__–::: Deepquest :::–__ » Archives

rss feed

Archives

February 2020 (201)

02-19: WordPress WP Sitemap Page 1.6.2 Cross Site Scripting (0)
02-18: http://dnprg15.dnp.go.th/007.html (0)
02-18: SOPlanning 1.45 SQL Injection (0)
02-18: SOPlanning 1.45 Cross Site Request Forgery (0)
02-18: Easy File Sharing Web Server 7.2 Unquoted Service Path (0)
02-18: Easy File Management Web Server 5.6 Unquoted Service Path (0)
02-18: HP System Event 1.2.9.0 Unquoted Service Path (0)
02-18: Disk Pulse Enterprise 12.4.18 Unquoted Service Path (0)
02-18: Ice HRM 26.2.0 Cross Site Request Forgery (0)
02-18: DiskBoss Enterprise 11.0.24 Unquoted Service Path (0)
02-18: Easy Chat Server 3.1 Unquoted Service Path (0)
02-18: VX Search Enterprise 12.4.16 Unquoted Service Path (0)
02-18: BOOTP Turbo 2.0.1214 Unquoted Service Path (0)
02-18: DHCP Turbo 4.61298 Unquoted Service Path (0)
02-18: TFTP Turbo 4.6.1273 Unquoted Service Path (0)
02-18: Cuckoo Clock 5.0 Buffer Overflow (0)
02-18: Easy File Sharing Web Server 7.2 Buffer Overflow (0)
02-18: FTPShell Server 6.85 Buffer Overflow (0)
02-18: WordPress Strong Testimonials 2.40.1 Cross Site Scripting (0)
02-18: Avaya Aura Communication Manager 5.2 Remote Code Execution (0)
02-18: Microsoft Windows 10 MSI Privilege Escalation (0)
02-18: LabVantage 8.3 Information Disclosure (0)
02-18: Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak (0)
02-18: WordPress Fruitful 3.8 Cross Site Scripting (0)
02-18: Microsoft Windows Modules Installer Service Information Disclosure (0)
02-18: [webapps] WordPress Plugin WP Sitemap Page 1.6.2 – Persistent Cross-Site Scripting (0)
02-17: [local] Cuckoo Clock v5.0 – Buffer Overflow (0)
02-17: [webapps] SOPlanning 1.45 – 'users' SQL Injection (0)
02-17: [webapps] Avaya Aura Communication Manager 5.2 – Remote Code Execution (0)
02-17: [local] BOOTP Turbo 2.0.1214 – 'BOOTP Turbo' Unquoted Service Path (0)
02-17: [webapps] SOPlanning 1.45 – Cross-Site Request Forgery (Add User) (0)
02-17: [local] TFTP Turbo 4.6.1273 – 'TFTP Turbo 4' Unquoted Service Path (0)
02-17: [webapps] WordPress Theme Fruitful 3.8 – Persistent Cross-Site Scripting (0)
02-17: [local] DHCP Turbo 4.61298 – 'DHCP Turbo 4' Unquoted Service Path (0)
02-17: [webapps] Ice HRM 26.2.0 – Cross-Site Request Forgery (Add User) (0)
02-17: [local] MSI Packages Symbolic Links Processing – Windows 10 Privilege Escalation (0)
02-17: [webapps] SOPlanning 1.45 – 'by' SQL Injection (0)
02-15: SWAPGS Attack Proof Of Concept (0)
02-15: phpMyChat Plus 1.98 SQL Injection (0)
02-15: HomeGuard Pro 9.3.1 Insecure Folder Permissions (0)
02-15: EPSON EasyMP Network Projection 2.81 Unquoted Service Path (0)
02-15: SprintWork 2.3.1 Local Privilege Escalation (0)
02-14: SweynTooth Bluetooth Exploits (0)
02-14: WordPress Ultimate-Member 2.1.3 Local File Inclusion (0)
02-14: SuiteCRM 7.11.11 Second-Order PHP Object Injection (0)
02-14: SuiteCRM 7.11.11 Phar Deserialization (0)
02-14: Pandora FMS 7.0 Authenticated Remote Code Execution (0)
02-14: SuiteCRM 7.11.11 Bean Manipulation (0)
02-14: OpenTFTP 1.66 Local Privilege Escalation (0)
02-14: SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion (0)
02-14: SuiteCRM 7.11.10 SQL Injection (0)
02-14: macOS / iOS launchd XPC Message Parsing Memory Corruption (0)
02-14: XPC Memory Disclosure / Corruption (0)
02-14: Samsung /dev/tsmux Heap Out-Of-Bounds Write (0)
02-14: Anviz CrossChex Buffer Overflow (0)
02-14: [local] EPSON EasyMP Network Projection 2.81 – 'EMP_NSWLSV' Unquoted Service Path (0)
02-14: [local] HomeGuard Pro 9.3.1 – Insecure Folder Permissions (0)
02-14: [webapps] phpMyChat Plus 1.98 – 'pmc_username' SQL Injection (0)
02-13: WordPress Contact-Form-7 5.1.6 File Upload (0)
02-13: MyVideoConverter Pro 3.14 Buffer Overflow (0)
02-13: WordPress Tutor 1.5.3 Cross Site Scripting (0)
02-13: HP System Event Utility Local Privilege Escalation (0)
02-13: WordPress Wordfence 7.4.5 Local File Disclosure (0)
02-13: WordPress Tutor 1.5.3 Local File Inclusion (0)
02-13: Samsung Kernel PROCA Use-After-Free / Double-Free (0)
02-13: Samsung SEND_FILE_WITH_HEADER Use-After-Free (0)
02-13: [webapps] PANDORAFMS 7.0 – Authenticated Remote Code Execution (0)
02-13: [local] OpenTFTP 1.66 – Local Privilege Escalation (0)
02-13: [webapps] Wordpress Plugin tutor.1.5.3 – Local File Inclusion (0)
02-13: [webapps] Wordpress Plugin tutor.1.5.3 – Persistent Cross-Site Scripting (0)
02-12: Torrent iPod Video Converter 1.51 Stack Overflow (0)
02-12: freeFTPd 1.0.13 Unquoted Service Path (0)
02-12: Disk Sorter Enterprise 12.4.16 Unquoted Service Path (0)
02-12: Disk Savvy Enterprise 12.3.18 Unquoted Service Path (0)
02-12: Sync Breeze Enterprise 12.4.18 Unquoted Service Path (0)
02-12: FreeSSHd 1.3.1 Unquoted Service Path (0)
02-12: CHIYU BF430 TCP IP Converter Cross Site Scripting (0)
02-12: DVD Photo Slideshow Professional 8.07 Buffer Overflow (0)
02-12: Wedding Slideshow Studio 1.36 Buffer Overflow (0)
02-12: OpenSMTPD 6.6.1 Local Privilege Escalation (0)
02-12: Google Chrome PannerHandler::TailTime Heap Use-After-Free (0)
02-12: Google Chrome PasswordFormManager::OnGeneratedPasswordAccepted Heap Buffer Overflow (0)
02-12: [local] HP System Event Utility – Local Privilege Escalation (0)
02-12: [local] MyVideoConverter Pro 3.14 – 'Output Folder' Buffer Overflow (0)
02-12: [local] MyVideoConverter Pro 3.14 – 'Movie' Buffer Overflow (0)
02-12: [local] MyVideoConverter Pro 3.14 – 'TVSeries' Buffer Overflow (0)
02-11: VehicleWorkshop 1.0 SQL Injection (0)
02-11: EyesOfNetwork 5.3 Remote Code Execution (0)
02-11: Dota 2 7.23f Denial Of Service (0)
02-11: PackWeb Formap E-learning 1.0 SQL Injection (0)
02-11: Forcepoint WebSecurity 8.5 Cross Site Scripting (0)
02-11: QuickDate 1.3.2 SQL Injection (0)
02-11: Google Invisible RECAPTCHA 3 Spoof Bypass (0)
02-11: ExpertGPS 6.38 XML Injection (0)
02-11: Wedding Slideshow Studio 1.36 Buffer Overflow (0)
02-11: LearnDash WordPress LMS 3.1.2 Cross Site Scripting (0)
02-11: WordPress InfiniteWP Client Authentication Bypass (0)
02-11: Vanilla Forum 2.6.3 Cross Site Scripting (0)
02-11: [remote] OpenSMTPD 6.4.0 < 6.6.1 – Local Privilege Escalation + Remote Code Execution (0)
02-11: [local] Wedding Slideshow Studio 1.36 – 'Name' Buffer Overflow (0)
02-11: [local] Disk Savvy Enterprise 12.3.18 – Unquoted Service Path (0)
02-11: [webapps] WordPress InfiniteWP – Client Authentication Bypass (Metasploit) (0)
02-11: [local] Disk Sorter Enterprise 12.4.16 – 'Disk Sorter Enterprise' Unquoted Service Path (0)
02-11: [local] Sync Breeze Enterprise 12.4.18 – 'Sync Breeze Enterprise' Unquoted Service Path (0)
02-11: [local] DVD Photo Slideshow Professional 8.07 – 'Name' Buffer Overflow (0)
02-11: [local] FreeSSHd 1.3.1 – 'FreeSSHDService' Unquoted Service Path (0)
02-11: [webapps] Vanilla Forums 2.6.3 – Persistent Cross-Site Scripting (0)
02-11: [local] DVD Photo Slideshow Professional 8.07 – 'Key' Buffer Overflow (0)
02-11: [webapps] CHIYU BF430 TCP IP Converter – Stored Cross-Site Scripting (0)
02-11: [local] freeFTPd v1.0.13 – 'freeFTPdService' Unquoted Service Path (0)
02-11: [local] Torrent iPod Video Converter 1.51 – Stack Overflow (0)
02-10: [webapps] LearnDash WordPress LMS Plugin 3.1.2 – Reflective Cross-Site Scripting (0)
02-10: [webapps] Forcepoint WebSecurity 8.5 – Reflective Cross-Site Scripting (0)
02-10: [local] Wedding Slideshow Studio 1.36 – 'Key' Buffer Overflow (0)
02-08: OpenSMTPD MAIL FROM Remote Code Execution (0)
02-08: D-Link ssdpcgi Unauthenticated Remote Command Execution (0)
02-08: Ricoh Driver Privilege Escalation (0)
02-08: macOS/iOS ImageIO DDS Image Out-Of-Bounds Read (0)
02-08: macOS/iOS kern_stack_snapshot_internal() Userspace Share Issue (0)
02-08: macOS ImageIO JPEG Out-Of-Bounds Write (0)
02-08: libx264 H264 Conversion Out-Of-Bounds Write (0)
02-08: macOS/iOS XNU mk_timer_create_trap() Race Condition (0)
02-08: XNU OUserClient::_sendAsyncResult64() ipc_port Pointer Disclosure (0)
02-08: systemd-machined Incorrect Reference Decrement (0)
02-08: macOS/iOS ImageIO PVR Image Processing Heap Corruption (0)
02-08: macOS/iOS ImageIO PVR Processing Out-Of-Bounds Read (0)
02-08: macOS/iOS IOAccelCommandQueue2::processSegmentKernelCommand() Out-Of-Bounds Timestamp Write (0)
02-08: usersctp sctp_load_addresses_from_init Out-Of-Bounds Read (0)
02-07: ELAN Smart-Pad 11.10.15.1 Unquoted Service Path (0)
02-07: VIM 8.2 Denial Of Service (0)
02-07: AbsoluteTelnet 11.12 Denial Of Service (0)
02-07: TapinRadio 2.12.3 Denial Of Service (0)
02-07: RarmaRadio 2.72.4 Denial Of Service (0)
02-07: Online Job Portal 1.0 SQL Injection (0)
02-07: Online Job Portal 1.0 Code Execution (0)
02-07: Online Job Portal 1.0 Cross Site Request Forgery (0)
02-07: Ecommerce Systempay 1.0 Brute Force (0)
02-07: Cisco Data Center Network Manager 11.2 Remote Code Execution (0)
02-07: Cisco Data Center Network Manager 11.2.1 SQL Injection (0)
02-07: Cisco Data Center Network Manager 11.2.1 Command Injection (0)
02-07: [webapps] QuickDate 1.3.2 – SQL Injection (0)
02-07: [webapps] ExpertGPS 6.38 – XML External Entity Injection (0)
02-07: [local] Windscribe – WindscribeService Named Pipe Privilege Escalation (Metasploit) (0)
02-06: HiSilicon DVR/NVR hi3520d Firmware Backdoor Account (0)
02-06: xglance-bin Local Root Privilege Escalation (0)
02-06: AVideo Platform 8.1 Cross Site Request Forgery (0)
02-06: AVideo Platform 8.1 User Enumeration (0)
02-06: Verodin Director Web Console 3.5.4.0 Password Disclosure (0)
02-06: Kronos WebTA 4.0 Privilege Escalation / Cross Site Scripting (0)
02-06: Socat 1.7.3.4 Heap Overflow (0)
02-06: Wago PFC200 Remote Code Execution (0)
02-06: Windscribe WindscribeService Named Pipe Privilege Escalation (0)
02-06: [dos] AbsoluteTelnet 11.12 – 'license name' Denial of Service (PoC) (0)
02-06: [webapps] Cisco Data Center Network Manager 11.2.1 – 'LanFabricImpl' Command Injection (0)
02-06: [dos] AbsoluteTelnet 11.12 – "license name" Denial of Service (PoC) (0)
02-06: [webapps] Cisco Data Center Network Manager 11.2.1 – 'getVmHostData' SQL Injection (0)
02-06: [webapps] Online Job Portal 1.0 – 'user_email' SQL Injection (0)
02-06: [dos] VIM 8.2 – Denial of Service (PoC) (0)
02-06: [webapps] Cisco Data Center Network Manager 11.2 – Remote Code Execution (0)
02-06: [webapps] Ecommerce Systempay 1.0 – Production KEY Brute Force (0)
02-06: [webapps] Online Job Portal 1.0 – Cross Site Request Forgery (Add User) (0)
02-06: [dos] RarmaRadio 2.72.4 – 'username' Denial of Service (PoC) (0)
02-06: [dos] RarmaRadio 2.72.4 – 'server' Denial of Service (PoC) (0)
02-06: [webapps] Online Job Portal 1.0 – Remote Code Execution (0)
02-06: [dos] TapinRadio 2.12.3 – 'username' Denial of Service (PoC) (0)
02-06: [dos] AbsoluteTelnet 11.12 – 'SSH2/username' Denial of Service (PoC) (0)
02-06: [dos] TapinRadio 2.12.3 – 'address' Denial of Service (PoC) (0)
02-06: [local] ELAN Smart-Pad 11.10.15.1 – 'ETDService' Unquoted Service Path (0)
02-05: Sudo 1.8.25p Buffer Overflow (0)
02-05: F-Secure Internet Gatekeeper 5.40 Heap Overflow (0)
02-05: SMB DOUBLEPULSAR Remote Code Execution (0)
02-05: RDP DOUBLEPULSAR Remote Code Execution (0)
02-05: Centreon 19.10.5 Pollers Remote Command Execution (0)
02-05: [remote] HiSilicon DVR/NVR hi3520d firmware – Remote Backdoor Account (0)
02-05: [webapps] Verodin Director Web Console 3.5.4.0 – Remote Authenticated Password Disclosure (PoC) (0)
02-05: [webapps] Kronos WebTA 4.0 – Authenticated Remote Privilege Escalation (0)
02-05: [local] xglance-bin 11.00 – Privilege Escalation (0)
02-05: [webapps] Wago PFC200 – Authenticated Remote Code Execution (Metasploit) (0)
02-05: [local] Socat 1.7.3.4 – Heap-Based Overflow (PoC) (0)
02-05: [webapps] AVideo Platform 8.1 – Cross Site Request Forgery (Password Reset) (0)
02-05: [webapps] AVideo Platform 8.1 – Information Disclosure (User Enumeration) (0)
02-04: BearFTP 0.1.0 Denial Of Service (0)
02-04: Jira 8.3.4 Information Disclosure (0)
02-04: Packet Storm New Exploits For January, 2020 (0)
02-04: phpList 3.5.0 Authentication Bypass (0)
02-04: School ERP System 1.0 Cross Site Request Forgery (0)
02-04: P2PWIFICAM2 For iOS 10.4.1 Denial Of Service (0)
02-04: Schneider Electric U.Motion Builder 1.3.4 Command Injection (0)
02-04: [local] Sudo 1.8.25p – Buffer Overflow (0)
02-04: [webapps] Centreon 19.10.5 – 'Pollers' Remote Command Execution (Metasploit) (0)
02-03: [dos] P2PWIFICAM2 for iOS 10.4.1 – 'Camera ID' Denial of Service (PoC) (0)
02-03: [webapps] Schneider Electric U.Motion Builder 1.3.4 – Authenticated Command Injection (0)
02-03: [webapps] ira 8.3.4 – Information Disclosure (Username Enumeration) (0)
02-03: [webapps] phpList 3.5.0 – Authentication Bypass (0)
02-03: [dos] BearFTP 0.1.0 – 'PASV' Denial of Service (0)
02-03: [webapps] IceWarp WebMail 11.4.4.1 – Reflective Cross-Site Scripting (0)
02-03: [webapps] School ERP System 1.0 – Cross Site Request Forgery (Add Admin) (0)
02-01: Lotus Core CMS 1.0.1 Local File Inclusion (0)
02-01: FlexNet Publisher 11.12.1 Cross Site Request Forgery (0)
02-01: Intel Processor Identification Utility 6.0.0211 Privilege Escalation (0)
02-01: http://psschool.obec.go.th/007.html (0)

January 2020 (291)

01-31: XMLBlueprint 16.191112 XML Injection (0)
01-31: Centreon 19.10.5 Remote Command Execution (0)
01-31: Cups Easy 1.0 Cross Site Request Forgery (0)
01-31: Centreon 19.10.5 Remote Command Execution (0)
01-31: OpenSMTPD 6.6.2 Remote Code Execution (0)
01-31: rConfig 3.9.3 Remote Code Execution (0)
01-31: TrendMicro Anti-Threat Toolkit Improper Fix (0)
01-31: [webapps] Lotus Core CMS 1.0.1 – Local File Inclusion (0)
01-30: Apple Security Advisory 2020-1-29-2 (0)
01-30: Apple Security Advisory 2020-1-29-1 (0)
01-30: Apple Security Advisory 2020-1-28-6 (0)
01-30: Apple Security Advisory 2020-1-28-5 (0)
01-30: Apple Security Advisory 2020-1-28-3 (0)
01-30: Apple Security Advisory 2020-1-28-4 (0)
01-30: Apple Security Advisory 2020-1-28-2 (0)
01-30: Apple Security Advisory 2020-1-28-1 (0)
01-30: Fifthplay S.A.M.I Cross Site Request Forgery / Cross Site Scripting (0)
01-30: OpenBSD OpenSMTPD Privilege Escalation / Code Execution (0)
01-30: [webapps] rConfig 3.9.3 – Authenticated Remote Code Execution (0)
01-30: [remote] OpenSMTPD 6.6.2 – Remote Code Execution (0)
01-29: Torrent 3GP Converter 1.51 Stack Overflow (0)
01-29: SolarWinds n-Central Dumpster Diver (0)
01-29: FusionAuth 1.10 Remote Command Execution (0)
01-29: IceWarp WebMail 11.4.4.1 Cross Site Scripting (0)
01-29: macOS / iOS ImageIO Heap Corruption (0)
01-29: Adive Framework 2.0.8 Cross Site Request Forgery (0)
01-29: Centreon 19.10.5 Credential Disclosure (0)
01-29: Centreon 19.10.5 Remote Command Execution (0)
01-29: Octeth Oempro 4.8 SQL Injection (0)
01-29: [webapps] Centreon 19.10.5 – 'Pollers' Remote Command Execution (0)
01-29: [webapps] Satellian 1.12 – Remote Code Execution (0)
01-29: [local] Microsoft Windows 10 – Theme API 'ThemePack' File Parsing (0)
01-29: [webapps] Cups Easy 1.0 – Cross Site Request Forgery (Password Reset) (0)
01-29: [local] XMLBlueprint 16.191112 – XML External Entity Injection (0)
01-29: [webapps] Liferay CE Portal 6.0.2 – Remote Command Execution (0)
01-29: [webapps] Kibana 6.6.1 – CSV Injection (0)
01-28: [dos] macOS/iOS ImageIO – Heap Corruption when Processing Malformed TIFF Image (0)
01-28: [webapps] Centreon 19.10.5 – Database Credentials Disclosure (0)
01-28: [webapps] Octeth Oempro 4.8 – 'CampaignID' SQL Injection (0)
01-28: [webapps] Adive Framework 2.0.8 – Cross-Site Request Forgery (Change Admin Password) (0)
01-28: [webapps] Centreon 19.10.5 – Remote Command Execution (0)
01-27: [local] Torrent 3GP Converter 1.51 – Stack Overflow (SEH) (0)
01-26: Ricoh Printer Driver Local Privilege Escalation (0)
01-26: Realtek SDK Information Disclosure / Code Execution (0)
01-25: Genexis Platinum-4410 2.1 Authentication Bypass (0)
01-25: TP-Link TP-SG105E 1.0.0 Unauthenticated Remote Reboot (0)
01-25: Webtareas 2.0 SQL Injection (0)
01-25: OLK Web Store 2020 Cross Site Request Forgery (0)
01-24: http://bamras.ddc.moph.go.th/Ali.txt (0)
01-24: http://special.obec.go.th/by_agent.php (0)
01-24: http://www.dsd.go.th/0.html (0)
01-24: BOOTP Turbo 2.0 Denial Of Service (0)
01-24: Pachev FTP Server 1.0 Path Traversal (0)
01-24: Umbraco CMS 8.2.2 Cross Site Request Forgery (0)
01-24: qdPM 9.1 Remote Code Execution (0)
01-24: [webapps] Genexis Platinum-4410 2.1 – Authentication Bypass (0)
01-24: [webapps] OLK Web Store 2020 – Cross-Site Request Forgery (0)
01-24: [webapps] Webtareas 2.0 – 'id' SQL Injection (0)
01-24: [webapps] TP-Link TP-SG105E 1.0.0 – Unauthenticated Remote Reboot (0)
01-23: Microsoft Windows Media Center .wmv Security Bypass / Code Execution (0)
01-23: ManageEngine Network Configuration Manager 12.2 SQL Injection (0)
01-23: Microsoft Windows Theme API File Parsing (0)
01-23: Park Ticketing Management System 1.0 Cross Site Scripting (0)
01-23: SolarWindows MSP n-Central Information Disclosure (0)
01-23: ECTouch ECShop 2.7.3 SQL Injection (0)
01-23: KeePass 2.44 Denial Of Service (0)
01-23: XNU vm_map_copy Insufficient Fix (0)
01-23: Citrix XenMobile Server 10.8 XML Injection (0)
01-23: Employee Leaves Management System 2.0 Cross Site Request Forgery (0)
01-23: ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting (0)
01-23: Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation (0)
01-23: D-Link DIR-859 Unauthenticated Remote Command Execution (0)
01-23: [remote] Pachev FTP Server 1.0 – Path Traversal (0)
01-23: [webapps] qdPM 9.1 – Remote Code Execution (0)
01-23: [dos] BOOTP Turbo 2.0 – Denial of Service (SEH)(PoC) (0)
01-22: Microsoft Zero Day Actively Exploited, Patch Forthcoming (0)
01-22: WordPress WP Fanzone 3.1 SQL Injection (0)
01-22: Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption (0)
01-22: [dos] KeePass 2.44 – Denial of Service (PoC) (0)
01-22: [webapps] Citrix XenMobile Server 10.8 – XML External Entity Injection (0)
01-21: Hospital Management System 4.0 Cross Site Scripting (0)
01-21: Easy XML Editor 1.7.8 XML Injection (0)
01-21: Advie Framework 2.0.8 Cross Site Scripting (0)
01-21: Sysax Multi Server 5.50 Denial Of Service (0)
01-21: Centreon 19.04 Remote Code Execution (0)
01-21: [local] NEOWISE CARBONFTP 1.4 – Weak Password Encryption (0)
01-21: [webapps] ManageEngine Network Configuration Manager 12.2 – 'apiKey' SQL Injection (0)
01-20: [webapps] Centreon 19.04 – Authenticated Remote Code Execution (Metasploit) (0)
01-20: [dos] Sysax Multi Server 5.50 – Denial of Service (PoC) (0)
01-20: [webapps] Adive Framework 2.0.8 – Persistent Cross-Site Scripting (0)
01-20: [local] Easy XML Editor 1.7.8 – XML External Entity Injection (0)
01-19: Microsoft .diagcab Directory Traversal / Code Execution (0)
01-18: APKF Product Key Finder 2.5.8.0 Denial Of Service (0)
01-18: Torrent FLV Converter 1.51 Build 117 Stack Overflow (0)
01-18: WordPress InfiniteWP Client 1.9.4.5 Authentication Bypass (0)
01-18: GTalk Password Finder 2.2.1 Denial Of Service (0)
01-18: WordPress Time Capsule 1.21.16 Authentication Bypass (0)
01-18: Solaris xlock Information Disclosure (0)
01-18: Common Desktop Environment 2.3.1 Buffer Overflow (0)
01-18: Trend Micro Security 2019 Security Bypass Protected Service Tampering (0)
01-18: Trend Micro Security (Consumer) Arbitrary Code Execution (0)
01-17: WordPress Postie 1.9.40 Cross Site Scripting (0)
01-17: SunOS 5.10 Generic_147148-26 Local Privilege Escalation (0)
01-17: Online Book Store 1.0 Arbitrary File Upload (0)
01-17: Tautulli 2.1.9 Denial Of Service (0)
01-17: CurveBall Microsoft Windows CryptoAPI Spoofing Proof Of Concept (0)
01-17: CurveBall Microsoft Windows CryptoAPI Spoofing Proof Of Concept (0)
01-17: Jenkins Gitlab Hook 1.4.2 Cross Site Scripting (0)
01-17: Citrix ADC / Gateway Path Traversal (0)
01-17: WordPress Resim ara 1.0 Cross Site Scripting (0)
01-17: [local] Trend Micro Maximum Security 2019 – Privilege Escalation (0)
01-17: [dos] GTalk Password Finder 2.2.1 – 'Key' Denial of Service (PoC) (0)
01-17: [webapps] Wordpress Time Capsule Plugin 1.21.16 – Authentication Bypass (0)
01-17: [local] Trend Micro Maximum Security 2019 – Arbitrary Code Execution (0)
01-17: [webapps] Wordpress Plugin InfiniteWP Client 1.9.4.5 – Authentication Bypass (0)
01-17: [dos] APKF Product Key Finder 2.5.8.0 – 'Name' Denial of Service (PoC) (0)
01-17: [local] Torrent FLV Converter 1.51 Build 117 – Stack Oveflow (SEH partial overwrite) (0)
01-16: The NSA Has Discovered A Major Flaw In Windows 10 (0)
01-16: Plantronics Hub SpokesUpdateService Privilege Escalation (0)
01-16: Online Book Store 1.0 SQL Injection (0)
01-16: Huawei HG255 Directory Traversal (0)
01-16: [webapps] WordPress Plugin Postie 1.9.40 – Persistent Cross-Site Scripting (0)
01-16: [webapps] Rukovoditel Project Management CRM 2.5.2 – 'entities_id' SQL Injection (0)
01-16: [webapps] Citrix Application Delivery Controller (ADC) and Gateway 13.0 – Path Traversal (0)
01-16: [webapps] Tautulli 2.1.9 – Denial of Service ( Metasploit ) (0)
01-16: [webapps] Jenkins Gitlab Hook Plugin 1.4.2 – Reflected Cross-Site Scripting (0)
01-16: [webapps] Online Book Store 1.0 – Arbitrary File Upload (0)
01-16: [local] SunOS 5.10 Generic_147148-26 – Local Privilege Escalation (0)
01-16: [webapps] Rukovoditel Project Management CRM 2.5.2 – 'reports_id' SQL Injection (0)
01-15: Citrix Application Delivery Controller / Gateway Remote Code Execution (0)
01-15: Citrix Application Delivery Controller / Gateway Remote Code Execution / Traversal (0)
01-15: Top Password Firefox Password Recovery 2.8 Denial Of Service (0)
01-15: Top Password Software Dialup Password Recovery 1.30 Denial Of Service (0)
01-15: Allok Video Converter 4.6.1217 Stack Overflow (0)
01-15: Allok RM RMVB To AVI MPEG DVD Converter 3.6.1217 Stack Overflow (0)
01-15: Chevereto 3.13.4 Core Remote Code Execution (0)
01-15: SpotDialup 1.6.7 Denial Of Service (0)
01-15: SpotOutlook 1.2.6 Denial Of Service (0)
01-15: Advanced System Repair Pro 1.9.1.7 Insecure File Permissions (0)
01-15: TaskCanvas 1.4.0 Denial Of Service (0)
01-15: Freelancy 1.0.0 Remote Code Execution (0)
01-15: Car Rental Project 1.0 Remote Code Execution (0)
01-15: Digi AnywhereUSB 14 Cross Site Scripting (0)
01-15: Hospital Management System 4.0 Cross Site Scripting (0)
01-15: Citrix Application Delivery Controller / Gateway 10.5 Remote Code Execution (0)
01-15: VPN Unlimited 6.1 Unquoted Service Path (0)
01-15: IBM RICOH InfoPrint 6500 Printer HTML Injection (0)
01-15: WordPress 5.3 Denial Of Service (0)
01-15: Sagemcom Fast 3890 Remote Code Execution (0)
01-15: Redir 3.3 Denial Of Service (0)
01-15: IBM RICOH 6400 Printer HTML Injection (0)
01-15: Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution (0)
01-15: Barco WePresent file_transfer.cgi Command Injection (0)
01-15: [webapps] Huawei HG255 – Directory Traversal ( Metasploit ) (0)
01-15: [webapps] Online Book Store 1.0 – 'bookisbn' SQL Injection (0)
01-14: [dos] WeChat – Memory Corruption in CAudioJBM::InputAudioFrameToJBM (0)
01-14: [dos] Redir 3.3 – Denial of Service (PoC) (0)
01-14: [webapps] IBM RICOH InfoPrint 6500 Printer – HTML Injection (0)
01-14: [webapps] IBM RICOH 6400 Printer – HTML Injection (0)
01-14: [local] VPN unlimited 6.1 – Unquoted Service Path (0)
01-13: [local] Allok Video Converter 4.6.1217 – Stack Overflow (SEH) (0)
01-13: [dos] SpotOutlook 1.2.6 – 'Name' Denial of Service (PoC) (0)
01-13: [local] Advanced System Repair Pro 1.9.1.7 – Insecure File Permissions (0)
01-13: [dos] SpotDialup 1.6.7 – 'Name' Denial of Service (PoC) (0)
01-13: [dos] Top Password Software Dialup Password Recovery 1.30 – Denial of Service (PoC) (0)
01-13: [webapps] Chevereto 3.13.4 Core – Remote Code Execution (0)
01-12: TotalAV 2020 4.14.31 Privilege Escalation (0)
01-12: Pandora 7.0NG Remote Code Execution (0)
01-12: PixelStor 5000 K:4.0.1580-20150629 Remote Code Execution (0)
01-12: ASTPP 4.0.1 Database Disclosure (0)
01-12: WeChat CAudioJBM::InputAudioFrameToJBM Memory Corruption (0)
01-12: Android ashmem Read-Only Bypasses (0)
01-11: [webapps] Citrix Application Delivery Controller and Citrix Gateway – Remote Code Execution (0)
01-11: [webapps] Citrix Application Delivery Controller and Citrix Gateway – Remote Code Execution (PoC) (0)
01-10: https://www.huaikrachaohospital.go.th/0day.html (0)
01-10: [webapps] ASTPP 4.0.1 VoIP Billing – Database Backup Download (0)
01-10: [webapps] Pandora 7.0NG – Remote Code Execution (0)
01-10: [local] TotalAV 2020 4.14.31 – Privilege Escalation (0)
01-10: [webapps] PixelStor 5000 K:4.0.1580-20150629 – Remote Code Execution (0)
01-09: Cisco DCNM JBoss 10.4 Credential Leakage (0)
01-09: Sony Playstation 4 Webkit Code Execution (0)
01-09: Django Account Hijack (0)
01-09: Tomcat 9.0.0.M1 Sandbox Escape (0)
01-09: JetBrains TeamCity 2018.2.4 Remote Code Execution (0)
01-09: Codoforum 4.8.3 Cross Site Scripting (0)
01-09: EBBISLAND EBBSHAVE 6100-09-04-1441 Remote Buffer Overflow (0)
01-09: ASTPP VoIP 4.0.1 Remote Code Execution (0)
01-09: Online Book Store 1.0 Remote Code Execution (0)
01-09: ZIP Password Recovery 2.30 Denial Of Service (0)
01-09: Oracle Weblogic 10.3.6.0.0 Remote Command Execution (0)
01-09: MSN Password Recovery 1.30 XML Injection (0)
01-09: Firefox Gets Patch For Critical 0-Day That's Being Actively Exploited (0)
01-09: [local] MSN Password Recovery 1.30 – XML External Entity Injection (0)
01-09: [dos] ZIP Password Recovery 2.30 – 'ZIP File' Denial of Service (PoC) (0)
01-09: [webapps] Oracle Weblogic 10.3.6.0.0 – Remote Command Execution (0)
01-08: AnyDesk 5.4.0 Unquoted Service Path (0)
01-08: Complaint Management System 4.0 Remote Code Execution (0)
01-08: piSignage 2.6.4 Directory Traversal (0)
01-08: Dairy Farm Shop Management System 1.0 SQL Injection (0)
01-08: Dairy Farm Shop Management System 1.0 Cross Site Scripting (0)
01-08: Job Portal 1.0 Shell Upload (0)
01-08: Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key (0)
01-08: http://server91.labour.go.th/kurd.html (0)
01-08: [webapps] Tomcat proprietaryEvaluate 9.0.0.M1 – Sandbox Escape (0)
01-08: [remote] JetBrains TeamCity 2018.2.4 – Remote Code Execution (0)
01-08: [remote] ASTPP VoIP 4.0.1 – Remote Code Execution (0)
01-08: [remote] EBBISLAND EBBSHAVE 6100-09-04-1441 – Remote Buffer Overflow (0)
01-08: [webapps] Online Book Store 1.0 – Unauthenticated Remote Code Execution (0)
01-08: [remote] Cisco DCNM JBoss 10.4 – Credential Leakage (0)
01-08: [webapps] Codoforum 4.8.3 – 'input_txt' Persistent Cross-Site Scripting (0)
01-07: Adaware Web Companion 4.9.2159 WCAssistantService Unquoted Service Path (0)
01-07: Duplicate Cleaner Pro 4 Denial Of Service (0)
01-07: Voyager 1.3.0 Directory Traversal (0)
01-07: SpotFTP FTP Password Recovery 3.0.0.0 Denial Of Service (0)
01-07: Office Product Key Finder 1.5.4 Denial Of Service (0)
01-07: NBMonitor 1.6.6.0 Denial Of Service (0)
01-07: RemShutdown 2.9.0.0 Denial Of Service (0)
01-07: Backup Key Recovery 2.2.5 Denial Of Service (0)
01-07: TextCrawler Pro 3.1.1 Denial Of Service (0)
01-07: Hostel Management System 2.0 SQL Injection (0)
01-07: Dairy Farm Shop Management System 1.0 SQL Injection (0)
01-07: Complaint Management System 4.0 SQL Injection (0)
01-07: IBM RICOH Infoprint 1532 Printer Cross Site Scripting (0)
01-07: ERPNext 11.1.47 Cross Site Scripting (0)
01-07: [webapps] Complaint Management System 4.0 – Remote Code Execution (0)
01-07: [webapps] piSignage 2.6.4 – Directory Traversal (0)
01-07: [local] AnyDesk 5.4.0 – Unquoted Service Path (0)
01-07: [webapps] Job Portal 1.0 – Remote Code Execution (0)
01-06: [dos] BlueAuditor 1.7.2.0 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] Dnss Domain Name Search Software – 'Key' Denial of Service (PoC) (0)
01-06: [dos] SpotIE 2.9.5 – 'Key' Denial of Service (PoC) (0)
01-06: [webapps] Hostel Management System 2.0 – 'id' SQL Injection (0)
01-06: [local] Adaware Web Companion 4.9.2159 – 'WCAssistantService' Unquoted Service Path (0)
01-06: [dos] NetworkSleuth 3.0.0.0 – 'Key' Denial of Service (PoC) (0)
01-06: [webapps] IBM RICOH Infoprint 1532 Printer – Persistent Cross-Site Scripting (0)
01-06: [webapps] Subrion CMS 4.0.5 – Cross-Site Request Forgery (Add Admin) (0)
01-06: [webapps] Complaint Management System 4.0 – 'cid' SQL injection (0)
01-06: [dos] NetShareWatcher 1.5.8.0 – 'Name' Denial Of Service (0)
01-06: [dos] SpotIM 2.2 – 'Name' Denial Of Service (0)
01-06: [webapps] Dairy Farm Shop Management System 1.0 – 'username' SQL Injection (0)
01-06: [dos] FTPGetter Professional 5.97.0.223 – Denial of Service (PoC) (0)
01-06: [webapps] elaniin CMS 1.0 – Authentication Bypass (0)
01-06: [dos] ShareAlarmPro Advanced Network Access Control – 'Key' Denial of Service (PoC) (0)
01-06: [dos] SpotMSN 2.4.6 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] SpotFTP FTP Password Recovery 3.0.0.0 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] Office Product Key Finder 1.5.4 – Denial of Service (PoC) (0)
01-06: [dos] RemShutdown 2.9.0.0 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] NBMonitor 1.6.6.0 – 'Key' Denial of Service (PoC) (0)
01-06: [dos] RemShutdown 2.9.0.0 – 'Key' Denial of Service (PoC) (0)
01-06: [dos] Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 – 'Key' Denial of Service (PoC) (0)
01-06: [dos] Dnss Domain Name Search Software – 'Name' Denial of Service (PoC) (0)
01-06: [dos] TextCrawler Pro3.1.1 – Denial of Service (PoC) (0)
01-06: [dos] NetShareWatcher 1.5.8.0 – 'Key' Denial of Service (PoC) (0)
01-05: Microsoft Windows VCF Denial Of Service (0)
01-05: http://www.wanyai.go.th (0)
01-04: MSN Password Recovery 1.30 Denial Of Service (0)
01-04: Hospital Management System 4.0 searchdata SQL Injection (0)
01-04: Mozilla Firefox Denial Of Service (0)
01-04: AppLocker Policy Bypass (0)
01-04: Hospital Management System 4.0 Cross Site Scripting (0)
01-04: CTFd 2.1.5 Administrator Account Takeover (0)
01-04: OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control (0)
01-04: Online Course Registration 2.0 Remote Code Execution (0)
01-04: IceWarp 12.2.0 / 12.1.x Cross Site Scripting (0)
01-04: Karakuzu ERP Management Web 5.7.0 SQL Injection (0)
01-04: Plantronics Hub 3.13.2 Local Privilege Escalation (0)
01-04: IceWarp 12.2.0 / 12.1.x Cross Site Scripting (0)
01-04: http://doa.go.th/readme.htm (0)
01-04: https://pbhospital.go.th (0)
01-03: [local] Plantronics Hub 3.13.2 – Local Privilege Escalation (0)
01-03: [webapps] Karakuzu ERP Management Web 5.7.0 – 'k_adi_duz' SQL Injection (0)
01-03: [webapps] Online Course Registration 2.0 – Remote Code Execution (0)
01-02: NextVPN 4.10 Insecure File Permissions (0)
01-02: WordPress Ultimate Addons For Beaver Builder 1.2.4.1 Authentication Bypass (0)
01-02: nostromo 1.9.6 Remote Code Execution (0)
01-02: Shopping Portal ProVersion 3.0 SQL Injection (0)
01-02: IBM InfoPrint 4247-Z03 Impact Matrix Printer Directory Traversal (0)
01-02: Hospital Management System 4.0 SQL Injection (0)
01-02: Microsoft Windows .Group File URL Field Code Execution (0)
01-02: Packet Storm New Exploits For December, 2019 (0)
01-02: Packet Storm New Exploits For 2019 (0)
01-02: [webapps] BloodX 1.0 – Authentication Bypass (0)
01-02: [webapps] Hospital Management System 4.0 – Persistent Cross-Site Scripting (0)
01-02: [webapps] Hospital Management System 4.0 – 'searchdata' SQL Injection (0)
01-02: [dos] MSN Password Recovery 1.30 – Denial of Service (PoC) (0)
01-01: http://www.abtbankuan.go.th/krd.html (0)
01-01: [local] Microsoft Windows .Group File – Code Execution (0)
01-01: [remote] nostromo 1.9.6 – Remote Code Execution (0)
01-01: [webapps] Hospital Management System 4.0 – Authentication Bypass (0)
01-01: [webapps] Shopping Portal ProVersion 3.0 – Authentication Bypass (0)
01-01: [webapps] IBM InfoPrint 4247-Z03 Impact Matrix Printer – Directory Traversal (0)

