Genialcloud ProJ 10 Cross Site Scripting (0)
06-02: OpenSSL 1.0.2 / 1.1.1 / 3.0 BN_mod_sqrt() Infinite Loop (0)
06-02: libxml2 xmlBufAdd Heap Buffer Overflow (0)
06-02: Packet Storm New Exploits For May, 2022 (0)
06-02: GtkRadiant 1.6.6 Buffer Overflow (0)
06-02: http://yala.nfe.go.th/betong/web1/file_editor/0x.txt (0)
06-02: http://phuket.nfe.go.th/kathu/web1/file_editor/0x.txt (0)
06-02: GtkRadiant 1.6.6 Buffer Overflow (0)
06-02: Microsoft Releases Workaround For 1-Click 0-Day Under Active Attack (0)
06-01: Fast Food Ordering System 1.0 Cross Site Scripting (0)
06-01: Microsoft Follina Proof Of Concept (0)
06-01: Microsoft Office MSDT Follina Proof Of Concept (0)
06-01: MyBB Admin Control Remote Code Execution (0)
06-01: MyBB Admin Control Remote Code Execution (0)

May 2022 (260)

05-31: http://thongfah.dit.go.th/krd.html (0)
05-31: http://blueflag.dit.go.th/krd.html (0)
05-31: https://lowpricemap.dit.go.th/krd.html (0)
05-31: Fast Food Ordering System 1.0 SQL Injection (0)
05-31: Ingredient Stock Management System 1.0 SQL Injection (0)
05-31: Ingredient Stock Management System 1.0 Account Takeover (0)
05-31: WordPress User Meta Lite / Pro 2.4.3 Path Traversal (0)
05-31: Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root (0)
05-30: Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root (0)
05-29: https://loei2.go.th/1975.html (0)
05-28: https://amnat-ed.go.th/1975.html (0)
05-27: http://www.mhs-pao.go.th/zil.php (0)
05-27: qdPM 9.1 Remote Code Execution (0)
05-27: ChromeOS usbguard Bypass (0)
05-27: Tigase XMPP Server Stanza Smuggling (0)
05-26: Tigase XMPP Server Stanza Smuggling (0)
05-26: http://cems.diw.go.th/sadme.htm (0)
05-26: http://policeubon.go.th/o.htm (0)
05-26: Print Spooler Remote DLL Injection (0)
05-25: Print Spooler Remote DLL Injection (0)
05-25: Zoom XMPP Stanza Smuggling Remote Code Execution (0)
05-25: CLink Office 2.0 SQL Injection (0)
05-25: Online Fire Reporting System 1.0 SQL Injection (0)
05-25: Online Fire Reporting System 1.0 SQL Injection (0)
05-25: [webapps] qdPM 9.1 – Remote Code Execution (RCE) (Authenticated) (v2) (0)
05-24: OpenCart Newsletter 3.0.2.0 SQL Injection (0)
05-24: Blockchain AltExchanger 1.2.1 SQL Injection (0)
05-24: Blockchain FiatExchanger 2.2.1 SQL Injection (0)
05-24: m1k1o's Blog 1.3 Remote Code Execution (0)
05-24: iTop Remote Command Execution (0)
05-23: iTop Remote Command Execution (0)
05-23: [webapps] m1k1o's Blog v.10 – Remote Code Execution (RCE) (Authenticated) (0)
05-23: [webapps] OpenCart v3.x Newsletter Module – Blind SQLi (0)
05-21: Linux USB Use-After-Free (0)
05-20: Linux USB Use-After-Free (0)
05-20: PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting (0)
05-20: LiquidFiles 3.4.15 Cross Site Scripting (0)
05-20: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization (0)
05-19: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization (0)
05-19: Emby Media Server 4.7.0.60 Cross Site Scripting (0)
05-18: APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days (0)
05-18: Emby Media Server 4.7.0.60 Cross Site Scripting (0)
05-18: SolarView Compact 6.0 Command Injection (0)
05-18: Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting (0)
05-18: T-Soft E-Commerce 4 Cross Site Scripting (0)
05-18: T-Soft E-Commerce 4 SQL Injection (0)
05-18: OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization (0)
05-18: Showdoc 2.10.3 Cross Site Scripting (0)
05-18: Online Discussion Forum Site 1.0 SQL Injection (0)
05-18: SDT-CW3B1 1.1.0 Command Injection (0)
05-18: Trojan-Ransom.Thanos MVID-2022-0607 Code Execution (0)
05-18: Apple Security Advisory 2022-05-16-1 (0)
05-18: Apple Security Advisory 2022-05-16-2 (0)
05-18: Apple Security Advisory 2022-05-16-3 (0)
05-18: Apple Security Advisory 2022-05-16-4 (0)
05-18: Apple Security Advisory 2022-05-16-5 (0)
05-18: Apple Security Advisory 2022-05-16-6 (0)
05-18: Apple Security Advisory 2022-05-16-7 (0)
05-18: Apple Security Advisory 2022-05-16-8 (0)
05-18: Trojan-Ransom.Thanos MVID-2022-0607 Code Execution (0)
05-17: Ransom.Conti MVID-2022-0601 Code Execution (0)
05-17: Ransom.Conti MVID-2022-0602 Code Execution (0)
05-17: Ransom.Conti MVID-2022-0603 Code Execution (0)
05-17: HighCMS/HighPortal 12.x SQL Injection (0)
05-17: Ransom.Conti MVID-2022-0604 Code Execution (0)
05-17: WordPress WP Event Manager 3.1.27 Cross Site Scripting (0)
05-17: Ransom.Conti MVID-2022-0605 Code Execution (0)
05-17: Zyxel Remote Command Execution (0)
05-17: Ransom.Conti MVID-2022-0606 Code Execution (0)
05-17: IpMatcher 1.0.4.1 Server-Side Request Forgery (0)
05-17: Chrome 100 extensions::ExtensionApiFrameIdMap::GetFrameId Heap Use-After-Free (0)
05-17: Zyxel Firewall ZTP Unauthenticated Command Injection (0)
05-17: [webapps] Showdoc 2.10.3 – Stored Cross-Site Scripting (XSS) (0)
05-17: [remote] SolarView Compact 6.0 – OS Command Injection (0)
05-17: [webapps] T-Soft E-Commerce 4 – SQLi (Authenticated) (0)
05-17: [remote] SDT-CW3B1 1.1.0 – OS Command Injection (0)
05-17: [webapps] T-Soft E-Commerce 4 – 'UrunAdi' Stored Cross-Site Scripting (XSS) (0)
05-17: [webapps] Survey Sparrow Enterprise Survey Software 2022 – Stored Cross-Site Scripting (XSS) (0)
05-16: Zyxel Firewall ZTP Unauthenticated Command Injection (0)
05-14: Konica Minolta bizhub MFP Printer Terminal Sandbox Escape (0)
05-13: Konica Minolta bizhub MFP Printer Terminal Sandbox Escape (0)
05-13: F5 BIG-IP 16.0.x Remote Code Execution (0)
05-13: Royal Event Management System 1.0 SQL Injection (0)
05-13: Ransom.REvil MVID-2022-0596 Code Execution (0)
05-13: TLR-2005KSH Arbitrary File Delete (0)
05-13: College Management System 1.0 SQL Injection (0)
05-13: AppleVideoDecoder CreateHeaderBuffer Out-Of-Bounds Free (0)
05-13: F5 BIG-IP iControl Remote Code Execution (0)
05-13: Ransom.REvil MVID-2022-0595 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0597 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0598 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0599 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0600 Code Execution (0)
05-12: Ransom.REvil MVID-2022-0600 Code Execution (0)
05-12: e107 CMS 3.2.1 Arbitrary File Upload / Cross Site Scripting (0)
05-12: Apache CouchDB 3.2.1 Remote Code Execution (0)
05-12: Wondershare Dr.Fone 12.0.7 Privilege Escalation (0)
05-12: Wondershare Dr.Fone 12.0.7 Privilege Escalation (0)
05-12: ExifTool 12.23 Arbitrary Code Execution (0)
05-12: Cyclos 4.14.7 Cross Site Scripting (0)
05-12: DLINK DIR850 Open Redirection (0)
05-12: DLINK DIR850 Insecure Direct Object Reference (0)
05-12: Wondershare Dr.Fone 11.4.10 Insecure Permissions (0)
05-12: SAP BusinessObjects Intelligence 4.3 XML Injection (0)
05-12: Microsoft CMD.EXE Integer Overflow (0)
05-12: ManageEngine ADSelfService Plus Build 6118 NTLMv2 Hash Exposure (0)
05-12: TCQ Unquoted Service Path (0)
05-12: UDisk Monitor Z5 Phone 2.0.3.0 Unquoted Service Path (0)
05-12: Anuko Time Tracker 1.20.0.5640 SQL Injection (0)
05-12: Navigate CMS 2.9.4 Server-Side Request Forgery (0)
05-12: Google Chrome 78.0.3904.70 Remote Code Execution (0)
05-12: PyScript 2022-05-04-Alpha Source Code Disclosure (0)
05-12: DLINK DAP-1620 A1 1.01 Directory Traversal (0)
05-12: Beehive Forum 1.5.2 Account Takeover (0)
05-12: MyBB 1.8.29 Remote Code Execution (0)
05-12: WordPress Blue Admin 21.06.01 Cross Site Request Forgery (0)
05-12: Joomla SexyPolling 2.1.7 SQL Injection (0)
05-12: Ruijie Reyee Mesh Router Remote Code Execution (0)
05-12: Cisco RV340 SSL VPN Unauthenticated Remote Code Execution (0)
05-12: Actively Exploited Zero-Day Bug Patched By Microsoft (0)
05-12: Cisco RV340 SSL VPN Unauthenticated Remote Code Execution (0)
05-12: [webapps] TLR-2005KSH – Arbitrary File Delete (0)
05-12: [webapps] College Management System 1.0 – 'course_code' SQL Injection (Authenticated) (0)
05-12: [webapps] Royal Event Management System 1.0 – 'todate' SQL Injection (Authenticated) (0)
05-12: [remote] F5 BIG-IP 16.0.x – Remote Code Execution (RCE) (0)
05-11: Spring4Shell Spring Framework Class Property Remote Code Execution (0)
05-11: Printix 1.3.1106.0 Privilege Escalation (0)
05-11: Printix 1.3.1106.0 Privileged API Abuse (0)
05-11: https://area2.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area3.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area5.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area7.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area10.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area8.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area9.kkzone1.go.th/resize-image-class.php (0)
05-11: [webapps] TLR-2005KSH – Arbitrary File Upload (0)
05-11: [remote] ManageEngine ADSelfService Plus Build 6118 – NTLMv2 Hash Exposure (0)
05-11: [webapps] Microfinance Management System 1.0 – 'customer_number' SQLi (0)
05-11: [webapps] e107 CMS v3.2.1 – Multiple Vulnerabilities (0)
05-11: [webapps] WebTareas 2.4 – Blind SQLi (Authenticated) (0)
05-11: [local] ExifTool 12.23 – Arbitrary Code Execution (0)
05-11: [webapps] WordPress Plugin Advanced Uploader 4.2 – Arbitrary File Upload (Authenticated) (0)
05-11: [local] Wondershare Dr.Fone 12.0.7 – Privilege Escalation (ElevationService) (0)
05-11: [remote] Bookeen Notea – Directory Traversal (0)
05-11: [local] Wondershare Dr.Fone 12.0.7 – Privilege Escalation (InstallAssistService) (0)
05-11: [webapps] CSZ CMS 1.3.0 – 'Multiple' Blind SQLi (0)
05-11: [remote] Apache CouchDB 3.2.1 – Remote Code Execution (RCE) (0)
05-11: [local] UDisk Monitor Z5 Phone – 'MonServiceUDisk.exe' Unquoted Service Path (0)
05-11: [webapps] Anuko Time Tracker – SQLi (Authenticated) (0)
05-11: [local] Wondershare Dr.Fone 11.4.10 – Insecure File Permissions (0)
05-11: [remote] Tenda HG6 v3.3.0 – Remote Command Injection (0)
05-11: [remote] Prime95 Version 30.7 build 9 – Remote Code Execution (RCE) (0)
05-11: [remote] Google Chrome 78.0.3904.70 – Remote Code Execution (0)
05-11: [remote] DLINK DIR850 – Open Redirect (0)
05-11: [remote] PyScript – Read Remote Python Source Code (0)
05-11: [webapps] Cyclos 4.14.7 – 'groupId' DOM Based Cross-Site Scripting (XSS) (0)
05-11: [remote] DLINK DAP-1620 A1 v1.01 – Directory Traversal (0)
05-11: [remote] Akka HTTP 10.1.14 – Denial of Service (0)
05-11: [webapps] Explore CMS 1.0 – SQL Injection (0)
05-11: [webapps] Magento eCommerce CE v2.3.5-p2 – Blind SQLi (0)
05-11: [webapps] Navigate CMS 2.9.4 – Server-Side Request Forgery (SSRF) (Authenticated) (0)
05-11: [webapps] Bitrix24 – Remote Code Execution (RCE) (Authenticated) (0)
05-11: [webapps] WordPress Plugin stafflist 3.1.2 – SQLi (Authenticated) (0)
05-11: [webapps] Joomla Plugin SexyPolling 2.1.7 – SQLi (0)
05-11: [webapps] WordPress Plugin Blue Admin 21.06.01 – Cross-Site Request Forgery (CSRF) (0)
05-11: [webapps] Beehive Forum – Account Takeover (0)
05-11: [webapps] MyBB 1.8.29 – MyBB 1.8.29 – Remote Code Execution (RCE) (Authenticated) (0)
05-11: [remote] USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 – Remote Root Backdoor (0)
05-11: [webapps] PHProjekt PhpSimplyGest v1.3. – Stored Cross-Site Scripting (XSS) (0)
05-11: [webapps] Cyclos 4.14.7 – DOM Based Cross-Site Scripting (XSS) (0)
05-11: [webapps] ImpressCMS v1.4.4 – Unrestricted File Upload (0)
05-11: [remote] Ruijie Reyee Mesh Router – Remote Code Execution (RCE) (Authenticated) (0)
05-11: [remote] DLINK DIR850 – Insecure Access Control (0)
05-11: [remote] SAP BusinessObjects Intelligence 4.3 – XML External Entity (XXE) (0)
05-11: [local] TCQ – ITeCProteccioAppServer.exe – Unquoted Service Path (0)
05-10: Printix 1.3.1106.0 Privileged API Abuse (0)
05-10: Ransom.Cryakl Code Execution (0)
05-10: Ransom.Petya Code Execution (0)
05-10: Travel Management System 1.0 SQL Injection (0)
05-10: School Dormitory Management 1.0 SQL Injection (0)
05-10: Ransom.Conti Code Execution (0)
05-10: Ransom.Satana Code Execution (0)
05-10: School Dormitory Management System 1.0 SQL Injection (0)
05-10: APT28 FancyBear Code Execution (0)
05-10: Chrome content::DisplayCutoutHostImpl::SendSafeAreaToFrame Use-After-Free (0)
05-10: Linux PT_SUSPEND_SECCOMP Permission Bypass / Death Race (0)
05-10: F5 BIG-IP Remote Code Execution (0)
05-09: F5 BIG-IP Remote Code Execution (0)
05-09: https://www.spmnan.go.th/readmee.htm (0)
05-09: https://nptedu.go.th/readmee.htm (0)
05-09: http://esanpt1.go.th/daka.htm (0)
05-08: http://www.nb1.go.th/daka.htm (0)
05-08: https://www.trang1.go.th/daka.htm (0)
05-07: REvil.Ransom Code Execution (0)
05-07: Trojan.Ransom.Cryptowall Code Execution (0)
05-07: ChatBot Application With A Suggestion Feature 1.0 SQL Injection (0)
05-07: Trojan-Ransom.LockerGoga Code Execution (0)
05-07: Trojan-Ransom.Cerber Code Execution (0)