December 2019 (222)

12-31: AVS Audio Converter 9.1.2.600 Stack Overflow (0)
12-31: FTP Navigator 8.03 Stack Overflow (0)
12-31: Cera Intranet Community Theme 1.0.1 SQL Injection (0)
12-31: elearning-script 1.0 SQL Injection (0)
12-31: Wave 2.0 SQL Injection (0)
12-31: RICOH SP 4510SF Printer HTML Injection (0)
12-31: Wing FTP Server 6.0.7 Unquoted Service Path (0)
12-31: Heatmiser Netmonitor 3.03 Hardcoded Credentials (0)
12-31: WEMS Enterprise Manager 2.58 Cross Site Scripting (0)
12-31: WEMS BEMS 21.3.1 Undocumented Backdoor Account (0)
12-31: HomeAutomation 3.3.2 Cross Site Scripting (0)
12-31: MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Information Disclosure (0)
12-31: FreeBSD mqueuefs Privilege Escalation (0)
12-31: HomeAutomation 3.3.2 Authentication Bypass (0)
12-31: FreeBSD fd Privilege Escalation (0)
12-31: HomeAutomation 3.3.2 Cross Site Request Forgery (0)
12-31: HomeAutomation 3.3.2 CSRF / Code Execution (0)
12-31: HomeAutomation 3.3.2 Open Redirect (0)
12-31: Thrive Smart Home 1.1 Cross Site Scripting (0)
12-31: Thrive Smart Home 1.1 SQL Injection (0)
12-31: [local] NextVPN v4.10 – Insecure File Permissions (0)
12-31: [webapps] Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 – Authentication Bypass (0)
12-30: [local] AVS Audio Converter 9.1.2.600 – Stack Overflow (PoC) (0)
12-30: [webapps] HomeAutomation 3.3.2 – Cross-Site Request Forgery (Add Admin) (0)
12-30: [webapps] HomeAutomation 3.3.2 – Authentication Bypass (0)
12-30: [webapps] HomeAutomation 3.3.2 – Persistent Cross-Site Scripting (0)
12-30: [local] Reptile Rootkit – reptile_cmd Privilege Escalation (Metasploit) (0)
12-30: [local] Microsoft UPnP – Local Privilege Elevation (Metasploit) (0)
12-30: [local] OpenBSD – Dynamic Loader chpass Privilege Escalation (Metasploit) (0)
12-30: [webapps] HomeAutomation 3.3.2 – Remote Code Execution (0)
12-28: AVE DOMINAplus 1.10.x Cross Site Request Forgery / Cross Site Scripting (0)
12-28: AVE DOMINAplus 1.10.x Unauthenticated Remote Reboot (0)
12-28: AVE DOMINAplus 1.10.x Authentication Bypass (0)
12-28: AVE DOMINAplus 1.10.x Credential Disclosure (0)
12-28: OpenBSD Dynamic Loader chpass Privilege Escalation (0)
12-27: http://www.reo15.moe.go.th/web/ (0)
12-25: Prime95 29.8 Build 6 Buffer Overflow (0)
12-24: Microsoft Windows 10 BasicRender.sys Denial Of Service (0)
12-24: phpMyChat-Plus 1.98 Cross Site Scripting (0)
12-24: FreeSWITCH 1.10.1 Command Execution (0)
12-24: vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation (0)
12-24: Reptile Rootkit reptile_cmd Privilege Escalation (0)
12-23: http://sanpong.go.th (0)
12-23: http://sanpayang.go.th (0)
12-23: [local] Prime95 Version 29.8 build 6 – Buffer Overflow (SEH) (0)
12-21: FaceTime _RSU_DecodeByteBuffer Out-Of-Bounds Read (0)
12-20: FTP Navigator 8.03 Denial Of Service (0)
12-20: Deutsche Bahn Ticket Vending Machine Privilege Escalation (0)
12-20: [remote] FreeSWITCH 1.10.1 – Command Execution (0)
12-20: [webapps] phpMyChat-Plus 1.98 – 'pmc_username' Reflected Cross-Site Scripting (0)
12-20: [dos] Microsoft Windows 10 BasicRender.sys – Denial of Service (PoC) (0)
12-19: XnView 2.49.1 Denial Of Service (0)
12-19: AVS Audio Converter 9.1 Buffer Overflow (0)
12-19: Rumpus FTP Web File Manager 8.2.9.1 Cross Site Scripting (0)
12-19: Telerik UI Remote Code Execution (0)
12-19: macOS Kernel wait_for_namespace_event() Race Condition / Use-After-Free (0)
12-19: Microsoft UPnP Local Privilege Elevation (0)
12-19: [dos] FTP Navigator 8.03 – 'Custom Command' Denial of Service (SEH) (0)
12-19: [webapps] Deutsche Bahn Ticket Vending Machine Local Kiosk – Privilege Escalation (0)
12-18: Metasploit Sample Linux Privilege Escalation Exploit (0)
12-18: Metasploit Sample Webapp Exploit (0)
12-18: OpenMRS Java Deserialization Remote Code Execution (0)
12-18: Zendesk SweetHawk Survey 1.6 Cross Site Scripting (0)
12-18: NopCommerce 4.2.0 Privilege Escalation (0)
12-18: Xerox AltaLink C8035 Printer Cross Site Request Forgery (0)
12-18: Tautulli 2.1.9 Cross Site Request Forgery (0)
12-18: Serv-U FTP Server 15.1.7 Cross Site Scripting (0)
12-18: Netgear R6400 Remote Code Execution (0)
12-18: [webapps] Telerik UI – Remote Code Execution via Insecure Deserialization (0)
12-18: [remote] OpenMRS – Java Deserialization RCE (Metasploit) (0)
12-18: [dos] macOS 10.14.6 (18G87) – Kernel Use-After-Free due to Race Condition in wait_for_namespace_event() (0)
12-18: [webapps] Rumpus FTP Web File Manager 8.2.9.1 – Reflected Cross-Site Scripting (0)
12-18: [local] AVS Audio Converter 9.1 – 'Exit folder' Buffer Overflow (0)
12-18: [webapps] Xerox AltaLink C8035 Printer – Cross-Site Request Forgery (Add Admin) (0)
12-18: [webapps] Tautulli 2.1.9 – Cross-Site Request Forgery (ShutDown) (0)
12-17: http://necsystem.dip.go.th/index.html (0)
12-17: http://angelfund.dip.go.th/index.html (0)
12-17: Squiz Matrix CMS 5.5.x.x Code Execution / Information Disclosure (0)
12-17: D-Link DIR-615 Privilege Escalation (0)
12-17: Linux sendmsg() Privilege Escalation (0)
12-17: Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting (0)
12-17: Serv-U FTP Server 15.1.7 CSV Injection (0)
12-17: Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure (0)
12-17: Microsoft Teams Instant Messenger DLL Hijacking (0)
12-17: Bash Profile Persistence (0)
12-17: Apple Security Advisory 2019-12-10-1 (0)
12-17: [webapps] NopCommerce 4.2.0 – Privilege Escalation (0)
12-17: [webapps] Netgear R6400 – Remote Code Execution (0)
12-17: [webapps] Zendesk App SweetHawk Survey 1.6 – Persistent Cross-Site Scripting (0)
12-16: https://www.sme.go.th/readme.htm (0)
12-16: [webapps] Roxy Fileman 1.4.5 – Directory Traversal (0)
12-16: [webapps] D-Link DIR-615 Wireless Router – Persistent Cross-Site Scripting (0)
12-16: [local] Linux 5.3 – Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds (0)
12-16: [webapps] D-Link DIR-615 – Privilege Escalation (0)
12-15: Apple iOS v13.x Webkit VCF – Denial of Service Vulnerability (0)
12-15: DB Ticket Vending Machine WinXP – Privilege Escalation (0)
12-15: Apple iOS v13.x (AirDrop) – (AirDoS) Denial of Service PoC (0)
12-14: NVMS-1000 Directory Traversal (0)
12-14: FTP Commander Pro 8.03 Local Stack Overflow (0)
12-14: Roxy Fileman 1.4.5 For .NET Directory Traversal (0)
12-13: Bullwark Momentum Series JAWS 1.0 Directory Traversal (0)
12-13: OpenNetAdmin 18.1.1 Command Injection (0)
12-13: Qualys Security Advisory – OpenBSD Dynamic Loader Privilege Escalation (0)
12-13: Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing (0)
12-13: http://bangnampriao.chachoengsao.doae.go.th (0)
12-13: http://angthong.nfe.go.th/kurd.html (0)
12-13: http://dop.go.th/kurd.html (0)
12-13: [local] FTP Commander Pro 8.03 – Local Stack Overflow (0)
12-13: [webapps] NVMS 1000 – Directory Traversal (0)
12-12: http://pon.go.th/kurd.html (0)
12-12: http://suksamran.go.th/kurd.html (0)
12-12: http://tumbonnontan.go.th/kurd.html (0)
12-12: http://www.samutsakhon.doae.go.th/krd.html (0)
12-12: http://www.nakhonphanom.doae.go.th/krd.html (0)
12-12: http://www.chachoengsao.doae.go.th/krd.html (0)
12-12: Lenovo Power Management Driver Buffer Overflow (0)
12-12: Product Key Explorer 4.2.0.0 Name Denial Of Service (0)
12-12: AppXSvc 17763 Arbitrary File Overwrite (0)
12-12: Adobe Acrobat Reader DC For Windows Memory Corruption (0)
12-12: Product Key Explorer 4.2.0.0 Key Denial Of Service (0)
12-12: Apple Security Advisory 2019-12-10-7 (0)
12-12: Apple Security Advisory 2019-12-10-8 (0)
12-12: Apple Security Advisory 2019-12-10-6 (0)
12-12: Apple Security Advisory 2019-12-10-5 (0)
12-12: Apple Security Advisory 2019-12-10-2 (0)
12-12: Apple Security Advisory 2019-12-10-3 (0)
12-12: Apple Security Advisory 2019-12-10-4 (0)
12-12: [webapps] Bullwark Momentum Series JAWS 1.0 – Directory Traversal (0)
12-12: [webapps] OpenNetAdmin 18.1.1 – Command Injection Exploit (Metasploit) (0)
12-12: [dos] Lenovo Power Management Driver 1.67.17.48 – 'pmdrvs.sys' Denial of Service (PoC) (0)
12-11: http://www.hrm.m-society.go.th/kurd.html (0)
12-11: WordPress Scoutnet Kalender 1.1.0 Cross Site Scripting (0)
12-11: Inim Electronics SmartLiving SmartLAN/G/SI 6.x Remote Root (0)
12-11: Inim Electronics Smartliving SmartLAN/G/SI 6.x SSRF (0)
12-11: Inim Electronics Smartliving SmartLAN/G/SI 6.x Hard-Coded Credentials (0)
12-11: Apache Olingo OData 4.6.x XML Injection (0)
12-11: DAViCal CalDAV Server 1.1.8 Persistent Cross Site Scripting (0)
12-11: DAViCal CalDAV Server 1.1.8 Cross Site Request Forgery (0)
12-11: DAViCal CalDAV Server 1.1.8 Reflective Cross Site Scripting (0)
12-11: vBulletin 5.5.4 Remote Command Execution (0)
12-11: [dos] Adobe Acrobat Reader DC – Heap-Based Memory Corruption due to Malformed TTF Font (0)
12-11: [dos] AppXSvc 17763 – Arbitrary File Overwrite (DoS) (0)
12-11: [dos] Product Key Explorer 4.2.0.0 – 'Key' Denial of Service (PoC) (0)
12-11: [dos] Product Key Explorer 4.2.0.0 – 'Name' Denial of Service (POC) (0)
12-10: Mozilla Firefox Windows 64-Bit Chain Exploit (0)
12-10: Microsoft Windows Windows 10 UAC Bypass (0)
12-10: SpotAuditor 5.3.2 Local Buffer Overflow (0)
12-10: PRO-7070 Hazir Profesyonel Web Sitesi 1.0 SQL Injection (0)
12-10: Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting (0)
12-10: Alcatel-Lucent Omnivista 8770 Remote Code Execution (0)
12-10: Oracle Siebel Sales 8.1 Cross Site Scripting (0)
12-10: [local] Inim Electronics Smartliving SmartLAN 6.x – Hard-coded Credentials (0)
12-09: [webapps] Alcatel-Lucent Omnivista 8770 – Remote Code Execution (0)
12-09: [local] SpotAuditor 5.3.2 – 'Base64' Local Buffer Overflow (SEH) (0)
12-09: [dos] Omron PLC 1.0.0 – Denial of Service (PoC) (0)
12-09: [webapps] Snipe-IT Open Source Asset Management 4.7.5 – Persistent Cross-Site Scripting (0)
12-09: [webapps] PRO-7070 Hazır Profesyonel Web Sitesi 1.0 – Authentication Bypass (0)
12-08: [local] Microsoft Windows – Multiple UAC Protection Bypasses (0)
12-07: Microsoft Skype For Business DNS Query (0)
12-07: Verot 2.0.3 Remote Code Execution (0)
12-07: Integard Pro NoJs 2.2.0.9026 Remote Buffer Overflow (0)
12-07: Trend Micro Deep Security Agent 11 Arbitrary File Overwrite (0)
12-07: Yachtcontrol 2019-10-06 Remote Code Execution (0)
12-07: SiteVision 4.x / 5.x Insufficient Module Access Control (0)
12-07: SiteVision 4.x / 5.x Remote Code Execution (0)
12-07: OkayCMS 2.3.4 Remote Code Execution (0)
12-07: [local] Mozilla FireFox (Windows 10 x64) – Full Chain Client Side Attack (0)
12-06: NETGATE Data Backup 3.0.620 Unquoted Service Path (0)
12-06: Amiti Antivirus 25.0.640 Unquoted Service Path (0)
12-06: Qualys Security Advisory – OpenBSD Authentication Bypass / Privilege Escalation (0)
12-06: Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution (0)
12-06: [local] Trend Micro Deep Security Agent 11 – Arbitrary File Overwrite (0)
12-06: [remote] Integard Pro NoJs 2.2.0.9026 – Remote Buffer Overflow (0)
12-06: [webapps] Verot 2.0.3 – Remote Code Execution (0)
12-05: Online Invoicing System 2.6 Cross Site Scripting (0)
12-05: Intelbras Router RF1200 1.1.3 Cross Site Request Forgery (0)
12-05: Online Clinic Management System 2.2 HTML Injection (0)
12-05: Cisco WLC 2504 8.9 Denial Of Service (0)
12-05: Microsoft Windows BasicRender.sys WARPGPUCMDSYNC NULL Pointer (0)
12-05: Microsoft Visual Basic 2010 Express XML Injection (0)
12-05: BMC Smart Reporting 7.3 20180418 XML Injection (0)
12-05: Microsoft Windows Media Center XML Injection (0)
12-05: WordPress CSS Hero 4.0.3 Cross Site Scripting (0)
12-05: Revive Adserver 4.2 Remote Code Execution (0)
12-05: SSDWLAB 6.1 Authentication Bypass (0)
12-05: Fronius Solar Inverter Series Insecure Communication / Path Traversal (0)
12-05: YouPHPTube 7.7 SQL Injection (0)
12-05: [webapps] Broadcom CA Privilged Access Manager 2.8.2 – Remote Command Execution (0)
12-05: [local] Amiti Antivirus 25.0.640 – Unquoted Service Path (0)
12-05: [local] NETGATE Data Backup 3.0.620 – 'NGDatBckpSrv' Unquoted Service Path (0)
12-04: https://labanimals.nrct.go.th/index.html (0)
12-04: [webapps] OwnCloud 8.1.8 – Username Disclosure (0)
12-04: [webapps] Cisco WLC 2504 8.9 – Denial of Service (PoC) (0)
12-04: [local] Microsoft Visual Basic 2010 Express – XML External Entity Injection (0)
12-04: [webapps] Online Clinic Management System 2.2 – HTML Injection (0)
12-04: [webapps] SSDWLAB 6.1 – Authentication Bypass (0)
12-03: http://www.srn2.go.th/fca.html (0)
12-03: NSAuditor 3.1.8.0 Name Denial Of Service (0)
12-03: NSAuditor 3.1.8.0 Key Denial Of Service (0)
12-03: Anviz CrossChex 4.3.12 Local Buffer Overflow (0)
12-03: Dokuwiki 2018-04-22b Username Enumeration (0)
12-03: Microsoft Visual Studio 2008 Express IDE XML Injection (0)
12-03: Ajenti 2.1.31 Command Injection (0)
12-03: Packet Storm New Exploits For November, 2019 (0)
12-03: SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass (0)
12-03: http://www.silalang.go.th/o.htm (0)
12-03: [webapps] Intelbras Router RF1200 1.1.3 – Cross-Site Request Forgery (0)
12-03: [webapps] Online Invoicing System 2.6 – 'description' Persistent Cross-Site Scripting (0)
12-02: http://ncd.ddc.moph.go.th (0)
12-02: [local] Microsoft Excel 2016 1901 – XML External Entity Injection (0)
12-02: [local] Max Secure Anti Virus Plus 19.0.4.020 – Insecure File Permissions (0)
12-02: [dos] Nsauditor 3.1.8.0 – 'Key' Denial of Service (PoC) (0)
12-02: [webapps] Dokuwiki 2018-04-22b – Username Enumeration (0)
12-02: [local] Visual Studio 2008 – XML External Entity Injection (0)
12-02: [webapps] SmartHouse Webapp 6.5.33 – Cross-Site Request Forgery (0)
12-02: [local] Anviz CrossChex 4.3.12 – Local Buffer Overflow (0)
12-02: [dos] Nsauditor 3.1.8.0 – 'Name' Denial of Service (PoC) (0)
12-01: Allied Telesis AT-GS950/8 Directory Traversal (0)
12-01: Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection (0)
12-01: Max Secure Anti Virus Plus 19.0.4.020 Insecure Permissions (0)
12-01: Microsoft Excel 2016 1901 Import Error XML Injection (0)
12-01: Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery (0)

November 2019 (326)

11-30: http://nbcsystem.dip.go.th/x3.html (0)
11-30: WordPress 5.3 Username Enumeration (0)
11-30: TexasSoft CyberPlanet 6.4.131 Unquoted Service Path (0)
11-30: GHIA CamIP 1.2 For iOS Denial Of Service (0)
11-30: Mersive Solstice 2.8.0 Remote Code Execution (0)
11-30: SpotAuditor 5.3.2 Denial Of Service (0)
11-30: Online Inventory Manager 3.2 Cross Site Scripting (0)
11-30: Bash 5.0 Patch 11 Privilege Escalation (0)
11-30: OwnCloud 8.1.8 Username Disclosure (0)
11-30: WordPress Plainview Activity Monitor 20161228 Remote Command Execution (0)
11-29: [dos] SpotAuditor 5.3.2 – 'Name' Denial of Service (0)
11-29: [webapps] Online Inventory Manager 3.2 – Persistent Cross-Site Scripting (0)
11-29: [local] TexasSoft CyberPlanet 6.4.131 – 'CCSrvProxy' Unquoted Service Path (0)
11-29: [local] Bash 5.0 Patch 11 – SUID Priv Drop Exploit (0)
11-29: [dos] SpotAuditor 5.3.2 – 'Key' Denial of Service (0)
11-28: http://bokaew.go.th/images/0x1998.txt (0)
11-28: http://www.lungtakian.go.th/activity/images/8623.jpg (0)
11-28: Microsoft DirectX SDK 2010 Denial Of Service (0)
11-28: SpotAuditor 5.3.2 Denial Of Service (0)
11-28: Xiaomi Mi Box Display Corruption (0)
11-28: Grub2 grub2-set-bootflag Environment Corruption (0)
11-28: [dos] GHIA CamIP 1.2 for iOS – 'Password' Denial of Service (PoC) (0)
11-28: [webapps] Wordpress 5.3 – User Disclosure (0)
11-27: Microsoft Windows AppXsvc Deployment Extension Privilege Escalation (0)
11-27: Easy-Hide-IP 5.0.0.3 Unquoted Service Path (0)
11-27: SMPlayer 19.5.0 Denial Of Service (0)
11-27: InTouch Machine Edition 8.1 SP1 Denial Of Service (0)
11-27: Waves MaxxAudio Drivers 1.1.6.0 Unquoted Service Path (0)
11-27: InduSoft Web Studio 8.1 SP1 Denial Of Service (0)
11-27: iNetTools For iOS 8.20 Denial Of Service (0)
11-27: FortiOS 6.0.6 / FortiClientWindows 6.0.6 / FortiClientMac 6.2.1 XOR Encryption (0)
11-27: pari/gp 2.x Arbitrary File Overwrite (0)
11-27: [dos] SpotAuditor 5.3.2 – 'Base64' Denial Of Service (PoC) (0)
11-27: [dos] Microsoft DirectX SDK 2010 – '.PIXrun' Denial Of Service (PoC) (0)
11-26: http://www.phrae.m-society.go.th/zx.htm (0)
11-26: http://www.samutsakhon.m-society.go.th/zx.htm (0)
11-26: http://www.rayong.m-society.go.th/zx.htm (0)
11-26: http://www.narathiwat.m-society.go.th/zx.htm (0)
11-26: http://www.loei.m-society.go.th/zx.htm (0)
11-26: http://www.nakhonratchasima.m-society.go.th/zx.htm (0)
11-26: http://tpso2.m-society.go.th/zx.htm (0)
11-26: http://www.saraburi.m-society.go.th/zx.htm (0)
11-26: http://www.chiangrai.m-society.go.th/zx.htm (0)
11-26: http://www.lampang.m-society.go.th/zx.htm (0)
11-26: [dos] InduSoft Web Studio 8.1 SP1 – "Atributos" Denial of Service (PoC) (0)
11-26: [dos] iNetTools for iOS 8.20 – 'Whois' Denial of Service (PoC) (0)
11-25: Free MP3 CD Ripper 2.8 Buffer Overflow / Denial Of Service (0)
11-25: Free MP3 CD Ripper 2.8 Buffer Overflow (0)
11-25: [local] Microsoft Windows AppXsvc Deployment Extension – Privilege Escalation (0)
11-25: [local] Easy-Hide-IP 5.0.0.3 – 'EasyRedirect' Unquoted Service Path (0)
11-25: [dos] InTouch Machine Edition 8.1 SP1 – 'Atributos' Denial of Service (PoC) (0)
11-25: [local] Waves MaxxAudio Drivers 1.1.6.0 – 'WavesSysSvc64' Unquoted Service Path (0)
11-25: [dos] SMPlayer 19.5.0 – Denial of Service (PoC) (0)
11-23: ProShow Producer 9.0.3797 Unquoted Service Path (0)
11-23: LiteManager 4.5.0 Insecure File Permissions (0)
11-22: TestLink 1.9.19 Cross Site Scripting (0)
11-22: GNU Mailutils 3.7 Privilege Escalation (0)
11-22: Pagekit CMS 1.0.17 Cross Site Request Forgery (0)
11-22: Network Management Card 6.2.0 Host Header Injection (0)
11-22: macOS update_dyld_shared_cache Privilege Escalation (0)
11-22: Microsoft Internet Explorer Use-After-Free (0)
11-22: Skype v8.x – History Export v7 Web Vulnerability (0)
11-22: [local] macOS 10.14.6 – root->kernel Privilege Escalation via update_dyld_shared_cache (0)
11-22: [local] LiteManager 4.5.0 – Insecure File Permissions (0)
11-22: [local] ProShow Producer 9.0.3797 – ('ScsiAccess') Unquoted Service Path (0)
11-22: [dos] Internet Explorer – Use-After-Free in JScript Arguments During toJSON Callback (0)
11-21: http://banboek.lopburi.police.go.th (0)
11-21: OpenNetAdmin 18.1.1 Remote Code Execution (0)
11-21: ipPulse 1.92 Denial Of Service (0)
11-21: [webapps] Network Management Card 6.2.0 – Host Header Injection (0)
11-21: [local] GNU Mailutils 3.7 – Privilege Escalation (0)
11-21: [webapps] TestLink 1.9.19 – Persistent Cross-Site Scripting (0)
11-20: https://bakruea.go.th/images/0x1998.txt (0)
11-20: http://www.sidalocal.go.th/kurd.html (0)
11-20: BartVPN 1.2.2 Unquoted Service Path (0)
11-20: Microsoft Windows 7 (x86) BlueKeep RDP Use-After-Free (0)
11-20: XMedia Recode 3.4.8.6 Denial Of Service (0)
11-20: Studio 5000 Logix Designer 30.01.00 Unquoted Service Path (0)
11-20: Centova Cast 3.2.12 Denial Of Service (0)
11-20: scadaApp For iOS 1.1.4.0 Denial Of Service (0)
11-20: Windows Escalate UAC Protection Bypass Via Dot Net Profiler (0)
11-20: [local] Xorg X11 Server – Local Privilege Escalation (Metasploit) (0)
11-20: [remote] Pulse Secure VPN – Arbitrary Command Execution (Metasploit) (0)
11-20: [remote] Bludit – Directory Traversal Image File Upload (Metasploit) (0)
11-20: [remote] FreeSWITCH – Event Socket Command Execution (Metasploit) (0)
11-20: [remote] FusionPBX – Operator Panel exec.php Command Execution (Metasploit) (0)
11-20: [local] Windows – Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) (0)
11-20: [local] Windows – Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) (0)
11-20: [dos] iOS 12.4 – Sandbox Escape due to Integer Overflow in mediaserverd (0)
11-20: [dos] Ubuntu 19.10 – Refcount Underflow and Type Confusion in shiftfs (0)
11-20: [dos] Ubuntu 19.10 – ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path (0)
11-20: [webapps] OpenNetAdmin 18.1.1 – Remote Code Execution (0)
11-19: iSmartViewPro 1.3.34 Denial Of Service (0)
11-19: NCP_Secure_Entry_Client 9.2 Unquoted Service Path (0)
11-19: Emerson PAC Machine Edition 9.70 Build 8595 Unquoted Service Path (0)
11-19: ASUS HM Com Service 1.00.31 Unquoted Service Path (0)
11-19: Lexmark Services Monitor 2.27.4.0.39 Directory Traversal (0)
11-19: Open Proficy HMI-SCADA 5.0.0.25920 Denial Of Service (0)
11-19: Crystal Live HTTP Server 6.01 Directory Traversal (0)
11-19: TemaTres 3.0 Cross Site Request Forgery (0)
11-19: Foscam Video Management System 1.1.4.9 Denial Of Service (0)
11-19: TemaTres 3.0 Cross Site Scripting (0)
11-19: nipper-ng 0.11.10 Remote Buffer Overflow (0)
11-19: MobileGo 8.5.0 Insecure File Permissions (0)
11-19: Centova Cast 3.2.11 Arbitrary File Download (0)
11-19: Windows Escalate UAC Protection Bypass (0)
11-19: [dos] scadaApp for iOS 1.1.4.0 – 'Servername' Denial of Service (PoC) (0)
11-19: [dos] ipPulse 1.92 – 'Enter Key' Denial of Service (PoC) (0)
11-19: [local] Studio 5000 Logix Designer 30.01.00 – 'FactoryTalk Activation Service' Unquoted Service Path (0)
11-19: [dos] Centova Cast 3.2.12 – Denial of Service (PoC) (0)
11-19: [dos] XMedia Recode 3.4.8.6 – '.m3u' Denial Of Service (0)
11-19: [remote] Microsoft Windows 7 (x86) – 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free (0)
11-19: [local] BartVPN 1.2.2 – 'BartVPNService' Unquoted Service Path (0)
11-18: [remote] nipper-ng 0.11.10 – Remote Buffer Overflow (PoC) (0)
11-18: [dos] iSmartViewPro 1.3.34 – Denial of Service (PoC) (0)
11-18: [local] Emerson PAC Machine Edition 9.70 Build 8595 – 'FxControlRuntime' Unquoted Service Path (0)
11-18: [dos] Foscam Video Management System 1.1.4.9 – 'Username' Denial of Service (PoC) (0)
11-18: [webapps] TemaTres 3.0 – Cross-Site Request Forgery (Add Admin) (0)
11-18: [webapps] Centova Cast 3.2.11 – Arbitrary File Download (0)
11-18: [local] MobileGo 8.5.0 – Insecure File Permissions (0)
11-18: [local] NCP_Secure_Entry_Client 9.2 – Unquoted Service Paths (0)
11-18: [dos] Open Proficy HMI-SCADA 5.0.0.25920 – 'Password' Denial of Service (PoC) (0)
11-18: [webapps] Crystal Live HTTP Server 6.01 – Directory Traversal (0)
11-18: [webapps] Lexmark Services Monitor 2.27.4.0.39 – Directory Traversal (0)
11-18: [local] ASUS HM Com Service 1.00.31 – 'asHMComSvc' Unquoted Service Path (0)
11-18: [webapps] TemaTres 3.0 – 'value' Persistent Cross-site Scripting (0)
11-17: http://rayong1.go.th/readme.html (0)
11-16: Shrew Soft VPN Client 2.2.2 Unquoted Service Path (0)
11-16: iOS mediaserverd Integer Overflow Sandbox Escape (0)
11-16: WordPress Social Photo Gallery 1.0 Remote Code Execution (0)
11-16: TP-Link Archer VR300 1 Cross Site Scripting (0)
11-16: Raritan CommandCenter Secure Gateway Cross Site Scripting (0)
11-16: FreeRadius 3.0.19 Logrotate Privilege Escalation (0)
11-16: http://chainat.nfe.go.th/vz.txt (0)
11-15: SMPlayer 19.5.0 Buffer Overflow / Denial Of Service (0)
11-15: oXygen XML Editor 21.1.1 XML Injection (0)
11-15: Xfilesharing 2.5.1 Local File Inclusion / Shell Upload (0)
11-15: Ubuntu shiftfs refcount Underflow / Type Confusion (0)
11-15: FreeSWITCH Event Socket Command Execution (0)
11-15: FusionPBX Command exec.php Command Execution (0)
11-15: FusionPBX Operator Panel exec.php Command Execution (0)
11-15: http://inderm.go.th (0)
11-15: [local] Shrew Soft VPN Client 2.2.2 – 'iked' Unquoted Service Path (0)
11-14: Technicolor TD5130.2 Remote Command Execution (0)
11-14: Technicolor TC7300.B0 Cross Site Scripting (0)
11-14: Fastweb Fastgate 0.00.81 Remote Code Execution (0)
11-14: gSOAP 2.8 Directory Traversal (0)
11-14: ScanGuard Antivirus Insecure Permissions (0)
11-14: Siemens Desigo PX 6.00 Denial Of Service (0)
11-14: CMS Made Simple 2.2.8 Remote Code Execution (0)
11-14: [webapps] Xfilesharing 2.5.1 – Arbitrary File Upload (0)
11-14: [local] oXygen XML Editor 21.1.1 – XML External Entity Injection (0)
11-14: [dos] Siemens Desigo PX 6.00 – Denial of Service (PoC) (0)
11-13: Linear eMerge E3 1.00-06 Directory Traversal (0)
11-13: Linear eMerge E3 1.00-06 Cross Site Scripting (0)
11-13: Linear eMerge E3 1.00-06 Arbitrary File Upload Remote Root Code Execution (0)
11-13: Linear eMerge E3 1.00-06 card_scan.php Command Injection (0)
11-13: Linear eMerge E3 1.00-06 card_scan_decoder.php Command Injection (0)
11-13: Computrols CBAS-Web 19.0.0 Cross Site Scripting (0)
11-13: Optergy BMS 2.0.3a Remote Root (0)
11-13: Optergy BMS 2.0.3a Account Reset / Username Disclosure (0)
11-13: Linear eMerge E3 1.00-06 Privilege Escalation (0)
11-13: FUDForum 3.0.9 Code Execution / Cross Site Scripting (0)
11-13: Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name (0)
11-13: Nortek Linear eMerge E3 Access Control Cross Site Request Forgery (0)
11-13: Optergy Proton/Enterprise BMS 2.0.3a Cross Site Request Forgery (0)
11-13: Computrols CBAS-Web 19.0.0 Username Enumeration (0)
11-13: Nortek Linear eMerge E3 Access Controller 1.00-06 SSH/FTP Remote Root (0)
11-13: Optergy Proton/Enterprise BMS 2.3.0a Open Redirect (0)
11-13: Optergy 2.3.0a Remote Root (0)
11-13: FlexAir Access Control 2.3.38 Command Injection (0)
11-13: FlexAir Access Control 2.3.38 Remote Root (0)
11-13: Linear eMerge E3 Access Controller Command Injection (0)
11-13: Prima Access Control 2.3.35 Script Upload Remote Code Execution (0)
11-13: Prima Access Control 2.3.35 Cross Site Scripting (0)
11-13: Xorg X11 Server Local Privilege Escalation (0)
11-13: Pulse Secure VPN Arbitrary Command Execution (0)
11-13: Bludit Directory Traversal Image File Upload (0)
11-13: [webapps] Linear eMerge E3 1.00-06 – Remote Code Execution (0)
11-13: [local] ScanGuard Antivirus 2020 – Insecure Folder Permissions (0)
11-13: [webapps] Fastweb Fastgate 0.00.81 – Remote Code Execution (0)
11-13: [webapps] gSOAP 2.8 – Directory Traversal (0)
11-13: [webapps] Technicolor TC7300.B0 – 'hostname' Persistent Cross-Site Scripting (0)
11-13: [webapps] Technicolor TD5130.2 – Remote Command Execution (0)
11-13: [webapps] FUDForum 3.0.9 – Remote Code Execution (0)
11-12: GCafe 3.0 Unquoted Service Path (0)
11-12: Alps HID Monitor Service 8.1.0.10 Unquoted Service Path (0)
11-12: PunBB 1.4.4 Database Disclosure (0)
11-12: XML Notepad 2.8.0.4 XML External Entity Injection (0)
11-12: iOS IOUSBDeviceFamily 12.4.1 Heap Corruption Proof Of Concept (0)
11-12: iMessage NSSharedKeyDictionary Decode Incorrect Address Read (0)
11-12: Adobe Acrobat Reader DC For Windows Malformed JBIG2Globals Stream Uninitialized Pointer (0)
11-12: Adobe Acrobat Reader DC For Windows Malformed OTF Font Uninitialized Pointer (0)
11-12: Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure (0)
11-12: Eset Mobile Security 5.2.18.0 Lock Bypass (0)
11-12: [local] Wondershare Application Framework Service 2.4.3.231 – 'WsAppService' Unquote Service Path (0)
11-12: [webapps] eMerge E3 1.00-06 – Unauthenticated Directory Traversal (0)
11-12: [local] Acronis True Image OEM 19.0.5128 – 'afcdpsrv' Unquoted Service Path (0)
11-12: [webapps] Computrols CBAS-Web 19.0.0 – 'username' Reflected Cross-Site Scripting (0)
11-12: [webapps] Prima FlexAir Access Control 2.3.38 – Remote Code Execution (0)
11-12: [webapps] Adrenalin Core HCM 5.4.0 – 'prntDDLCntrlName' Reflected Cross-Site Scripting (0)
11-12: [webapps] Adrenalin Core HCM 5.4.0 – 'strAction' Reflected Cross-Site Scripting (0)
11-12: [webapps] CBAS-Web 19.0.0 – 'id' Boolean-based Blind SQL Injection (0)
11-12: [webapps] Joomla 3.9.13 – 'Host' Header Injection (0)
11-12: [webapps] eMerge E3 1.00-06 – Privilege Escalation (0)
11-12: [webapps] eMerge E3 1.00-06 – Remote Code Execution (0)
11-12: [webapps] CBAS-Web 19.0.0 – Username Enumeration (0)
11-12: [remote] CBAS-Web 19.0.0 – Information Disclosure (0)
11-12: [webapps] CBAS-Web 19.0.0 – Cross-Site Request Forgery (Add Super Admin) (0)
11-12: [remote] eMerge E3 Access Controller 4.6.07 – Remote Code Execution (Metasploit) (0)
11-12: [webapps] CBAS-Web 19.0.0 – Remote Code Execution (0)
11-12: [webapps] eMerge50P 5000P 4.6.07 – Remote Code Execution (0)
11-12: [remote] eMerge E3 Access Controller 4.6.07 – Remote Code Execution (0)
11-12: [webapps] eMerge E3 1.00-06 – Arbitrary File Upload (0)
11-12: [webapps] eMerge E3 1.00-06 – 'layout' Reflected Cross-Site Scripting (0)
11-12: [webapps] eMerge E3 1.00-06 – Cross-Site Request Forgery (0)
11-12: [webapps] Atlassian Confluence 6.15.1 – Directory Traversal (0)
11-11: [dos] iOS IOUSBDeviceFamily 12.4.1 – 'IOInterruptEventSource' Heap Corruption (PoC) (0)
11-11: [local] _GCafé 3.0 – 'gbClienService' Unquoted Service Path (0)
11-11: [dos] Adobe Acrobat Reader DC for Windows – Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table) (0)
11-11: [dos] Adobe Acrobat Reader DC for Windows – Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream (0)
11-11: [dos] iMessage – Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address (0)
11-11: [local] XML Notepad 2.8.0.4 – XML External Entity Injection (0)
11-11: [local] Alps HID Monitor Service 8.1.0.10 – 'ApHidMonitorService' Unquote Service Path (0)
11-09: Jenkins Build-Metrics 1.3 Cross Site Scripting (0)
11-09: SolarWinds Kiwi Syslog Server 8.3.52 Unquoted Service Path (0)
11-09: Adive Framework 2.0.7 Privilege Escalation (0)
11-09: Nextcloud 17 Cross Site Request Forgery (0)
11-09: Chrome Site Isolation Bypass / File Disclosure (0)
11-08: Adaware Web Companion 4.8.2078.3950 Unquoted Service Path (0)
11-08: WebKit NodeRareData::m_connectedFrameCount Integer Overflow / UXSS / Type Confusion (0)
11-08: Adobe ColdFusion RDS Authentication Bypass (0)
11-08: rConfig 3.9.2 Command Injection (0)
11-08: Android Janus APK Signature Bypass (0)
11-08: Net-SNMPd Write Access SNMP-EXTEND-MIB Arbitrary Code Execution (0)
11-08: http://nueaklong.go.th/kurd.html (0)
11-08: http://www.pattaya.chonburi.police.go.th/README.txt (0)
11-08: [webapps] Nextcloud 17 – Cross-Site Request Forgery (0)
11-08: [remote] rConfig – install Command Execution (Metasploit) (0)
11-08: [local] Android Janus – APK Signature Bypass (Metasploit) (0)
11-08: [webapps] Adive Framework 2.0.7 – Privilege Escalation (0)
11-08: [local] SolarWinds Kiwi Syslog Server 8.3.52 – 'Kiwi Syslog Server' Unquoted Service Path (0)
11-08: [webapps] Jenkins build-metrics plugin 1.3 – 'label' Cross-Site Scripting (0)
11-07: http://moonbon.rid.go.th (0)
11-07: http://lumchae-omp.rid.go.th (0)
11-07: Wacom WTabletService 6.6.7-3 Unquoted Service Path (0)
11-07: QNAP NetBak Replicator 4.5.6.0607 Unquoted Service Path (0)
11-07: Parallels Plesk Panel 9.5 Cross Site Scripting (0)
11-07: Smartwares HOME Easy 1.0.9 Authentication Bypass (0)
11-07: Smartwares HOME Easy 1.0.9 Database Backup Information Disclosure (0)
11-07: [local] Adaware Web Companion version 4.8.2078.3950 – 'WCAssistantService' Unquoted Service Path (0)
11-06: thejshen Globitek CMS 1.4 SQL Injection (0)
11-06: Blue Stacks App Player 2.4.44.62.57 Unquoted Service Path (0)
11-06: Network Inventory Advisor 5.0.26.0 Unquoted Service Path (0)
11-06: File Optimizer 14.00.2524 Denial Of Service (0)
11-06: rimbalinux AhadPOS 1.11 SQL Injection (0)
11-06: thrsrossi Millhouse-Project 1.414 Cross Site Scripting (0)
11-06: JSC Argument Object Reconstruction Type Confusion (0)
11-06: SD.NET RIM 4.7.3c SQL Injection (0)
11-06: WebKit JSObject::putInlineSlow / JSValue::putToPrimitive Universal XSS (0)
11-06: XNU Missing Locking Race Condition (0)
11-06: html5_snmp 1.11 Cross Site Scripting (0)
11-06: html5_snmp 1.11 SQL Injection (0)
11-06: [webapps] Smartwares HOME easy 1.0.9 – Database Backup Information Disclosure (0)
11-06: [webapps] Smartwares HOME easy 1.0.9 – Client-Side Authentication Bypass (0)
11-06: [local] QNAP NetBak Replicator 4.5.6.0607 – 'QVssService' Unquoted Service Path (0)
11-06: [local] Wacom WTabletService 6.6.7-3 – 'WTabletServicePro' Unquoted Service Path (0)
11-05: Microsoft Office365 Integrity Validation / Remote Code Execution (0)
11-05: Launch Manager 6.1.7600.16385 Unquoted Service Path (0)
11-05: Ayukov NFTP 1.71 Buffer Overflow (0)
11-05: Microsoft Office365 Protection Bypass / Remote Code Execution (0)
11-05: ilchCMS 2.1.23 Cross Site Scripting (0)
11-05: BlueKeep Attacks Have Arrived, Are Initially Underwhelming (0)
11-05: Apple macOS 10.15.1 Denial Of Service (0)
11-05: Apple Security Advisory 2019-11-01-1 (0)
11-05: [local] Blue Stacks App Player 2.4.44.62.57 – "BstHdLogRotatorSvc" Unquote Service Path (0)
11-05: [dos] macOS XNU – Missing Locking in checkdirs_callback() Enables Race with fchdir_common() (0)
11-05: [dos] WebKit – Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive (0)
11-05: [webapps] thrsrossi Millhouse-Project 1.414 – 'content' Persistent Cross-Site Scripting (0)
11-05: [webapps] thejshen Globitek CMS 1.4 – 'id' SQL Injection (0)
11-05: [local] Network Inventory Advisor 5.0.26.0 – 'niaservice' Unquoted Service Path (0)
11-05: [dos] JavaScriptCore – Type Confusion During Bailout when Reconstructing Arguments Objects (0)
11-05: [webapps] SD.NET RIM 4.7.3c – 'idtyp' SQL Injection (0)
11-05: [webapps] html5_snmp 1.11 – 'Router_ID' SQL Injection (0)
11-05: [dos] FileOptimizer 14.00.2524 – Denial of Service (PoC) (0)
11-05: [webapps] html5_snmp 1.11 – 'Remark' Persistent Cross-Site Scripting (0)
11-05: [webapps] rimbalinux AhadPOS 1.11 – 'alamatCustomer' SQL Injection (0)
11-04: http://thamyaicity.go.th (0)
11-04: [local] Micro Focus (HPE) Data Protector – SUID Privilege Escalation (Metasploit) (0)
11-04: [dos] Apple macOS 10.15.1 – Denial of Service (PoC) (0)
11-04: [local] Launch Manager 6.1.7600.16385 – 'DsiWMIService' Unquoted Service Path (0)
11-04: [remote] Ayukov NFTP client 1.71 – 'SYST' Buffer Overflow (0)
11-04: [local] OpenVPN Connect 3.0.0.272 – 'agent_ovpnconnect' Unquoted Service Path (0)
11-04: [local] Aida64 6.10.5200 – Buffer Overflow (SEH) (0)
11-02: Carel pCOWeb HVAC Modbus Interface Authentication Bypass (0)
11-02: Carel pCOWeb HVAC Insecure Credential Storage (0)
11-02: Scripteen Image Upload Shell Upload (0)
11-02: Mr Blog PHP Cross Site Scripting / SQL Injection (0)
11-02: TheJshen contentManagementSystem 1.04 SQL Injection (0)
11-02: OpenVPN Private Tunnel 2.8.4 Unquoted Service Path (0)
11-02: ownCloud 10.3.0 Stable Cross Site Request Forgery (0)
11-02: Apache Solr 8.2.0 Remote Code Execution (0)
11-02: eIDAS-Node 2.3 Authentication Bypass (0)
11-02: Packet Storm New Exploits For October, 2019 (0)
11-02: Micro Focus (HPE) Data Protector SUID Privilege Escalation (0)
11-02: On Halloween Night, Google Discloses Chrome Zero-Day Exploited In The Wild (0)
11-02: Apple Security Advisory 2019-10-29-7 (0)
11-02: Apple Security Advisory 2019-10-29-1 (0)
11-02: Apple Security Advisory 2019-10-29-5 (0)
11-02: Apple Security Advisory 2019-10-29-9 (0)
11-02: Apple Security Advisory 2019-10-29-6 (0)
11-02: Apple Security Advisory 2019-10-29-8 (0)
11-02: Apple Security Advisory 2019-10-29-4 (0)
11-02: Apple Security Advisory 2019-10-29-10 (0)
11-02: Apple Security Advisory 2019-10-29-2 (0)
11-02: Apple Security Advisory 2019-10-29-11 (0)
11-02: Apple Security Advisory 2019-10-29-3 (0)
11-01: MikroTik RouterOS 6.45.6 DNS Cache Poisoning (0)
11-01: WMV To AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow (0)
11-01: WordPress Google Review Slider 6.1 SQL Injection (0)
11-01: Nostromo 1.9.6 Directory Traversal / Remote Command Execution (0)
11-01: [remote] Nostromo – Directory Traversal Remote Command Execution (Metasploit) (0)
11-01: [webapps] ownCloud 10.3.0 stable – Cross-Site Request Forgery (0)
11-01: [local] OpenVPN Private Tunnel 2.8.4 – 'ovpnagent' Unquoted Service Path (0)
11-01: [webapps] TheJshen contentManagementSystem 1.04 – 'id' SQL Injection (0)
11-01: [webapps] Apache Solr 8.2.0 – Remote Code Execution (0)

October 2019 (342)