05-07: Ransom.CTBLocker Code Execution (0)
05-07: Craft CMS 3.7.36 Password Reset Poisoning Attack (0)
05-07: Trojan.CryptoLocker Code Execution (0)
05-07: Trojan-Ransom.Radamant Code Execution (0)
05-07: http://ret2.go.th/readme.htm (0)
05-06: Craft CMS 3.7.36 Password Reset Poisoning Attack (0)
05-06: Red Planet Laundry Management System 1.0 SQL Injection (0)
05-06: SAP Web Dispatcher HTTP Request Smuggling (0)
05-06: PHProjekt PhpSimplyGest / MyProjects 1.3.0 Cross Site Scripting (0)
05-06: ZoneMinder Language Settings Remote Code Execution (0)
05-06: ZoneMinder Language Settings Remote Code Execution (0)
05-05: Conti.Ransom Code Execution (0)
05-05: Ransom.Conti Code Execution (0)
05-05: REvil.Ransom Code Execution (0)
05-05: Ransom.WannaCry Code Execution (0)
05-04: https://ict.amnat-ed.go.th/readmee.htm (0)
05-04: https://e-office.amnat-ed.go.th/readmee.htm (0)
05-04: https://e-news.amnat-ed.go.th/readmee.htm (0)
05-04: https://e-network.amnat-ed.go.th/readmee.htm (0)
05-04: https://salary.amnat-ed.go.th/readmee.htm (0)
05-04: http://cmarea3.go.th/readmee.htm (0)
05-04: http://loei3.go.th/readme.txt (0)
05-04: Ransom.WannaCry Code Execution (0)
05-04: WordPress Stafflist 3.1.2 Cross Site Scripting (0)
05-04: Tenda HG6 3.3.0 Remote Command Injection (0)
05-04: VMware Workspace ONE Access Template Injection / Command Execution (0)
05-04: Ransom.AvosLocker Code Execution (0)
05-04: BlackBasta Ransom Code Execution (0)
05-04: LokiLocker Ransom Code Execution (0)
05-04: Conti Ransom Code Execution (0)
05-04: REvil Ransom Code Execution (0)
05-04: RedLine.Stealer Code Execution (0)
05-03: RedLine.Stealer Code Execution (0)
05-03: http://www.krajai.go.th/readme.html (0)
05-03: http://www.nakhamloei.go.th/readme.html (0)
05-03: http://www.napongloei.go.th/readme.html (0)
05-03: http://www.nonghin.go.th/readme.html (0)
05-03: http://www.nonpasang.go.th/readme.html (0)
05-03: http://www.nonpodaeng.go.th/readme.html (0)
05-03: http://www.npt.go.th/readme.html (0)
05-03: http://www.pnt.go.th/readme.html (0)
05-03: http://www.raitai.go.th/readme.html (0)
05-03: http://www.srithan.go.th/readme.html (0)
05-03: http://www.taladjinda.go.th/readme.html (0)
05-03: http://www.tambolbangyang.go.th/readme.html (0)
05-03: http://www.tessabanna-o.go.th/readme.html (0)
05-03: http://www.tessabannahaeo.go.th/readme.html (0)
05-03: http://www.thachangklong.go.th/readme.html (0)
05-03: http://www.thamchalong.go.th/readme.html (0)
05-03: http://www.thasaklocal.go.th/readme.html (0)
05-03: http://www.thungkrabam.go.th/readme.html (0)
05-03: http://www.wangdin.go.th/readme.html (0)
05-03: http://www.wangsaphung.go.th/readme.html (0)
05-03: Toll Tax Management System 1.0 SQL Injection (0)
05-03: Covid 19 Travel Pass Management System 1.0 SQL Injection (0)
05-03: Ransom.LockBit DLL Hijacking (0)
05-03: Strapi 3.6.8 Password Disclosure / Insecure Handling (0)
05-03: WordPress Stafflist 3.1.2 SQL Injection (0)
05-03: WordPress Stafflist 3.1.2 Cross Site Request Forgery (0)
05-03: WSO Arbitrary File Upload / Remote Code Execution (0)
05-03: Packet Storm New Exploits For April, 2022 (0)
05-02: Packet Storm New Exploits For April, 2022 (0)

April 2022 (222)

04-29: Home Clean Service System 1.0 SQL Injection (0)
04-28: Home Clean Service System 1.0 SQL Injection (0)
04-28: WordPress Curtain 1.0.2 Cross Site Scripting (0)
04-28: Prime95 30.7 Build 9 Buffer Overflow (0)
04-28: Trojan-Banker.Win32.Banker.heq Insecure Permissions (0)
04-28: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
04-28: Net-Worm.Win32.Kibuv.c Authentication Bypass (0)
04-28: Email-Worm.Win32.Sidex Remote Command Execution (0)
04-28: Virus.Win32.Qvod.b Insecure Permissions (0)
04-28: Trojan-Downloader.Win32.Small.ahlq Insecure Permissions (0)
04-28: Backdoor.Win32.Cafeini.b Hardcoded Credential (0)
04-28: Backdoor.Win32.Cafeini.b Man-In-The-Middle (0)
04-28: Backdoor.Win32.GF.j Remote Command Execution (0)
04-28: Trojan-Downloader.Win32.Agent Insecure Permissions (0)
04-28: Backdoor.Win32.Agent.aegg Hardcoded Credential (0)
04-28: Miele Benchmark Programming Tool 1.1.49 / 1.2.71 Privilege Escalation (0)
04-28: Zepp 6.1.4-play User Account Enumeration (0)
04-28: Redis Lua Sandbox Escape (0)
04-28: Redis Lua Sandbox Escape (0)
04-27: http://www.ssk3.go.th/zz.html (0)
04-27: WordPress WP-Invoice 4.3.1 Cross Site Scripting (0)
04-27: Gitlab 14.9 Authentication Bypass (0)
04-27: Gitlab 14.9 Cross Site Scripting (0)
04-27: WordPress Coru LFMember 1.0.2 Cross Site Scripting (0)
04-26: WordPress Coru LFMember 1.0.2 Cross Site Scripting (0)
04-26: http://phutthaisonglocal.go.th/pentest.php (0)
04-26: WordPress ScrollReveal.js Effects 1.1.1 Cross Site Scripting (0)
04-26: Joomla Sexy Polling 2.1.7 SQL Injection (0)
04-26: Hackers Are Exploiting Zero Days More Than Ever (0)
04-26: [webapps] GitLab 14.9 – Stored Cross-Site Scripting (XSS) (0)
04-26: [webapps] Gitlab 14.9 – Authentication Bypass (0)
04-25: Joomla Sexy Polling 2.1.7 SQL Injection (0)
04-22: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor (0)
04-22: Watch Queue Out-Of-Bounds Write (0)
04-22: ManageEngine ADSelfService Plus Custom Script Execution (0)
04-21: ManageEngine ADSelfService Plus Custom Script Execution (0)
04-21: Jenkins Remote Code Execution (0)
04-21: 7-Zip 16 DLL Hijacking (0)
04-21: Online Restaurant Table Reservation System 1.0 SQL Injection (0)
04-21: Pharmacy Management System 1.0 Shell Upload (0)
04-21: Pharmacy Management System 1.0 SQL Injection (0)
04-20: Google: 2021 Was A Banner Year For Exploited 0-Day Bugs (0)
04-20: Pharmacy Management System 1.0 SQL Injection (0)
04-20: http://www.budhosp.go.th/kurdish.html (0)
04-20: Microsoft Exchange Active Directory Topology 15.0.847.40 Unquoted Service Path (0)
04-20: Fuel CMS 1.5.0 Cross Site Request Forgery (0)
04-20: Zyxel NWA-1100-NH Command Injection (0)
04-20: Scriptcase 9.7 Shell Upload (0)
04-20: PTPublisher 2.3.4 Unquoted Service Path (0)
04-20: EaseUS Data Recovery 15.1.0.0 Unquoted Service Path (0)
04-20: HackTool.Win32.Delf.vs Insecure Credential Storage (0)
04-20: WordPress Elementor 3.6.2 Shell Upload (0)
04-20: Backdoor.Win32.Loselove Denial Of Service (0)
04-20: WordPress Videos Sync PDF 1.7.4 Cross Site Scripting (0)
04-20: Trojan.Win32.TScash.c Insecure Permissions (0)
04-20: Backdoor.Win32.Hupigon.haqj Unquoted Service Path (0)
04-20: PKP Open Journals System 3.3 Cross Site Scripting (0)
04-20: 7-Zip 21.07 Code Execution / Privilege Escalation (0)
04-20: ManageEngine ADSelfService Plus 6.1 User Enumeration (0)
04-20: Backdoor.Win32.Psychward.03.a Weak Hardcoded Password (0)
04-20: Responsive Online Blog 1.0 SQL Injection (0)
04-20: WordPress Popup Maker 1.16.5 Cross Site Scripting (0)
04-20: Backdoor.Win32.GateHell.21 Man-In-The-Middle (0)
04-20: Linux watch_queue Filter Out-Of-Bounds Write (0)
04-20: WordPress Motopress Hotel Booking Lite 4.2.4 SQL Injection (0)
04-20: Linux FUSE Use-After-Free (0)
04-20: Backdoor.Win32.Delf.zn Insecure Credential Storage (0)
04-20: Backdoor.Win32.GateHell.21 Authentication Bypass (0)
04-20: BlueZ Key Theft / bluetoothd Double-Free (0)
04-19: BlueZ Key Theft / bluetoothd Double-Free (0)
04-19: [webapps] Scriptcase 9.7 – Remote Code Execution (RCE) (0)
04-19: [webapps] Easy Appointments 1.4.2 – Information Disclosure (0)
04-19: [remote] Zyxel NWA-1100-NH – Command Injection (0)
04-19: [webapps] WordPress Plugin Motopress Hotel Booking Lite 4.2.4 – SQL Injection (0)
04-19: [local] Microsoft Exchange Mailbox Assistants 15.0.847.40 – 'Service MSExchangeMailboxAssistants' Unquoted Service Path (0)
04-19: [local] EaseUS Data Recovery – 'ensserver.exe' Unquoted Service Path (0)
04-19: [local] Microsoft Exchange Active Directory Topology 15.0.847.40 – 'Service MSExchangeADTopology' Unquoted Service Path (0)
04-19: [local] PTPublisher v2.3.4 – Unquoted Service Path (0)
04-19: [remote] ManageEngine ADSelfService Plus 6.1 – User Enumeration (0)
04-19: [webapps] WordPress Plugin Videos sync PDF 1.7.4 – Stored Cross Site Scripting (XSS) (0)
04-19: [webapps] Fuel CMS 1.5.0 – Cross-Site Request Forgery (CSRF) (0)
04-19: [local] 7-zip – Code Execution / Local Privilege Escalation (0)
04-19: [webapps] WordPress Plugin Elementor 3.6.2 – Remote Code Execution (RCE) (Authenticated) (0)
04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cookie User Password Disclosure (0)
04-19: [webapps] PKP Open Journals System 3.3 – Cross-Site Scripting (XSS) (0)
04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Request Forgery (CSRF) (0)
04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Scripting (XSS) (0)
04-19: [webapps] WordPress Plugin Popup Maker 1.16.5 – Stored Cross-Site Scripting (Authenticated) (0)
04-19: [webapps] REDCap 11.3.9 – Stored Cross Site Scripting (0)
04-19: [remote] Verizon 4G LTE Network Extender – Weak Credentials Algorithm (0)
04-18: http://www2.utd2.go.th/readme.txt (0)
04-18: https://education-phatthalungcity.go.th (0)
04-18: http://sikhoraphumcity.go.th/zz.html (0)
04-17: https://office.yst1.go.th/1975.html (0)
04-16: Microsoft HTTP Protocol Stack Denial Of Service (0)
04-16: Backdoor.Win32.MotivFTP.12 Authentication Bypass (0)
04-16: Backdoor.Win32.Prorat.cwx Insecure Permissions (0)
04-16: Backdoor.Win32.Psychward.03.a Weak Hardcoded Password (0)
04-16: HackTool.Win32.IpcScan.c Buffer Overflow (0)
04-16: Backdoor.Win32.Kilo.016 Denial Of Service (0)
04-16: Email-Worm.Win32.Pluto.b Insecure Permissions (0)
04-16: Backdoor.Win32.NinjaSpy.c Authentication Bypass (0)
04-16: Backdoor.Win32.NetCat32.10 Remote Command Execution (0)
04-16: Backdoor.Win32.NetSpy.10 Remote Command Execution (0)
04-16: Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication (0)
04-15: Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication (0)
04-15: REDCap Cross Site Scripting (0)
04-15: Online Car Wash Booking System 1.0 SQL Injection (0)
04-15: Online Car Wash Booking System 1.0 Blind SQL Injection (0)
04-15: Delta Controls enteliTOUCH 3.40.3935 Cross Site Request Forgery (0)
04-15: Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting (0)
04-15: Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure (0)
04-14: https://www.nsw2.go.th/1975.html (0)
04-14: https://nb2.go.th/1975.html (0)
04-14: http://www.chon3.go.th/1975.html (0)
04-14: Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure (0)
04-14: Verizon 4G LTE Network Extender 0.4.038.2131 Weak Credential Algorithm (0)
04-14: Spring4Shell Code Execution (0)
04-14: Microsoft Zero Days, Wormable Bugs Spark Concern (0)
04-13: Spring4Shell Code Execution (0)
04-13: Explore CMS 1.0 SQL Injection (0)
04-13: Easy!Appointments Information Disclosure (0)
04-12: MiniTool Partition Wizard 12.0 Unquoted Service Path (0)
04-12: SAM SUNNY TRIPOWER 5.0 Insecure Direct Object Reference (0)
04-12: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion (0)
04-12: Telesquare TLR-2855KS6 Arbitrary File Creation (0)
04-12: Telesquare TLR-2855KS6 Arbitrary File Deletion (0)
04-12: WordPress LayerSlider Cross Site Scripting (0)
04-12: WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting (0)
04-12: Razer Sila 2.0.418 Local File Inclusion (0)
04-12: Razer Sila 2.0.418 Command Injection (0)
04-12: Razer Sila 2.0.418 Command Injection (0)
04-11: [webapps] Telesquare TLR-2855KS6 – Arbitrary File Deletion (0)
04-11: [webapps] Telesquare TLR-2855KS6 – Arbitrary File Creation (0)
04-11: [remote] Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 – Local File Inclusion (LFI) (0)
04-11: [local] MiniTool Partition Wizard – Unquoted Service Path (0)
04-11: [webapps] SAM SUNNY TRIPOWER 5.0 – Insecure Direct Object Reference (IDOR) (0)
04-09: School Club Application System 1.0 Local File Inclusion (0)
04-09: Online Sports Complex Booking System 1.0 Cross Site Scripting (0)
04-09: WordPress SiteGround Security 1.2.5 Authentication Bypass (0)
04-09: Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure (0)
04-09: PHPGurukul Zoo Management System 1.0 SQL Injection (0)
04-09: AeroCMS 0.0.1 Cross Site Scripting (0)
04-09: Social Codia SMS 1 Cross Site Scripting (0)
04-09: PHPGurukul Zoo Management System 1.0 Shell Upload (0)
04-09: E-Commerce Website 1.0 Shell Upload (0)
04-09: Musical World 1 Shell Upload (0)
04-09: E-Commerce Website 1.1.0 Shell Upload (0)
04-09: Social Codia SMS 1 Shell Upload (0)
04-09: Simple House Rental System 1 Shell Upload (0)
04-09: Car Rental System 1.0 SQL Injection (0)
04-09: Movie Seat Reservation System 1.0 File Disclosure / SQL Injection (0)
04-09: AeroCMS 0.0.1 Shell Upload (0)
04-08: FFS Colibri Controller Module 1.8.19.8580 Directory Traversal (0)
04-08: Backdoor.Win32.FTP.Lana.01.d Hardcoded Credential (0)