10-31: Ajenti 2.1.31 Remote Code Execution (0)
10-31: WMV To AVI MPEG DVD WMV Converter 4.6.1217 Denial Of Service (0)
10-31: Citrix StoreFront Server 7.15 XML Injection (0)
10-31: JavaScriptCore GetterSetter Type Confusion (0)
10-31: iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure (0)
10-31: Facebook Sues NSO Group Over WhatsApp Zero Day (0)
10-31: [local] WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Buffer OverFlow (SEH) (0)
10-31: [webapps] Wordpress Plugin Google Review Slider 6.1 – 'tid' SQL Injection (0)
10-31: [remote] MikroTik RouterOS 6.45.6 – DNS Cache Poisoning (0)
10-30: Intelligent Security System SecurOS Enterprise 10.2 Unquoted Service Path (0)
10-30: Win10 MailCarrier 2.51 Buffer Overflow (0)
10-30: rConfig 3.9.2 Remote Code Execution (0)
10-30: Microsoft Windows Server 2012 Group Policy Remote Code Execution (0)
10-30: Microsoft Windows Server 2012 Group Policy Security Feature Bypass (0)
10-30: WordPress 5.2.4 Cross Origin Resource Sharing (0)
10-30: Craft CMS Rate Limiting / Brute Force (0)
10-30: [dos] JavaScriptCore – GetterSetter Type Confusion During DFG Compilation (0)
10-30: [dos] WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Denial of Service (0)
10-30: [webapps] iSeeQ Hybrid DVR WH-H4 2.0.0.P – (get_jpeg) Stream Disclosure (0)
10-30: [webapps] Citrix StoreFront Server 7.15 – XML External Entity Injection (0)
10-30: [webapps] Ajenti 2.1.31 – Remote Code Exection (Metasploit) (0)
10-29: ham3d 1.1 Information Disclosure / Default Credentials (0)
10-29: ClonOs WEB UI 19.09 Improper Access Control (0)
10-29: Sahi Pro 8.x Cross Site Scripting (0)
10-29: CWP 0.9.8.885 Cross Site Scripting (0)
10-29: Part-DB 0.4 Authentication Bypass (0)
10-29: JumpStart 0.6.0.0 Unquoted Service Path (0)
10-29: Intelbras Router WRN150 1.0.18 Cross Site Request Forgery (0)
10-29: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 SQL Injection (0)
10-29: delpino73 Blue-Smiley-Organizer 1.32 SQL Injection (0)
10-29: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 Cross Site Scripting (0)
10-29: ChaosPro 2.0 Buffer Overflow (0)
10-29: Infosysta Jira 1.6.13_J8 Push Notification Authentication Bypass (0)
10-29: Infosysta Jira 1.6.13_J8 Project List Authentication Bypass (0)
10-29: Infosysta Jira 1.6.13_J8 User Name Disclosure (0)
10-29: WebKit HTMLFrameElementBase::isURLAllowed Universal Cross Site Scripting (0)
10-29: Microsoft Windows Insecure CSharedStream Object Privilege Escalation (0)
10-29: [remote] Win10 MailCarrier 2.51 – 'POP3 User' Remote Buffer Overflow (0)
10-29: [remote] Microsoft Windows Server 2012 – 'Group Policy' Security Feature Bypass (0)
10-29: [remote] Microsoft Windows Server 2012 – 'Group Policy' Remote Code Execution (0)
10-29: [webapps] Wordpress 5.2.4 – Cross-Origin Resource Sharing (0)
10-29: [local] Intelligent Security System SecurOS Enterprise 10.2 – 'SecurosCtrlService' Unquoted Service Path (0)
10-29: [webapps] rConfig 3.9.2 – Remote Code Execution (0)
10-28: [dos] WebKit – Universal XSS in HTMLFrameElementBase::isURLAllowed (0)
10-28: [local] ChaosPro 2.0 – Buffer Overflow (SEH) (0)
10-28: [webapps] delpino73 Blue-Smiley-Organizer 1.32 – 'datetime' SQL Injection (0)
10-28: [local] JumpStart 0.6.0.0 – 'jswpbapi' Unquoted Service Path (0)
10-28: [webapps] waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 – 'description' Cross-Site Scripting (0)
10-28: [webapps] waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 – 'start' SQL Injection (0)
10-28: [webapps] Part-DB 0.4 – Authentication Bypass (0)
10-28: [webapps] Intelbras Router WRN150 1.0.18 – Cross-Site Request Forgery (0)
10-25: PHP-FPM Remote Code Execution (0)
10-25: AUO SunVeillance Monitoring System 1.1.9e Incorrect Access Control (0)
10-25: AUO SunVeillance Monitoring System 1.1.9e SQL Injection (0)
10-25: [webapps] ClonOs WEB UI 19.09 – Improper Access Control (0)
10-24: Moxa EDR-810 Command Injection / Information Disclosure (0)
10-24: Rocket.Chat 2.1.0 Cross Site Scripting (0)
10-24: IObit Uninstaller 9.1.0.8 IObitUnSvr Unquoted Service Path (0)
10-24: WordPress Sliced Invoices 3.8.2 Cross Site Scripting (0)
10-24: WordPress Sliced Invoices 3.8.2 SQL Injection (0)
10-24: Linux Polkit pkexec Helper PTRACE_TRACEME Local Root (0)
10-24: Solaris xscreensaver Privilege Escalation (0)
10-24: Rusty Joomla Unauthenticated Remote Code Execution (0)
10-24: [webapps] AUO SunVeillance Monitoring System 1.1.9e – 'MailAdd' SQL Injection (0)
10-24: [webapps] AUO SunVeillance Monitoring System 1.1.9e – Incorrect Access Control (0)
10-24: [webapps] Wordpress Sliced Invoices 3.8.2 – 'post' SQL Injection (0)
10-24: [local] Linux Polkit – pkexec helper PTRACE_TRACEME local root (Metasploit) (0)
10-23: Xorg X11 Server SUID modulepath Privilege Escalation (0)
10-23: [webapps] Joomla! 3.4.6 – Remote Code Execution (Metasploit) (0)
10-23: [local] IObit Uninstaller 9.1.0.8 – 'IObitUnSvr' Unquoted Service Path (0)
10-23: [webapps] Rocket.Chat 2.1.0 – Cross-Site Scripting (0)
10-22: https://ic.nbtc.go.th/xampp/lang.tmp (0)
10-22: Total.js CMS 12 Widget JavaScript Code Injection (0)
10-22: [remote] Total.js CMS 12 – Widget JavaScript Code Injection (Metasploit) (0)
10-21: https://nonghuafancity.go.th/o.htm (0)
10-21: http://www.pamat.go.th/o.htm (0)
10-21: Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 Remote Code Execution (0)
10-21: [local] Solaris 11.4 – xscreensaver Privilege Escalation (0)
10-21: [dos] winrar 5.80 64bit – Denial of Service (0)
10-21: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow due to Malformed JP2 Stream (2) (0)
10-21: [local] Trend Micro Anti-Threat Toolkit 1.62.0.1218 – Remote Code Execution (0)
10-21: [local] winrar 5.80 – XML External Entity Injection (0)
10-20: Android Binder Use-After-Free (0)
10-20: WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF (0)
10-20: Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation (0)
10-20: Sangoma SBC 2.3.23-119-GA Authentication Bypass (0)
10-18: BlackMoon FTP Server 3.1.2.1731 BMFTP-RELEASE Unquoted Service Path (0)
10-18: Web Companion 5.1.1035.1047 WCAssistantService Unquoted Service Path (0)
10-18: WorkgroupMail 7.5.1 WorkgroupMail Unquoted Service Path (0)
10-18: WordPress FooGallery 1.8.12 Cross Site Scripting (0)
10-18: WordPress Soliloquy Lite 2.5.6 Cross Site Scripting (0)
10-18: VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass (0)
10-18: WordPress Popup Builder 3.49 Cross Site Scripting (0)
10-18: ThinVNC 1.0b1 Authentication Bypass (0)
10-18: VIM 8.1.2135 Use-After-Free (0)
10-18: Restaurant Management System 1.0 Shell Upload (0)
10-18: http://civec.vec.go.th/index.html (0)
10-18: http://dvec.vec.go.th/index.html (0)
10-18: http://gfmis.vec.go.th/index.html (0)
10-18: http://hr.vec.go.th/index.html (0)
10-18: http://iau.vec.go.th/index.html (0)
10-18: http://ipa.vec.go.th/index.html (0)
10-18: http://ivec.vec.go.th/index.html (0)
10-18: http://new.vec.go.th/index.html (0)
10-18: http://nited.vec.go.th/index.html (0)
10-18: http://pdo.vec.go.th/index.html (0)
10-18: http://psdg.vec.go.th/index.html (0)
10-18: http://sbd.vec.go.th/index.html (0)
10-18: http://techno.vec.go.th/index.html (0)
10-18: http://vecrspg.vec.go.th/index.html (0)
10-18: http://vecp.vec.go.th/index.html (0)
10-18: http://ver.vec.go.th/index.html (0)
10-18: http://www2.vec.go.th/index.html (0)
10-18: [webapps] Joomla! 3.4.6 – Remote Code Execution (0)
10-17: Zilab Remote Console Server 3.2.9 zrcs Unquoted Service Path (0)
10-17: Lavasoft 2.3.4.7 LavasoftTcpService Unquoted Service Path (0)
10-17: Whatsapp 2.19.216 Remote Code Execution (0)
10-17: X.Org X Server 1.20.4 Local Stack Overflow (0)
10-17: CyberArk Password Vault 10.6 Authentication Bypass (0)
10-17: Tomedo Server 1.7.3 Information Disclosure / Weak Cryptography (0)
10-17: Mikogo 5.2.2.150317 Mikogo-Service Unquoted Service Path (0)
10-17: WordPress Broken Link Checker 1.11.8 Cross Site Scripting (0)
10-17: Solaris 11.4 xscreensaver Privilege Escalation (0)
10-17: LiteManager 4.5.0 romservice Unquoted Service Path (0)
10-17: Accounts Accounting 7.02 Cross Site Scripting (0)
10-17: Adobe Acrobat Reader DC For Windows JP2 Stream Buffer Overflow (0)
10-17: [local] WorkgroupMail 7.5.1 – 'WorkgroupMail' Unquoted Service Path (0)
10-17: [webapps] Wordpress FooGallery 1.8.12 – Persistent Cross-Site Scripting (0)
10-17: [webapps] Wordpress Soliloquy Lite 2.5.6 – Persistent Cross-Site Scripting (0)
10-17: [local] Web Companion versions 5.1.1035.1047 – 'WCAssistantService' Unquoted Service Path (0)
10-17: [local] BlackMoon FTP Server 3.1.2.1731 – 'BMFTP-RELEASE' Unquoted Serive Path (0)
10-17: [webapps] Restaurant Management System 1.0 – Remote Code Execution (0)
10-17: [remote] ThinVNC 1.0b1 – Authentication Bypass (0)
10-17: [webapps] Wordpress Popup Builder 3.49 – Persistent Cross-Site Scripting (0)
10-16: https://numbering.nbtc.go.th/security/lang.tmp (0)
10-16: ActiveFax Server 6.92 Build 0316 ActiveFaxServiceNT Unquoted Service Path (0)
10-16: sudo 1.8.28 Security Bypass (0)
10-16: Bolt CMS 3.6.10 Cross Site Request Forgery (0)
10-16: http://wangyai.sec40.go.th (0)
10-16: http://web.namnaohospital.go.th (0)
10-16: [remote] Whatsapp 2.19.216 – Remote Code Execution (0)
10-16: [local] Mikogo 5.2.2.150317 – 'Mikogo-Service' Unquoted Serive Path (0)
10-16: [local] Solaris xscreensaver 11.4 – Privilege Escalation (0)
10-16: [local] LiteManager 4.5.0 – 'romservice' Unquoted Serive Path (0)
10-16: [local] Zilab Remote Console Server 3.2.9 – 'zrcs' Unquoted Service Path (0)
10-16: [local] X.Org X Server 1.20.4 – Local Stack Overflow (0)
10-16: [local] Lavasoft 2.3.4.7 – 'LavasoftTcpService' Unquoted Service Path (0)
10-16: [webapps] Accounts Accounting 7.02 – Persistent Cross-Site Scripting (0)
10-16: [webapps] CyberArk Password Vault 10.6 – Authentication Bypass (0)
10-15: Joomla SwPhotoGallery 1.5.26 SQL Injection (0)
10-15: Joomla Cactus 1.2.0 SQL Injection (0)
10-15: Joomla Mad4Joomla 1.1.x SQL Injection (0)
10-15: Joomla Google Maps 1.0.4 SQL Injection (0)
10-15: Joomla MisterEstate 1.5.26 SQL Injection (0)
10-15: Joomla MediaLibrary 1.5.26 SQL Injection (0)
10-15: Joomla Vemod News Mailer 1.0 SQL Injection (0)
10-15: Joomla Sumoku 3.9.8 SQL Injection (0)
10-15: Uplay 92.0.0.6280 Local Privilege Escalation (0)
10-15: SpotAuditor 5.3.1.0 Denial Of Service (0)
10-15: Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls (0)
10-15: ActiveFax Server 6.92 Build 0316 Denial Of Service (0)
10-15: Express Invoice 7.12 Cross Site Scripting (0)
10-15: Kirona-DRS 5.5.3.5 Information Disclosure (0)
10-15: ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution (0)
10-15: OpenProject 10.0.1 / 9.0.3 Cross Site Scripting (0)
10-15: Podman / Varlink Remote Code Execution (0)
10-15: [local] ActiveFax Server 6.92 Build 0316 – 'ActiveFaxServiceNT' Unquoted Service Path (0)
10-15: [remote] Podman & Varlink 1.5.1 – Remote Code Execution (0)
10-15: [local] sudo 1.2.27 – Security Bypass (0)
10-15: [webapps] Bolt CMS 3.6.10 – Cross-Site Request Forgery (0)
10-14: http://mproject.rid.go.th/mainwp/wp-snapshots/index.php (0)
10-14: http://rio15.rid.go.th/engineering/configuration.php (0)
10-14: http://telecom.rid.go.th/configuration.php (0)
10-14: http://hydrology.rid.go.th/hyd/README.txt (0)
10-14: Apple Security Advisory 2019-10-11-1 (0)
10-14: [webapps] Express Invoice 7.12 – 'Customer' Persistent Cross-Site Scripting (0)
10-14: [webapps] Kirona-DRS 5.5.3.5 – Information Disclosure (0)
10-14: [local] Uplay 92.0.0.6280 – Local Privilege Escalation (0)
10-14: [webapps] Ajenti 2.1.31 – Remote Code Execution (0)
10-14: [dos] ActiveFax Server 6.92 Build 0316 – 'POP3 Server' Denial of Service (0)
10-14: [dos] SpotAuditor 5.3.1.0 – Denial of Service (0)
10-12: http://srb1.go.th/c0d3.html (0)
10-12: MiniShare 1.4.1 CONNECT Remote Buffer Overflow (0)
10-12: WordPress Arforms 3.7.1 Directory Traversal (0)
10-12: Intelbras Router WRN150 1.0.18 Cross Site Scripting (0)
10-12: National Instruments Circuit Design Suite 14.0 Privilege Escalation (0)
10-12: Ajenti Remote Command Execution (0)
10-12: SugarCRM 9.0.1 Cross Site Scripting (0)
10-12: SugarCRM 9.0.1 SQL Injection (0)
10-12: SugarCRM 9.0.1 Broken Access Controls (0)
10-12: Visual Studio Code Remote Debugger Enabled (0)
10-12: SugarCRM 9.0.1 Path Traversal (0)
10-12: SugarCRM 9.0.1 PHP Code Injection (0)
10-12: SugarCRM 9.0.1 PHP Object Injection (0)
10-12: SugarCRM 9.0.1 Phar Deserialization (0)
10-12: Openfire 4.4.1 Cross Site Scripting (0)
10-12: http://live.cdd.go.th/love.txt (0)
10-11: TP-Link TL-WR1043ND 2 Authentication Bypass (0)
10-11: ASX To MP3 Converter 3.1.3.7 Stack Overflow (0)
10-11: SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery (0)
10-11: Microsoft Windows Kernel win32k.sys TTF Font Processing win32k!ulClearTypeFilter Pool Corruption (0)
10-11: Microsoft Windows Kernel nt!MiOffsetToProtos NULL Pointer Dereference (0)
10-11: Microsoft Windows Kernel CI!CipFixImageType Out-Of-Bounds Read (0)
10-11: Microsoft Windows Kernel nt!MiParseImageLoadConfig Out-Of-Bounds Read (0)
10-11: Microsoft Windows Kernel CI!HashKComputeFirstPageHash Out-Of-Bounds Read (0)
10-11: Microsoft Windows Kernel nt!MiRelocateImage Out-Of-Bounds Read (0)
10-11: [webapps] WordPress Arforms 3.7.1 – Directory Traversal (0)
10-11: [webapps] Intelbras Router WRN150 1.0.18 – Persistent Cross-Site Scripting (0)
10-11: [local] National Instruments Circuit Design Suite 14.0 – Local Privilege Escalation (0)
10-10: Ransomware Gang Uses iTunes Zero-Day (0)
10-10: DeviceViewer 3.12.0.1 Local Buffer Overflow (0)
10-10: Foscam Video Management System 1.1.6.6 Denial Of Service (0)
10-10: PBS Professional 19.2.3 Authentication Bypass (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File (0)
10-10: [webapps] SMA Solar Technology AG Sunny WebBox device – 1.6 – Cross-Site Request Forgery (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File (0)
10-10: [dos] Windows Kernel – NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File (0)
10-10: [webapps] TP-Link TL-WR1043ND 2 – Authentication Bypass (0)
10-10: [dos] Windows Kernel – win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter (0)
10-10: [local] ASX to MP3 converter 3.1.3.7 – '.asx' Local Stack Overflow (Metasploit, DEP Bypass) (0)
10-09: http://www.chaophaka.go.th/activity/images/ (0)
10-09: http://www.huayyaijiw.go.th/activity/images/ (0)
10-09: http://kampang.go.th/activity/images/ (0)
10-09: http://www.wangthongnb.go.th/activity/images/ (0)
10-09: RENPHO 3.0.0 Information Disclosure (0)
10-09: Socomec DIRIS A-40 Password Disclosure (0)
10-09: WebKit FrameLoader::clear Same-Origin Policy Bypass (0)
10-09: File Sharing Wizard 1.5.0 POST SEH Overflow (0)
10-09: Apple Security Advisory 2019-10-07-1 (0)
10-09: Apple Security Advisory 2019-10-07-2 (0)
10-09: Apple Security Advisory 2019-10-07-3 (0)
10-09: Apple Security Advisory 2019-10-07-4 (0)
10-09: [dos] XNU – Remote Double-Free via Data Race in IPComp Input Path (0)
10-09: [local] DeviceViewer 3.12.0.1 – 'add user' Local Buffer Overflow (DEP Bypass) (0)
10-09: [dos] Foscam Video Management System 1.1.6.6 – 'UID' Denial of Service (PoC) (0)
10-08: Thailand Union Library Management 6.2 SQL Injection / XSS (0)
10-08: ASX To MP3 Converter 3.1.3.7 Local Stack Overflow (0)
10-08: CheckPoint Endpoint Security Client / ZoneAlarm Privilege Escalation (0)
10-08: Joomla 3.4.6 Remote Code Execution (0)
10-08: Logrotate 3.15.1 Privilege Escalation (0)
10-08: Subrion 4.2.1 Cross Site Scripting (0)
10-08: IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution (0)
10-08: IcedTeaWeb Validation Bypass / Directory Traversal / Code Execution (0)
10-08: Zabbix 4.2 Authentication Bypass (0)
10-08: Zabbix 4.4 Authentication Bypass (0)
10-08: freeFTP 1.0.8 Remote Buffer Overflow (0)
10-08: Tellion HN-2204AP Router Remote Configuration Disclosure (0)
10-08: vBulletin 5.5.4 SQL Injection (0)
10-08: vBulletin 5.5.4 Remote Code Execution (0)
10-08: XNU Data Race Remote Double-Free (0)
10-08: [webapps] Zabbix 4.4 – Authentication Bypass (0)
10-07: https://www.ditp.go.th (0)
10-07: [remote] freeFTP 1.0.8 – Remote Buffer Overflow (0)
10-07: [webapps] IBM Bigfix Platform 9.5.9.62 – Arbitrary File Upload (0)
10-07: [webapps] Subrion 4.2.1 – 'Email' Persistant Cross-Site Scripting (0)
10-07: [local] ASX to MP3 converter 3.1.3.7 – '.asx' Local Stack Overflow (DEP) (0)
10-07: [local] logrotten 3.15.1 – Privilege Escalation (0)
10-07: [webapps] Zabbix 4.2 – Authentication Bypass (0)
10-07: [webapps] Joomla 3.4.6 – 'configuration.php' Remote Code Execution (0)
10-07: [local] CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 – Privilege Escalation (0)
10-06: http://www.sisaketspecial.go.th/index.php (0)
10-06: ParantezTeknoloji Library Software 16.0519000 Open Redirection (0)
10-06: Devinim Library Software 19.0504000 Open Redirection (0)
10-06: File Sharing Wizard 1.5.0 DELETE SEH Buffer Overflow (0)
10-06: Microsoft Windows Silent Process Exit Persistence (0)
10-06: Signal Forced Call Acceptance (0)
10-06: GitLab Omnibus 12.2.1 Logrotate Privilege Escalation (0)
10-05: PHP 7.3 disable_functions Bypass (0)
10-05: LabCollector 5.423 SQL Injection (0)
10-05: Android Binder Driver Use-After-Free (0)
10-04: mintinstall 7.9.9 Code Execution (0)
10-04: Anchor CMS 0.12.3a Information Disclosure (0)
10-04: Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure (0)
10-04: Hisilicon Hi3518 HD Camera Remote Configuration Disclosure (0)
10-04: Researchers Say They Uncovered Uzbekistan Hacking Operations Due To Spectacularly Bad OPSEC (0)
10-04: [webapps] LabCollector 5.423 – SQL Injection (0)
10-03: ipwndfu Jailbreaking Tool (0)
10-03: Counter-Strike Global Offensive Code Execution / Denial Of Service (0)
10-03: Notepad++ Code Execution / Denial Of Service (0)
10-03: Detrix EDMS 1.2.3.1505 SQL Injection (0)
10-03: Tellion TE01-005H HomeHub Router Remote Configuration Disclosure (0)
10-03: vBulletin Zero Day KOs Comodo User Forums (0)
10-03: [webapps] PHP 7.0 < 7.3 – 'gc' Disable Functions Bypass (0)
10-03: [webapps] AnchorCMS < 0.12.3a – Information Disclosure (0)
10-03: [webapps] mintinstall 7.9.9 – Code Execution (0)
10-02: https://webdev.excise.go.th/007.html (0)
10-02: http://hrm.excise.go.th/007.html (0)
10-02: http://reo15.go.th/tmp/007.html (0)
10-02: https://qsds.go.th/monmai/007.html (0)
10-02: http://www.spm7.go.th/spm7/007.html (0)
10-02: Apple Security Advisory 2019-9-26-1 (0)
10-02: Apple Security Advisory 2019-9-26-2 (0)
10-02: Apple Security Advisory 2019-9-26-3 (0)
10-02: Apple Security Advisory 2019-9-26-4 (0)
10-02: Apple Security Advisory 2019-9-26-5 (0)
10-02: Apple Security Advisory 2019-9-26-6 (0)
10-02: Apple Security Advisory 2019-9-26-7 (0)
10-02: Apple Security Advisory 2019-9-26-9 (0)
10-02: Apple Security Advisory 2019-9-26-8 (0)
10-02: Apple Security Advisory 2019-9-27-1 (0)
10-02: Digitus DN-16048 Camera Remote Configuration Disclosure (0)
10-02: thesystem App 1.0 SQL Injection (0)
10-02: FOSCAM FI8608W Camera Remote Configuration Disclosure (0)
10-02: PHP 7.x disable_functions Bypass (0)
10-02: vBulletin 5.x Pre-Auth Remote Code Execution (0)
10-02: thesystem 1.0 Command Injection (0)
10-02: GFI Kerio Control 9.3.0 Cross Site Scripting (0)
10-02: Akaunting 1.3.17 Cross Site Scripting (0)
10-02: Duplicator Pro 1.3.14 Local Information Disclosure (0)
10-02: phpIPAM 1.4 SQL Injection (0)
10-02: thesystem 1.0 Cross Site Scripting (0)
10-02: GoAhead 2.5.0 Host Header Injection (0)
10-02: Realtek Managed Switch Controller (RTL83xx) Stack Overflow (0)
10-02: DameWare Remote Support 12.1.0.34 Buffer Overflow (0)
10-02: kic 2.4a Denial Of Service (0)
10-02: DotNetNuke Cross Site Scripting (0)
10-02: WebKit URI / Synchronous Page Loads Universal Cross Site Scripting (0)
10-02: WebKit WebCore::command Universal Cross Site Scripting (0)
10-02: WebKit WebCore::ReplacementFragment::ReplacementFragment User-Agent Shadow Root Leak (0)
10-02: WebKit Cached Pages Universal Cross Site Scripting (0)
10-02: DOUBLEPULSAR Payload Execution / Neutralization (0)
10-02: Rocket.Chat Cross Site Scripting (0)
10-02: Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation (0)
10-02: LG-ERICSSON LN202-003H HomeHub Router Remote Configuration Disclosure (0)
10-02: Packet Storm New Exploits For September, 2019 (0)
10-02: [remote] DOUBLEPULSAR – Payload Execution and Neutralization (Metasploit) (0)
10-02: [webapps] Detrix EDMS 1.2.3.1505 – SQL Injection (0)
10-01: https://buriram4.go.th//zx.htm (0)
10-01: http://odgo.buriram4.go.th/zx.htm (0)
10-01: http://eff.buriram4.go.th//zx.htm (0)
10-01: http://gda.buriram4.go.th//zx.htm (0)
10-01: http://gdabr4.buriram4.go.th//zx.htm (0)
10-01: http://primarydata.buriram4.go.th//zx.htm (0)
10-01: [dos] WebKit – Universal XSS Using Cached Pages (0)
10-01: [dos] kic 2.4a – Denial of Service (0)
10-01: [dos] WebKit – Universal XSS in WebCore::command (0)
10-01: [dos] WebKit – UXSS Using JavaScript: URI and Synchronous Page Loads (0)
10-01: [webapps] DotNetNuke < 9.4.0 – Cross-Site Scripting (0)
10-01: [local] DameWare Remote Support 12.1.0.34 – Buffer Overflow (SEH) (0)
10-01: [dos] WebKit – User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment (0)

September 2019 (250)

09-30: [remote] Cisco Small Business 220 Series – Multiple Vulnerabilities (0)
09-30: [webapps] thesystem 1.0 – Cross-Site Scripting (0)
09-30: [remote] GoAhead 2.5.0 – Host Header Injection (0)
09-30: [webapps] phpIPAM 1.4 – SQL Injection (0)
09-30: [webapps] TheSystem 1.0 – Command Injection (0)
09-30: [webapps] vBulletin 5.x – Remote Command Execution (Metasploit) (0)
09-28: https://www.sukhothai1.go.th/wS0.php (0)
09-28: http://www.banmaeka.go.th/007.html (0)
09-27: citecodecrashers Pic-A-Point 1.1 SQL Injection (0)
09-27: inoERP 4.15 SQL Injection (0)
09-27: all-in-one-seo-pack 3.2.7 Cross Site Scripting (0)
09-27: Duplicate-Post 3.2.3 Cross Site Scripting (0)
09-27: vBulletin 5.x 0-Day Pre-Auth Remote Command Execution (0)
09-27: eBrigade SQL Injection (0)
09-27: ACTi ACD-2100 Video Encoder Remote Command Execution (0)
09-27: ACTi ACM-5611 Video Camera Remote Command Execution (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Remote Privilege Escalation (0)
09-27: [webapps] WordPress Theme Zoner Real Estate – 4.1.1 Persistent Cross-Site Scripting (0)
09-27: [webapps] V-SOL GPON/EPON OLT Platform 2.03 – Remote Privilege Escalation (0)
09-27: [webapps] V-SOL GPON/EPON OLT Platform 2.03 – Cross-Site Request Forgery (0)
09-27: [webapps] V-SOL GPON/EPON OLT Platform 2.03 – Unauthenticated Configuration Download (0)
09-27: [webapps] thesystem App 1.0 – 'username' SQL Injection (0)
09-27: [webapps] thesystem App 1.0 – 'server_name' SQL Injection (0)
09-27: [webapps] thesystem App 1.0 – Persistent Cross-Site Scripting (0)
09-27: [webapps] InoERP 0.7.2 – Persistent Cross-Site Scripting (0)
09-27: [remote] Mobatek MobaXterm 12.1 – Buffer Overflow (SEH) (0)
09-26: Chamilo LMS 1.11.8 Shell Upload (0)
09-26: SpotIE Internet Explorer Password Recovery 2.9.5 Denial Of Service (0)
09-26: WP Server Log Viewer 1.0 Cross Site Scripting (0)
09-26: NPMJS gitlabhook 0.0.17 Remote Command Execution (0)
09-26: YzmCMS 5.3 Host Header Injection (0)
09-26: Chrome ~LevelDBIteratorImpl Use-After-Free (0)
09-26: Chrome IndexedDBConnection::Close Use-After-Free (0)
09-26: ACTi ACM-3100 Camera Remote Command Execution (0)
09-26: [webapps] Chamillo LMS 1.11.8 – Arbitrary File Upload (0)
09-26: [webapps] citecodecrashers Pic-A-Point 1.1 – 'Consignment' SQL Injection (0)
09-26: [webapps] inoERP 4.15 – 'download' SQL Injection (0)
09-26: [webapps] all-in-one-seo-pack 3.2.7 – Persistent Cross-Site Scripting (0)
09-26: [webapps] Duplicate-Post 3.2.3 – Persistent Cross-Site Scripting (0)
09-25: http://ses26.go.th (0)
09-25: DeviceViewer 3.12.0.1 Denial Of Service (0)
09-25: Easy File Sharing Web Server 7.2 SEH Buffer Overflow (0)
09-25: File Sharing Wizard 1.5.0 SEH Buffer Overflow (0)
09-25: pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection (0)
09-25: iMessage NSSharedKeyDictionary Decoding Out Of Bounds Read (0)
09-25: Microsoft SharePoint 2013 SP1 Cross Site Scripting (0)
09-25: ABRT sosreport Privilege Escalation (0)
09-25: vBulletin 5.x Pre-Auth Remote Code Execution (0)
09-25: [dos] SpotIE Internet Explorer Password Recovery 2.9.5 – 'Key' Denial of Service (0)
09-25: [webapps] Microsoft SharePoint 2013 SP1 – 'DestinationFolder' Persistant Cross-Site Scripting (0)
09-24: http://www.muang-bua.go.th/html/ (0)
09-24: Gila CMS Local File Inclusion (0)
09-24: HPE Intelligent Management Center Information Disclosure (0)
09-24: Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution (0)
09-24: BlueKeep RDP Remote Windows Kernel Use-After-Free (0)
09-24: How Google Changed The Secretive Market For The Most Dangerous Hacks In The World (0)
09-24: http://smss.chaiyaphum3.go.th/web62/susu.html (0)
09-24: http://www.ksn1.go.th/susu.html (0)
09-24: [dos] iMessage – Decoding NSSharedKeyDictionary Can Read Object Out of Bounds (0)
09-24: [webapps] Pfsense 2.3.4 / 2.4.4-p3 – Remote Code Injection (0)
09-24: [remote] File Sharing Wizard 1.5.0 – POST SEH Overflow (0)
09-24: [local] Easy File Sharing Web Server 7.2 – 'New User' Local SEH Overflow (0)
09-24: [dos] Microsoft Windows cryptoapi – SymCrypt Modular Inverse Algorithm Denial of Service (0)
09-24: [dos] DeviceViewer 3.12.0.1 – 'creating user' Denial of Service (0)
09-23: http://sec40.go.th/counter.txt (0)
09-23: [remote] Hisilicon HiIpcam V100R003 Remote ADSL – Credentials Disclosure (0)
09-22: Palo Alto Networks Cross Site Request Forgery (0)
09-22: Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload (0)
09-21: http://www.atsc.doae.go.th (0)
09-21: http://sirattana.sisaket.doae.go.th (0)
09-21: http://phusing.sisaket.doae.go.th (0)
09-21: http://huaithapthan.sisaket.doae.go.th (0)
09-21: http://sukhothai2.go.th/007.html (0)
09-21: DIGIT CENTRIS 4 ERP SQL Injection (0)
09-21: GOautodial 4.0 Cross Site Scripting (0)
09-21: LayerBB 1.1.3 Cross Site Request Forgery (0)
09-21: Hisilicon HiIpcam V100R003 Remote ADSL Credential Disclosure (0)
09-20: macOS 18.7.0 Kernel Local Privilege Escalation (0)
09-20: Western Digital My Book World II NAS 1.02.12 Hardcoded Credential (0)
09-20: [webapps] LayerBB < 1.1.4 – Cross-Site Request Forgery (0)
09-19: Oracle Mojarra JSF / Eclipse Mojarra JSF 2.2 / 2.3 Cross Site Scripting (0)
09-19: Hospital-Management 1.26 SQL Injection (0)
09-19: [webapps] GOautodial 4.0 – 'CreateEvent' Persistent Cross-Site Scripting (0)
09-19: [webapps] Western Digital My Book World II NAS 1.02.12 – Authentication Bypass / Command Execution (0)
09-18: http://www.elum.go.th/jp.htm (0)
09-18: http://amnatpao.go.th (0)
09-18: http://keelek-phatumrat.go.th (0)
09-18: V8 Map Migration Type Confusion (0)
09-18: Microsoft Windows Internet Settings Security Feature Bypass (0)
09-18: Google Chrome Password Disclosure (0)
09-18: [webapps] Hospital-Management 1.26 – 'fname' SQL Injection (0)
09-17: http://immchonburi.go.th/main (0)
09-17: https://www.kpp2.go.th/index.php (0)
09-17: http://ntwo.moph.go.th (0)
09-17: http://kpi.ntwo.moph.go.th (0)
09-17: http://pns.ntwo.moph.go.th (0)
09-17: http://healthws.ntwo.moph.go.th (0)
09-17: Ticket-Booking 1.4 Authentication Bypass (0)
09-17: College-Management-System 1.2 Authentication Bypass (0)
09-17: Webmin 1.920 Remote Code Execution (0)
09-17: AppXSvc 17763.1.amd64fre.rs5_release.180914-1434 Privilege Escalation (0)
09-17: docPrint Pro 8.0 SEH Buffer Overflow (0)
09-17: Inteno IOPSYS Gateway 3DES Key Extraction Improper Access (0)
09-17: LastPass Credential Leak From Previous Site (0)
09-16: [webapps] Symantec Advanced Secure Gateway (ASG) / ProxySG – Unrestricted File Upload (0)
09-16: [local] AppXSvc – Privilege Escalation (0)
09-16: [remote] Inteno IOPSYS Gateway – Improper Access Restrictions (0)
09-14: FTPShell Client 6.74 Buffer Overflow (0)
09-14: Folder Lock 7.7.9 Denial Of Service (0)
09-14: Dolibarr ERP-CRM 10.0.1 Cross Site Scripting (0)
09-14: phpMyAdmin 4.9.0.1 Cross Site Request Forgery (0)
09-14: Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting (0)
09-14: [webapps] College-Management-System 1.2 – Authentication Bypass (0)
09-14: [webapps] Ticket-Booking 1.4 – Authentication Bypass (0)
09-13: Opencart 2.3.0.2 Pre-Auth Remote Command Execution (0)
09-13: Generic Zip Slip Traversal (0)
09-13: LimeSurvey 3.17.13 Cross Site Scripting (0)
09-13: [webapps] LimeSurvey 3.17.13 – Cross-Site Scripting (0)
09-13: [webapps] phpMyAdmin 4.9.0.1 – Cross-Site Request Forgery (0)
09-13: [webapps] Dolibarr ERP-CRM 10.0.1 – 'User-Agent' Cross-Site Scripting (0)
09-13: [dos] Folder Lock 7.7.9 – Denial of Service (0)
09-12: http://smss.ksn1.go.th/susu.html (0)
09-12: http://amss.ksn1.go.th/susu.html (0)
09-12: WordPress Photo Gallery 1.5.34 SQL Injection (0)
09-12: WordPress Photo Gallery 1.5.34 Cross Site Scripting (0)
09-12: WordPress Checklist 1.1.5 Cross Site Scripting (0)
09-12: AVCON6 Systems Management Platform Remote Root (0)
09-12: WordPress SlickQuiz 1.3.7.1 Cross Site Scripting (0)
09-12: WordPress SlickQuiz 1.3.7.1 SQL Injection (0)
09-12: OpenEdx Ironwood.1 Cross Site Scripting (0)
09-12: eWON Flexy 13.0 Authentication Bypass (0)
09-12: Microsoft DirectWrite SplicePixel Invalid Read (0)
09-12: Microsoft DirectWrite sfac_GetSbitBitmap Out-Of-Bounds Read (0)
09-12: [dos] Microsoft DirectWrite – Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts (0)
09-12: [dos] Microsoft DirectWrite – Invalid Read in SplicePixel While Processing OTF Fonts (0)
09-11: http://dws.fpo.go.th/support.htm (0)
09-11: WordPress Ellipsis Human Presence Technology 2.0.8 Cross Site Scripting (0)
09-11: Windows File Enumeration Intel Gathering Tool 2.1 (0)
09-11: Control Web Panel 0.9.8.851 Privilege Escalation (0)
09-11: Enigma NMS 65.0.0 Cross Site Request Forgery (0)
09-11: Dolibarr ERP-CRM 10.0.1 SQL Injection (0)
09-11: Enigma NMS 65.0.0 OS Command Injection (0)
09-11: WordPress Sell Downloads 1.0.86 Cross Site Scripting (0)
09-11: Dolibarr ERP-CRM 10.0.1 SQL Injection (0)
09-11: Dolibarr ERP-CRM 10.0.1 SQL Injection (0)
09-11: Enigma NMS 65.0.0 SQL Injection (0)
09-11: Dabman And Imperial Web Radio Devices Undocumented Telnet Backdoor (0)
09-11: WordPress Qwiz Online Quizzes And Flashcards 3.36 Cross Site Scripting (0)
09-11: Cisco Content Security Virtual Appliance M380 IronPort Remote Cross Site Host Modification (0)
09-11: Tibco JasperSoft Path Traversal (0)
09-11: Core FTP LE Version 2.2 Build 1935 Buffer Overflow (0)
09-11: Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure (0)
09-11: [webapps] AVCON6 systems management platform – OGNL Remote Command Execution (0)
09-10: Researchers Expose Another Instance Of Chrome Patch Gapping (0)
09-10: Apple, Angry At Google, Hits Back At Hack Claims (0)
09-10: [local] Windows 10 – UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) (0)
09-10: [remote] October CMS – Upload Protection Bypass Code Execution (Metasploit) (0)
09-10: [remote] LibreNMS – Collectd Command Injection (Metasploit) (0)
09-10: [webapps] WordPress Plugin Photo Gallery 1.5.34 – Cross-Site Scripting (2) (0)
09-10: [webapps] WordPress Plugin Photo Gallery 1.5.34 – SQL Injection (0)
09-10: [webapps] WordPress Plugin Photo Gallery 1.5.34 – Cross-Site Scripting (0)
09-10: [local] Windows 10 – UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) (0)
09-09: Dabman & Imperial (i&d) – Multiple Vulnerabilities (0)
09-09: Dabman & Imperial (i&d) – Undocumented Telnet Backdoor (0)
09-09: [webapps] WordPress 5.2.3 – Cross-Site Host Modification (0)
09-09: [webapps] Dolibarr ERP-CRM 10.0.1 – 'elemid' SQL Injection (0)
09-08: October CMS Upload Protection Bypass Code Execution (0)
09-08: LibreNMS Collectd Command Injection (0)
09-07: WordPress Ecpay Logistics For WooCommerce 1.2.181030 Cross Site Scripting (0)
09-07: Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) And Registry (0)
09-07: Pulse Secure 8.1R15.1 / 8.2 / 8.3 / 9.0 SSL VPN Remote Code Execution (0)
09-07: FusionPBX 4.4.8 Remote Code Execution (0)
09-07: Microsoft Windows NTFS Privileged File Access Enumeration (0)
09-07: Facebook Messenger Denial Of Service (0)
09-07: WordPress 5.2.3 Remote Cross Site Host Modification (0)
09-07: Microsoft Windows 10 UAC Protection Bypass Via Windows Store (0)
09-06: Zero-Day Privilege Escalation Disclosed For Android (0)
09-06: Cisco Device Hardcoded Credentials / GNU glibc / BusyBox (0)
09-06: AwindInc SNMP Service Command Injection (0)
09-06: WordPress API Bearer Auth 20181229 Cross Site Scripting (0)
09-06: [remote] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Remote Code Execution (0)
09-05: FileThingie 2.5.7 Remote Shell Upload (0)
09-05: Totaljs CMS 12.0 Path Traversal (0)
09-05: Totaljs CMS 12.0 Insecure Admin Session Cookie (0)
09-05: WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting (0)
09-05: Totaljs CMS 12.0 Widget Creation Code Injection (0)
09-05: Totaljs CMS 12.0 Improper Access Control (0)
09-05: One Identity Defender 5.9.3 Insecure Cryptographic Storage (0)
09-05: WordPress Download Manager 2.9.93 Cross Site Scripting (0)
09-05: DASAN Zhone ZNID GPON 2426A EU Cross Site Scripting (0)
09-05: Cisco Content Security Management Virtual Appliance M600V IronPort Header Injection (0)
09-05: Cisco Email Security Virtual Appliance C300V IronPort Header Injection (0)
09-05: Cisco Email Security Virtual Appliance C380 IronPort Header Injection (0)
09-05: WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting (0)
09-05: [remote] AwindInc SNMP Service – Command Injection (Metasploit) (0)
09-04: http://haisokbr.go.th/zx.htm (0)
09-04: Cisco M1070 Content Security Management Appliance IronPort Header Injection (0)
09-04: Cisco C170 Email Security Appliance 10.0.3-003 IronPort Header Injection (0)
09-04: Cisco Email Security Virtual Appliance C100V IronPort Header Injection (0)
09-04: Cisco C690 Email Security Appliance 11.0.2-044 IronPort Header Injection (0)
09-04: Cisco Email Security Virtual Appliance C600V IronPort Header Injection (0)
09-04: Cisco Email Security Virtual Appliance C370 IronPort Header Injection (0)
09-04: Cisco IronPort C350 Header Injection (0)
09-04: Microsoft Outlook Web Access 14.3.224.2 Header Injection (0)
09-04: [webapps] DASAN Zhone ZNID GPON 2426A EU – Multiple Cross-Site Scripting (0)
09-04: [webapps] WordPress Plugin Download Manager 2.9.93 – Cross-Site Scripting (0)
09-03: Confluence Server Local File Disclosure (0)
09-03: Cisco (Titsco) Email Security Appliance (IronPort) C160 Header Injection (0)
09-03: Craft CMS 2.7.9 / 3.2.5 Information Disclosure (0)
09-03: ChaosPro 2.0 SEH Buffer Overflow (0)
09-03: ChaosPro 2.1 SEH Buffer Overflow (0)
09-03: ChaosPro 3.1 SEH Buffer Overflow (0)
09-03: Kaseya VSA Agent 9.5 Privilege Escalation (0)
09-03: Alkacon OpenCMS 10.5.x Local File Inclusion (0)
09-03: Alkacon OpenCMS 10.5.x Cross Site Scripting (0)
09-03: Opencart 3.x Cross Site Scripting (0)
09-03: Webmin 1.920 rpc.cgi Remote Root (0)
09-03: Wolters Kluwer TeamMate+ 3.1 Cross Site Request Forgery (0)
09-03: WordPress Event Tickets 4.10.7.1 CSV Injection (0)
09-03: IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read (0)
09-03: Alkacon OpenCMS 10.5.x Cross Site Scripting (0)
09-03: Microsoft Outlook Web Access Build 15.1.1591 Header Injection (0)
09-03: Cisco IronPort C150 Header Injection (0)
09-03: Cisco RV110W / RV130(W) / RV215W Remote Command Execution (0)
09-03: Cisco Data Center Network Manager Unauthenticated Remote Code Execution (0)
09-03: Cisco UCS Director Default scpuser Password (0)
09-03: ptrace Sudo Token Privilege Escalation (0)
09-03: ktsuss Suid Privilege Escalation (0)
09-03: Cisco UCS Director Unauthenticated Remote Code Execution (0)
09-03: Packet Storm New Exploits For August, 2019 (0)
09-03: http://www.dms.moph.go.th/dpk.txt (0)
09-03: [remote] Cisco UCS Director – default scpuser password (Metasploit) (0)
09-03: [local] ptrace – Sudo Token Privilege Escalation (Metasploit) (0)
09-03: [local] ktsuss 1.4 – suid Privilege Escalation (Metasploit) (0)
09-02: [local] Kaseya VSA agent 9.5 – Privilege Escalation (0)
09-02: [remote] Cisco Email Security Appliance (IronPort) C160 – 'Host' Header Injection (0)
09-02: [webapps] Alkacon OpenCMS 10.5.x – Local File inclusion (0)
09-02: [webapps] Opencart 3.x – Cross-Site Scripting (0)
09-02: [local] ChaosPro 2.0 – SEH Buffer Overflow (0)
09-02: [webapps] Alkacon OpenCMS 10.5.x – Cross-Site Scripting (2) (0)
09-02: [webapps] Alkacon OpenCMS 10.5.x – Cross-Site Scripting (0)
09-02: [remote] IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 – Arbitrary File Read (0)
09-02: [local] ChaosPro 3.1 – SEH Buffer Overflow (0)
09-02: [webapps] Wordpress Plugin Event Tickets 4.10.7.1 – CSV Injection (0)
09-02: [local] ChaosPro 2.1 – SEH Buffer Overflow (0)
09-01: Ping Identity Agentless Integration Kit Cross Site Scripting (0)

August 2019 (365)

08-31: http://oard3.doa.go.th/t.txt (0)
08-31: https://www.pro.moph.go.th/abcd.txt (0)
08-31: QEMU Denial Of Service (0)
08-31: GGPowerShell / Windows PowerShell Remote Command Execution (0)
08-31: Asus Precision TouchPad 11.0.0.25 Denial Of Service / Privilege Escalation (0)
08-31: SQL Server Password Changer 1.90 Denial Of Service (0)
08-31: Easy MP3 Downloader 4.7.8.8 Denial Of Service (0)
08-31: YouPHPTube 7.4 Remote Code Execution (0)
08-31: WordPress WooCommerce Product Feed 2.2.18 Cross Site Scripting (0)
08-31: VX Search Enterprise 10.4.16 Denial Of Service (0)
08-31: Canon PRINT 2.5.5 URI Injection (0)
08-31: Sentrifugo 3.2 File Upload Restriction Bypass (0)
08-31: Sentrifugo 3.2 Cross Site Scripting (0)
08-31: DomainMod 4.13 Cross Site Scripting (0)
08-31: Zyxel NWA/NAP/WAC Hardcoded Credentials (0)
08-31: Zyxel USG/UAG/ATP/VPN/NXC External DNS Requests (0)
08-30: http://www.thamchalong.go.th/index.php (0)
08-30: http://www.moungjedton.go.th/news_files_att/[a1435651102]. (0)
08-30: Google Finds Malicious Sites Pushing iOS Exploits For Years (0)
08-30: Outlook Password Recovery 2.10 Denial Of Service (0)
08-30: Joomla Easy GuestBook 1.0 SQL Injection (0)
08-30: Joomla JomEstate 4.1 SQL Injection (0)
08-30: Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection (0)
08-30: Webkit JSC JIT ArgumentsEliminationPhase::transform Uninitialized Variable Access (0)
08-30: Jobberbase 2.0 subscribe SQL Injection (0)
08-30: PilusCart 1.4.1 Local File Disclosure (0)
08-30: [dos] Easy MP3 Downloader 4.7.8.8 – 'Unlock Code' Denial of Service (0)
08-30: [dos] SQL Server Password Changer 1.90 – Denial of Service (0)
08-30: [dos] VX Search Enterprise 10.4.16 – 'User-Agent' Denial of Service (0)
08-30: [webapps] WordPress Plugin WooCommerce Product Feed 2.2.18 – Cross-Site Scripting (0)
08-30: [local] Canon PRINT 2.5.5 – Information Disclosure (0)
08-30: [webapps] YouPHPTube 7.4 – Remote Code Execution (0)
08-30: [webapps] DomainMod 4.13 – Cross-Site Scripting (0)
08-30: [webapps] Sentrifugo 3.2 – Persistent Cross-Site Scripting (0)
08-30: [dos] Asus Precision TouchPad 11.0.0.25 – Denial of Service (0)
08-30: [webapps] Sentrifugo 3.2 – File Upload Restriction Bypass (0)
08-29: http://do9.hss.moph.go.th/images/_input_7_.jpg (0)
08-29: [dos] Webkit JSC: JIT – Uninitialized Variable Access in ArgumentsEliminationPhase::transform (0)
08-29: [webapps] Jobberbase 2.0 – 'subscribe' SQL Injection (0)
08-29: [webapps] PilusCart 1.4.1 – Local File Disclosure (0)
08-28: Tableau XML Injection (0)
08-28: Pulse Secure SSL VPN File Disclosure NSE (0)
08-28: [dos] Outlook Password Recovery 2.10 – Denial of Service (0)
08-28: [webapps] Jobberbase 2.0 CMS – 'jobs-in' SQL Injection (0)
08-28: [webapps] SQLiteManager 1.2.0 / 1.2.4 – Blind SQL Injection (0)
08-27: Apple Security Advisory 2019-8-26-1 (0)
08-27: Apple Security Advisory 2019-8-26-2 (0)
08-27: Apple Security Advisory 2019-8-26-3 (0)
08-27: LSoft ListServ Cross Site Scripting (0)
08-27: Realtek Managed Switch Controller RTL83xx Stack Overflow (0)
08-27: ProGrade/Lierda Grill Temperature 1.00_50006 Hardcoded Credentials (0)
08-27: WordPress UserPro 4.9.32 Cross Site Scripting (0)
08-27: Joomla AlphaContent 3. SQL Injection (0)
08-27: Joomla FireBoard 1.1.3 SQL Injection (0)
08-27: Joomla OrgChart 1.0.0 Cross Site Scripting / SQL Injection (0)
08-27: Joomla EstateAgent 3.x SQL Injection (0)
08-27: openITCOCKPIT 3.6.1-2 Cross Site Request Forgery (0)
08-27: Plexo Torresoft Alex Torres Software 2.0 Cross Site Scripting / SQL Injection (0)
08-27: CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Scripting (0)
08-27: CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Request Forgery (0)
08-27: Django CRM 0.2.1 Cross Site Request Forgery (0)
08-27: Webmin 1.890 expired Remote Root (0)
08-27: [webapps] Tableau – XML External Entity (0)
08-26: [local] Exim 4.87 / 4.91 – Local Privilege Escalation (Metasploit) (0)
08-26: [webapps] WordPress Plugin UserPro 4.9.32 – Cross-Site Scripting (0)
08-26: [webapps] WordPress Plugin Import Export WordPress Users 1.3.1 – CSV Injection (0)
08-26: [webapps] openITCOCKPIT 3.6.1-2 – Cross-Site Request Forgery (0)
08-26: [webapps] LSoft ListServ < 16.5-2018a – Cross-Site Scripting (0)
08-25: http://www.panghinfon.go.th/m-1.html (0)
08-25: Nimble Streamer 3.x Directory Traversal (0)
08-25: Webmin 1.920 password_change.cgi Backdoor (0)
08-25: Exim 4.91 Local Privilege Escalation (0)
08-24: http://khaophoem.go.th/m-1.html (0)
08-24: Valve Says Turning Away Researcher Was A Mistake (0)
08-24: Snapforce CRM 8.3.0 Cross Site Scripting (0)
08-24: Wikindx 5.8.2 SQL Injection (0)
08-24: Endian Firewall 3.3.0 Cross Site Scripting (0)
08-24: Microsoft Windows SET_REPARSE_POINT_EX Mount Point Security Feature Bypass (0)
08-23: http://www.djop.go.th/asifa.html (0)
08-23: Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure (0)
08-23: Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure (0)
08-23: KBPublisher 6.0.2.1 SQL Injection (0)
08-23: [webapps] Nimble Streamer 3.0.2-2 < 3.5.4-9 – Directory Traversal (0)
08-22: http://secondary33.go.th/m-1.gif (0)
08-22: http://webapp.udoncity.go.th/tmp/uwu.html (0)
08-22: Researcher Publishes Second Steam Zero Day (0)
08-21: Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass (0)
08-21: WordPress Add Mime Types 2.2.1 Cross Site Request Forgery (0)
08-21: CentOS Control Web Panel (CWP) 0.9.8.848 User Enumeration (0)
08-21: CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop (0)
08-21: CentOS Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change (0)
08-21: Webmin 1.920 Remote Root (0)
08-21: LibreOffice Macro Python Code Execution (0)
08-21: http://foodcontact.dss.go.th/index.html (0)
08-21: [webapps] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Arbitrary File Disclosure (metasploit) (0)
08-20: RAR Password Recovery 1.80 Denial Of Service (0)
08-20: Kimai 2 Cross Site Scripting (0)
08-20: Neo Billing 3.5 Cross Site Scripting (0)
08-20: YouPHPTube 7.2 SQL Injection (0)
08-20: FortiOS 5.6.7 / 6.0.4 Credential Disclosure (0)
08-20: FortiOS 5.6.7 / 6.0.4 Credential Disclosure (0)
08-20: http://www.bangphlab.go.th/activity/images/ (0)
08-20: http://chaimongkon.go.th/activity/images/ (0)
08-20: http://www.nongdang.go.th/activity/images/ (0)
08-20: http://www.klongkham.go.th/activity/images/ (0)
08-20: http://www.nonkoon.go.th/activity/images/ (0)
08-20: http://www.mekdum.go.th/activity/images/ (0)
08-20: http://www.wangdan.go.th/activity/images/ (0)
08-20: http://www.buayai.go.th/activity/images/ (0)
08-20: http://tessabansaohai.go.th/activity/images/ (0)
08-20: http://www.tambonbanpra.go.th/activity/images/ (0)
08-20: http://www.tapsadet.go.th/activity/images/ (0)
08-20: http://www.banphet.go.th/activity/images/ (0)
08-20: http://banglen.go.th/activity/images/ (0)
08-20: http://lupka.go.th/activity/images/ (0)
08-20: http://koratsao.go.th/activity/images/ (0)
08-20: http://www.dongkeng.go.th/activity/images/ (0)
08-20: http://www.muangdon.go.th/activity/images/ (0)
08-20: http://www.phontongsida.go.th/activity/images/ (0)
08-20: http://www.tachangcity.go.th/activity/images/ (0)
08-20: http://bds.dip.go.th/Moro-cco.txt (0)
08-20: [webapps] WordPress Add Mime Types Plugin 2.2.1 – Cross-Site Request Forgery (0)
08-19: Webmin Remote Comman Execution (0)
08-19: [webapps] YouPHPTube 7.2 – 'userCreate.json.php' SQL Injection (0)
08-19: [webapps] Webmin 1.920 – Remote Code Execution (0)
08-19: [dos] RAR Password Recovery 1.80 – 'User Name and Registration Code' Denial of Service (0)
08-19: [webapps] Neo Billing 3.5 – Persistent Cross-Site Scripting (0)
08-19: [webapps] FortiOS 5.6.3 – 5.6.7 / FortiOS 6.0.0 – 6.0.4 – Credentials Disclosure (0)
08-19: [webapps] FortiOS 5.6.3 – 5.6.7 / FortiOS 6.0.0 – 6.0.4 – Credentials Disclosure (Metasploit) (0)
08-19: [webapps] Kimai 2 – Persistent Cross-Site Scripting (0)
08-18: http://doph.pao-roiet.go.th/m-1.html (0)
08-18: http://car.pao-roiet.go.th/m-1.html (0)
08-18: http://dof.pao-roiet.go.th/m-1.html (0)
08-18: http://ch.pao-roiet.go.th/m-1.html (0)
08-18: http://kongkit.pao-roiet.go.th/m-1.html (0)
08-18: http://e-doc.pao-roiet.go.th/m-1.html (0)
08-18: http://edu101.pao-roiet.go.th/m-1.html (0)
08-18: http://e-records.pao-roiet.go.th/m-1.html (0)
08-18: http://e-procurement.pao-roiet.go.th/m-1.html (0)
08-18: http://hr.pao-roiet.go.th/m-1.html (0)
08-18: http://elect.pao-roiet.go.th/m-1.html (0)
08-18: http://ress.pao-roiet.go.th/m-1.html (0)
08-18: http://ss101.pao-roiet.go.th/m-1.html (0)
08-18: http://rk101.pao-roiet.go.th/m-1.html (0)
08-18: http://plan.pao-roiet.go.th/m-1.html (0)
08-18: http://rsc.pao-roiet.go.th/m-1.html (0)
08-18: http://kpk.pao-roiet.go.th/m-1.html (0)
08-18: http://library101.pao-roiet.go.th/m-1.html (0)
08-18: http://repj.pao-roiet.go.th/m-1.html (0)
08-18: http://qol.pao-roiet.go.th/m-1.html (0)
08-17: EyesOfNetwork 5.1 Remote Command Execution (0)
08-17: Integria IMS 5.0.86 Arbitrary File Upload (0)
08-17: Web Wiz Forums 12.01 SQL Injection (0)
08-17: Joomla JS Jobs 1.2.6 Arbitrary File Delete (0)
08-17: GetGo Download Manager 6.2.2.3300 Denial Of Service (0)
08-17: GNU patch Command Injection / Directory Traversal (0)
08-17: Open-Xchange OX Guard Cross Site Scripting / Signature Validation (0)
08-17: Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting (0)
08-16: WordPress Download Manager 2.5 Cross Site Request Forgery (0)
08-16: ABC2MTEX 1.6.1 Stack Overflow (0)
08-16: ManageEngine opManager 12.3.150 Remote Code Execution (0)
08-16: Tesla Agent Remote Code Execution (0)
08-16: Adobe Acrobat CoolType (AFDKO) Type 1 Font Memory Corruption (0)
08-16: Adobe Acrobat CoolType (AFDKO) Type 1 Font Uninitialized Memory Issue (0)
08-16: Microsoft Font Subsetting DLL MergeFontPackage Dangling Pointer (0)
08-16: Microsoft Font Subsetting DLL GetGlyphId Out-Of-Bounds Read (0)
08-16: Microsoft Font Subsetting DLL MergeFormat12Cmap / MakeFormat12MergedGlyphList Double-Free (0)
08-16: Microsoft Font Subsetting DLL FixSbitSubTables Heap Corruption (0)
08-16: Microsoft Font Subsetting DLL ReadTableIntoStructure Heap Corruption (0)
08-16: Microsoft Font Subsetting DLL ReadAllocFormat12CharGlyphMapList Heap Corruption (0)
08-16: Microsoft Font Subsetting DLL WriteTableFromStructure Out-Of-Bounds Read (0)
08-16: Microsoft Font Subsetting DLL MakeFormat12MergedGlyphList Heap Corruption (0)
08-16: Microsoft Font Subsetting DLL FixSbitSubTableFormat1 Out-Of-Bounds Read (0)
08-16: Adobe Acrobat Reader DC For Windows JP2 Stream Out-Of-Bounds Read (0)
08-16: Adobe Acrobat Reader DC For Windows JP2 Stream Use-After-Free (0)
08-16: Adobe Acrobat Reader DC For Windows Malformed PDF Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows Malformed Font Stream Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows Malformed Font Stream Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows CoolType.dll Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows Malformed TTF Font Memory Corruption (0)
08-16: Adobe Acrobat Reader DC For Windows JP2 Stream Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows Uninitialized Pointer free() (0)
08-16: Adobe Acrobat Reader DC For Windows JP2 Stream Double-Free (0)
08-16: Apple Security Advisory 2019-8-13-1 (0)
08-16: Apple Security Advisory 2019-8-13-2 (0)
08-16: Apple Security Advisory 2019-8-13-3 (0)
08-16: Apple Security Advisory 2019-8-13-4 (0)
08-16: Apple Security Advisory 2019-08-13-5 (0)
08-16: [webapps] Integria IMS 5.0.86 – Arbitrary File Upload (0)
08-16: [webapps] Joomla! component com_jsjobs 1.2.6 – Arbitrary File Deletion (0)
08-16: [webapps] EyesOfNetwork 5.1 – Authenticated Remote Command Execution (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap-Based Out-of-Bounds read in GetGlyphIdx (0)
08-15: [dos] Microsoft Font Subsetting – DLL Returning a Dangling Pointer via MergeFontPackage (0)
08-15: [dos] Adobe Acrobat CoolType (AFDKO) – Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts (0)
08-15: [dos] Adobe Acrobat CoolType (AFDKO) – Memory Corruption in the Handling of Type 1 Font load/store Operators (0)
08-15: [dos] NSKeyedUnarchiver – Info Leak in Decoding SGBigUTF8String (0)
08-15: [local] Microsoft Windows Text Services Framework MSCTF – Multiple Vulnerabilities (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Double Free due to Malformed JP2 Stream (0)
08-15: [dos] Microsoft Font Subsetting – DLL Double Free in MergeFormat12Cmap / MakeFormat12MergedGlyphList (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap Corruption in FixSbitSubTables (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow due to Malformed JP2 Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Memory Corruption due to Malformed TTF Font (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow in CoolType.dll (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Static Buffer Overflow due to Malformed Font Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow due to Malformed Font Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Use-After-Free due to Malformed JP2 Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow While Processing Malformed PDF (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1 (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Out-of-Bounds read due to Malformed JP2 Stream (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap Corruption in MakeFormat12MergedGlyphList (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap Corruption in ReadTableIntoStructure (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList (0)
08-14: Microsoft Patches 18 Year Old Windows Zero Day (0)
08-14: User Agent String Switcher Service – XSS Vulnerabilities (0)
08-14: [remote] Agent Tesla Botnet – Arbitrary Code Execution (Metasploit) (0)
08-14: [webapps] ManageEngine opManager 12.3.150 – Authenticated Code Execution (0)
08-14: [dos] ABC2MTEX 1.6.1 – Command Line Stack Overflow (0)
08-14: [local] Microsoft Windows 10 AppXSvc Deployment Service – Arbitrary File Deletion (0)
08-14: [webapps] TortoiseSVN 1.12.1 – Remote Code Execution (0)
08-14: [webapps] D-Link DIR-600M – Authentication Bypass (Metasploit) (0)
08-14: [webapps] WordPress Plugin Download Manager 2.5 – Cross-Site Request Forgery (0)
08-14: [dos] Windows PowerShell – Unsanitized Filename Command Execution (0)
08-14: [webapps] Joomla! Component JS Jobs (com_jsjobs) 1.2.5 – 'customfields.php' SQL Injection (0)
08-14: [webapps] SugarCRM Enterprise 9.0.0 – Cross-Site Scripting (0)
08-13: Ghidra (Linux) 9.0.4 Arbitrary Code Execution (0)
08-13: Joomla JS Jobs 1.2.5 SQL Injection (0)
08-13: Cisco Adaptive Security Appliance Path Traversal (0)
08-13: UNA 10.0.0 RC1 Cross Site Scripting (0)
08-13: Joomla JS Support Ticket 1.1.6 Arbitrary File Deletion (0)
08-13: Webmin 1.920 Remote Code Execution (0)
08-13: ManageEngine OpManager 12.4x Remote Command Execution (0)
08-13: VxWorks 6.8 Integer Underflow (0)
08-13: ManageEngine OpManager 12.4x Privilege Escalation / Remote Command Execution (0)
08-13: BSI Advance Hotel Booking System 2.0 Cross Site Scripting (0)
08-13: Joomla JS Support Ticket 1.1.6 SQL Injection (0)
08-13: ManageEngine Application Manager 14.2 Privilege Escalation / Remote Command Execution (0)
08-13: WebKit Universal Cross Site Scripting (0)
08-13: Steam Windows Client Local Privilege Escalation (0)
08-13: Agent Tesla Botnet Arbitrary Code Execution (0)
08-13: AZORult Botnet SQL Injection (0)
08-13: TortoiseSVN 1.12.1 Remote Code Execution (0)
08-13: msctf Text Services Framework Design Flaws (0)
08-13: NSKeyedUnarchiver SGBigUTF8String Decoding Information Leak (0)
08-13: http://pr.kan2.go.th/0x.html (0)
08-13: http://kan2.go.th/0x.html (0)
08-13: TortoiseSVN v1.12.1 – Remote Code Execution Vulnerability (0)
08-13: [remote] Azorult Botnet – SQL Injection (0)
08-13: [remote] Agent Tesla Botnet – Arbitrary Code Execution (0)
08-12: Master Data Online 2.0 Cross Site Scripting (0)
08-12: Mitel 6869i Voip Deskphone 4.2.2032 Command Injection (0)
08-12: osTicket 1.12 File Upload Cross Site Scripting (0)
08-12: osTicket 1.12 Formula Injection (0)
08-12: osTicket 1.12 Cross Site Scripting (0)
08-12: [dos] VxWorks 6.8 – TCP Urgent Pointer = 0 Integer Underflow (0)
08-12: [webapps] BSI Advance Hotel Booking System 2.0 – 'booking_details.php Persistent Cross-Site Scripting (0)
08-12: [webapps] Joomla! Component JS Jobs (com_jsjobs) 1.2.5 – 'cities.php' SQL Injection (0)
08-12: [webapps] Cisco Adaptive Security Appliance – Path Traversal (Metasploit) (0)
08-12: [webapps] UNA 10.0.0 RC1 – 'polyglot.php' Persistent Cross-Site Scripting (0)
08-12: [local] Ghidra (Linux) 9.0.4 – .gar Arbitrary Code Execution (0)
08-12: [remote] Webmin 1.920 – Unauthenticated Remote Code Execution (Metasploit) (0)
08-12: [remote] ManageEngine OpManager 12.4x – Unauthenticated Remote Command Execution (Metasploit) (0)
08-12: [remote] ManageEngine OpManager 12.4x – Privilege Escalation / Remote Command Execution (Metasploit) (0)
08-12: [remote] ManageEngine Application Manager 14.2 – Privilege Escalation / Remote Command Execution (Metasploit) (0)
08-12: [webapps] osTicket 1.12 – Formula Injection (0)
08-12: [webapps] osTicket 1.12 – Persistent Cross-Site Scripting (0)
08-12: [webapps] Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 – 'ticket.php' Arbitrary File Deletion (0)
08-12: [webapps] osTicket 1.12 – Persistent Cross-Site Scripting via File Upload (0)
08-12: [webapps] Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 – 'ticketreply.php' SQL Injection (0)
08-10: D-Link DIR-600M Wireless N 150 Home Router Access Bypass (0)
08-10: http://www.chamai.go.th/activity/images/ (0)
08-10: http://www.bukrasang.go.th/activity/images/ (0)
08-10: http://www.bualai.go.th/activity/images/ (0)
08-10: http://www.benjakhon.go.th/activity/images/ (0)
08-10: http://www.bantam.go.th/activity/images/ (0)
08-10: http://www.joho.go.th/activity/images/ (0)
08-10: http://www.khlongse.go.th/activity/images/ (0)
08-10: http://www.kokthai.go.th/activity/images/ (0)
08-10: http://www.konchim.go.th/activity/images/ (0)
08-10: http://www.khanongpra.go.th/activity/images/ (0)
08-10: http://www.ladboakhow.go.th/activity/images/ (0)
08-10: http://www.kudwai.go.th/activity/images/ (0)
08-10: http://www.nongtakhai.go.th/activity/images/ (0)
08-10: http://www.nongbuatakiat.go.th/activity/images/ (0)
08-10: http://www.nongkhamsao.go.th/activity/images/ (0)
08-09: MapProxy 1.11.0 Cross Site Scripting (0)
08-09: Linux show_numa_stats() Use-After-Free (0)
08-09: Open-School 3.0 / Community Edition 2.3 Cross Site Scripting (0)
08-09: Aptana Jaxer 1.0.3.4547 Local File Inclusion (0)
08-09: Baldr Botnet Panel Shell Upload (0)
08-09: Joomla JS Support Ticket 1.1.5 SQL Injection (0)
08-09: Joomla JS Support Ticket 1.1.5 Arbitrary File Download (0)
08-09: Adive Framework 2.0.7 Cross Site Request Forgery (0)
08-08: WordPress JoomSport 3.3 SQL Injection (0)
08-08: Opencart 3.0.3.2 Insecure OCMod Generation Pre-Authentication Remote Code Execution (0)
08-08: Fortinet FortiRecorder 2.7.3 Hardcoded Password (0)
08-08: Daily Expense Manager 1.0 Cross Site Request Forgery (0)
08-08: http://www.songkhla.m-society.go.th (0)
08-08: iOS Messaging Tools (0)
08-08: http://pvnweb.dpt.go.th (0)
08-08: http://khokroengrom.go.th/activity/images/ (0)
08-08: http://muangkao.go.th/activity/images/ (0)
08-08: http://klongkhern.go.th/activity/images/ (0)
08-08: http://tbhuaimek.go.th/activity/images/ (0)
08-08: http://www.takeinram.go.th/activity/images/ (0)
08-08: http://www.khukhad.go.th/activity/images/ (0)
08-08: http://www.buakho.go.th/activity/images/ (0)
08-08: http://www.bankaosao.go.th/activity/images/ (0)
08-08: http://www.huakhao.go.th/activity/images/ (0)
08-08: http://www.janaud.go.th/activity/images/ (0)
08-08: http://www.nongyakhao.go.th/activity/images/ (0)
08-08: http://www.paknamtarua.go.th/activity/images/ (0)
08-08: http://khoklam.go.th/activity/images/ (0)
08-08: http://www.chawangcity.go.th/activity/images/ (0)
08-08: http://sumsao.go.th/activity/images/ (0)
08-08: http://songkon.go.th/activity/images/ (0)
08-08: http://noonsung-muni.go.th/activity/images/ (0)
08-08: http://sratakien.go.th/activity/images/ (0)
08-08: [webapps] Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 – SQL Injection (0)
08-08: [webapps] Adive Framework 2.0.7 – Cross-Site Request Forgery (0)
08-08: [webapps] Open-School 3.0 / Community Edition 2.3 – Cross-Site Scripting (0)
08-08: [webapps] Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 – Arbitrary File Download (0)
08-08: [remote] Baldr Botnet Panel – Arbitrary Code Execution (Metasploit) (0)
08-08: [webapps] Aptana Jaxer 1.0.3.4547 – Local File inclusion (0)
08-08: [webapps] Daily Expense Manager 1.0 – Cross-Site Request Forgery (Delete Income) (0)
08-07: Chrome blink::PresentationAvailabilityState::UpdateAvailability Heap Use-After-Free (0)
08-07: http://www.dnp.go.th/lungset.htm (0)
08-07: [dos] Google Chrome 74.0.3729.0 / 76.0.3789.0 – Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability (0)
08-07: [webapps] WordPress Plugin JoomSport 3.3 – SQL Injection (0)
08-06: http://cco.mof.go.th (0)
08-06: ATutor 2.2.4 Backup Remote Command Execution (0)
08-06: Opencart 2.3.0.2 Insecure OCMod Generation Remote Command Execution (0)
08-06: ATutor 2.2.4 Arbitrary File Upload / Command Execution (0)
08-06: KDE 4/5 KDesktopFile Command Injection (0)
08-06: iMessage URL Deserializing Heap Overflow (0)
08-06: CentOS Control Web Panel 0.9.8.836 Remote Command Execution (0)
08-06: CentOS Control Web Panel 0.9.8.840 User Enumeration (0)
08-06: CentOS Control Web Panel 0.9.8.846 Cross Site Scripting (0)
08-06: Active PHP Bookmarks 1.3 SQL Injection (0)
08-06: ARMBot Botnet Arbitrary Code Execution (0)
08-06: http://www.pamok.go.th/activity/images/ (0)
08-06: http://www.tiwang.go.th/activity/images/ (0)
08-06: http://www.sokkam.go.th/activity/images/ (0)
08-05: [remote] Apache Tika 1.15 – 1.17 – Header Command Injection (Metasploit) (0)
08-05: [dos] macOS iMessage – Heap Overflow when Deserializing (0)
08-03: Rest Cafe And Restaurant Website CMS SQL Injection (0)
08-03: Sar2HTML 3.2.1 Remote Command Execution (0)
08-03: 1CRM On-Premise Software 8.5.7 Cross Site Scripting (0)
08-03: Microsoft Windows PowerShell Command Execution (0)
08-03: Apache Tika 1.17 Header Command Injection (0)
08-03: http://www.dongluang.go.th/dongluang/file_editor/db.txt (0)
08-03: http://www.obtbanjarn.go.th/obtbanjarn/file_editor/db.txt (0)
08-03: http://chiangkhwan.go.th/chiangkhwan/file_editor/db.txt (0)
08-02: WebIncorp ERP SQL Injection (0)
08-02: Cisco Catalyst 3850 Series Device Manager 3.6.10E Cross Site Request Forgery (0)
08-02: Ultimate Loan Manager 2.0 Cross Site Scripting (0)
08-02: Packet Storm New Exploits For July, 2019 (0)
08-02: [webapps] 1CRM On-Premise Software 8.5.7 – Persistent Cross-Site Scripting (0)
08-02: [webapps] Rest – Cafe and Restaurant Website CMS – 'slug' SQL Injection (0)
08-02: [webapps] Sar2HTML 3.2.1 – Remote Command Execution (0)
08-01: D-Link 6600-AP XSS / DoS / Information Disclosure (0)
08-01: Oracle Hyperion Planning 11.1.2.3 XML Injection (0)
08-01: [webapps] WebIncorp ERP – SQL injection (0)
08-01: [webapps] Ultimate Loan Manager 2.0 – Cross-Site Scripting (0)