04-08: Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle (0)
04-08: CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution (0)
04-08: School Club Application System 1.0 SQL Injection (0)
04-08: Backdoor.Win32.Ptakks.XP.a Insecure Credential Storage (0)
04-08: Backdoor.Win32.Xingdoor Denial Of Service (0)
04-08: Zenario CMS 9.0.54156 Remote Code Execution (0)
04-08: binutils 2.37 Objdump Segmentation Fault (0)
04-08: Opmon 9.11 Cross Site Scripting (0)
04-08: Backdoor.Win32.Wisell Buffer Overflow (0)
04-08: Small HTTP Server 3.06 Remote Buffer Overflow (0)
04-08: Kramer VIAware Remote Code Execution (0)
04-08: Backdoor.Win32.Wisell Remote Command Execution (0)
04-08: WordPress Loco Translate Cross Site Scripting (0)
04-08: WordPress Ad Inserter Cross Site Scripting (0)
04-08: ICEHRM 31.0.0.0S Cross Site Request Forgery (0)
04-08: WordPress Hummingbird Cross Site Scripting (0)
04-08: minewebcms 1.15.2 Cross Site Scripting (0)
04-08: qdPM 9.2 Cross Site Request Forgery (0)
04-08: WordPress UpdraftPlus Cross Site Scripting (0)
04-08: WordPress WP Downgrade Cross Site Scripting (0)
04-08: KLiK Social Media Website 1.0 SQL Injection (0)
04-08: Backdoor.Win32.Verify.h Remote Command Execution (0)
04-08: Backdoor.Win32.XLog.21 Authentication Bypass / Race Condition (0)
04-07: [remote] Opmon 9.11 – Cross-site Scripting (0)
04-07: [local] binutils 2.37 – Objdump Segmentation Fault (0)
04-07: [webapps] Zenario CMS 9.0.54156 – Remote Code Execution (RCE) (Authenticated) (0)
04-07: [webapps] KLiK Social Media Website 1.0 – 'Multiple' SQLi (0)
04-07: [remote] Kramer VIAware – Remote Code Execution (RCE) (Root) (0)
04-07: [webapps] ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Deletion (0)
04-07: [webapps] qdPM 9.2 – Cross-site Request Forgery (CSRF) (0)
04-07: [local] Sherpa Connector Service v2020.2.20328.2050 – Unquoted Service Path (0)
04-07: [webapps] minewebcms 1.15.2 – Cross-site Scripting (XSS) (0)
04-06: SAP Information System 1.0 Shell Upload (0)
04-06: Online Sports Complex Booking System 1.0 SQL Injection (0)
04-06: cmark-gfm Integer overflow (0)
04-06: Bakery Shop Management System 1.0 SQL Injection (0)
04-06: Bakery Shop Management System 1.0 Local File Inclusion (0)
04-06: https://www.kkpho.go.th/planyut/ (0)
04-05: Gadget Store Management System 1.0 Shell Upload (0)
04-05: Online Banquet Booking System 1.0 Cross Site Request Forgery (0)
04-05: Multi Store Inventory Management System 1.0 Information Disclosure (0)
04-05: Multi Store Inventory Management System 1.0 Account Takeover (0)
04-04: ALLMediaServer 1.6 Buffer Overflow (0)
04-04: Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path (0)
04-04: Backdoor.Win32.Wollf.h Remote Command Execution (0)
04-04: Barco Control Room Management Suite Directory Traversal (0)
04-04: Backdoor.Win32.Jokerdoor Hardcoded Credential (0)
04-04: Payroll Management System 1.0 SQL Injection (0)
04-04: Backdoor.Win32.Delf.ps Information Disclosure (0)
04-04: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass (0)
04-04: https://patrol-psd.go.th/v3n.html (0)
04-03: https://mdh.go.th/1975index.html (0)
04-03: https://npte2.go.th/1975index.html (0)
04-02: Apple Rushes Out Patches For Two Zero Days Threatening Users (0)
04-02: Apple Security Advisory 2022-03-31-2 (0)
04-02: Apple Security Advisory 2022-03-31-1 (0)
04-01: Message System 1.0 Cross Site Scripting (0)
04-01: Message System 1.0 SQL Injection (0)
04-01: Medical Hub Directory Site 1.0 SQL Injection (0)
04-01: Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path (0)
04-01: EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path (0)
04-01: Chrome DeserializeFromMessage Validation Issue (0)
04-01: IdeaRE RefTree Shell Upload (0)
04-01: IdeaRE RefTree Path Traversal (0)
04-01: Spring Cloud Function SpEL Injection (0)
04-01: WordPress Uleak Security Dashboard 1.2.3 Cross Site Scripting (0)
04-01: Packet Storm New Exploits For March, 2022 (0)

March 2022 (271)

03-30: Sports Complex Booking System 1.0 Local File Inclusion (0)
03-30: Fingerprint Attendance 1.0 SQL Injection (0)
03-30: Fingerprint Attendance 1.0 Shell Upload (0)
03-30: Fingerprint Attendance 1.0 Account Takeover (0)
03-30: Message System 1.0 Local File Inclusion (0)
03-30: Message System 1.0 Shell Upload (0)
03-30: WordPress Curtain 1.0.2 Cross Site Request Forgery (0)
03-30: WordPress Clipr 1.2.3 Cross Site Scripting (0)
03-30: WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting (0)
03-30: Atom CMS 1.0.2 Shell Upload (0)
03-30: WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion (0)
03-30: WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion (0)
03-30: CSZ CMS 1.2.9 SQL Injection (0)
03-30: Medical Hub Directory Site 1.0 Local File Inclusion (0)
03-30: Medical Hub Directory Site 1.0 Cross Site Scripting (0)
03-30: Medical Hub Directory Site 1.0 Shell Upload (0)
03-30: Medical Hub Directory Site 1.0 SQL Injection (0)
03-30: PostgreSQL 11.7 Remote Code Execution (0)
03-30: Kramer VIAware 2.5.0719.1034 Remote Code Execution (0)
03-30: WordPress CleanTalk 5.173 Cross Site Scripting (0)
03-30: WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting (0)
03-30: Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal (0)
03-30: Chrome safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails Use-After-Free (0)
03-30: [remote] Kramer VIAware 2.5.0719.1034 – Remote Code Execution (RCE) (0)
03-30: [remote] PostgreSQL 9.3-11.7 – Remote Code Execution (RCE) (Authenticated) (0)
03-30: [webapps] CSZ CMS 1.2.9 – 'Multiple' Blind SQLi(Authenticated) (0)
03-30: [webapps] WordPress Plugin video-synchro-pdf 1.7.4 – Local File Inclusion (0)
03-30: [webapps] WordPress Plugin cab-fare-calculator 1.0.3 – Local File Inclusion (0)
03-30: [webapps] WordPress Plugin Curtain 1.0.2 – Cross-site Request Forgery (CSRF) (0)
03-30: [webapps] Atom CMS 2.0 – Remote Code Execution (RCE) (0)
03-30: [webapps] ImpressCMS 1.4.2 – Remote Code Execution (RCE) (0)
03-29: Message System 1.0 Shell Upload (0)
03-29: One Church Management System 1.0 Cross Site Scripting (0)
03-29: Microfinance Management System 1.0 SQL Injection (0)
03-29: One Church Management System 1.0 SQL Injection (0)
03-29: FruityWifi Remote Code Execution (0)
03-29: ALLMediaServer 1.6 Remote Buffer Overflow (0)
03-29: Backdoor.Win32.Cyn.20 Insecure Permissions (0)
03-29: Pay Slip PDF Generator System 1.0 SQL Injection (0)
03-29: Pay Slip PDF Generator System 1.0 Shell Upload (0)
03-29: Backdoor.Win32.Cafeini.b Denial Of Service (0)
03-29: PDF Generator Web App Using TCPDF 1.0 Local File Inclusion (0)
03-29: Microfinance Management System 1.0 Cross Site Scripting (0)
03-29: Backdoor.Win32.Chubo.c Remote Command Execution (0)
03-29: Backdoor.Win32.Chubo.c Cross Site Scripting (0)
03-29: Online Banking System 1.0 SQL Injection (0)
03-29: WordPress Admin Word Count Column 2.2 Local File Inclusion (0)
03-29: Backdoor.Win32.Avstral.e Remote Command Execution (0)
03-29: Royale Event Management System 1.0 Privilege Escalation (0)
03-29: Royale Event Management System 1.0 Cross Site Scripting (0)
03-29: PDF Generator Web Application 1.0 SQL Injection (0)
03-29: Covid-19 Directory On Vaccination System 1.0 SQL Injection (0)
03-29: Covid-19 Directory On Vaccination System 1.0 SQL Injection (0)
03-29: Backdoor.Win32.Cafeini.b Hardcoded Credential (0)
03-29: Razer Synapse 3.6.x DLL Hijacking (0)
03-28: Razer Synapse 3.6.x DLL Hijacking (0)
03-26: RTLO Injection URI Spoofing (0)
03-25: RTLO Injection URI Spoofing (0)
03-25: containerd Image Volume Insecure Handling (0)
03-25: Online Sports Complex Booking System 1.0 Account Takeover (0)
03-25: Online Sports Complex Booking System 1.0 SQL Injection (0)
03-25: Sports Complex Booking System 1.0 Shell Upload (0)
03-25: Foxit PDF Editor (iOS) 11.3.1 Arbitrary File Upload (0)
03-25: Trend Micro Virtual Mobile Infrastructure 6.0.1278 Denial Of Service (0)
03-25: Sports Complex Booking System 1.0 SQL Injection (0)
03-25: Microfinance Management System 1.0 SQL Injection (0)
03-25: Event Management System 1.0 Shell Upload (0)
03-25: http://e-learning.rid.go.th/kz.html (0)
03-24: WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read (0)
03-24: Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting (0)
03-24: WordPress Contact Form 7 5.5.6 Cross Site Scripting (0)
03-24: WordPress Akismet Spam Protection 4.2.2 Cross Site Scripting (0)
03-24: ProtonVPN 1.26.0 Unquoted Service Path (0)
03-24: ImpressCMS 1.4.2 SQL Injection / Remote Code Execution (0)
03-24: Event Management System 1.0 Shell Upload (0)
03-24: http://www.na-khu.go.th/attach_file/1643522665_lisence.txt (0)
03-24: https://khoksanga.go.th/forms_file/6db2c2dc3227a2ff2a652b94fb661f87.txt (0)
03-24: https://www.chaisor.go.th/forms_file/426e821c0353711d536ced779734e5f6.txt (0)
03-24: http://www.silakhonkaen.go.th/sapa_file/1643523403_lisence.txt (0)
03-24: https://www.pordang.go.th/sapa_file/c6ba3e75f31da3729f234e5b6e05bdbe.txt (0)
03-24: https://www.ksk.go.th/forms_file/27fac990cc86a94393fce412b01f0683.txt (0)
03-24: https://www.thaiudom.go.th/forms_file/645201e4087caa162a86146173bf9f21.txt (0)
03-24: https://banthaenlocal.go.th/forms_file/817f62a0e632dd5385414460a56497e9.txt (0)
03-24: https://huaipichai.go.th/forms_file/17e538ffaee4c83152db25dfbcc7e592.txt (0)
03-23: ProtonVPN 1.26.0 Unquoted Service Path (0)
03-23: ImpressCMS 1.4.2 Authentication Bypass (0)
03-23: Sysax FTP Automation 6.9.0 Privilege Escalation (0)
03-23: Backdoor.Win32.Agent.bxxn Open Proxy (0)
03-23: iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution (0)
03-23: Backdoor.Win32.BirdSpy.b Hardcoded Credential (0)
03-23: ICEHRM 31.0.0.0S Cross Site Request Forgery (0)
03-23: ImpressCMS 1.4.2 Path Traversal (0)
03-23: ImpressCMS 1.4.2 Incorrect Access Control (0)
03-23: ImpressCMS 1.4.2 SQL Injection (0)
03-23: [webapps] WordPress Plugin amministrazione-aperta 3.7.3 – Local File Read – Unauthenticated (0)
03-23: [local] ProtonVPN 1.26.0 – Unquoted Service Path (0)
03-22: ImpressCMS 1.4.2 SQL Injection (0)
03-22: SAP Knowledge Warehouse 7.50 / 7.40 / 7.31 / 7.30 Cross Site Scripting (0)
03-22: WordPress iQ Block Country 1.2.13 Arbitrary File Deletion (0)
03-22: Inventory Management System 1.0 Cross Site Scripting (0)
03-22: Inventory Management System 1.0 SQL Injection (0)
03-22: Home Owners Collection Management System 1.0 SQL Injection (0)
03-22: Amazing CD Ripper 1.2 Buffer Overflow (0)
03-22: Xlight FTP 3.9.3.2 Buffer Overflow (0)
03-22: Ivanti Endpoint Manager CSA 4.5 / 4.6 Remote Code Execution (0)
03-22: Poultry Farm Management System 1.0 Shell Upload (0)
03-22: OX App Suite 7.10.5 Cross Site Scripting (0)
03-22: ICT Protege GX/WX 2.08 Cross Site Scripting (0)
03-22: ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure (0)
03-22: [remote] ICT Protege GX/WX 2.08 – Client-Side SHA1 Password Hash Disclosure (0)
03-22: [remote] ICT Protege GX/WX 2.08 – Stored Cross-Site Scripting (XSS) (0)
03-22: [local] Sysax FTP Automation 6.9.0 – Privilege Escalation (0)
03-22: [remote] Ivanti Endpoint Manager 4.6 – Remote Code Execution (RCE) (0)
03-22: [remote] iRZ Mobile Router – CSRF to RCE (0)
03-22: [webapps] ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Takeover (0)
03-21: [webapps] Wordpress Plugin iQ Block Country 1.2.13 – Arbitrary File Deletion via Zip Slip (Authenticated) (0)
03-19: Simple Mobile Comparison Website 1.0 Cross Site Scripting (0)
03-19: Chrome chrome_pdf::PDFiumEngine::RequestThumbnail Heap Buffer Overflow (0)
03-18: https://bdlh.go.th/noname.html (0)
03-18: BuilderOrcus Insecure Permissions (0)
03-18: BuilderOrcus Insecure Credential Storage (0)
03-18: BuilderPandoraRat.b Insecure Credential Storage (0)
03-18: BuilderTorCTPHPRAT.b Insecure Credential Storage (0)
03-18: BuilderTorCTPHPRAT.b Shell Upload (0)
03-18: BuilderTorCTPHPRAT.b Cross Site Scripting (0)
03-18: BuilderRevengeRAT XML Injection (0)
03-17: Apache APISIX 2.12.1 Remote Code Execution (0)
03-17: Tiny File Manager 2.4.6 Shell Upload (0)
03-17: Hikvision IP Camera Backdoor (0)
03-17: Pluck CMS 4.7.16 Shell Upload (0)
03-17: Moodle 3.11.5 SQL Injection (0)
03-17: Chrome HandleTable::AddDispatchersFromTransit Integer Overflow (0)
03-17: Windows SpoolFool Privilege Escalation (0)
03-16: College Website Management System 1.0 SQL Injection (0)
03-16: Laravel Media Library Pro 2.1.6 Shell Upload (0)
03-16: Apple Security Advisory 2022-03-14-8 (0)
03-16: Apple Security Advisory 2022-03-14-9 (0)
03-16: Apple Security Advisory 2022-03-14-6 (0)
03-16: Apple Security Advisory 2022-03-14-7 (0)
03-16: Apple Security Advisory 2022-03-14-10 (0)
03-16: Apple Security Advisory 2022-03-14-5 (0)
03-16: Apple Security Advisory 2022-03-14-3 (0)