July 2019 (240)

07-31: JSC BytecodeGenerator::emitEqualityOpImpl Data Mishandling (0)
07-31: JSC YarrJIT initParenContextFreeList Byte Overwrite (0)
07-31: Amcrest Cameras 2.520.AC00.18.R Unauthenticated Audio Streaming (0)
07-31: WordPress WP Fastest Cache 0.8.9.5 Directory Traversal (0)
07-31: iMessage NSKeyedUnarchiver Deserialization (0)
07-31: iMessage NSArray Deserialization (0)
07-31: iMessage NSKnownKeysDictionary1 Memory Corruption (0)
07-31: [webapps] Oracle Hyperion Planning 11.1.2.3 – XML External Entity (0)
07-30: WordPress Real Estate Theme 2.8.9 Cross Site Scripting (0)
07-30: GigToDo 1.3 Cross Site Scripting (0)
07-30: NSKeyedUnarchiver ObjC Object Use-After-Free (0)
07-30: WordPress Simple Membership 3.8.4 Cross Site Request Forgery (0)
07-30: Redis Unauthenticated Code Execution (0)
07-30: http://www.krabuang.go.th/index.php (0)
07-30: http://www.takook.go.th/index.php (0)
07-30: http://www.arpon.go.th/index.php (0)
07-30: http://www.soengsanglocal.go.th/index.php (0)
07-30: http://www.srinarong.go.th/index.php (0)
07-30: http://www.kra-om.go.th/index.php (0)
07-30: http://www.nanuan.go.th/index.php (0)
07-30: http://www.nongbualocal.go.th/index.php (0)
07-30: http://www.krahard.go.th/index.php (0)
07-30: http://www.sakot.go.th/index.php (0)
07-30: http://www.promtep.go.th/index.php (0)
07-30: [remote] Redis 4.x / 5.x – Unauthenticated Code Execution (Metasploit) (0)
07-30: [dos] iMessage – NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects (0)
07-30: [dos] iMessage – Memory Corruption when Decoding NSKnownKeysDictionary1 (0)
07-30: [dos] macOS / iOS NSKeyedUnarchiver – Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances (0)
07-30: [webapps] Amcrest Cameras 2.520.AC00.18.R – Unauthenticated Audio Streaming (0)
07-29: [webapps] GigToDo 1.3 – Cross-Site Scripting (0)
07-29: [webapps] WordPress Plugin Simple Membership < 3.8.5 – Cross-Site Request Forgery (0)
07-29: [webapps] WordPress Theme Real Estate 2.8.9 – Cross-Site Scripting (0)
07-28: Ovidentia 8.4.3 SQL Injection (0)
07-28: Ovidentia 8.4.3 Cross Site Scripting (0)
07-28: Trend Micro Deep Discovery Inspector Percent Encoding IDS Bypass (0)
07-28: Yahei-PHP Prober 0.4.7 HTML Injection (0)
07-28: Zurmo 3.2.6 Reflected Cross Site Scripting (0)
07-28: Zurmo 3.2.6 Code Evaluation (0)
07-28: WebKit Synchronous Page Load Universal Cross Site Scripting (0)
07-28: iMessage DigitalTouch Out-Of-Bounds Read (0)
07-28: Microsoft Windows 7 Build 7601 (x86) Local Privilege Escalation (0)
07-28: Moodle Filepicker 3.5.2 Server-Side Request Forgery (0)
07-28: pdfresurrect 0.15 Buffer Overflow (0)
07-28: Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution (0)
07-28: Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution (0)
07-28: Ahsay Backup 7.x / 8.x XML Injection (0)
07-28: Zurmo 3.2.6 Out Of Band Code Evaluation (0)
07-28: Zurmo 3.2.6 Open Redirection (0)
07-28: Zurmo 3.2.6 Persistent Cross Site Scripting (0)
07-28: Zurmo 3.2.6 Iframe Injection (0)
07-28: WordPress Database Backup Remote Command Execution (0)
07-28: Schneider Electric Pelco Endura NET55XX Encoder (0)
07-28: http://nonthaburi.rid.go.th (0)
07-28: Apple Security Advisory 2019-7-23-1 (0)
07-28: Apple Security Advisory 2019-7-23-2 (0)
07-28: Apple Security Advisory 2019-7-23-3 (0)
07-27: WordPress Hybrid Composer 1.4.6 Unauthenticated Access (0)
07-26: Comtrend AR-5310 Restricted Shell Escape (0)
07-26: Docker Container Escape (0)
07-26: BACnet Stack 0.8.6 Denial Of Service (0)
07-26: Novismart CMS SQL Injection (0)
07-26: Axway SecureTransport 5 XML Injection (0)
07-26: Apple Security Advisory 2019-7-22-5 (0)
07-26: Apple Security Advisory 2019-7-22-1 (0)
07-26: Apple Security Advisory 2019-7-22-3 (0)
07-26: Apple Security Advisory 2019-7-22-2 (0)
07-26: [local] Microsoft Windows 7 build 7601 (x86) – Local Privilege Escalation (0)
07-25: http://www.vec.go.th/Relaz.html (0)
07-25: [dos] WebKit – Universal Cross-Site Scripting due to Synchronous Page Loads (0)
07-25: [webapps] Ovidentia 8.4.3 – SQL Injection (0)
07-25: [webapps] Ovidentia 8.4.3 – Cross-Site Scripting (0)
07-24: https://www.nrct.go.th/Relaz.html (0)
07-24: [remote] Trend Micro Deep Discovery Inspector IDS – Security Bypass (0)
07-24: [webapps] WordPress Plugin Hybrid Composer 1.4.6 – Improper Access Restrictions (0)
07-24: [webapps] Cisco Wireless Controller 3.6.10E – Cross-Site Request Forgery (0)
07-24: [webapps] NoviSmart CMS – SQL injection (0)
07-22: [local] Comtrend-AR-5310 – Restricted Shell Escape (0)
07-22: [dos] BACnet Stack 0.8.6 – Denial of Service (0)
07-20: Web Ofisi Firma Rehberi 1 SQL Injection (0)
07-20: Web Ofisi Rent A Car 3 SQL Injection (0)
07-20: Web Ofisi Firma 13 SQL Injection (0)
07-20: REDCap Cross Site Scripting (0)
07-20: Web Ofisi Platinum E-Ticaret 5 SQL Injection (0)
07-20: Web Ofisi Emlak 2 SQL Injection (0)
07-20: Web Ofisi Emlak 3 SQL Injection (0)
07-20: Web Ofisi E-Ticaret 3 SQL Injection (0)
07-20: fuelCMS 1.4.1 Remote Code Execution (0)
07-20: MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow (0)
07-20: Microsoft Windows Task Scheduler Local Privilege Escalation (0)
07-19: WordPress OneSignal 1.17.5 Cross Site Scripting (0)
07-19: Microsoft Windows RPCSS Activation Kernel Security Callback Privilege Escalation (0)
07-19: [webapps] Web Ofisi Firma 13 – 'oz' SQL Injection (0)
07-19: [webapps] Web Ofisi E-Ticaret 3 – 'a' SQL Injection (0)
07-19: [webapps] fuelCMS 1.4.1 – Remote Code Execution (0)
07-19: [remote] MAPLE Computer WBT SNMP Administrator 2.0.195.15 – Remote Buffer Overflow (EggHunter) (0)
07-18: WinMPG iPod Convert 3.0 Denial Of Service (0)
07-18: MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow (0)
07-18: Oracle Siebel CRM 19.0 Cross Site Scripting (0)
07-18: [local] Microsoft Windows 10 1903/1809 – RPCSS Activation Kernel Security Callback Privilege Escalation (0)
07-17: R 3.4.4 (Windows 10 x64) Buffer Overflow (0)
07-17: DameWare Remote Support 12.0.0.509 Buffer Overflow (0)
07-17: CentOS Control Web Panel 0.9.8.836 Privilege Escalation (0)
07-17: CentOS Control Web Panel 0.9.8.836 Authentication Bypass (0)
07-17: CentOS Control Web Panel 0.9.8.838 User Enumeration (0)
07-17: Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity Injection (0)
07-17: Linux PTRACE_TRACEME Broken Permission / Object Lifetime Handling (0)
07-17: Microsoft Windows NtUserSetWindowFNID Win32k User Callback (0)
07-17: FANUC Robotics Virtual Robot Controller 8.23 Buffer Overflow (0)
07-17: FANUC Robotics Virtual Robot Controller 8.23 Path Traversal (0)
07-17: [webapps] Oracle Siebel CRM 19.0 – Persistent Cross-Site Scripting (0)
07-17: [dos] WinMPG iPod Convert 3.0 – 'Register' Denial of Service (0)
07-17: [remote] MAPLE Computer WBT SNMP Administrator 2.0.195.15 – Remote Buffer Overflow (0)
07-16: Cisco Small Business Switch Information Leakage / Open Redirect (0)
07-16: PCMan FTP Server 2 ALLO Buffer Overflow (0)
07-16: FlightPath Local File Inclusion (0)
07-16: Microsoft Windows RDP BlueKeep Denial Of Service (0)
07-16: Android VideoPlayer ihevcd_parse_pps Out-Of-Bounds Write (0)
07-16: Netgear WiFi Router JWNR2010v5 / R6080 Authentication Bypass (0)
07-16: Streamripper 2.6 Buffer Overflow (0)
07-16: Citrix SD-WAN Appliance 10.2.2 Authentication Bypass / Remote Command Execution (0)
07-16: Microsoft Windows HTTP To SMB NTLM Reflection Privilege Escalation (0)
07-16: PHP Laravel Framework Token Unserialize Remote Command Execution (0)
07-16: AppXSvc Hard Link Privilege Escalation (0)
07-16: [local] R 3.4.4 (Windows 10 x64) – Buffer Overflow SEH (DEP/ASLR Bypass) (0)
07-15: [webapps] FlightPath < 4.8.2 / < 5.0-rc2 – Local File Inclusion (0)
07-15: [dos] Microsoft Windows Remote Desktop – 'BlueKeep' Denial of Service (Metasploit) (0)
07-15: [dos] Android 7 – 9 VideoPlayer – 'ihevcd_parse_pps' Out-of-Bounds Write (0)
07-15: [webapps] CISCO Small Business 200 / 300 / 500 Switches – Multiple Vulnerabilities (0)
07-15: [webapps] NETGEAR WiFi Router JWNR2010v5 / R6080 – Authentication Bypass (0)
07-15: [local] Streamripper 2.6 – 'Song Pattern' Buffer Overflow (0)
07-13: Microsoft DirectWrite / AFDKO OpenType NULL Pointer Dereference (0)
07-13: Microsoft DirectWrite / AFDKO OpenType Post Table Bugs (0)
07-13: Microsoft DirectWrite / AFDKO OpenType Out-Of-Bounds Read (0)
07-13: Microsoft DirectWrite / AFDKO OpenType Out-Of-Bounds Read / Write (0)
07-13: Microsoft DirectWrite / AFDKO OpenType Stack Corruption (0)
07-13: Microsoft Font Subsetting DLL ComputeFormat4CmapData Heap Corruption (0)
07-13: Jenkins Dependency Graph View 0.13 Cross Site Scripting (0)
07-13: SNMPc Enterprise Edition 9 / 10 Mapping Filename Buffer Overflow (0)
07-13: Sitecore 9.0 Rev 171002 Cross Site Scripting (0)
07-13: Xymon useradm Command Execution (0)
07-13: http://www.dft.go.th/Relaz.html (0)
07-12: [remote] Xymon 4.3.25 – useradm Command Execution (Metasploit) (0)
07-12: [dos] Microsoft Font Subsetting – DLL Heap Corruption in ComputeFormat4CmapData (0)
07-12: [webapps] Tenda D301 v2 Modem Router – Persistent Cross-Site Scripting (0)
07-12: [webapps] Citrix SD-WAN Appliance 10.2.2 – Authentication Bypass / Remote Command Execution (0)
07-12: [webapps] Jenkins Dependency Graph View Plugin 0.13 – Persistent Cross-Site Scripting (0)
07-12: [webapps] Sahi Pro 8.0.0 – Remote Command Execution (0)
07-12: [webapps] MyT Project Management 1.5.1 – User[username] Persistent Cross-Site Scripting (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Stack Underflow (0)
07-11: Microsoft DirectWrite / AFDKO OpenType readFDSelect Buffer Overflow (0)
07-11: Microsoft DirectWrite / AFDKO OpenType blendArray Stack Corruption (0)
07-11: Microsoft DirectWrite / AFDKO readTTCDirectory Integer Overflow (0)
07-11: Microsoft DirectWrite / AFDKO OpenType readStrings Buffer Overflow (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Stack Corruption Due To Out-Of-Bounds cubeStackDepth (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Stack Corruption Due To Negative cubeStackDepth (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Stack Corruption Due To Negative nAxes (0)
07-11: Microsoft DirectWrite / AFDKO do_set_weight_vector_cube Buffer Overflow (0)
07-11: Microsoft DirectWrite / AFDKO Uninitialized Memory Use (0)
07-11: PowerPanel Business Edition 3.4.0 Cross Site Request Forgery (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Out-Of-Bounds Read / Write (0)
07-11: Microsoft DirectWrite / AFDKO OpenType readCharset Buffer Overflow (0)
07-11: phpFK lite-version Cross Site Scripting (0)
07-11: Microsoft DirectWrite / AFDKO OpenType readEncoding Buffer Overflow (0)
07-11: [local] SNMPc Enterprise Edition 9/10 – Mapping Filename Buffer Overflow (0)
07-11: [webapps] Sitecore 9.0 rev 171002 – Persistent Cross-Site Scripting (0)
07-10: Firefox 67.0.4 Denial Of Service (0)
07-10: Karenderia CMS 5.3 Cross Site Scripting (0)
07-10: Microsoft Font Subsetting DLL MergeFonts Out Of Bounds Read (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Use of Uninitialized Memory While Freeing Resources in var_loadavar (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling Due to Negative nAxes (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth (0)
07-10: [dos] Mozilla Spidermonkey – Unboxed Objects Uninitialized Memory Access (0)
07-10: [dos] Microsoft Windows – Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts (0)
07-09: TP-Link TL-WR940N / TL-WR941ND Cross Site Request Forgery (0)
07-09: WordPress Like Button 1.6.0 Authentication Bypass (0)
07-09: Cisco Data Center Network Manager 11.1(1) Remote Code Execution (0)
07-09: Sony BRAVIA Smart TV Denial Of Service (0)
07-09: [dos] Firefox 67.0.4 – Denial of Service (0)
07-08: Mobatek MobaXterm v11.1 – Code Execution Vulnerability (0)
07-08: Discuz!ML v3.x – Code Injection Vulnerability (0)
07-08: Karenderia CMS 5.1 Local File Inclusion (0)
07-08: Microsoft Exchange 2003 base64-MIME Remote Code Execution (0)
07-08: Karenderia CMS 5.3 SQL Injection (0)
07-08: Huawei HG530 Cross Site Request Forgery (0)
07-08: [webapps] WordPress Plugin Like Button 1.6.0 – Authentication Bypass (0)
07-08: [webapps] Karenderia Multiple Restaurant System 5.3 – SQL Injection (0)
07-05: [webapps] Karenderia Multiple Restaurant System 5.3 – Local File Inclusion (0)
07-05: [remote] Microsoft Exchange 2003 – base64-MIME Remote Code Execution (0)
07-04: iPhone iMessage Malformed Message Bricking (0)
07-04: PHPwind v9.1.0 – Multiple Cross Site Scripting Vulnerabilities (0)
07-04: Symantec DLP 15.5 MP1 Cross Site Scripting (0)
07-04: Hawtio 2.5.0 Server Side Request Forgery (0)
07-04: BKS EBK Ethernet-Buskoppler Pro Shell Upload (0)
07-03: Centreon 19.04 Remote Code Execution (0)
07-03: Serv-U FTP Server prepareinstallation Privilege Escalation (0)
07-03: Apache Tomcat CGIServlet enableCmdLineArguments Remote Code Execution (0)
07-03: [local] Serv-U FTP Server – prepareinstallation Privilege Escalation (Metasploit) (0)
07-03: [webapps] Symantec DLP 15.5 MP1 – Cross-Site Scripting (0)
07-02: Linux Mint 19.1 yelp Command Injection (0)
07-02: FaceSentry Access Control System 6.4.8 Remote Root (0)
07-02: CyberPanel 1.8.4 Cross Site Request Forgery (0)
07-02: FaceSentry Access Control System 6.4.8 Remote SSH Root Access (0)
07-02: FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting (0)
07-02: SquirrelMail 1.4.22 Cross Site Scripting (0)
07-02: FaceSentry Access Control System 6.4.8 Authentication Credential Disclosure (0)
07-02: REDDOXX Appliance Information Disclosure (0)
07-02: FaceSentry Access Control System 6.4.8 Cleartext Password Storage (0)
07-02: Packet Storm New Exploits For June, 2019 (0)
07-02: [webapps] Centreon 19.04 – Remote Code Execution (0)
07-02: [local] Mac OS X TimeMachine – 'tmdiagnose' Command Injection Privilege Escalation (Metasploit) (0)
07-01: Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation (0)
07-01: [webapps] WorkSuite PRM 2.4 – 'password' SQL Injection (0)
07-01: [webapps] Varient 1.6.1 – SQL Injection (0)
07-01: [webapps] CiuisCRM 1.6 – 'eventType' SQL Injection (0)
07-01: [webapps] PowerPanel Business Edition – Cross-Site Scripting (0)
07-01: [shellcode] Linux/ARM64 – execve("/bin/sh", NULL, NULL) Shellcode (40 Bytes) (0)
07-01: [webapps] ZoneMinder 1.32.3 – Cross-Site Scripting (0)
07-01: [shellcode] Linux/ARM64 – Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes) (0)
07-01: [webapps] SAP Crystal Reports – Information Disclosure (0)
07-01: [shellcode] Linux/ARM64 – Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) (0)
07-01: [webapps] Sahi pro 8.x – Directory Traversal (0)
07-01: [shellcode] Linux/ARM64 – Egghunter (PWN!PWN!) + execve("/bin/sh", NULL, NULL) + mprotect() Shellcode (88 Bytes) (0)
07-01: [shellcode] Linux/ARM64 – mmap() + read() stager + execve("/bin/sh", NULL, NULL) Shellcode (60 Bytes) (0)
07-01: [shellcode] Linux/x86 – execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes) (0)
07-01: [remote] FaceSentry Access Control System 6.4.8 – Remote SSH Root (0)
07-01: [webapps] FaceSentry Access Control System 6.4.8 – Remote Root Exploit (0)
07-01: [webapps] FaceSentry Access Control System 6.4.8 – Cross-Site Request Forgery (0)
07-01: [webapps] FaceSentry Access Control System 6.4.8 – Remote Command Injection (0)
07-01: [webapps] CyberPanel 1.8.4 – Cross-Site Request Forgery (0)
07-01: [shellcode] Linux/ARM64 – Read /etc/passwd Shellcode (120 Bytes) (0)
07-01: [shellcode] Linux/ARM64 – Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes) (0)
07-01: [shellcode] Linux/ARM64 – Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes) (0)
07-01: [remote] Linux Mint 18.3-19.1 – 'yelp' Command Injection (Metasploit) (0)
07-01: [shellcode] Linux/ARM64 – execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (48 Bytes) (0)
07-01: [shellcode] Linux/ARM64 – Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (8 Bytes) (0)

June 2019 (215)

06-29: LibreNMS 1.46 addhost Remote Code Execution (0)
06-29: Google Chrome AudioWorkletGlobalScope::Process Use-After-Free (0)
06-29: Google Chrome JS Execution Use-After-Free (0)
06-29: Windows Escalate UAC Protection Bypass Via SilentCleanup (0)
06-28: [webapps] LibreNMS 1.46 – 'addhost' Remote Code Execution (0)
06-28: [shellcode] Linux/x86 – Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) (0)
06-28: [shellcode] Windows/x86 – Start iexplore.exe (http://192.168.10.10/) Shellcode (191 Bytes) (0)
06-27: D-Link Administrative Password Disclosure (0)
06-27: [shellcode] Linux/x86 – ASCII AND, SUB, PUSH, POPAD Encoder Shellcode (0)
06-27: [shellcode] Windows/x86 – bitsadmin Download and Execute (http://192.168.10.10/evil.exe "c:evil.exe") Shellcode (210 Bytes) (0)
06-26: Spidermonkey IonMonkey Incorrect Prediction (0)
06-26: SuperDoctor5 NRPE Remote Code Execution (0)
06-26: SAPIDO RB-1732 Remote Command Execution (0)
06-26: WordPress iLive 1.0.4 Cross Site Scripting (0)
06-26: WordPress Live Chat Unlimited 2.8.3 Cross Site Scripting (0)
06-26: Fortinet FCM-MB40 Cross Site Request Forgery / Remote Command Execution (0)
06-26: BlogEngine.NET 3.3.6 / 3.3.7 path Directory Traversal (0)
06-26: Nagios XI Magpie_debug.php Root Remote Code Execution (0)
06-26: [remote] Nagios XI 5.5.6 – Magpie_debug.php Root Remote Code Execution (Metasploit) (0)
06-26: [dos] Mozilla Spidermonkey – IonMonkey 'Array.prototype.pop' Type Confusion (0)
06-25: Sony PlayStation Vita (PS Vita) – Trinity: PSP Emulator Escape (0)
06-25: ABB IDAL FTP Server Buffer Overflow (0)
06-25: EA Origin Remote Code Execution (0)
06-25: ABB IDAL FTP Server Path Traversal (0)
06-25: ABB IDAL FTP Server Uncontrolled Format String (0)
06-25: ABB HMI Missing Signature Verification (0)
06-25: ABB IDAL HTTP Server Authentication Bypass (0)
06-25: AZADMIN CMS Of HIDEA 1.0 SQL Injection (0)
06-25: GSearch 1.0.1.0 Denial Of Service (0)
06-25: GrandNode 4.40 Path Traversal / File Download (0)
06-25: dotProject 2.1.9 SQL Injection (0)
06-25: SeedDMS out.UsrMgr.php Cross Site Scripting (0)
06-25: SeedDMS Remote Command Execution (0)
06-25: SeedDMS out.GroupMgr.php Cross Site Scripting (0)
06-25: FortiCam FCM-MB40 Code Execution / Privilege Escalation (0)
06-25: ABB IDAL HTTP Server Stack-Based Buffer Overflow (0)
06-25: ABB IDAL HTTP Server Uncontrolled Format String (0)
06-25: Microsoft Windows CmpAddRemoveContainerToCLFSLog Arbitrary File / Directory Creation (0)
06-25: Microsoft Windows Font Cache Service Insecure Sections (0)
06-25: Apple Security Advisory 2019-6-20-1 (0)
06-25: [remote] SAPIDO RB-1732 – Remote Command Execution (0)
06-25: [remote] SuperDoctor5 – 'NRPE' Remote Code Execution (0)
06-25: [webapps] WordPress Plugin Live Chat Unlimited 2.8.3 – Cross-Site Scripting (0)
06-25: [webapps] WordPress Plugin iLive 1.0.4 – Cross-Site Scripting (0)
06-25: [webapps] BlogEngine.NET 3.3.6/3.3.7 – 'path' Directory Traversal (0)
06-25: [webapps] AZADMIN CMS 1.0 – SQL Injection (0)
06-25: [webapps] Fortinet FCM-MB40 – Cross-Site Request Forgery / Remote Command Execution (0)
06-25: [papers] Buffer Overflows, C Programming, NSA GHIDRA and More (0)
06-24: [dos] Microsoft Windows Font Cache Service – Insecure Sections Privilege Escalation (0)
06-24: [dos] Microsoft Windows – 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation (0)
06-24: [webapps] dotProject 2.1.9 – SQL Injection (0)
06-24: [webapps] GrandNode 4.40 – Path Traversal / Arbitrary File Download (0)
06-24: [dos] GSearch 1.0.1.0 – Denial of Service (PoC) (0)
06-24: [shellcode] Linux/x86_64 – Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode (0)
06-24: [webapps] SeedDMS < 5.1.11 – 'out.UsrMgr.php' Cross-Site Scripting (0)
06-24: [webapps] SeedDMS < 5.1.11 – 'out.GroupMgr.php' Cross-Site Scripting (0)
06-24: [webapps] SeedDMS versions < 5.1.11 – Remote Command Execution (0)
06-23: http://kasetwisai.go.th/ks.html (0)
06-23: http://www.dongmuang.go.th/robots.txt (0)
06-21: Koha Library Software 18.1106000 Open Redirection (0)
06-21: Tuneclone 2.20 SEH Buffer Overflow (0)
06-21: Linux Race Condition Use-After-Free (0)
06-21: BlogEngine.NET 3.3.6 / 3.3.7 XML Injection (0)
06-21: WebERP 4.15 SQL Injection (0)
06-21: [papers] Sony PlayStation Vita (PS Vita) – Trinity: PSP Emulator Escape (0)
06-21: [remote] EA Origin < 10.5.38 – Remote Code Execution (0)
06-21: [papers] Threat Hunting – Hunter or Hunted (0)
06-20: BlogEngine.NET 3.3.6 / 3.3.7 dirPath Directory Traversal / Remote Code Execution (0)
06-20: BlogEngine.NET 3.3.6 / 3.3.7 Theme Cookie Directory Traversal / Remote Code Execution (0)
06-20: Cisco Prime Infrastructure Runrshell Privilege Escalation (0)
06-20: Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal (0)
06-20: [local] Cisco Prime Infrastructure – Runrshell Privilege Escalation (Metasploit) (0)
06-20: [remote] Cisco Prime Infrastructure Health Monitor – TarArchive Directory Traversal (Metasploit) (0)
06-20: [dos] Linux – Use-After-Free via race Between modify_ldt() and #BR Exception (0)
06-20: [webapps] BlogEngine.NET 3.3.6/3.3.7 – XML External Entity Injection (0)
06-20: [webapps] WebERP 4.15 – SQL injection (0)
06-20: [local] Tuneclone 2.20 – Local SEH Buffer Overflow (0)
06-19: Serv-U FTP Server 15.1.6 Privilege Escalation (0)
06-19: Sahi Pro 7.x / 8.x Directory Traversal (0)
06-19: Sahi Pro 8.x SQL Injection (0)
06-19: Sahi Pro 8.x Cross Site Scripting (0)
06-19: BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution (0)
06-19: [webapps] BlogEngine.NET 3.3.6/3.3.7 – 'theme Cookie' Directory Traversal / Remote Code Execution (0)
06-19: [webapps] BlogEngine.NET 3.3.6/3.3.7 – 'dirPath' Directory Traversal / Remote Code Execution (0)
06-18: Clever Dog Smart Camera DOG-2W / DOG-2W-V4 File Disclosure / Backdoor (0)
06-18: RedwoodHQ 2.5.5 Authentication Bypass (0)
06-18: Microsoft Windows UAC Protection Bypass (0)
06-18: Spring Security OAuth 2.3 Open Redirection (0)
06-18: Microsoft Word (2016) Deceptive File Reference (0)
06-18: HC10 HC.Server Service 10.14 Remote Invalid Pointer Write (0)
06-18: AROX School-ERP Pro Unauthenticated Remote Code Execution (0)
06-18: Netperf 2.6.0 Buffer Overflow (0)
06-18: Exim 4.91 Local Privilege Escalation (0)
06-18: [local] Serv-U FTP Server < 15.1.7 – Local Privilege Escalation (0)
06-18: [shellcode] Linux/x86_64 – execve(/bin/sh) Shellcode (22 bytes) (0)
06-18: [webapps] Sahi pro 8.x – Cross-Site Scripting (0)
06-18: [webapps] Sahi pro 8.x – SQL Injection (0)
06-18: [webapps] Sahi pro 7.x/8.x – Directory Traversal (0)
06-17: [local] Exim 4.87 – 4.91 – Local Privilege Escalation (0)
06-17: [dos] HC10 HC.Server Service 10.14 – Remote Invalid Pointer Write (0)
06-17: [shellcode] Linux/x86 – Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes) (0)
06-17: [webapps] CleverDog Smart Camera DOG-2W / DOG-2W-V4 – Multiple Vulnerabilities (0)
06-17: [webapps] RedwoodHQ 2.5.5 – Authentication Bypass (0)
06-17: [dos] Netperf 2.6.0 – Stack-Based Buffer Overflow (0)
06-17: [local] Microsoft Windows – UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) (0)
06-17: [dos] Thunderbird ESR < 60.7.XXX – 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow (0)
06-17: [dos] Thunderbird ESR < 60.7.XXX – 'parser_get_next_char' Heap-Based Buffer Overflow (0)
06-17: [dos] Thunderbird ESR < 60.7.XXX – 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow (0)
06-17: [dos] Thunderbird ESR < 60.7.XXX – Type Confusion (0)
06-17: [webapps] Spring Security OAuth – Open Redirector (0)
06-17: [remote] AROX School-ERP Pro – Unauthenticated Remote Command Execution (Metasploit) (0)
06-16: http://www.bayaolocal.go.th (0)
06-16: http://www.paeng.go.th (0)
06-16: http://www.kamkoksoong.go.th (0)
06-15: Tzumi Electronics Klic Lock Authentication Bypass (0)
06-15: Aida64 6.00.5100 SEH Buffer Overflow (0)
06-15: CentOS 7.6 ptrace_scope Privlege Escalation (0)
06-15: Thunderbird libical Heap Overflow (0)
06-15: Thunderbird libical icalparser.c Heap Overflow (0)
06-15: Thunderbird libical Stack Buffer Overflow (0)
06-15: Thunderbird libical Type Confusion (0)
06-15: Java Card Proof Of Concepts (0)
06-14: Sitecore 8.x Deserialization Remote Code Execution (0)
06-14: Pronestor Health Monitoring Privilege Escalation (0)
06-14: APCUPSD Information Leak (0)
06-14: WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials (0)
06-14: [local] Aida64 6.00.5100 – 'Log to CSV File' Local SEH Buffer Overflow (0)
06-14: [papers] Active Directory Enumeration with PowerShell (0)
06-14: [local] CentOS 7.6 – 'ptrace_scope' Privilege Escalation (0)
06-13: Webmin 1.910 Remote Command Execution (0)
06-13: ProShow 9.0.3797 Privilege Escalation (0)
06-13: WordPress Insert Or Embed Articulate Content 4.2997 Remote Code Execution (0)
06-13: phpMyAdmin 4.8 Cross Site Request Forgery (0)
06-13: Liferay Portal 7.1 CE GA4 Cross Site Scripting (0)
06-13: FusionPBX 4.4.3 Remote Command Execution (0)
06-13: Telus Actiontec T2200H WiFi Credential Disclosure (0)
06-13: Telus Actiontec WEB6000Q Privilege Escalation (0)
06-13: Telus Actiontec WEB6000Q Denial Of Service (0)
06-13: Telus Actiontec T2200H Serial Number Information Disclosure (0)
06-13: SymCrypt Infinite Loop (0)
06-13: Telus Actiontec WEB6000Q Serial Number Information Disclosure (0)
06-13: Telus Actiontec T2200H Local Privilege Escalation (0)
06-13: [local] Pronestor Health Monitoring < 8.1.11.0 – Privilege Escalation (0)
06-13: [webapps] Sitecore 8.x – Deserialization Remote Code Execution (0)
06-12: [papers] LDAP Swiss Army Knife (0)
06-12: [webapps] FusionPBX 4.4.3 – Remote Command Execution (0)
06-11: Amcrest IPM-721S Credential Disclosure / Privilege Escalation (0)
06-11: Blipcare Clear Text Communication / Memory Corruption (0)
06-11: Dlink DCS-1130 Command Injection / CSRF / Stack Overflow (0)
06-11: Securifi Almond 2015 Buffer Overflow / Command Injection / XSS / CSRF (0)
06-11: Starry Router Camera PIN Brute-Force / CORS Incorrect (0)
06-11: Veralite / Veraedge Router XSS / Command Injection / CSRF / Traversal (0)
06-11: Shekar Endoscope Weak Default Settings / Memory Corruption (0)
06-11: UliCMS 2019.1 Cross Site Scripting (0)
06-11: Ubuntu 18.04 lxd Privilege Escalation (0)
06-11: Wampserver 3.1.8 Cross Site Request Forgery (0)
06-11: [remote] Webmin 1.910 – 'Package Updates' Remote Command Execution (Metasploit) (0)
06-11: [webapps] Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API – Cross-Site Scripting (0)
06-11: [webapps] phpMyAdmin 4.8 – Cross-Site Request Forgery (0)
06-11: [webapps] WordPress Plugin Insert or Embed Articulate Content into WordPress – Remote Code Execution (0)
06-11: [local] ProShow 9.0.3797 – Local Privilege Escalation (0)
06-10: [shellcode] Linux/x86_64 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes) (0)
06-10: [webapps] UliCMS 2019.1 'Spitting Lama' – Persistent Cross-Site Scripting (0)
06-10: [local] Ubuntu 18.04 – 'lxd' Privilege Escalation (0)
06-08: Microsoft Windows AppX Deployment Service Local Privilege Escalation (0)
06-07: Zimbra XML Injection / Server-Side Request Forgery (0)
06-07: WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload (0)
06-07: Supra Smart Cloud TV Remote File Inclusion (0)
06-07: [local] Microsoft Windows – AppX Deployment Service Local Privilege Escalation (3) (0)
06-07: [shellcode] Linux/x86_64 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) (0)
06-06: http://www.srasaming.go.th//../data/mah(5).gif (0)
06-06: [webapps] Supra Smart Cloud TV – 'openLiveURL()' Remote File Inclusion (0)
06-05: Rapid7 Windows InsightIDR Agent 2.6.3.14 Local Privilege Escalation (0)
06-05: TestLink 1.9.19 Server-Side Request Forgery (0)
06-05: Dell KACE System Management Appliance (SMA) XSS / SQL Injection (0)
06-05: AUO Solar Data Recorder Incorrect Access Control (0)
06-05: dotCMS 5.1.1 Open Redirection / Cross Site Scripting (0)
06-05: NUUO NVRMini 2 3.9.1 Stack Overflow (0)
06-05: Cisco RV130W 1.0.3.44 Remote Stack Overflow (0)
06-05: DVD X Player 5.5 Pro Local Buffer Overflow (0)
06-05: IceWarp 10.4.4 Local File Inclusion (0)
06-05: Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting (0)
06-05: Google Chrome WasmMemoryObject::Grow Use-After-Free (0)
06-05: LibreNMS addhost Command Injection (0)
06-05: IBM Websphere Application Server Remote Code Execution (0)
06-05: [remote] Exim 4.87 < 4.91 – (Local / Remote) Command Execution (0)
06-05: [dos] Google Chrome 73.0.3683.103 – 'WasmMemoryObject::Grow' Use-After-Free (0)
06-05: [webapps] Zimbra < 8.8.11 – XML External Entity Injection / Server-Side Request Forgery (0)
06-05: [remote] LibreNMS – addhost Command Injection (Metasploit) (0)
06-05: [remote] IBM Websphere Application Server – Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit) (0)
06-04: [local] Vim < 8.1.1365 / Neovim < 0.3.6 – Arbitrary Code Execution (0)
06-04: [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 – 'SiteLookup.do' Cross-Site Scripting (0)
06-04: [remote] Cisco RV130W 1.0.3.44 – Remote Stack Overflow (0)
06-04: [remote] NUUO NVRMini 2 3.9.1 – 'sscanf' Stack Overflow (0)
06-04: [webapps] IceWarp 10.4.4 – Local File Inclusion (0)
06-04: [local] DVD X Player 5.5 Pro – Local Buffer Overflow (SEH) (0)
06-03: http://member.ses26.go.th (0)
06-03: http://www.mhkpeo.ses26.go.th (0)
06-03: Safari Webkit Proxy Object Type Confusion (0)
06-03: [webapps] WordPress Plugin Form Maker 1.13.3 – SQL Injection (0)
06-03: [webapps] AUO Solar Data Recorder < 1.3.0 – Incorrect Access Control (0)
06-03: [webapps] KACE System Management Appliance (SMA) < 9.0.270 – Multiple Vulnerabilities (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #107 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #106 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #104 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #105 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #102 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #103 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #100 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #101 (0)
06-02: Packet Storm New Exploits For May, 2019 (0)
06-01: Microsoft Windows Remote Desktop BlueKeep Denial Of Service (0)
06-01: ZyXEL P-660HN-T1 V2 Missing Authentication / Password Disclosure (0)
06-01: Shopware 5.5.6 Cross Site Scripting (0)
06-01: Apple Security Advisory 2019-5-30-1 (0)

May 2019 (352)