03-16: Apple Security Advisory 2022-03-14-1 (0)
03-16: Apple Security Advisory 2022-03-14-2 (0)
03-16: Apple Security Advisory 2022-03-14-4 (0)
03-16: [remote] Apache APISIX 2.12.1 – Remote Code Execution (RCE) (0)
03-16: [webapps] Tiny File Manager 2.4.6 – Remote Code Execution (RCE) (0)
03-16: [remote] Hikvision IP Camera – Backdoor (0)
03-16: [webapps] Pluck CMS 4.7.16 – Remote Code Execution (RCE) (Authenticated) (0)
03-16: [webapps] Moodle 3.11.5 – SQLi (Authenticated) (0)
03-15: Baixar GLPI Project 9.4.6 SQL Injection (0)
03-15: Insurance Management System 1.0 SQL Injection (0)
03-15: Student Grading System 1.0 SQL Injection (0)
03-15: Automatic Question Paper Generator System 1.0 Insecure Direct Object Reference (0)
03-15: VIVE Runtime Service 1.0.0.4 Unquoted Service Path (0)
03-15: Automatic Question Paper Generator System 1.0 Cross Site Scripting (0)
03-15: RedLine.MainPanel Insecure Permissions (0)
03-15: Hades RAT Web Panel Insecure Credential Storage (0)
03-15: Hades RAT Web Panel Information Disclosure (0)
03-15: Hades RAT Web Panel Cross Site Scripting (0)
03-14: [local] VIVE Runtime Service – 'ViveAgentService' Unquoted Service Path (0)
03-14: [webapps] Baixar GLPI Project 9.4.6 – SQLi (0)
03-12: FLEX 1080/1085 Web 1.6.0 Information Disclosure (0)
03-12: Tdarr 2.00.15 Command Injection (0)
03-12: Employee Performance Evaluation System 1.0 SQL Injection (0)
03-12: Seowon SLR-120 Router Remote Code Execution (0)
03-11: Sony Playmemories Home Unquoted Service Path (0)
03-11: BattlEye 0.9 Unquoted Service Path (0)
03-11: McAfee Safe Connect VPN Unquoted Service Path (0)
03-11: Sandboxie-Plus 5.50.2 Unquoted Service Path (0)
03-11: WOW21 5.0.1.9 Unquoted Service Path (0)
03-11: Siemens S7-1200 4.5 Unauthenticated Access (0)
03-11: Zabbix 5.0.17 Remote Code Execution (0)
03-11: Dirty Pipe Local Privilege Escalation (0)
03-11: [remote] Tdarr 2.00.15 – Command Injection (0)
03-11: [remote] Seowon SLR-120 Router – Remote Code Execution (Unauthenticated) (0)
03-10: Wondershare Dr.Fone 12.0.18 Unquoted Service Path (0)
03-10: Cobian Backup 0.9 Unquoted Service Path (0)
03-10: Webmin 1.984 Remote Code Execution (0)
03-10: Printix Client 1.3.1106.0 Privilege Escalation (0)
03-10: Audio Conversion Wizard 2.01 Buffer Overflow (0)
03-10: DEOS AG OPEN 710/810 Cross Site Scripting (0)
03-10: Chinese APT Zero Days Compromised US State Governments (0)
03-10: [remote] Siemens S7-1200 – Unauthenticated Start/Stop Command (0)
03-10: [local] Sandboxie-Plus 5.50.2 – 'Service SbieSvc' Unquoted Service Path (0)
03-10: [local] McAfee(R) Safe Connect VPN – Unquoted Service Path Elevation Of Privilege (0)
03-10: [local] WOW21 5.0.1.9 – 'Service WOW21_Service' Unquoted Service Path (0)
03-10: [local] Sony playmemories home – 'PMBDeviceInfoProvider' Unquoted Service Path (0)
03-10: [webapps] Zabbix 5.0.17 – Remote Code Execution (RCE) (Authenticated) (0)
03-10: [local] BattlEye 0.9 – 'BEService' Unquoted Service Path (0)
03-09: Dirty Pipe Linux Privilege Escalation (0)
03-09: Dirty Pipe SUID Binary Hijack Privilege Escalation (0)
03-09: http://phon-thong.go.th (0)
03-09: http://www.takdad.go.th (0)
03-09: http://www.nongleng-bk.go.th (0)
03-09: http://www.tohdeng.go.th (0)
03-09: [local] Audio Conversion Wizard v2.01 – Buffer Overflow (0)
03-09: [local] Cobian Backup 0.9 – Unquoted Service Path (0)
03-09: [webapps] Webmin 1.984 – Remote Code Execution (Authenticated) (0)
03-08: Foxit PDF Reader 11.0 Unquoted Service Path (0)
03-08: Malwarebytes 4.5 Unquoted Service Path (0)
03-08: Cloudflare WARP 1.4 Unquoted Service Path (0)
03-08: Matrimony 1.0 SQL Injection (0)
03-08: Loki RAT (Relapse) Directory Traversal / Arbitrary File Deletion (0)
03-08: Private Internet Access 3.3 Unquoted Service Path (0)
03-08: Loki RAT (Relapse) SQL Injection (0)
03-08: part-db 0.5.11 Remote Code Execution (0)
03-08: Spring Cloud Gateway 3.1.0 Remote Code Execution (0)
03-08: Hasura GraphQL 2.2.0 Information Disclosure (0)
03-08: Attendance And Payroll System 1.0 SQL Injection (0)
03-08: Attendance And Payroll System 1.0 Remote Code Execution (0)
03-08: Apache APISIX Remote Code Execution (0)
03-08: http://sangsawang.go.th/kz.html (0)
03-08: http://buayainan.go.th/kz.html (0)
03-08: http://phothonglocal.go.th/kz.html (0)
03-08: http://banchiang.go.th/kz.html (0)
03-08: http://singkok.go.th/kz.html (0)
03-08: http://tungtom.go.th/kz.html (0)
03-08: http://khamkhaen.go.th/kz.html (0)
03-08: http://phanphrao.go.th/kz.html (0)
03-08: http://khaosan.go.th/kz.html (0)
03-08: [local] Linux Kernel 5.8 < 5.16.11 – Local Privilege Escalation (DirtyPipe) (0)
03-07: http://mungtong.go.th/readme.html (0)
03-07: http://nangua.go.th/readme.html (0)
03-07: [local] Foxit PDF Reader 11.0 – Unquoted Service Path (0)
03-07: [local] Cloudflare WARP 1.4 – Unquoted Service Path (0)
03-07: [local] Private Internet Access 3.3 – 'pia-service' Unquoted Service Path (0)
03-07: [webapps] Hasura GraphQL 2.2.0 – Information Disclosure (0)
03-07: [webapps] Attendance and Payroll System v1.0 – Remote Code Execution (RCE) (0)
03-07: [webapps] Attendance and Payroll System v1.0 – SQLi Authentication Bypass (0)
03-07: [webapps] Spring Cloud Gateway 3.1.0 – Remote Code Execution (RCE) (0)
03-07: [webapps] part-db 0.5.11 – Remote Code Execution (RCE) (0)
03-07: [local] Malwarebytes 4.5 – Unquoted Service Path (0)
03-06: https://atsamart.go.th (0)
03-06: http://www.yasothon.go.th/index.php (0)
03-05: Backdoor.Win32.Augudor.a Remote File Write / Code Execution (0)
03-05: Backdoor.Win32.BNLite Buffer Overflow (0)
03-05: Polkit pkexec Privilege Escalation (0)
03-05: Backdoor.Win32.FTP.Nuclear.10 Hardcoded Credential (0)
03-05: Backdoor.Win32.DirectConnection.103 Weak Hardcoded Password (0)
03-05: Backdoor.Win32.BluanWeb Information Disclosure (0)
03-05: Backdoor.Win32.BluanWeb Remote Code Execution (0)
03-05: Backdoor.Win32.BluanWeb Remote Command Execution (0)
03-05: pfSense 2.5.2 Shell Upload (0)
03-05: Backdoor.Win32.RemoteNC.beta4 Remote Command Execution (0)
03-04: Polkit pkexec Local Privilege Escalation (0)
03-03: Printix Client 1.3.1106.0 Remote Code Execution (0)
03-03: Xerte 3.10.3 Directory Traversal (0)
03-03: Xerte 3.9 Remote Code Execution (0)
03-03: Car Driving School Management 1.0 SQL Injection (0)
03-03: Prowise Reflect 1.0.9 Remote Keystroke Injection (0)
03-03: Zyxel ZyWALL 2 Plus Cross Site Scripting (0)
03-03: http://suratpeo.go.th/boy.html (0)
03-02: http://www.krabi.go.th/kt.html (0)
03-02: Rufus 3.17.1846 DLL Hijacking (0)
03-02: Firefox MCallGetProperty Write Side Effects Use-After-Free (0)
03-02: Packet Storm New Exploits For February, 2022 (0)
03-02: [remote] Printix Client 1.3.1106.0 – Remote Code Execution (RCE) (0)
03-02: [webapps] Zyxel ZyWALL 2 Plus Internet Security Appliance – Cross-Site Scripting (XSS) (0)
03-02: [remote] Prowise Reflect v1.0.9 – Remote Keystroke Injection (0)
03-02: [webapps] Xerte 3.9 – Remote Code Execution (RCE) (Authenticated) (0)
03-02: [webapps] Xerte 3.10.3 – Directory Traversal (Authenticated) (0)
03-01: Cobian Reflector 0.9.93 RC1 Denial Of Service (0)
03-01: Cobian Backup 11 Gravity 11.2.0.582 Denial Of Service (0)
03-01: Cobian Backup Gravity 11.2.0.582 Unquoted Service Path (0)
03-01: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation (0)
03-01: Cipi Control Panel 3.1.15 Cross Site Scripting (0)
03-01: Casdoor 1.13.0 SQL Injection (0)
03-01: Hikvision IP Camera Unauthenticated Command Injection (0)
03-01: Axis IP Camera Shell Upload (0)
03-01: Win32k ConsoleControl Offset Confusion / Privilege Escalation (0)

February 2022 (254)

02-28: [remote] WAGO 750-8212 PFC200 G2 2ETH RS – Privilege Escalation (0)
02-28: [local] Cobian Backup Gravity 11.2.0.582 – 'CobianBackup11' Unquoted Service Path (0)
02-28: [local] Cobian Backup 11 Gravity 11.2.0.582 – 'Password' Denial of Service (PoC) (0)
02-28: [local] Cobian Reflector 0.9.93 RC1 – 'Password' Denial of Service (PoC) (0)
02-28: [webapps] Cipi Control Panel 3.1.15 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
02-28: [webapps] Casdoor 1.13.0 – SQL Injection (Unauthenticated) (0)
02-26: Dahua ToolBox 1.010.0000000.0 DLL Hijacking (0)
02-26: Technitium Installer 4.4 DLL Hijacking (0)
02-26: WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting (0)
02-26: Bank Management System 1.0 SQL Injection (0)
02-26: Microsoft Exchange Server Remote Code Execution (0)
02-25: Wondershare MirrorGo 2.0.11.346 Insecure File Permissions (0)
02-25: Simple Mobile Comparison Website 1.0 SQL Injection (0)
02-24: Backdoor.Win32.Acropolis.10 Insecure Permissions (0)
02-24: Adobe ColdFusion 11 Remote Code Execution (0)
02-24: aaPanel 6.8.21 Directory Traversal (0)
02-24: Backdoor.Win32.FTP.Ics Man-In-The-Middle (0)
02-24: WebHMI 4.1 Cross Site Scripting (0)
02-24: WebHMI 4.1.1 Remote Code Execution (0)
02-24: Backdoor.Win32.FTP.Ics Authentication Bypass / Code Execution (0)
02-24: Microweber CMS 1.2.10 Local File Inclusion (0)
02-24: Backdoor.Win32.FTP.Ics Remote Command Execution (0)
02-24: [local] Wondershare MirrorGo 2.0.11.346 – Insecure File Permissions (0)
02-23: Trojan.Win32.Cosmu.abix Insecure Permissions (0)
02-23: Air Cargo Management System 1.0 SQL Injection (0)
02-23: WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting (0)
02-23: Backdoor.Win32.Agent.baol Insecure Permissions (0)
02-23: Agirhnet 1.0 Cross Site Scripting (0)
02-23: Backdoor.Win32.Dsocks.10 Hardcoded Password (0)
02-23: ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification (0)
02-23: [webapps] Student Record System 1.0 – 'cid' SQLi (Authenticated) (0)
02-23: [webapps] aaPanel 6.8.21 – Directory Traversal (Authenticated) (0)
02-23: [webapps] Air Cargo Management System v1.0 – SQLi (0)
02-23: [remote] Adobe ColdFusion 11 – LDAP Java Object Deserialization Remode Code Execution (RCE) (0)
02-23: [webapps] Simple Real Estate Portal System 1.0 – 'id' SQLi (0)
02-22: Cab Management System 1.0 Remote Code Execution (0)
02-22: Cab Management System 1.0 SQL Injection (0)
02-22: Microsoft Gaming Services 2.52.13001.0 Unquoted Service Path (0)
02-22: HMA VPN 5.3 Unquoted Service Path (0)
02-22: Auto Spare Parts Management 1.0 SQL Injection (0)
02-22: Thinfinity VirtualUI 2.5.41.0 IFRAME Injection (0)
02-22: Thinfinity VirtualUI 2.5.26.2 Information Disclosure (0)
02-22: WordPress WP User Frontend 3.5.25 SQL Injection (0)
02-22: WordPress Perfect Survey 1.5.1 SQL Injection (0)
02-22: FileCloud 21.2 Cross Site Request Forgery (0)
02-22: Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion (0)
02-22: Microweber 1.2.11 Shell Upload (0)
02-22: Simple Real Estate Portal System 1.0 SQL Injection (0)
02-22: Cyclades Serial Console Server 3.3.0 Privilege Escalation (0)
02-22: Chrome RenderFrameHostImpl Use-After-Free (0)
02-22: https://www.dannok.go.th/kz.html (0)
02-21: [webapps] Thinfinity VirtualUI 2.5.26.2 – Information Disclosure (0)
02-21: [webapps] Cab Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
02-21: [webapps] Microweber 1.2.11 – Remote Code Execution (RCE) (Authenticated) (0)
02-21: [webapps] Cab Management System 1.0 – 'id' SQLi (Authenticated) (0)
02-21: [local] HMA VPN 5.3 – Unquoted Service Path (0)
02-21: [webapps] WordPress Plugin Perfect Survey – 1.5.1 – SQLi (Unauthenticated) (0)
02-21: [webapps] Thinfinity VirtualUI 2.5.41.0 – IFRAME Injection (0)
02-19: Wondershare UBackit 2.0.5 Unquoted Service Path (0)
02-19: Wondershare FamiSafe 1.0 Unquoted Service Path (0)
02-19: Wondershare MobileTrans 3.5.9 Unquoted Service Path (0)
02-19: Wondershare Dr.Fone 11.4.9 Unquoted Service Path (0)
02-19: Connectify Hotspot 2018 Unquoted Service Path (0)
02-19: Intel Management Engine Components 6.0.0.1189 Unquoted Service Path (0)
02-19: File Santizer For HP ProtectTools 5.0.1.3 Unquoted Service Path (0)
02-19: Bluetooth Application 5.4.277 Unquoted Service Path (0)
02-19: TOSHIBA DVD PLAYER Navi Support Service 1.00.0000 Unquoted Service Path (0)
02-19: Cosmetics And Beauty Product Online Store 1.0 Cross Site Scripting (0)
02-19: Cosmetics And Beauty Product Online Store 1.0 SQL Injection (0)
02-19: Hotel Druid 3.0.3 Remote Code Execution (0)
02-19: Fortinet Fortimail 7.0.1 Cross Site Scripting (0)
02-19: WordPress dzs-zoomsounds 6.60 Shell Upload (0)
02-19: WordPress MasterStudy LMS 2.7.5 Account Creation (0)
02-18: Telegram Android 8.4.4 Denial Of Service (0)
02-18: Backdoor.Win32.Zombam.b Buffer Overflow (0)
02-18: Backdoor.Win32.Zombam.b Information Disclosure (0)
02-18: Car Portal Template Cross Site Scripting (0)
02-18: Backdoor.Win32.Zombam.b Cross Site Scripting (0)
02-18: Backdoor.Win32.Prorat.lkt Weak Hardcoded Password (0)
02-18: Vicidial 2.14-783a SQL Injection (0)
02-18: Email-Worm.Win32.Lama Insecure Permissions (0)
02-18: MartFury Marketplace Cross Site Scripting (0)
02-18: Backdoor.Win32.Prosti.b Insecure Permissions (0)
02-18: Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder Insecure Permissions (0)
02-18: Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control (0)
02-18: [webapps] WordPress Plugin dzs-zoomsounds 6.60 – Remote Code Execution (RCE) (Unauthenticated) (0)
02-18: [webapps] WordPress Plugin MasterStudy LMS 2.7.5 – Unauthenticated Admin Account Creation (0)
02-18: [local] File Sanitizer for HP ProtectTools 5.0.1.3 – 'HPFSService' Unquoted Service Path (0)
02-18: [local] Connectify Hotspot 2018 'ConnectifyService' – Unquoted Service Path (0)
02-18: [webapps] Hotel Druid 3.0.3 – Remote Code Execution (RCE) (0)
02-18: [local] Wondershare Dr.Fone 11.4.9 – 'DFWSIDService' Unquoted Service Path (0)
02-18: [local] Intel(R) Management Engine Components 6.0.0.1189 – 'LMS' Unquoted Service Path (0)
02-18: [local] Bluetooth Application 5.4.277 – 'BlueSoleilCS' Unquoted Service Path (0)
02-18: [local] TOSHIBA DVD PLAYER Navi Support Service – 'TNaviSrv' Unquoted Service Path (0)
02-18: [local] Wondershare UBackit 2.0.5 – 'wsbackup' Unquoted Service Path (0)
02-18: [webapps] Fortinet Fortimail 7.0.1 – Reflected Cross-Site Scripting (XSS) (0)
02-18: [local] Wondershare MobileTrans 3.5.9 – 'ElevationService' Unquoted Service Path (0)
02-18: [local] Wondershare FamiSafe 1.0 – 'FSService' Unquoted Service Path (0)
02-17: WordPress Error Log Viewer 1.1.1 Arbitrary File Deletion (0)
02-17: Emerson PAC Machine Edition 9.80 Build 8695 Unquoted Service Path (0)
02-17: ServiceNow Orlando Username Enumeration (0)
02-17: Medical Store Management System 1.0 SQL Injection (0)
02-17: Simple Student Quarterly Result / Grade System 1.0 SQL Injection (0)
02-17: Google Play Protect 22.4.25 Detection Bypass (0)
02-17: Multi-Vendor Online Groceries Management System 1.0 SQL Injection (0)
02-17: Ignition Remote Code Execution (0)
02-17: TeamSpeak 3.5.6 Insecure File Permissions (0)
02-17: Network Video Recorder NVR304-16EP Cross Site Scripting (0)
02-17: Tiny File Manager 2.4.3 Shell Upload (0)
02-17: http://healthnmd.nmd.go.th/wh.html (0)
02-17: http://hwd.nmd.go.th/wh.html (0)
02-17: http://knowledge.nmd.go.th/wh.html (0)
02-17: http://mssd.nmd.go.th/wh.html (0)
02-17: http://navylady.nmd.go.th/wh.html (0)
02-17: http://phisweb.nmd.go.th/wh.html (0)
02-17: http://person.nmd.go.th/wh.html (0)
02-17: http://pmqa.nmd.go.th/wh.html (0)
02-17: http://strategy.nmd.go.th/wh.html (0)
02-17: http://srknurse.nmd.go.th/wh.html (0)
02-17: http://support.nmd.go.th/wh.html (0)
02-16: [webapps] WordPress Plugin Error Log Viewer 1.1.1 – Arbitrary File Clearing (Authenticated) (0)
02-16: [webapps] Network Video Recorder NVR304-16EP – Reflected Cross-Site Scripting (XSS) (Unauthenticated) (0)
02-16: [local] TeamSpeak 3.5.6 – Insecure File Permissions (0)
02-16: [remote] H3C SSL VPN – Username Enumeration (0)
02-16: [webapps] Simple Student Quarterly Result/Grade System 1.0 – SQLi Authentication Bypass (0)
02-16: [webapps] ServiceNow – Username Enumeration (0)
02-16: [webapps] Multi-Vendor Online Groceries Management System 1.0 – 'id' Blind SQL Injection (0)
02-16: [local] Emerson PAC Machine Edition 9.80 Build 8695 – 'TrapiServer' Unquoted Service Path (0)
02-15: WordPress International SMS For Contact Form 7 Integration 1.2 CSRF (0)
02-15: Slurp 1.10.2 Format String (0)
02-15: Simple Bakery Shop Management System 1.0 SQL Injection (0)
02-15: H3C SSL VPN Username Enumeration (0)
02-15: Nagios XI Autodiscovery Shell Upload (0)
02-15: Patch Now: Adobe Releases Emergency Fix For Exploited Commerce, Magenta Zero Day (0)
02-15: Patch Now: Adobe Releases Emergency Fix For Exploited Commerce, Magenta Zero Day (0)
02-14: https://phapae.go.th (0)
02-13: https://king9.nrct.go.th/0x48.htm (0)
02-12: Kyocera Command Center RX ECOSYS M2035dn Directory Traversal (0)
02-12: Accounting Journal Management System 1.0 SQL Injection (0)
02-12: Subrion CMS 4.2.1 Cross Site Request Forgery (0)
02-12: Nokia Transport Module Authentication Bypass (0)
02-12: SIEMENS-SINEMA Remote Connect 1.0 SP3 HF1 Open Redirection (0)
02-12: Apple Security Advisory 2022-02-10-1 (0)
02-12: Apple Security Advisory 2022-02-10-2 (0)
02-12: Apple Security Advisory 2022-02-10-3 (0)
02-11: Apple Patches Actively Exploited WebKit Zero Day (0)
02-11: WordPress 5.9 Cross Site Scripting (0)
02-11: Cain And Abel 4.9.56 Unquoted Service Path (0)
02-11: WordPress Jetpack 9.1 Cross Site Scripting (0)
02-11: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQL Injection / Code Execution (0)
02-11: WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection (0)
02-11: Hospital Management Startup 1.0 SQL Injection (0)
02-11: WordPress VeronaLabs WP Statistics 13.1.4 SQL Injection (0)
02-11: Home Owners Collection Management System 1.0 SQL Injection (0)
02-11: Home Owners Collection Management System 1.0 Account Takeover (0)
02-11: Home Owners Collection Management System 1.0 Shell Upload (0)
02-11: [webapps] Kyocera Command Center RX ECOSYS M2035dn – Directory Traversal File Disclosure (Unauthenticated) (0)
02-11: [webapps] Accounting Journal Management System 1.0 – 'id' SQLi (Authenticated) (0)
02-11: [webapps] Subrion CMS 4.2.1 – Cross Site Request Forgery (CSRF) (Add Amin) (0)
02-10: Backdoor.Win32.Frauder.jt Insecure Permissions (0)
02-10: Backdoor.Win32.XRat.k Remote Command Execution (0)
02-10: Exam Reviewer Management System 1.0 SQL Injection (0)
02-10: Exam Reviewer Management System 1.0 Shell Upload (0)
02-10: Backdoor.Win32.Prexot.a Man-In-The-Middle (0)
02-10: Backdoor.Win32.Wdoor.11 Remote Command Execution (0)
02-10: Atom CMS 2.0 SQL Injection (0)
02-10: Backdoor.Win32.Prexot.a Authentication Bypass (0)
02-10: Backdoor.Win32.Freddy.2001 Authentication Bypass / Command Execution (0)
02-10: Grandstream GXV31XX settimezone Unauthenticated Command Execution (0)
02-10: [webapps] WordPress Plugin Jetpack 9.1 – Cross Site Scripting (XSS) (0)
02-10: [webapps] WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 – SQL-Injection (Unauthenticated) (0)
02-10: [webapps] Home Owners Collection Management System 1.0 – 'id' Blind SQL Injection (0)
02-10: [webapps] Home Owners Collection Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
02-10: [webapps] Hospital Management Startup 1.0 – 'Multiple' SQLi (0)
02-10: [webapps] Home Owners Collection Management System 1.0 – Account Takeover (Unauthenticated) (0)
02-10: [local] Cain & Abel 4.9.56 – Unquoted Service Path (0)
02-10: [webapps] WordPress Plugin Contact Form Builder 1.6.1 – Cross-Site Scripting (XSS) (0)
02-09: FileBrowser 2.17.2 Code Execution / Cross Site Request Forgery (0)
02-09: WordPress Security Audit 1.0.0 Cross Site Scripting (0)
02-09: WordPress CP Blocks 1.0.14 Cross Site Scripting (0)
02-09: WordPress Contact Form Builder 1.6.1 Cross Site Scripting (0)
02-09: Hotel Reservation System 1.0 SQL Injection (0)
02-09: WordPress Simple Job Board 2.9.3 Local File Inclusion (0)
02-09: Wing FTP Server 4.3.8 Remote Code Execution (0)
02-09: PHP Everywhere 2.0.3 Remote Code Execution (0)
02-09: Strapi CMS 3.0.0-beta.17.4 Privilege Escalation (0)
02-09: QEMU Monitor HMP migrate Command Execution (0)
02-09: [webapps] AtomCMS v2.0 – SQLi (0)
02-09: [webapps] Exam Reviewer Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
02-09: [webapps] Exam Reviewer Management System 1.0 – ‘id’ SQL Injection (0)
02-08: Chrome storage::BlobBuilderFromStream Uninitializaed On-Stack Pointer (0)
02-08: Backdoor.Win32.Small.er Code Execution (0)
02-08: Hospital Management System 4.0 SQL Injection (0)
02-08: WordPress International SMS For Contact Form 7 Integration 1.2 XSS (0)
02-08: [webapps] Wordpress Plugin Simple Job Board 2.9.3 – Local File Inclusion (0)
02-08: [remote] Wing FTP Server 4.3.8 – Remote Code Execution (RCE) (Authenticated) (0)
02-08: [webapps] WordPress Plugin International Sms For Contact Form 7 Integration V1.2 – Cross Site Scripting (XSS) (0)
02-08: [webapps] Hospital Management System 4.0 – 'multiple' SQL Injection (0)
02-08: [webapps] FileBrowser 2.17.2 – Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE) (0)
02-08: [webapps] Hotel Reservation System 1.0 – SQLi (Unauthenticated) (0)
02-08: [webapps] Strapi CMS 3.0.0-beta.17.4 – Set Password (Unauthenticated) (Metasploit) (0)
02-05: WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting (0)
02-05: FLAME II MODEM USB Unquoted Service Path (0)
02-05: Servisnet Tessa Authentication Bypass (0)
02-05: Servisnet Tessa MQTT Credential Disclosure (0)
02-05: WBCE CMS 1.5.2 Remote Code Execution (0)
02-05: Servisnet Tessa Privilege Escalation (0)
02-05: WAGO 750-8xxx PLC Denial Of Service / User Enumeration (0)
02-05: Korenix Technology JetWave CSRF / Command Injection / Missing Authentication (0)
02-05: Voltage SecureMail Server Business Logic Bypass (0)
02-05: Shopmetrics Mystery Shopping Software Broken Access Control / XSS (0)
02-04: Feberr 12.7 Shell Upload (0)
02-04: Vivellio 1.2.1 User Account Enumeration (0)
02-04: [webapps] Servisnet Tessa – Add sysAdmin User (Unauthenticated) (Metasploit) (0)
02-04: [webapps] Servisnet Tessa – Privilege Escalation (Metasploit) (0)
02-04: [webapps] WordPress Plugin IP2Location Country Blocker 2.26.7 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
02-04: [local] FLAME II MODEM USB – Unquoted Service Path (0)
02-04: [webapps] WBCE CMS 1.5.2 – Remote Code Execution (RCE) (Authenticated) (0)
02-04: [webapps] Servisnet Tessa – MQTT Credentials Dump (Unauthenticated) (Metasploit) (0)
02-03: CONTPAQi AdminPAQ 14.0.0 Unquoted Service Path (0)
02-03: WordPress 404 To 301 2.0.2 SQL Injection (0)
02-03: WordPress Post Grid 2.1.1 Cross Site Scripting (0)
02-03: WordPress Product Slider For WooCommerce 1.13.21 Cross Site Scripting (0)
02-03: Chamilo LMS 1.11.14 Cross Site Scripting / Account Takeover (0)
02-03: WordPress Download Monitor WordPress 4.4.4 SQL Injection (0)
02-03: Backdoor.Win32.Wollf.m Weak Hardcoded Password (0)
02-03: WordPress Domain Check 1.0.16 Cross Site Scripting (0)
02-03: PHP Unit 4.8.28 Remote Code Execution (0)
02-03: WordPress Contact Form Check Tester 1.0.2 XSS / Access Control (0)
02-03: Mozilla Firefox 67 Array.pop JIT Type Confusion (0)
02-03: PHP Restaurants 1.0 SQL Injection (0)
02-03: Backdoor.Win32.Zxman Code Execution (0)
02-03: Moodle 3.11.4 SQL Injection (0)
02-03: Huawei DG8045 Router 1.0 Credential Disclosure (0)
02-03: Backdoor.Win32.Small.bu Remote Command Execution (0)
02-03: WordPress Learnpress 4.1.4.1 Arbitrary Image Renaming (0)
02-02: Cisco Small Business RV Series Authentication Bypass / Command Injection (0)
02-02: Packet Storm New Exploits For January, 2022 (0)
02-02: [webapps] Moodle 3.11.4 – SQL Injection (0)
02-02: [webapps] Wordpress Plugin 404 to 301 2.0.2 – SQL-Injection (Authenticated) (0)
02-02: [webapps] WordPress Plugin Domain Check 1.0.16 – Reflected Cross-Site Scripting (XSS) (Authenticated) (0)
02-02: [local] CONTPAQi(R) AdminPAQ 14.0.0 – Unquoted Service Path (0)
02-02: [local] Mozilla Firefox 67 – Array.pop JIT Type Confusion (0)
02-01: HackTool.Win32.Muzzer.a Buffer Overflow (0)
02-01: Backdoor.Win32.Tiny.c Code Execution (0)
02-01: Moxa TN-5900 Firmware Upgrade Checksum Validation (0)
02-01: Moxa TN-5900 Post Authentication Command Injection (0)
02-01: Apple Security Advisory 2022-01-26-1 (0)
02-01: Apple Security Advisory 2022-01-26-2 (0)
02-01: Apple Security Advisory 2022-01-26-3 (0)
02-01: Apple Security Advisory 2022-01-26-4 (0)
02-01: Apple Security Advisory 2022-01-26-5 (0)
02-01: Apple Security Advisory 2022-01-26-6 (0)
02-01: Apple Security Advisory 2022-01-26-7 (0)

January 2022 (216)

01-29: Fetch Softworks Fetch FTP Client 5.8 Denial Of Service (0)
01-28: WordPress Mortgage Calculators WP 1.52 Cross Site Scripting (0)
01-28: Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion (0)
01-28: PolicyKit-1 0.105-31 Privilege Escalation (0)
01-28: WordPress Modern Events Calendar 6.1 SQL Injection (0)
01-28: WordPress RegistrationMagic V 5.0.1.5 SQL Injection (0)
01-27: Apple Fixes 2 Zero-Day Security Bugs, One Exploited In the Wild (0)
01-27: Polkit pkexec CVE-2021-4034 Local Root (0)
01-27: Backdoor.Win32.WinShell.50 Weak Hardcoded Password (0)
01-27: Polkit pkexec CVE-2021-4034 Proof Of Concept (0)
01-27: Polkit pkexec CVE-2021-4034 Local Root (0)
01-27: Linux Kernel Slab Out-Of-Bounds Write (0)
01-27: Linux Kernel Slab Out-Of-Bounds Write (0)
01-27: [remote] Oracle WebLogic Server 14.1.1.0.0 – Local File Inclusion (0)
01-27: [webapps] WordPress Plugin Modern Events Calendar V 6.1 – SQL Injection (Unauthenticated) (0)