05-31: Serv-U FTP Server 15.1.6.25 Local Privilege Escalation (0)
05-31: [papers] Analysis of CVE-2019-0708 (BlueKeep) (0)
05-30: pfSense 2.4.4-p3 Cross Site Scripting (0)
05-30: WordPress Nya-Comment-DoFollow 1.0 Open Redirection (0)
05-30: WordPress WPAds 1.0 Open Redirection (0)
05-30: Free SMTP Server 2.5 Denial Of Service (0)
05-30: Microsoft Windows AppX Deployment Service Local Privilege Escalation (0)
05-30: Qualcomm Android Kernel Use-After-Free (0)
05-30: Siemens LOGO! 8 Hard-Coded Cryptographic Key (0)
05-30: Siemens LOGO! 8 Missing Authentication (0)
05-30: Siemens LOGO! 8 Recoverable Password Format (0)
05-30: [papers] A Debugging Primer with CVE-2019-0708 (0)
05-29: Apple Security Advisory 2019-5-28-2 (0)
05-29: Apple Security Advisory 2019-5-28-1 (0)
05-29: Fast AVI MPEG Joiner 1.2.0812 License Name Denial Of Service (0)
05-29: Cyberoam General Authentication Client 2.1.2.7 Server Address Denial Of Service (0)
05-29: Microsoft Internet Explorer Windows 10 1809 17763.316 Memory Corruption (0)
05-29: CMS Made Simple 2.2.10 Cross Site Scripting (0)
05-29: Cyberoam SSLVPN Client 1.3.1.30 Connect To Server / HTTP Proxy Denial Of Service (0)
05-29: Oracle Application Testing Suite WebLogic Server Administration Console War Deployment (0)
05-29: Cyberoam Transparent Authentication Suite 2.1.2.5 NetBIOS Name / FQDN DoS (0)
05-29: WordPress lqcPlugin-regiePublicites 1.0 Open Redirection (0)
05-29: WordPress 4DMayi 4.6 Open Redirection (0)
05-29: WordPress DingTalk LTS 4.6 Open Redirection (0)
05-29: WordPress LaneMotorSport Responsive 1.8.4 Open Redirection (0)
05-29: Joomla Attachments 3.x File Upload (0)
05-29: MacOS X 10.14.5 Gatekeeper Bypass (0)
05-29: Deltek Maconomy 2.2.5 Local File Inclusion (0)
05-29: Kanboard 1.2.7 Cross Site Scripting (0)
05-29: Typora 0.9.9.24.6 Directory Traversal (0)
05-29: Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak (0)
05-29: EquityPandit 1.0 Password Disclosure (0)
05-29: Petraware pTransformer ADC SQL Injection (0)
05-29: Phraseanet DAM Cross Site Scripting (0)
05-29: VFront 0.99.5 Reflective Cross Site Scripting (0)
05-29: VFront 0.99.5 Persistent Cross Site Scripting (0)
05-29: [remote] Oracle Application Testing Suite – WebLogic Server Administration Console War Deployment (Metasploit) (0)
05-29: [dos] Spidermonkey – IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation (0)
05-29: [dos] Spidermonkey – IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script (0)
05-29: [dos] Qualcomm Android – Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL (0)
05-29: [webapps] pfSense 2.4.4-p3 (ACME Package 0.59_14) – Persistent Cross-Site Scripting (0)
05-29: [dos] Free SMTP Server 2.5 – Denial of Service (PoC) (0)
05-28: [webapps] Phraseanet < 4.0.7 – Cross-Site Scripting (0)
05-28: [remote] Petraware pTransformer ADC < 2.1.7.22827 – Login Bypass (0)
05-28: [local] EquityPandit 1.0 – Password Disclosure (0)
05-27: [remote] Typora 0.9.9.24.6 – Directory Traversal (0)
05-27: [webapps] Deltek Maconomy 2.2.5 – Local File Inclusion (0)
05-27: [dos] Pidgin 2.13.0 – Denial of Service (PoC) (0)
05-25: Microsoft Windows Installer Race Condition (0)
05-24: Brocade Network Advisor 14.4.1 Unauthenticated Remote Code Execution (0)
05-24: WordPress Ad-Manager 1.1.2 Open Redirection (0)
05-24: WordPress Aliyun 5.2 Open Redirection (0)
05-24: WordPress Dankov Planer 1.1.2 Open Redirection (0)
05-24: WordPress Chrome-Extensions 1.0 Open Redirection (0)
05-24: Terminal Services Manager 3.2.1 Denial Of Service (0)
05-24: WordPress jilijilibegin LTS 4.6 Open Redirection (0)
05-24: WordPress Ninger 4.6 Open Redirection (0)
05-24: WordPress Jingke 1.0 Open Redirection (0)
05-24: WordPress Antena_Ri Institute 2.0 Open Redirection (0)
05-24: WordPress PHPL 1.0 Open Redirection (0)
05-24: WordPress Howsci 1.8 Open Redirection (0)
05-24: WordPress Divi-Child 1.0 Open Redirection (0)
05-24: WordPress Xunjin 4.6 Open Redirection (0)
05-24: WordPress Tigin 1.0.5 Open Redirection (0)
05-24: NetAware 1.20 Add Block / Share Name Denial Of Service (0)
05-24: Angry Polar Bear 2: Microsoft Windows Error Reporting Local Privilege Escalation (0)
05-24: Internet Explorer JavaScript Privilege Escalation (0)
05-24: Interspire Email Marketer 6.20 Remote Code Execution (0)
05-24: Microsoft Windows Win32k Privilege Escalation (0)
05-24: Nagios XI 5.6.1 SQL Injection (0)
05-24: Anviz M3 RFID Missing Access Controls (0)
05-24: Opencart 3.0.3.2 extension/feed/google_base Denial Of Service (0)
05-24: Quest KACE Systems Management Appliance 9.0 Cross Site Scripting (0)
05-24: [dos] Fast AVI MPEG Joiner – 'License Name' Denial of Service (PoC) (0)
05-24: [remote] Microsoft Internet Explorer Windows 10 1809 17763.316 – Scripting Engine Memory Corruption (0)
05-24: [dos] Cyberoam General Authentication Client 2.1.2.7 – 'Server Address' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam Transparent Authentication Suite 2.1.2.5 – 'NetBIOS Name' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam Transparent Authentication Suite 2.1.2.5 – 'Fully Qualified Domain Name' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam SSLVPN Client 1.3.1.30 – 'Connect To Server' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam SSLVPN Client 1.3.1.30 – 'HTTP Proxy' Denial of Service (PoC) (0)
05-24: [webapps] Opencart 3.0.3.2 – 'extension/feed/google_base' Denial of Service PoC (0)
05-24: [local] Axessh 4.2 – 'Log file name' Local Stack-based Buffer Overflow (0)
05-23: WordPress Inkblot Theme 4.9.10 Cross Site Request Forgery (0)
05-23: WordPress Memphis Documents Library 3.9.19 Cross Site Request Forgery (0)
05-23: Microsoft Windows Task Scheduler .job Import Arbitrary DACL Write (0)
05-23: Blue Prism Robotic Process Automation (RPA) Privilege Escalation (0)
05-23: [papers] Web Application Firewall Bypass Methods (0)
05-23: [local] Microsoft Windows 10 (17763.379) – Install DLL (0)
05-23: [remote] Shopware – createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit) (0)
05-23: [dos] Visual Voicemail for iPhone – IMAP NAMESPACE Processing Use-After-Free (0)
05-23: [local] Apple Mac OS X – Feedback Assistant Race Condition (Metasploit) (0)
05-23: [dos] Terminal Services Manager 3.2.1 – Denial of Service (0)
05-23: [local] Microsoft Windows 10 1809 – 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation (0)
05-23: [dos] NetAware 1.20 – 'Share Name' Denial of Service (PoC) (0)
05-23: [webapps] Nagios XI 5.6.1 – SQL injection (0)
05-23: [shellcode] Linux/x64 – Execve(/bin/sh) Shellcode (23 bytes) (0)
05-23: [dos] NetAware 1.20 – 'Add Block' Denial of Service (PoC) (0)
05-23: [papers] Penetration Testing Steps And Tools (0)
05-22: http://www.skp.moe.go.th (0)
05-22: Slims CMS Akasia 8.3.1 SQL Injection (0)
05-22: PHP PHP_INI_SYSTEM Ineffective Controls (0)
05-22: JavaScriptCore LICM Uninitialized Stack Variable (0)
05-22: Microsoft Windows CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration (0)
05-22: XNU stf_ioctl Bad Cast (0)
05-22: Darktrace Enterpise Immune System 3.0.9 / 3.0.10 Cross Site Request Forgery (0)
05-22: Visual Voicemail For iPhone IMAP NAMESPACE Use-After-Free (0)
05-22: XNU Stale Pointer Use-After-Free (0)
05-22: Shopware createInstanceFromNamedArguments PHP Object Instantiation (0)
05-22: Mac OS X Feedback Assistant Race Condition (0)
05-22: FreeBSD rtld execl() Privilege Escalation (0)
05-22: [local] Microsoft Internet Explorer 11 – Sandbox Escape (0)
05-22: [local] Microsoft Windows (x84) – Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation (0)
05-22: [local] Microsoft Windows (x84/x64) – 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation (0)
05-22: [webapps] Horde Webmail 5.2.22 – Multiple Vulnerabilities (0)
05-22: [dos] TapinRadio 2.11.6 – 'Uername' Denial of Service (PoC) (0)
05-22: [dos] BlueStacks 4.80.0.1060 – Denial of Service (PoC) (0)
05-22: [webapps] Zoho ManageEngine ServiceDesk Plus < 10.5 – Improper Access Restrictions (0)
05-22: [dos] TapinRadio 2.11.6 – 'Address' Denial of Service (PoC) (0)
05-22: [dos] RarmaRadio 2.72.3 – 'Username' Denial of Service (PoC) (0)
05-22: [dos] RarmaRadio 2.72.3 – 'Server' Denial of Service (PoC) (0)
05-22: [webapps] Carel pCOWeb < B1.2.1 – Cross-Site Scripting (0)
05-22: [webapps] Carel pCOWeb < B1.2.1 – Credentials Disclosure (0)
05-22: [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 – Cross-Site Scripting (0)
05-22: [webapps] AUO Solar Data Recorder < 1.3.0 – 'addr' Cross-Site Scripting (0)
05-21: GAT-Ship Web Module 1.30 Information Disclosure (0)
05-21: Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution (0)
05-21: Freelance Cockpit CRM 3.3.1 SQL Injection (0)
05-21: Cisco Expressway Gateway 11.5.1 Directory Traversal (0)
05-21: Huawei eSpace 1.1.11.103 DLL Hijacking (0)
05-21: Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow (0)
05-21: Huawei eSpace 1.1.11.103 Meeting Image File Format Handling Buffer Overflow (0)
05-21: Huawei eSpace 1.1.11.103 Meeting Heap Overflow (0)
05-21: Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation (0)
05-21: phpKF 1.10 XSS / CSRF / SQL Injection (0)
05-21: Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 XNU – Wild-read due to bad cast in stf_ioctl (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 JavaScriptCore – AIR Optimization Incorrectly Removes Assignment to Register (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 JavaScriptCore – Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized (0)
05-21: [webapps] Brocade Network Advisor 14.4.1 – Unauthenticated Remote Code Execution (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler – 'HasIndexedProperty' Use-After-Free (0)
05-21: [webapps] Oracle CTI Web Service – 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection (0)
05-21: [webapps] WordPress Plugin WPGraphQL 0.2.3 – Multiple Vulnerabilities (0)
05-21: [webapps] Moodle Jmol Filter 6.1 – Directory Traversal / Cross-Site Scripting (0)
05-20: http://hanjoth.go.th (0)
05-20: http://hintang.go.th (0)
05-20: http://khnlocal.go.th (0)
05-20: http://ppnr.go.th (0)
05-20: http://suanmon.go.th (0)
05-20: [dos] Huawei eSpace Meeting 1.1.11.103 – 'cenwpoll.dll' SEH Buffer Overflow (Unicode) (0)
05-20: [local] Solaris 7/8/9 (SPARC) – 'dtprintinfo' Local Privilege Escalation (2) (0)
05-20: [remote] GetSimpleCMS – Unauthenticated Remote Code Execution (Metasploit) (0)
05-20: [local] Huawei eSpace 1.1.11.103 – DLL Hijacking (0)
05-20: [dos] Huawei eSpace 1.1.11.103 – Image File Format Handling Buffer Overflow (0)
05-20: [local] Solaris 7/8/9 (SPARC) – 'dtprintinfo' Local Privilege Escalation (1) (0)
05-20: [local] Solaris 10 1/13 (Intel) – 'dtprintinfo' Local Privilege Escalation (0)
05-20: [dos] BulletProof FTP Server 2019.0.0.50 – 'Storage-Path' Denial of Service (PoC) (0)
05-20: [dos] AbsoluteTelnet 10.16 – 'License name' Denial of Service (PoC) (0)
05-20: [dos] BulletProof FTP Server 2019.0.0.50 – 'DNS Address' Denial of Service (PoC) (0)
05-20: [dos] PCL Converter 2.7 – Denial of Service (PoC) (0)
05-20: [dos] docPrint Pro 8.0 – Denial of Service (PoC) (0)
05-20: [shellcode] Linux x86_64 – Delete File Shellcode (28 bytes) (0)
05-20: [dos] Encrypt PDF 2.3 – Denial of Service (PoC) (0)
05-20: [dos] Huawei eSpace 1.1.11.103 – 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow (0)
05-20: [webapps] eLabFTW 1.8.5 – Arbitrary File Upload / Remote Code Execution (0)
05-17: VMware Workstation DLL Hijacking (0)
05-17: WeChat 7.0.4 Denial Of Service (0)
05-17: JetAudio jetCast Server 2.0 Buffer Overflow (0)
05-17: ZOC Terminal 7.23.4 Denial Of Service (0)
05-17: Axessh 4.2 Denial Of Service (0)
05-17: SEL AcSELerator Architect 2.2.24 Denial Of Service (0)
05-17: GetSimpleCMS 3.3.15 Remote Code Execution (0)
05-17: [webapps] Interspire Email Marketer 6.20 – 'surveys_submit.php' Remote Code Execution (0)
05-17: [dos] CEWE Photo Importer 6.4.3 – '.jpg' Denial of Service (PoC) (0)
05-17: [dos] CEWE Photoshow 6.4.3 – 'Password' Denial of Service (PoC) (0)
05-17: [local] Iperius Backup 6.1.0 – Privilege Escalation (0)
05-17: [dos] Sandboxie 5.30 – 'Programs Alerts' Denial of Service (PoC) (0)
05-16: Tomabo MP4 Converter 3.25.22 Denial Of Service (0)
05-16: CommSy 8.6.5 SQL Injection (0)
05-16: DeepSound 1.0.4 SQL Injection (0)
05-16: Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery (0)
05-16: Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting (0)
05-16: RSA NetWitness Authorization Bypass (0)
05-16: https://dmf.go.th/sana.htm (0)
05-16: [webapps] DeepSound 1.0.4 – SQL Injection (0)
05-16: [local] VMware Workstation 15.1.0 – DLL Hijacking (0)
05-16: [dos] SEL AcSELerator Architect 2.2.24 – CPU Exhaustion Denial of Service (0)
05-16: [dos] Axessh 4.2 – 'Log file name' Denial of Service (PoC) (0)
05-16: [dos] ZOC Terminal v7.23.4 – 'Shell' Denial of Service (PoC) (0)
05-16: [dos] ZOC Terminal v7.23.4 – 'Private key file' Denial of Service (PoC) (0)
05-16: [dos] ZOC Terminal 7.23.4 – 'Script' Denial of Service (PoC) (0)
05-16: [local] JetAudio jetCast Server 2.0 – 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow (0)
05-16: [dos] WeChat for Android 7.0.4 – 'vcodec2_hls_filter' Denial of Service (0)
05-15: Selfie Studio 2.17 Denial Of Service (0)
05-15: Telenor.com.pk SMS 2-Factor Bypass (0)
05-15: TwistedBrush Pro Studio 24.06 Denial Of Service (0)
05-15: PasteShr 1.6 SQL Injection (0)
05-15: PHP-Fusion 9.03.00 Remote Code Execution (0)
05-15: Schneider Electric U.Motion Builder 1.3.4 Command Injection (0)
05-15: [webapps] Legrand BTicino Driver Manager F454 1.0.51 – Cross-Site Request Forgery / Cross-Site Scripting (0)
05-15: [webapps] CommSy 8.6.5 – SQL injection (0)
05-15: [dos] Tomabo MP4 Converter 3.25.22 – Denial of Service (PoC) (0)
05-14: Apple Security Advisory 2019-5-13-1 (0)
05-14: Apple Security Advisory 2019-5-13-2 (0)
05-14: Apple Security Advisory 2019-5-13-3 (0)
05-14: Apple Security Advisory 2019-5-13-4 (0)
05-14: Apple Security Advisory 2019-5-13-6 (0)
05-14: Apple Security Advisory 2019-5-13-5 (0)
05-14: OpenCMS 10.5.4 Cross Site Scripting (0)
05-14: OpenCMS 10.5.4 CSV Injection (0)
05-14: WolfCMS 0.8.3.1 Cross Site Scripting (0)
05-14: CCSP 7.2.5 API XML Injection / Server-Side Request Forgery (0)
05-14: SpotMSN 2.4.6 Denial Of Service (0)
05-14: DNSS Domain Name Search Software 2.1.8 Denial Of Service (0)
05-14: WordPress Form Maker 1.13.3 SQL Injection (0)
05-14: Firefly CMS 1.0 Remote Command Execution (0)
05-14: XOOPS CMS 2.5.9 SQL Injection (0)
05-14: SalesERP 8.1 SQL Injection (0)
05-14: SOCA Access Control System 180612 Information Disclosure (0)
05-14: SOCA Access Control System 180612 Cross Site Scripting (0)
05-14: SOCA Access Control System 180612 SQL Injection (0)
05-14: SOCA Access Control System 180612 Cross Site Request Forgery (0)
05-14: Go Cryptography Libraries Cleartext Message Spoofing (0)
05-14: System Down: A systemd-journald Exploit (0)
05-14: [webapps] Schneider Electric U.Motion Builder 1.3.4 – 'track_import_export.php object_id' Unauthenticated Command Injection (0)
05-14: [webapps] PasteShr 1.6 – Multiple SQL Injection (0)
05-14: [remote] PHP-Fusion 9.03.00 – 'Edit Profile' Remote Code Execution (Metasploit) (0)
05-14: [webapps] Sales ERP 8.1 – Multiple SQL Injection (0)
05-14: [dos] TwistedBrush Pro Studio 24.06 – '.srp' Denial of Service (PoC) (0)
05-14: [dos] TwistedBrush Pro Studio 24.06 – 'Script Recorder' Denial of Service (PoC) (0)
05-14: [dos] TwistedBrush Pro Studio 24.06 – 'Resize Image' Denial of Service (PoC) (0)
05-14: [webapps] D-Link DWL-2600AP – Multiple OS Command Injection (0)
05-14: [dos] Selfie Studio 2.17 – 'Resize Image' Denial of Service (PoC) (0)
05-13: [webapps] SOCA Access Control System 180612 – SQL Injection (0)
05-13: [shellcode] Linux/x86 – /sbin/iptables -F Shellcode (43 bytes) (0)
05-13: [webapps] OpenProject 5.0.0 – 8.3.1 – SQL Injection (0)
05-13: [dos] Google Chrome V8 – Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write (0)
05-13: [webapps] XOOPS 2.5.9 – SQL Injection (0)
05-13: [webapps] SOCA Access Control System 180612 – Cross-Site Request Forgery (Add Admin) (0)
05-13: [webapps] SOCA Access Control System 180612 – Information Disclosure (0)
05-13: [dos] DNSS 2.1.8 – Denial of Service (PoC) (0)
05-13: [dos] SpotMSN 2.4.6 – Denial of Service (PoC) (0)
05-11: Lotus Domino 8.5.3 EXAMINE Stack Buffer Overflow (0)
05-11: Lyric Maker 2.0.1.0 Denial Of Service (0)
05-11: Lyric Video Creator 2.1 Denial Of Service (0)
05-11: jetAudio 8.1.7.20702 Basic Denial Of Service (0)
05-11: Zoho ManageEngine ADSelfService Plus 5.7 Cross Site Scripting (0)
05-11: dotCMS 5.1.1 HTML Injection (0)
05-11: NetNumber Titan ENUM/DNS/NP 7.9.1 Bypass / Traversal (0)
05-11: RICOH SP 4510DN Printer HTML Injection (0)
05-11: RICOH SP 4520DN Printer HTML Injection (0)
05-11: Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure (0)
05-11: SpotIM 2.2 Denial Of Service (0)
05-11: Symphony Project sfDoctrinesfPropel 1.x Database Password Disclosure (0)
05-11: TheHive Project Cortex 2.1.3 Server Side Request Forgery (0)
05-11: Convert Video jetAudio 8.1.7 Denial Of Service (0)
05-11: jetCast Server 2.0 Denial Of Service (0)
05-11: SpotPaltalk 1.1.5 Denial Of Service (0)
05-11: ASPRunner.NET 10.1 Denial Of Service (0)
05-11: PHPRunner 10.1 Denial Of Service (0)
05-11: CyberArk Enterprise Password Vault 10.7 XML External Entity Injection (0)
05-11: Chrome V8 Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Failed Check (0)
05-11: OpenProject 8.3.1 SQL Injection (0)
05-10: [webapps] CyberArk Enterprise Password Vault 10.7 – XML External Entity Injection (0)
05-10: [webapps] RICOH SP 4510DN Printer – HTML Injection (0)
05-10: [webapps] dotCMS 5.1.1 – HTML Injection (0)
05-10: [dos] PHPRunner 10.1 – Denial of Service (PoC) (0)
05-10: [dos] SpotPaltalk 1.1.5 – Denial of Service (PoC) (0)
05-10: [dos] ASPRunner.NET 10.1 – Denial of Service (PoC) (0)
05-10: [webapps] TheHive Project Cortex < 1.15.2 – Server-Side Request Forgery (0)
05-10: [dos] SpotIM 2.2 – Denial of Service (PoC) (0)
05-10: [webapps] RICOH SP 4520DN Printer – HTML Injection (0)
05-10: [dos] jetCast Server 2.0 – Denial of Service (PoC) (0)
05-09: D-Link DWL-2600AP Save Configuration Command Injection (0)
05-09: D-Link DWL-2600AP Upgrade Firmware Command Injection (0)
05-09: Chrome 72.0.3626.119 FileReader Use-After-Free (0)
05-09: [dos] Convert Video jetAudio 8.1.7 – Denial of Service (PoC) (0)
05-09: [webapps] Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build – Cross-Site Scripting (0)
05-09: [dos] Lyric Maker 2.0.1.0 – Denial of Service (PoC) (0)
05-09: [dos] Lyric Video Creator 2.1 – '.mp3' Denial of Service (PoC) (0)
05-08: PostgreSQL COPY FROM PROGRAM Command Execution (0)
05-08: [webapps] NetNumber Titan ENUM/DNS/NP 7.9.1 – Path Traversal / Authorization Bypass (0)
05-08: [dos] jetAudio 8.1.7.20702 Basic – 'Enter URL' Denial of Service (PoC) (0)
05-08: [remote] Lotus Domino 8.5.3 – 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE) (0)
05-08: [shellcode] Linux/x86 – execve /bin/sh Shellcode (20 bytes) (0)
05-08: [local] MiniFtp – 'parseconf_load_setting' Buffer Overflow (0)
05-07: http://phuket.nfe.go.th/kathu/web1/file_editor/db.txt (0)
05-07: http://pattani.nfe.go.th/web1/file_editor/db.txt (0)
05-07: D-Link DWL-2600AP Authenticated OS Command Injection (0)
05-07: Xitami Web Server 2.5 Remote Buffer Overflow (0)
05-07: iOS 12.1.3 cfprefsd Memory Corruption (0)
05-07: NSClient++ 0.5.2.35 Privilege Escalation (0)
05-07: LG Supersign EZ CMS Remote Code Execution (0)
05-07: PHPads 2.0 SQL Injection (0)
05-07: Prinect Archive System 2015 Release 2.6 Cross Site Scripting (0)
05-07: ReadyAPI 2.5.0 / 2.6.0 Remote Code Execution (0)
05-07: [local] Admin Express 1.2.5.485 – 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow (0)
05-07: [webapps] Prinect Archive System 2015 Release 2.6 – Cross-Site Scripting (0)
05-07: [dos] Easy Chat Server 3.1 – 'message' Denial of Service (PoC) (0)
05-06: [webapps] ReadyAPI 2.5.0 / 2.6.0 – Remote Code Execution (0)
05-06: [remote] LG Supersign EZ CMS – Remote Code Execution (Metasploit) (0)
05-06: [dos] iOS 12.1.3 – 'cfprefsd' Memory Corruption (0)
05-06: [local] NSClient++ 0.5.2.35 – Privilege Escalation (0)
05-06: [shellcode] Linux/x86 – shred file Shellcode (72 bytes) (0)
05-06: [shellcode] Linux/x86 – Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) (0)
05-06: [webapps] microASP (Portal+) CMS – 'pagina.phtml?explode_tree' SQL Injection (0)
05-06: [webapps] PHPads 2.0 – 'click.php3?bannerID' SQL Injection (0)
05-06: [remote] Xitami Web Server 2.5 – Remote Buffer Overflow (SEH + Egghunter) (0)
05-05: Blue Angel Software Suite Command Execution (0)
05-05: Instagram Auto Follow SQL Injection (0)
05-05: SolarWinds DameWare Mini Remote Control 10.0 Denial Of Service (0)
05-05: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection (0)
05-05: Zotonic 0.46 mod_admin Cross Site Scripting (0)
05-05: Wordpress Social Warfare Remote Code Execution (0)
05-03: MailCarrier 2.51 HELP Remote Buffer Overflow (0)
05-03: Sentrifugo Human Resource Management System 3.2 File Disclosure (0)
05-03: OpenSkos Simple Knowledge Organization System 2.0 File Disclosure (0)
05-03: CentOS Web Panel Domain Field Cross Site Scripting (0)
05-03: Johnny You Are Fired (0)
05-03: Winamp 5.12 Playlist (.pls) Buffer Overflow (0)
05-03: Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution (0)
05-03: Packet Storm New Exploits For April, 2019 (0)
05-03: Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution (0)
05-03: [webapps] Wordpress Plugin Social Warfare < 3.5.3 – Remote Code Execution (0)
05-03: [dos] SolarWinds DameWare Mini Remote Control 10.0 – Denial of Service (0)
05-03: [remote] Blue Angel Software Suite – Command Execution (0)
05-03: [shellcode] Linux/x86 – Openssl Encrypt Files With aes256cbc Shellcode (185 bytes) (0)
05-03: [remote] Windows PowerShell ISE – Remote Code Execution (0)
05-03: [webapps] Zotonic < 0.47.0 mod_admin – Cross-Site Scripting (0)
05-03: [shellcode] Linux/x86 – Reverse Shell Shellcode (91 Bytes) + Python Wrapper (0)
05-03: [webapps] Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow – Remote Command Injection (0)
05-03: [webapps] Instagram Auto Follow – Authentication Bypass (0)
05-02: [remote] Ruby On Rails – DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit) (0)
05-01: http://lpa.nfe.go.th/mj.htm (0)
05-01: Joomla JiFile 2.3.1 Arbitrary File Download (0)
05-01: Agent Tesla Botnet Information Disclosure (0)
05-01: Pimcore Unserialize Remote Code Execution (0)
05-01: APT Package Manager Persistence (0)
05-01: AIS Logistics ESEL-Server SQL Injection / Code Execution (0)
05-01: Linux Missing Lockdown (0)
05-01: Revive Adserver Deserialization / Open Redirect (0)
05-01: Freefloat FTP Server 1.0 SIZE Buffer Overflow (0)
05-01: Freefloat FTP Server 1.0 STOR Buffer Overflow (0)
05-01: Netgear DGN2200 / DGND3700 Admin Password Disclosure (0)
05-01: Veeam ONE Reporter 9.5.0.3201 Cross Site Request Forgery (0)
05-01: Veeam ONE Reporter 9.5.0.3201 Cross Site Scripting (0)
05-01: Domoticz 4.10577 Unauthenticated Remote Command Execution (0)
05-01: Intelbras IWR 3000N Denial Of Service (0)
05-01: Intelbras IWR 3000N 1.5.0 Cross Site Request Forgery (0)
05-01: HumHub 1.3.12 Cross Site Scripting (0)
05-01: Spring Cloud Config 2.1.x Path Traversal (0)
05-01: Yum Package Manager Persistence (0)
05-01: [webapps] CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) – Domain Field (Add DNS Zone) Cross-Site Scripting (0)

April 2019 (334)

04-30: http://photharamhosp.go.th/sm2//images/db.txt (0)
04-30: http://nongkhamsuphan.go.th/images/db.txt (0)
04-30: [remote] Freefloat FTP Server 1.0 – 'SIZE' Remote Buffer Overflow (0)
04-30: [papers] [Turkish] Tunelleme Teknikleri ile Firewall Atlatmak (0)
04-30: [webapps] Hyvikk Fleet Manager – Shell Upload (0)
04-30: [webapps] Agent Tesla Botnet – Information Disclosure (0)
04-30: [remote] Freefloat FTP Server 1.0 – 'STOR' Remote Buffer Overflow (0)
04-30: [webapps] Netgear DGN2200 / DGND3700 – Admin Password Disclosure (0)
04-30: [remote] Moodle 3.6.3 – 'Install Plugin' Remote Command Execution (Metasploit) (0)
04-30: [webapps] Joomla! Component JiFile 2.3.1 – Arbitrary File Download (0)
04-30: [webapps] Domoticz 4.10577 – Unauthenticated Remote Command Execution (0)
04-30: [webapps] HumHub 1.3.12 – Cross-Site Scripting (0)
04-30: [webapps] Spring Cloud Config 2.1.x – Path Traversal (Metasploit) (0)
04-30: [webapps] Joomla! Component ARI Quiz 3.7.4 – SQL Injection (0)
04-30: [webapps] Intelbras IWR 3000N 1.5.0 – Cross-Site Request Forgery (0)
04-30: [webapps] Veeam ONE Reporter 9.5.0.3201 – Persistent Cross-site Scripting (Add/Edit Widget) (0)
04-30: [webapps] Intelbras IWR 3000N – Denial of Service (Remote Reboot) (0)
04-30: [webapps] Veeam ONE Reporter 9.5.0.3201 – Multiple Cross-Site Request Forgery (0)
04-30: [webapps] Veeam ONE Reporter 9.5.0.3201 – Persistent Cross-Site Scripting (0)
04-29: SGI IRIX 6.4.x Run-Time Linker Arbitrary File Creation (0)
04-28: NSauditor 3.1.2.0 Community Denial Of Service (0)
04-28: NSauditor 3.1.2.0 Name Denial Of Service (0)
04-28: Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting (0)
04-28: Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection (0)
04-28: Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change (0)
04-28: Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution (0)
04-28: Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting (0)
04-28: Sierra Wireless AirLink ES450 SNMPD Hard-Coded Credentials (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Cross Site Request Forgery (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Information Disclosure (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment (0)
04-28: Joomla ARI Quiz 3.7.4 SQL Injection (0)
04-28: Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Information Exposure (0)
04-27: osTicket 1.11 Cross Site Scripting / Local File Inclusion (0)
04-27: Lavavo CD Ripper 4.20 Buffer Overflow (0)
04-27: systemd DynamicUser SetUID Binary Creation (0)
04-26: Chrome NewFixedDoubleArray Integer Overflow (0)
04-26: HeidiSQL Portable 10.1.0.5464 Denial Of Service (0)
04-26: Backup Key Recovery 2.2.4 Denial Of Service (0)
04-26: JioFi 4G M2S 1.0.2 Cross Site Scripting (0)
04-26: JioFi 4G M2S 1.0.2 Denial Of Service (0)
04-26: [dos] systemd – DynamicUser can Create setuid Binaries when Assisted by Another Process (0)
04-26: [webapps] Apache Pluto 3.0.0 / 3.0.1 – Persistent Cross-Site Scripting (0)
04-26: [dos] NSauditor 3.1.2.0 – 'Name' Denial of Service (PoC) (0)
04-26: [dos] NSauditor 3.1.2.0 – 'Community' Denial of Service (PoC) (0)
04-25: ManageEngine Applications Manager 14.0 SQL Injection / Command Injection (0)
04-25: Linux Overflow Via FUSE (0)
04-25: 74CMS 5.0.1 Cross Site Request Forgery (0)
04-25: Linux Siemens R3964 Line Discipline Missing Lock (0)
04-25: Sony Smart TV Information Disclosure / File Read (0)
04-25: VirtualBox COM RPC Interface Code Injection / Privilege Escalation (0)
04-25: RARLAB WinRAR ACE Format Input Validation Remote Code Execution (0)
04-25: https://envocc.ddc.moph.go.th//xampp/lang.tmp (0)
04-25: [local] RARLAB WinRAR 5.61 – ACE Format Input Validation Remote Code Execution (Metasploit) (0)
04-25: [local] Lavavo CD Ripper 4.20 – 'License Activation Name' Buffer Overflow (SEH) (0)
04-25: [dos] AnMing MP3 CD Burner 2.0 – Denial of Service (PoC) (0)
04-25: [webapps] osTicket 1.11 – Cross-Site Scripting / Local File Inclusion (0)
04-25: [dos] JioFi 4G M2S 1.0.2 – Denial of Service (0)
04-25: [webapps] JioFi 4G M2S 1.0.2 – 'mask' Cross-Site Scripting (0)
04-25: [dos] Backup Key Recovery 2.2.4 – Denial of Service (PoC) (0)
04-25: [dos] HeidiSQL 10.1.0.5464 – Denial of Service (PoC) (0)
04-24: Ross Video DashBoard 8.5.1 Insecure Permissions (0)
04-24: [shellcode] Linux/x86 – Rabbit Shellcode Crypter (200 bytes) (0)
04-24: [remote] Google Chrome 72.0.3626.121 / 74.0.3725.0 – 'NewFixedDoubleArray' Integer Overflow (0)
04-24: [local] VirtualBox 6.0.4 r128413 – COM RPC Interface Code Injection Host Privilege Escalation (0)
04-23: Ease Audio Converter 5.30 Denial Of Service (0)
04-23: Google Chrome 73.0.3683.103 V8 JavaScript Engine Denial Of Service (0)
04-23: WordPress Contact Form Builder 1.0.67 CSRF / LFI (0)
04-23: [dos] Linux – 'page->_refcount' Overflow via FUSE (0)
04-23: [dos] Linux – Missing Locking in Siemens R3964 Line Discipline Race Condition (0)
04-23: [dos] systemd – Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit (0)
04-23: [local] Ross Video DashBoard 8.5.1 – Insecure Permissions (0)
04-22: http://harisk.nah.go.th/zz.htm (0)
04-22: http://educationarmy3.nah.go.th/zz.htm (0)
04-22: http://www.sknhospital.go.th/zz.htm (0)
04-22: http://www.ramsurin.go.th/zz.htm (0)
04-22: http://ceramic.dss.go.th/vz.txt (0)
04-22: http://project.dss.go.th/vz.txt (0)
04-22: http://foodcontact.dss.go.th/vz.txt (0)
04-22: http://bas.dss.go.th/vz.txt (0)
04-22: http://rspg.dss.go.th/vz.txt (0)
04-22: http://km.dss.go.th/vz.txt (0)
04-22: http://otop.dss.go.th/vz.txt (0)
04-22: http://glass.dss.go.th/vz.txt (0)
04-22: http://rubber.dss.go.th/vz.txt (0)
04-22: ChurchCRM Software 3.3.2 Database Disclosure (0)
04-22: OpenDocMan Document Management System 1.3.5 Database Disclosure (0)
04-22: RingsDB Software 1.0.0 Database Disclosure (0)
04-22: Zikula Core CMS 2.0.13 Database Disclosure (0)
04-22: LabF nfsAxe 3.7 Ping Client Buffer Overflow (0)
04-22: [remote] ManageEngine Applications Manager 14.0 – Authentication Bypass / Remote Command Execution (Metasploit) (0)
04-22: [webapps] 74CMS 5.0.1 – Cross-Site Request Forgery (Add New Admin User) (0)
04-22: [local] LabF nfsAxe 3.7 Ping Client – 'Host IP' Buffer Overflow (Direct Ret) (0)
04-22: [shellcode] Linux/ARM – Password-Protected Reverse TCP Shellcode (100 bytes) (0)
04-22: [webapps] WordPress Plugin Contact Form Builder 1.0.67 – Cross-Site Request Forgery / Local File Inclusion (0)
04-22: [dos] Google Chrome 73.0.3683.103 V8 JavaScript Engine – Out-of-Memory in Invalid Table Size Denial of Service (PoC) (0)
04-22: [dos] Ease Audio Converter 5.30 – '.mp4' Denial of Service (PoC) (0)
04-22: [webapps] Msvod 10 – Cross-Site Request Forgery (Change User Information) (0)
04-22: [dos] QNAP myQNAPcloud Connect 1.3.4.0317 – 'Username/Password' Denial of Service (0)
04-21: QNAP myQNAPcloud Connect 1.3.4.0317 Username/Password Denial Of Service (0)
04-21: Oracle Business Intelligence And XML Publisher XML Injection (0)
04-21: Oracle Business Intelligence Directory Traversal (0)
04-20: http://bantham.go.th/vz.txt (0)
04-20: Evernote 7.9 Path Traversal / Code Execution (0)
04-20: ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution (0)
04-20: Netwide Assembler (NASM) 2.14rc15 Null Pointer Dereference (0)
04-20: Atlassian Confluence Widget Connector Macro Velocity Template Injection (0)
04-20: SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation (0)
04-19: LibreOffice Macro Code Execution (0)
04-19: [remote] Atlassian Confluence Widget Connector Macro – Velocity Template Injection (Metasploit) (0)
04-19: [local] SystemTap 1.3 – MODPROBE_OPTIONS Privilege Escalation (Metasploit) (0)
04-19: [webapps] Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 – XML External Entity Injection (0)
04-19: [webapps] Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 – Directory Traversal (0)
04-18: Windows Zero Day Emerges In Active Exploits (0)
04-18: UltraVNC Viewer 1.2.2.4 Denial Of Service (0)
04-18: UltraVNC Launcher 1.2.2.4 Denial Of Service (0)
04-18: Seo Panel Newsletter 1.2.0 Cross Site Scripting (0)
04-18: RemoteMouse 3.008 Arbitrary Remote Command Execution (0)
04-18: PCHelpWare 2 1.0.0.5 SC Denial Of Service (0)
04-18: AdminExpress 1.2.5 Denial Of Service (0)
04-18: PCHelpWare 2 1.0.0.5 Group Denial Of Service (0)
04-18: Zyxel ZyWall Cross Site Scripting (0)
04-18: Zoho ManageEngine ADManager Plus 6.6 Privilege Escalation (0)
04-18: Joomla 3.9.4 Arbitrary File Deletion / Directory Traversal (0)
04-18: MailCarrier 2.51 RETR Buffer Overflow (0)
04-18: Microsoft Windows CSRSS SxSSrv Cached Manifest Privilege Escalation (0)
04-18: Microsoft Windows LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation (0)
04-18: Microsoft Windows LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation (0)
04-18: Microsoft Windows LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation (0)
04-18: Microsoft Windows LUAFV NtSetCachedSigningLevel Device Guard Bypass (0)
04-18: Microsoft Windows LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation (0)
04-18: Microsoft Windows LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition (0)
04-18: 2 Plan Team 1.0.4 Cross Site Scripting (0)
04-18: WordPress Download Manager 2.9.93 Cross Site Scripting (0)
04-18: ASUS HG100 Denial Of Service (0)
04-18: DHCP Server 2.5.2 Denial Of Service (0)
04-18: OAMbuster Multi-Threaded CVE-2018-2879 Scanner (0)
04-18: Oracle Java Runtime Environment sc_FindExtrema4 Heap Corruption (0)
04-18: Oracle Java Runtime Environment GlyphIterator::setCurrGlyphID Heap Corruption (0)
04-18: [local] LibreOffice < 6.0.7 / 6.1.3 – Macro Code Execution (Metasploit) (0)
04-18: [dos] Netwide Assembler (NASM) 2.14rc15 – NULL Pointer Dereference (PoC) (0)
04-18: [remote] ManageEngine Applications Manager 11.0 < 14.0 – SQL Injection / Remote Code Execution (Metasploit) (0)
04-18: [local] Evernote 7.9 – Code Execution via Path Traversal (0)
04-17: https://sueksa.go.th (0)
04-17: http://www2.fda.moph.go.th/fdaonline/board/wallpaper/swan.txt (0)
04-17: [dos] Oracle Java Runtime Environment – Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID (0)
04-17: [dos] DHCP Server 2.5.2 – Denial of Service (PoC) (0)
04-17: [dos] ASUS HG100 – Denial of Service (0)
04-17: [dos] Oracle Java Runtime Environment – Heap Corruption During TTF font Rendering in sc_FindExtrema4 (0)
04-17: [remote] MailCarrier 2.51 – POP3 'RETR' SEH Buffer Overflow (0)
04-16: Jobberbase CMS 2.0 SQL Injection (0)
04-16: MailCarrier 2.51 RCPT TO Buffer Overflow (0)
04-16: MailCarrier 2.51 USER Buffer Overflow (0)
04-16: MailCarrier 2.51 LIST Buffer Overflow (0)
04-16: MailCarrier 2.51 TOP Buffer Overflow (0)
04-16: Cisco RV130W Routers Management Interface Remote Command Execution (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation (0)
04-16: [webapps] Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 – Login Page Cross-Site Scripting (0)
04-16: [local] Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) – Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV NtSetCachedSigningLevel Device Guard Bypass (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 / 1709 – CSRSS SxSSrv Cached Manifest Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation (0)
04-16: [webapps] Joomla Core 1.5.0 – 3.9.4 – Directory Traversal / Authenticated Arbitrary File Deletion (0)
04-16: [dos] AdminExpress 1.2.5 – 'Folder Path' Denial of Service (PoC) (0)
04-16: [dos] PCHelpWare V2 1.0.0.5 – 'SC' Denial of Service (PoC) (0)
04-16: [dos] PCHelpWare V2 1.0.0.5 – 'Group' Denial of Service (