01-27: [webapps] WordPress Plugin RegistrationMagic V 5.0.1.5 – SQL Injection (Authenticated) (0)
01-27: [webapps] WordPress Plugin Mortgage Calculators WP 1.52 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
01-26: TYPO3 femanager 6.3.0 Cross Site Scripting (0)
01-26: H2 Database Console Remote Code Execution (0)
01-26: Online Project Time Management System 1.0 Cross Site Scripting (0)
01-26: Backdoor.Win32.Agent.uq Insecure Permissions (0)
01-26: Backdoor.Win32.FTP99 Authentication Bypass (0)
01-26: Backdoor.Win32.FTP99 Man-In-The-Middle (0)
01-26: PHPIPAM 1.4.4 SQL Injection (0)
01-26: WebACMS 2.1.0 Cross Site Scripting (0)
01-26: Backdoor.Win32.Hanuman.b Code Execution (0)
01-26: Backdoor.Win32.FTP.Lana.01.d Weak Hardcoded Password (0)
01-26: Online Project Time Management System 1.0 SQL Injection (0)
01-26: Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle (0)
01-26: Ametys CMS 4.4.1 Cross Site Scripting (0)
01-26: Backdoor.Win32.DRA.c Weak Hardcoded Password (0)
01-26: CosaNostra Builder Insecure Permissions (0)
01-26: Xerox Versalink Denial Of Service (0)
01-26: CosaNostra Builder WebPanel Insecure Cryptographic Storage (0)
01-26: FAUST iServer 9.0.018.018.4 Local File Inclusion (0)
01-26: uBidAuction 2.0.1 Cross Site Scripting (0)
01-26: CosaNostra Builder WebPanel Cross Site Request Forgery (0)
01-26: Ethercreative Logs 3.0.3 Path Traversal (0)
01-26: Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution (0)
01-25: XNU Kernel mach_msg Use-After-Free (0)
01-25: UniFi Network Application Unauthenticated Log4Shell Remote Code Execution (0)
01-25: [webapps] PHPIPAM 1.4.4 – SQLi (Authenticated) (0)
01-25: [webapps] Online Project Time Management System 1.0 – Multiple Stored Cross Site Scripting (XSS) (Authenticated) (0)
01-25: [webapps] Online Project Time Management System 1.0 – SQLi (Authenticated) (0)
01-24: [webapps] Landa Driving School Management System 2.0.1 – Arbitrary File Upload (0)
01-22: Online Project Time Management 1.0 SQL Injection (0)
01-22: Banco Guayaquil 8.0.0 Cross Site Scripting (0)
01-22: Backdoor.Win32.Wollf.16 Authentication Bypass (0)
01-22: Backdoor.Win32.Wollf.16 Hardcoded Credential (0)
01-21: VulturiBuilder Insecure Permissions (0)
01-21: CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage (0)
01-21: CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle (0)
01-21: Backdoor.Win32.Wisell Remote Command Execution (0)
01-21: Ransomware Builder Babuk Insecure Permissions (0)
01-21: VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution (0)
01-21: Grandstream GXV3175 Unauthenticated Command Execution (0)
01-20: WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting (0)
01-19: Nyron 1.0 SQL Injection (0)
01-19: Simple Chatbot Application 1.0 SQL Injection (0)
01-19: Simple Chatbot Application 1.0 Shell Upload (0)
01-19: Online Resort Management System 1.0 SQL Injection (0)
01-19: Landa Driving School Management System 2.0.1 Arbitrary File Upload (0)
01-19: Archeevo 5.0 Local File Inclusion (0)
01-19: [webapps] Affiliate Pro 1.7 – 'Multiple' Cross Site Scripting (XSS) (0)
01-19: [webapps] Rocket LMS 1.1 – Persistent Cross Site Scripting (XSS) (0)
01-19: [webapps] uDoctorAppointment v2.1.1 – 'Multiple' Cross Site Scripting (XSS) (0)
01-18: Worktime 10.20 Build 4967 DLL Hijacking (0)
01-18: Worktime 10.20 Build 4967 Unquoted Service Path (0)
01-18: HTTP Protocol Stack Denial Of Service / Remote Code Execution (0)
01-18: Cisco IP Phone Cleartext Password Storage (0)
01-18: Ab Stealer Web Panel Cross Site Scripting (0)
01-18: Win32.MarsStealer Web Panel Information Disclosure (0)
01-18: SB Admin Cross Site Request Forgery / SQL Injection (0)
01-18: Win32.MarsStealer Web Panel Cross Site Scripting (0)
01-18: Win32.MarsStealer Web Panel Unauthenticated Remote Data Deletion (0)
01-18: OpenBMCS 2.4 Cross Site Request Forgery (0)
01-18: Chaos Ransomware Builder 4 Insecure Permissions (0)
01-18: OpenBMCS 2.4 SQL Injection (0)
01-18: OpenBMCS 2.4 Remote Privilege Escalation (0)
01-18: AgentTesla Builder Web Panel Cross Site Scripting (0)
01-18: AgentTesla Builder Web Panel SQL Injection (0)
01-18: OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery (0)
01-18: OpenBMCS 2.4 Secret Disclosure (0)
01-18: [webapps] OpenBMCS 2.4 – Cross Site Request Forgery (CSRF) (0)
01-18: [webapps] Simple Chatbot Application 1.0 – 'message' Blind SQLi (0)
01-18: [webapps] Simple Chatbot Application 1.0 – Remote Code Execution (RCE) (0)
01-18: [webapps] OpenBMCS 2.4 – Information Disclosure (0)
01-18: [webapps] OpenBMCS 2.4 – Create Admin / Remote Privilege Escalation (0)
01-18: [webapps] OpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated) (0)
01-18: [webapps] OpenBMCS 2.4 – SQLi (Authenticated) (0)
01-18: [webapps] Online Resort Management System 1.0 – SQLi (Authenticated) (0)
01-18: [local] WorkTime 10.20 Build 4967 – Unquoted Service Path (0)
01-18: [remote] Archeevo 5.0 – Local File Inclusion (0)
01-14: Microsoft Windows EFSRPC Arbitrary File Upload / Privilege Escalation (0)
01-14: Chrome IPC::ChannelAssociatedGroupController Memory Corruption (0)
01-14: SonicWall SMA 100 Series Authenticated Command Injection (0)
01-14: Apple Security Advisory 2022-01-12-1 (0)
01-14: Apple ColorSync Out-Of-Bounds Read (0)
01-13: RLM 14.2 Cross Site Scripting (0)
01-13: Online Diagnostic Lab Management System 1.0 Missing Access Control (0)
01-13: Online Diagnostic Lab Management System 1.0 Cross Site Scripting (0)
01-13: Online Diagnostic Lab Management System 1.0 SQL Injection (0)
01-13: WordPress Frontend Uploader 1.3.2 Cross Site Scripting (0)
01-13: Libstagefright Heap Out-Of-Bounds Write (0)
01-13: Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure (0)
01-13: Log4Shell HTTP Header Injection (0)
01-13: Microsoft Starts 2022 With Big Bundle Fixes For 96 Security Bugs In Its Software (0)
01-13: [webapps] WordPress Core 5.8.2 – 'WP_Query' SQL Injection (0)
01-13: [webapps] Online Diagnostic Lab Management System 1.0 – Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Online Diagnostic Lab Management System 1.0 – Account Takeover (Unauthenticated) (0)
01-13: [webapps] SalonERP 3.0.1 – 'sql' SQL Injection (Authenticated) (0)
01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'room_list' Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'doctors' Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'room_types' Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Online Diagnostic Lab Management System 1.0 – SQL Injection (Unauthenticated) (0)
01-12: Microsoft Starts 2022 With Big Bundle Fixes For 96 Security Bugs In Its Software (0)
01-12: Microsoft Windows .Reg File Dialog Spoofing / Mitigation Bypass (0)
01-12: Microsoft Windows Defender / Detection Bypass (0)
01-12: Backdoor.Win32.Controlit.10 Code Execution (0)
01-12: [webapps] WordPress Plugin Frontend Uploader 1.3.2 – Stored Cross Site Scripting (XSS) (Unauthenticated) (0)
01-12: [local] Microsoft Windows Defender – Detections Bypass (0)
01-12: [local] Microsoft Windows .Reg File – Dialog Spoof / Mitigation Bypass (0)
01-11: CoreFTP Server Build 725 Directory Traversal (0)
01-11: VUPlayer 2.49 Buffer Overflow (0)
01-11: Online Railway Reservation System 1.0 Cross Site Scripting (0)
01-11: Online Railway Reservation System 1.0 Missing Access Control (0)
01-11: Online Railway Reservation System 1.0 Remote Code Execution (0)
01-11: Online Railway Reservation System 1.0 SQL Injection (0)
01-11: Online Resort Management System 1.0 SQL Injection (0)
01-11: Online Examination System Project 1.0 SQL Injection (0)
01-11: HTTP Commander 3.1.9 Cross Site Scripting (0)
01-11: WordPress Contact Form Entries Cross Site Scripting (0)
01-11: Open-AudIT Community 4.2.0 Cross Site Scripting (0)
01-11: Linux Garbage Collection Memory Corruption (0)
01-10: [local] VUPlayer 2.49 – '.wax' Local Buffer Overflow (DEP Bypass) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated) (0)
01-10: [webapps] HTTP Commander 3.1.9 – Stored Cross Site Scripting (XSS) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – 'id' SQL Injection (Unauthenticated) (0)
01-08: Online Veterinary Appointment System 1.0 SQL Injection (0)
01-08: Chrome storage::BlobURLStoreImpl::Revoke Heap Use-After-Free (0)
01-08: Microsoft Windows SMB Direct Session Takeover (0)
01-08: Google Project Zero 0-Days Exploited In-The-Wild (0)
01-07: Backdoor.Win32.Jtram.a Insecure Credential Storage (0)
01-07: Backdoor.Win32.Dsklite.a Denial Of Service (0)
01-07: Simple Music Cloud Community System 1.0 SQL Injection (0)
01-07: Backdoor.Win32.Jtram.a Man-In-The-Middle (0)
01-07: Backdoor.Win32.SVC Buffer Overflow (0)
01-07: XNU inm_merge Heap Use-After-Free (0)
01-07: Backdoor.Win32.Dsklite.a Insecure Transit (0)
01-07: Backdoor.Win32.SubSeven.c Buffer Overflow (0)
01-07: Backdoor.Win32.SVC Directory Traversal (0)
01-07: [webapps] Online Veterinary Appointment System 1.0 – 'Multiple' SQL Injection (0)
01-06: Movie Rating System 1.0 Broken Access Control (0)
01-06: Movie Rating System 1.0 SQL Injection / Code Execution (0)
01-06: Nettmp NNT 5.1 SQL Injection (0)
01-06: Safari Montage 8.5 Cross Site Scripting (0)
01-06: RiteCMS 3.1.0 Arbitrary File Deletion (0)
01-06: RiteCMS 3.1.0 Arbitrary File Overwrite (0)
01-06: cWifi Hotspot Wireless CP Code Execution (0)
01-06: Virtual Airline Manager 2.6.2 SQL Injection (0)
01-06: AWebServer GhostBuilding 18 Denial Of Service (0)
01-06: Easy Cart Shopping Cart 2021 Cross Site Scripting (0)
01-06: Hospitals Patient Records Management System 1.0 SQL Injection (0)
01-06: Vodafone H-500-s 3.5.10 WiFi Password Disclosure (0)
01-06: Automox Agent 32 Local Privilege Escalation (0)
01-06: uDoctorAppointment 2.1.1 Cross Site Scripting (0)
01-06: WordPress AAWP 3.16 Cross Site Scripting (0)
01-06: Hospitals Patient Records Management System 1.0 Account TakeOver (0)
01-06: Online Admission System 1.0 Remote Code Execution (0)
01-06: openSIS Student Information System 8.0 SQL Injection (0)
01-06: Rocket LMS 1.1 Cross Site Scripting (0)
01-06: TermTalk Server 3.24.0.2 Arbitrary File Read (0)
01-06: Hostel Management System 2.1 Cross Site Scripting (0)
01-06: Affiliate Pro 1.7 Cross Site Scripting (0)
01-06: Gerapy 0.9.7 Remote Code Execution (0)
01-06: Dixell XWEB 500 Arbitrary File Write (0)
01-06: WordPress Catch Themes Demo Import Shell Upload (0)
01-05: Projeqtor 9.3.1 Cross Site Scripting (0)
01-05: [webapps] Virtual Airlines Manager 2.6.2 – 'multiple' SQL Injection (0)
01-05: [webapps] Movie Rating System 1.0 – SQLi to RCE (Unauthenticated) (0)
01-05: [webapps] Online Admission System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
01-05: [local] TRIGONE Remote System Monitor 3.61 – Unquoted Service Path (0)
01-05: [webapps] BeyondTrust Remote Support 6.0 – Reflected Cross-Site Scripting (XSS) (Unauthenticated) (0)
01-05: [webapps] Hospitals Patient Records Management System 1.0 – Account TakeOver (0)
01-05: [remote] AWebServer GhostBuilding 18 – Denial of Service (DoS) (0)
01-05: [webapps] Hospitals Patient Records Management System 1.0 – 'id' SQL Injection (Authenticated) (0)
01-05: [webapps] Nettmp NNT 5.1 – SQLi Authentication Bypass (0)
01-05: [webapps] Hostel Management System 2.1 – Cross Site Scripting (XSS) (0)
01-05: [webapps] Library System in PHP 1.0 – 'publisher name' Stored Cross-Site Scripting (XSS) (0)
01-05: [webapps] SAFARI Montage 8.5 – Reflected Cross Site Scripting (XSS) (0)
01-05: [webapps] WordPress Plugin The True Ranker 2.2.2 – Arbitrary File Read (Unauthenticated) (0)
01-05: [remote] ConnectWise Control 19.2.24707 – Username Enumeration (0)
01-05: [webapps] RiteCMS 3.1.0 – Remote Code Execution (RCE) (Authenticated) (0)
01-05: [webapps] RiteCMS 3.1.0 – Arbitrary File Deletion (Authenticated) (0)
01-05: [webapps] RiteCMS 3.1.0 – Arbitrary File Overwrite (Authenticated) (0)
01-05: [webapps] CMSimple 5.4 – Cross Site Scripting (XSS) (0)
01-05: [webapps] WordPress Plugin Contact Form Entries 1.1.6 – Cross Site Scripting (XSS) (Unauthenticated) (0)
01-05: [dos] Siemens S7 Layer 2 – Denial of Service (DoS) (0)
01-04: Computer And Mobile Repair Shop Management 1.0 SQL Injection (0)
01-04: TRIGONE Remote System Monitor 3.61 Unquoted Service Path (0)
01-04: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
01-04: Backdoor.Win32.Wollf.m Weak Hardcoded Password (0)
01-04: Backdoor.Win32.Wollf.m Authentication Bypass (0)
01-04: BeyondTrust Remote Support 6.0 Cross Site Scripting (0)
01-04: Backdoor.Win32.Fantador Insecure Password Storage (0)
01-04: Backdoor.Win32.Fantador Denial Of Service (0)
01-04: Backdoor.Win32.Skrat Insecure Password Storage (0)
01-04: Backdoor.Win32.SilentSpy.10 Authentication Bypass / Command Execution (0)
01-04: WordPress CRM Form Entries Cross Site Scripting (0)
01-04: Backdoor.Win32.SilentSpy.10 Authentication Race Condition (0)
01-04: Zoom Chat Message Processing Buffer Overflow (0)
01-04: Zoom MMR Server Information Leak (0)
01-02: Packet Storm New Exploits For December, 2021 (0)
01-02: Packet Storm New Exploits For 2021 (0)

December 2021 (169)

12-29: Microsoft Windows Explorer Preview Pane Security Bypass (0)
12-29: Backdoor.Win32.Visiotrol.10 Insecure Password Storage (0)
12-29: Backdoor.Win32.FTP.Simpel.12 Man-In-The-Middle (0)
12-29: Windows Explorer Preview Pane HTML File Link Spoofing (0)
12-29: Backdoor.Win32.FTP.Simpel.12 Insecure Crypto Implementation (0)
12-29: Terramaster F4-210 / F2-210 Remote Code Execution (0)
12-29: ManageEngine ServiceDesk Plus Remote Code Execution (0)
12-24: Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service (0)
12-22: WBCE CMS 1.5.1 Admin Password Reset (0)
12-22: phpKF CMS 3.00 Beta y6 Remote Code Execution (0)
12-22: Exponent CMS 2.6 Cross Site Scripting / Brute Force (0)
12-22: Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets (0)
12-21: Alfa Team Shell Tesla 4.1 Remote Code Execution (0)
12-21: Signup PHP Portal 2.1 Shell Upload (0)
12-21: Video Sharing Website 1.0 SQL Injection (0)
12-21: Bazaar Web PHP Social Listings Shell Upload (0)
12-21: WordPress Popular Posts 5.3.2 Remote Code Execution (0)
12-20: [webapps] Exponent CMS 2.6 – Multiple Vulnerabilities (0)
12-20: [webapps] phpKF CMS 3.00 Beta y6 – Remote Code Execution (RCE) (Unauthenticated) (0)
12-20: [webapps] WBCE CMS 1.5.1 – Admin Password Reset (0)
12-18: Backdoor.Win32.BNLite Buffer Overflow (0)
12-18: Backdoor.Win32.Mellpon.b Information Disclosure (0)
12-18: Android VM_MAYWRITE Access To Shared Zygote JIT Mapping (0)
12-18: Apple Security Advisory 2021-12-15-1 (0)
12-18: Apple Security Advisory 2021-12-15-2 (0)
12-18: Apple Security Advisory 2021-12-15-3 (0)
12-18: Apple Security Advisory 2021-12-15-4 (0)
12-18: Apple Security Advisory 2021-12-15-5 (0)
12-18: Apple Security Advisory 2021-12-15-6 (0)
12-18: Apple Security Advisory 2021-12-15-7 (0)
12-17: Child's Day Care Management System 1.0 SQL Injection (0)
12-17: Arunna 1.0.0 Cross Site Request Forgery (0)
12-17: Croogo 3.0.2 Cross Site Scripting (0)
12-17: Croogo 3.0.2 Shell Upload (0)
12-17: Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration (0)
12-17: Chrome blink::NativeIOFile::DoRead Heap Use-After-Free (0)
12-17: Chrome ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread Heap Use-After-Free (0)
12-17: Chrome NavigationPreloadRequest Site Isolation Bypass (0)
12-16: Log4j2 Log4Shell Regexes (0)
12-16: Log4j Payload Generator (0)
12-16: Oliver Library Server 5 Arbitrary File Download (0)
12-16: Simple Cold Storage Management System 1.0 SQL Injection (0)
12-16: OpenEMR 6.0.0 / 6.1.0-dev SQL Injection (0)
12-16: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection (0)
12-16: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection (0)
12-16: SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection (0)
12-16: L4sh Log4j Remote Code Execution (0)
12-16: Log4j Remote Code Execution Word Bypassing (0)
12-16: log4j-scan Extensive Scanner (0)
12-16: Actively Attacked Microsoft Zero Day Allows App Spoofing (0)
12-16: [webapps] Arunna 1.0.0 – 'Multiple' Cross-Site Request Forgery (CSRF) (0)
12-16: [webapps] Croogo 3.0.2 – Unrestricted File Upload (0)
12-16: [webapps] Croogo 3.0.2 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
12-16: [webapps] Cibele Thinfinity VirtualUI 2.5.41.0 – User Enumeration (0)
12-15: Apache Log4j2 2.14.1 Information Disclosure (0)
12-15: Booked Scheduler 2.7.5 Shell Upload (0)
12-15: AbanteCart Arbitrary File Upload / Cross Site Scripting (0)
12-15: Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery (0)
12-15: Ticket Booking 1.0 SQL Injection (0)
12-15: Apache Log4j2 2.14.1 Remote Code Execution (0)
12-15: Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting (0)
12-15: meterN 1.2.3 Remote Command Execution (0)
12-15: WordPress Typebot 1.4.3 Cross Site Scripting (0)
12-15: Laravel Valet 2.0.3 Privilege Escalation (0)
12-15: Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting (0)
12-15: [remote] Oliver Library Server v5 – Arbitrary File Download (0)
12-14: Backdoor.Win32.Mechbot.a Insecure Permissions (0)
12-14: Backdoor.IRC.Subhuman Unauthenticated Open Proxy (0)
12-14: Backdoor.Win32.Asylum.014 Insecure Password Storage (0)
12-14: Backdoor.Win32.Nucleroot.mf Buffer Overflow (0)
12-14: HD-Network Real-Time Monitoring System 2.0 Local File Inclusion (0)
12-14: Backdoor.Win32.Ncx.b Code Execution (0)
12-14: Backdoor.Win32.Ncx.b Buffer Overflow (0)
12-14: Backdoor.Win32.BackAttack.20 Code Execution (0)
12-14: Simple Forum-Discussion System 1.0 SQL Injection (0)
12-14: Backdoor.Win32.BackAttack.20 Authentication Bypass / Code Execution (0)
12-14: Backdoor.Win32.FTP.Matiteman Weak Hardcoded Password (0)
12-14: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
12-14: WebHMI 4.0 Remote Code Execution (0)
12-14: Backdoor.Win32.Ramus Code Execution (0)
12-14: Oracle Database Protection Mechanism Bypass (0)
12-14: Backdoor.Win32.Phase.11 Code Execution (0)
12-14: Oracle Database Weak NNE Integrity Key Derivation (0)
12-14: [local] Microsoft Internet Explorer / ActiveX Control – Security Bypass (0)
12-14: [webapps] WordPress Plugin Typebot 1.4.3 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
12-14: [remote] Apache Log4j 2 – Remote Code Execution (RCE) (0)
12-14: [local] Laravel Valet 2.0.3 – Local Privilege Escalation (macOS) (0)
12-14: [remote] Apache Log4j2 2.14.1 – Information Disclosure (0)
12-13: Log4j Zero Day Flaw: What You Need To Know And How To Protect Yourself (0)
12-13: [webapps] WebHMI 4.0 – Remote Code Execution (RCE) (Authenticated) (0)
12-13: [remote] HD-Network Real-time Monitoring System 2.0 – Local File Inclusion (LFI) (0)
12-11: Apache Log4j2 2.14.1 Remote Code Execution (0)
12-11: Polkit CVE-2021-3560 Research (0)
12-11: Free School Management Software 1.0 Shell Upload (0)
12-11: Free School Management Software 1.0 Cross Site Scripting (0)
12-11: OpenCATS 0.9.4 Remote Code Execution (0)
12-10: Raspberry Pi 5.10 Default Credentials (0)
12-10: Kabir Alhasan Student Management System 1.0 SQL Injection (0)
12-10: Employees Daily Task Management System 1.0 Cross Site Scripting (0)
12-10: Employees Daily Task Management System 1.0 SQL Injection (0)
12-10: Chikitsa Patient Management System 2.0.2 Backup Remote Code Execution (0)
12-10: Chikitsa Patient Management System 2.0.2 Plugin Remote Code Execution (0)
12-10: MTPutty 1.0.1.21 SSH Password Disclosure (0)
12-10: WordPress Catch Themes Demo Import 1.6.1 Shell Upload (0)
12-10: TestLink 1.19 Arbitrary File Download (0)
12-10: LimeSurvey 5.2.4 Remote Code Execution (0)
12-10: Microsoft Office Word MSHTML Remote Code Execution (0)
12-10: Grafana 8.3.0 Directory Traversal / Arbitrary File Read (0)
12-10: [webapps] OpenCATS 0.9.4 – Remote Code Execution (RCE) (0)
12-09: Docker runc Command Execution Proof Of Concept (0)
12-09: Reprise License Manager 14.2 User Enumeration (0)
12-09: Reprise License Manager 14.2 Unauthenticated Password Change (0)
12-09: Reprise License Manager 14.2 Session Hijacking (0)
12-09: Reprise License Manager 14.2 Buffer Overflow (0)
12-09: Reprise License Manager 14.2 Remote Binary Execution (0)
12-09: Grafana Arbitrary File Reading (0)
12-09: (0)
12-09: ETS5 Password Recovery Tool (0)
12-09: [webapps] Grafana 8.3.0 – Directory Traversal and Arbitrary File Read (0)
12-09: [webapps] Wordpress Plugin Catch Themes Demo Import 1.6.1 – Remote Code Execution (RCE) (Authenticated) (0)
12-09: [webapps] Student Management System 1.0 – SQLi Authentication Bypass (0)
12-09: [webapps] TestLink 1.19 – Arbitrary File Download (Unauthenticated) (0)
12-09: [webapps] Employees Daily Task Management System 1.0 – 'username' SQLi Authentication Bypass (0)
12-09: [webapps] Chikitsa Patient Management System 2.0.2 – 'backup' Remote Code Execution (RCE) (Authenticated) (0)
12-09: [webapps] Chikitsa Patient Management System 2.0.2 – Remote Code Execution (RCE) (Authenticated) (0)
12-07: Simple Online Men's Salon Management System 1.0 SQL Injection (0)
12-07: HCL Lotus Notes 12 Unquoted Service Path (0)
12-07: Microsoft Internet Explorer Active-X Control Security Bypass (0)
12-07: Croogo 3.0.2 Remote Code Execution (0)
12-07: Auerswald COMfortel 1400/2600/3600 IP 2.8F Authentication Bypass (0)
12-07: Auerswald COMpact 8.0B Privilege Escalation (0)
12-07: runc / libcontainer Bind Mount Sources Insecure Handling (0)
12-07: Auerswald COMpact 8.0B Arbitrary File Disclosure (0)
12-07: Auerswald COMpact 8.0B Backdoors (0)
12-06: [webapps] Croogo 3.0.2 – Remote Code Execution (Authenticated) (0)
12-06: [remote] Auerswald COMpact 8.0B – Multiple Backdoors (0)
12-06: [remote] Auerswald COMpact 8.0B – Arbitrary File Disclosure (0)
12-06: [remote] Auerswald COMfortel 2.8F – Authentication Bypass (0)
12-06: [remote] Auerswald COMpact 8.0B – Privilege Escalation (0)
12-06: [local] HCL Lotus Notes V12 – Unquoted Service Path (0)
12-04: DuckDuckGo 7.64.4 Address Bar Spoofing (0)
12-04: Trojan.Win32.Mucc.ivk Unquoted Service Path (0)
12-04: Online Pre-Owned / Used Car Showroom Management System 1.0 SQL Injection (0)
12-04: M-Files Web Denial Of Service (0)
12-04: Backdoor.Win32.Vernet.axt Insecure Permissions (0)
12-04: Backdoor.Win32.Bionet.10 Authentication Bypass / Code Execution (0)
12-04: Online Magazine Management System 1.0 SQL Injection (0)
12-04: WordPress DZS Zoomsounds 6.45 Arbitrary File Read (0)
12-04: Backdoor.Win32.WinShell.50 Hardcoded Password (0)
12-04: WordPress Slider By Soliloquy 2.6.2 Cross Site Scripting (0)
12-04: Ubuntu Overlayfs Local Privilege Escalation (0)
12-04: WordPress All-In-One Video Gallery 2.4.9 Local File Inclusion (0)
12-04: Backdoor.Win32.WinShell.50 Hardcoded Password (0)
12-04: OrbiTeam BSCW Server XSS / LFI / User Enumeration (0)
12-03: Android vold Unsafe Mounting (0)
12-03: [webapps] WordPress Plugin DZS Zoomsounds 6.45 – Arbitrary File Read (Unauthenticated) (0)
12-03: [webapps] WordPress Plugin All-in-One Video Gallery plugin 2.4.9 – Local File Inclusion (LFI) (0)
12-03: [webapps] Online Magazine Management System 1.0 – SQLi Authentication Bypass (0)
12-03: [webapps] WordPress Plugin Slider by Soliloquy 2.6.2 – 'title' Stored Cross Site Scripting (XSS) (Authenticated) (0)
12-03: [webapps] Online Pre-owned/Used Car Showroom Management System 1.0 – SQLi Authentication Bypass (0)
12-02: Online Enrollment Management System In PHP And PayPal 1.0 Cross Site Scripting (0)
12-02: Advanced Comment System 1.0 Remote Command Execution (0)
12-02: NSS Signature Validation Memory Corruption (0)
12-02: MilleGPG5 5.7.2 Luglio 2021 Privilege Escalation (0)
12-02: Packet Storm New Exploits For November, 2021 (0)
12-01: Laundry Booking Management System 1.0 Remote Code Execution (0)
12-01: [webapps] Advanced Comment System 1.0 – Remote Command Execution (RCE) (0)
12-01: [local] MilleGPG5 5.7.2 Luglio 2021 – Local Privilege Escalation (0)
12-01: [webapps] Online Enrollment Management System in PHP and PayPal 1.0 – 'U_NAME' Stored Cross-Site Scripting (0)

November 2021 (251)

11-30: Nextar C472 POS DLL Hijacking (0)
11-30: Polkit Authentication Bypass / Local Privilege Escalation (0)
11-30: Apache HTTP Server 2.4.50 CVE-2021-42013 Exploitation (0)
11-30: Opencart 3.0.3.8 Session Injection (0)
11-30: Orangescrum 1.8.0 Cross Site Scripting (0)
11-30: Orangescrum 1.8.0 SQL Injection (0)
11-30: Orangescrum 1.8.0 Privilege Escalation (0)
11-30: [webapps] Laundry Booking Management System 1.0 – Remote Code Execution (RCE) (0)
11-29: [webapps] opencart 3.0.3.8 – Sessjion Injection (0)
11-29: [webapps] orangescrum 1.8.0 – 'Multiple' SQL Injection (Authenticated) (0)
11-29: [webapps] orangescrum 1.8.0 – 'Multiple' Cross-Site Scripting (XSS) (Authenticated) (0)
11-29: [webapps] orangescrum 1.8.0 – Privilege escalation (Authenticated) (0)
11-28: Gerdab.ir SQL Injection (0)
11-28: Bagisto 1.3.3 Client-Side Template Injection (0)
11-28: Backdoor.Win32.Coredoor.10.a Authentication Bypass / Code Execution (0)
11-28: Email-Worm.Win32.Deltad Insecure Permissions (0)
11-28: Backdoor.Win32.Coredoor.10.a Man-In-The-Middle (0)
11-28: D-Link DSL-3782 Pre-Authentication Remote Root (0)
11-28: ManageEngine ADSelfService Plus Authentication Bypass / Code Execution (0)
11-26: [webapps] Bagisto 1.3.3 – Client-Side Template Injection (0)
11-25: Serva 4.4.0 TFTP Remote Buffer Overflow (0)
11-25: CMSimple 5.4 Local File Inclusion / Remote Code Execution (0)
11-25: HTTPDebuggerPro 9.11 Unquoted Service Path (0)
11-25: Apple ColorSync CMMNDimLinear::Interpolate Uninitialized Memory (0)
11-24: Attackers Actively Target Windows Installer Zero-Day (0)
11-24: Samsung NPU (Neural Processing Unit) Memory Corruption (0)
11-24: GNU gdbserver 9.2 Remote Command Execution (0)
11-24: FLEX 1085 Web 1.6.0 HTML Injection (0)
11-24: Webrun 3.6.0.42 SQL Injection (0)
11-24: Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation (0)
11-24: WordPress WP Guppy 1.1 Information Disclosure (0)
11-24: [webapps] CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated) (0)
11-24: [local] HTTPDebuggerPro 9.11 – Unquoted Service Path (0)
11-23: PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection (0)
11-23: Backdoor.Win32.Acropolis.10 Insecure Permissions (0)
11-23: Backdoor.Win32.Curioso.zp Insecure Permissions (0)
11-23: Modbus Slave 7.3.1 Buffer Overflow (0)
11-23: Backdoor.Win32.Antilam.11 Code Execution (0)
11-23: Backdoor.Win32.Wollf.a Hardcoded Password (0)
11-23: Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass (0)
11-23: OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal (0)
11-23: Backdoor.Win32.Wollf.h Hardcoded Password (0)
11-23: Pinkie 2.15 Remote Buffer Overflow (0)
11-23: Wipro Holmes Orchestrator 20.4.1 File Disclosure (0)
11-23: Backdoor.Win32.Agent.ad Insecure Credential Storage (0)
11-23: Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection (0)
11-23: Backdoor.Win32.BNLite Buffer Overflow (0)
11-23: Backdoor.Win32.BlueAdept.02.a Buffer Overflow (0)
11-23: OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure (0)
11-23: Wipro Holmes Orchestrator 20.4.1 Report Disclosure (0)
11-23: [webapps] FLEX 1085 Web 1.6.0 – HTML Injection (0)
11-23: [webapps] Bus Pass Management System 1.0 – 'Search' SQL injection (0)
11-23: [webapps] Webrun 3.6.0.42 – 'P_0' SQL Injection (0)
11-23: [local] Linux Kernel 5.1.x – 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2) (0)
11-23: [webapps] Wordpress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure (0)
11-23: [remote] GNU gdbserver 9.2 – Remote Command Execution (RCE) (0)
11-22: [webapps] Aimeos Laravel ecommerce platform 2021.10 LTS – 'sort' SQL injection (0)
11-22: [dos] Modbus Slave 7.3.1 – Buffer Overflow (DoS) (0)
11-22: [dos] Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC) (0)
11-20: Apache Storm Nimbus 2.2.0 Command Execution (0)
11-19: FBI: FatPipe VPN Zero-Day Exploited By APT For 6 Months (0)
11-19: Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free (0)
11-18: Bludit 3.13.1 Cross Site Scripting (0)
11-18: Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting (0)
11-18: GitLab 13.10.2 Remote Code Execution (0)
11-18: LiquidFiles 3.5.13 Privilege Escalation (0)
11-18: WordPress Smart Product Review 1.0.4 Shell Upload (0)
11-18: SuiteCRM 7.11.18 Remote Code Execution (0)
11-17: Fuel CMS 1.4.13 SQL Injection (0)
11-17: Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection (0)
11-17: KONGA 0.14.9 Privilege Escalation (0)
11-17: WordPress Contact Form To Email 1.3.24 Cross Site Scripting (0)
11-17: Simple Subscription Website 1.0 SQL Injection (0)
11-17: Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download (0)
11-17: PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting (0)
11-17: WordPress WPSchoolPress 2.1.16 Cross Site Scripting (0)
11-17: CMDBuild 3.3.2 Cross Site Scripting (0)
11-17: Online Reviewer System 2.4.0 SQL Injection (0)
11-17: Online Learning System 2.0 Remote Code Execution (0)
11-17: Sitecore Experience Platform (XP) Remote Code Execution (0)
11-17: [webapps] Quick.CMS 6.7 – Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated) (0)
11-17: [webapps] Bludit 3.13.1 – 'username' Cross Site Scripting (XSS) (0)
11-16: WordPress WPSchoolPress 2.1.16 Cross Site Scripting (0)
11-16: [webapps] Online Learning System 2.0 – Remote Code Execution (RCE) (0)
11-16: [webapps] CMDBuild 3.3.2 – 'Multiple' Cross Site Scripting (XSS) (0)
11-15: [webapps] PHP Laravel 8.70.1 – Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF) (0)
11-15: [webapps] Fuel CMS 1.4.13 – 'col' Blind SQL Injection (Authenticated) (0)
11-15: [webapps] Simple Subscription Website 1.0 – SQLi Authentication Bypass (0)
11-15: [webapps] KONGA 0.14.9 – Privilege Escalation (0)
11-15: [webapps] WordPress Plugin Contact Form to Email 1.3.24 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
11-15: [webapps] WordPress Plugin WPSchoolPress 2.1.16 – 'Multiple' Cross Site Scripting (XSS) (0)
11-13: Mumara Classic 2.93 SQL Injection (0)
11-13: Microsoft Windows MultiPoint Server 2011 SP1 Local Privilege Escalation (0)
11-13: WordPress WP Symposium Pro 2021.10 Cross Site Scripting (0)
11-13: Xlight FTP 3.9.3.1 Buffer Overflow (0)
11-13: WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting (0)
11-13: Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution (0)
11-13: Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution (0)
11-12: [webapps] Mumara Classic 2.93 – 'license' SQL Injection (Unauthenticated) (0)
11-12: [local] Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation (0)
11-12: [dos] Xlight FTP 3.9.3.1 – Buffer Overflow (PoC) (0)
11-12: [webapps] WordPress Plugin AccessPress Social Icons 1.8.2 – 'icon title' Stored Cross-Site Scripting (XSS) (0)
11-12: [webapps] WordPress Plugin WP Symposium Pro 2021.10 – 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS) (0)
11-11: Employee And Visitor Gate Pass Logging System 1.0 Cross Site Scripting (0)
11-11: Employee Daily Task Management System 1.0 Cross Site Scripting (0)
11-11: Dolibarr ERP / CRM 13.0.2 Cross Site Scripting (0)
11-11: Dolibarr ERP / CRM 13.0.2 Remote Code Execution (0)
11-11: Microsoft OMI Management Interface Authentication Bypass (0)
11-11: Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation (0)
11-11: FormaLMS 2.4.4 Authentication Bypass (0)
11-11: YeaLink SIP-TXXXP 53.84.0.15 Command Injection (0)
11-11: AbsoluteTelnet 11.24 Denial Of Service (0)
11-11: Apache HTTP Server 2.4.50 Remote Code Execution (0)
11-11: Microsoft Windows WSAQuerySocketSecurity AppContainer Privilege Escalation (0)
11-11: Massive Zero-Day Hole Found In Palo Alto Security Appliances (0)
11-11: Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation (0)
11-11: [webapps] FormaLMS 2.4.4 – Authentication Bypass (0)
11-11: [dos] AbsoluteTelnet 11.24 – 'Phone' Denial of Service (PoC) (0)
11-11: [dos] AbsoluteTelnet 11.24 – 'Username' Denial of Service (PoC) (0)
11-11: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (3) (0)
11-11: [webapps] YeaLink SIP-TXXXP 53.84.0.15 – 'cmd' Command Injection (Authenticated) (0)
11-10: Movable Type 7 r.5002 XMLRPC API Remote Command Injection (0)
11-10: Google Assistant Authentication Bypass (0)
11-10: Google Assistant Authentication Bypass (0)
11-10: [webapps] Employee and Visitor Gate Pass Logging System 1.0 – 'name' Stored Cross-Site Scripting (XSS) (0)
11-10: [webapps] Employee Daily Task Management System 1.0 – 'Name' Stored Cross-Site Scripting (XSS) (0)
11-09: Backdoor.Win32.VB.afu Insecure Permissions (0)
11-09: FusionPBX 4.5.29 Remote Code Execution (0)
11-09: Money Transfer Management System 1.0 SQL Injection (0)
11-09: Backdoor.Win32.VB.afu Insecure Transit (0)
11-09: WordPress Backup And Restore 1.0.3 Arbitrary File Deletion (0)
11-09: Backdoor.Win32.Pahador.aj Authentication Bypass / Code Execution (0)
11-09: Froxlor 0.10.29.1 SQL Injection (0)
11-09: Backdoor.Win32.Hupigon.nqr Unauthenticated Open Proxy (0)
11-09: zlog 1.2.15 Buffer Overflow (0)
11-09: HEUR.Backdoor.Win32.Denis.gen Denial Of Service (0)
11-09: Backdoor.Win32.Hupigon.bnbb Unquoted Service Path (0)
11-09: Kmaleon 1.1.0.205 SQL Injection (0)
11-09: Trojan.Win32.Servstar.poa Unquoted Service Path (0)
11-09: Simple Client Management System 1.0 Cross Site Scripting (0)
11-09: Trojan.Win32.SkynetRef.x Unauthenticated Open Proxy (0)
11-09: Trojan.Win32.SkynetRef.y Unauthenticated Open Proxy (0)
11-09: Email-Worm.Win32.Plexus.b Code Execution (0)
11-08: Email-Worm.Win32.Plexus.b Code Execution (0)
11-08: [webapps] FusionPBX 4.5.29 – Remote Code Execution (RCE) (Authenticated) (0)
11-08: [local] zlog 1.2.15 – Buffer Overflow (0)
11-08: [webapps] Simple Client Management System 1.0 – SQLi (Authentication Bypass) (0)
11-08: [webapps] WordPress Plugin Backup and Restore 1.0.3 – Arbitrary File Deletion (0)
11-08: [webapps] Froxlor 0.10.29.1 – SQL Injection (Authenticated) (0)
11-08: [webapps] Money Transfer Management System 1.0 – Authentication Bypass (0)
11-08: [webapps] Simple Client Management System 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
11-08: [webapps] Kmaleon 1.1.0.205 – 'tipocomb' SQL Injection (Authenticated) (0)
11-06: Khamenei.ir SQL Injection (0)
11-06: Backdoor.Win32.Optix.03.b Code Execution (0)
11-06: 10-Strike Network Inventory Explorer Pro 9.31 Unquoted Service Path (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution (0)
11-06: Payment Terminal 2.x / 3.x Cross Site Scripting (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass (0)
11-06: Backdoor.Win32.Ncx.b Buffer Overflow (0)
11-06: PHP Event Calendar Lite Edition SQL Injection (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control (0)
11-06: ImportExportTools NG 10.0.4 HTML Injection (0)
11-06: Backdoor.Win32.Ncx.b Code Execution (0)
11-06: IBM Sterling B2B Integrator Cross Site Scripting (0)
11-06: PHP Event Calendar Lite Edition Cross Site Scripting (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass (0)
11-06: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration (0)
11-06: HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection (0)
11-05: Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection (0)
11-05: Opencart 3 Extension TMD Vendor System SQL Injection (0)
11-05: GitLab Unauthenticated Remote ExifTool Command Injection (0)
11-05: [webapps] Payment Terminal 3.1 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-05: [local] 10-Strike Network Inventory Explorer Pro 9.31 – 'srvInventoryWebServer' Unquoted Service Path (0)
11-04: GitLab Unauthenticated Remote ExifTool Command Injection (0)
11-04: Fuel CMS 1.4.1 Remote Code Execution (0)
11-04: Fuel CMS 1.4.1 Remote Code Execution (0)
11-04: [webapps] Opencart 3 Extension TMD Vendor System – Blind SQL Injection (0)
11-04: [webapps] Opencart 3 Extension TMD Vendor System – Blind SQL Injection (0)
11-03: YouTube Video Grabber 1.9.9.1 Buffer Overflow (0)
11-03: Kingdia CD Extractor 3.0.2 Buffer Overflow (0)
11-03: Codiad 2.8.4 Shell Upload (0)
11-03: WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution (0)
11-03: 10-Strike Network Inventory Explorer Pro 9.31 Buffer Overflow (0)
11-03: Employee Record Management System 1.2 SQL Injection (0)
11-03: Dynojet Power Core 2.3.0 Unquoted Service Path (0)
11-03: Ericsson Network Location MPS GMPC21 Remote Code Execution (0)
11-03: Ericsson Network Location MPS GMPC21 Privilege Escalation (0)
11-03: i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw (0)
11-03: [webapps] Eclipse Jetty 11.0.5 – Sensitive File Disclosure (0)
11-03: [webapps] Fuel CMS 1.4.1 – Remote Code Execution (3) (0)
11-03: [webapps] WordPress Plugin Hotel Listing 3 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] WordPress Plugin Popup Anything 2.0.3 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHPJabbers Simple CMS 5 – 'name' Persistent Cross-Site Scripting (XSS) (0)
11-03: [webapps] Ultimate POS 4.4 – 'name' Cross-Site Scripting (XSS) (0)
11-03: [webapps] OpenAM 13.0 – LDAP Injection (0)
11-03: [webapps] Vanguard 2.1 – 'Search' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Isshue Shopping Cart 3.5 – 'Title' Cross Site Scripting (XSS) (0)
11-03: [webapps] Mult-e-Cart Ultimate 2.4 – 'id' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – Persistent Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHP Melody 3.0 – 'vid' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Sonicwall SonicOS 6.5.4 – 'Common Name' Cross-Site Scripting (XSS) (0)
11-03: [local] RDP Manager 4.9.9.3 – Denial-of-Service (PoC) (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' SQL Injection (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
11-03: [webapps] Ultimate POS 4.4 – 'name' Cross-Site Scripting (XSS) (0)
11-03: [webapps] OpenAM 13.0 – LDAP Injection (0)
11-03: [webapps] Vanguard 2.1 – 'Search' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Isshue Shopping Cart 3.5 – 'Title' Cross Site Scripting (XSS) (0)
11-03: [webapps] Mult-e-Cart Ultimate 2.4 – 'id' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – Persistent Cross-Site Scripting (XSS) (0)
11-03: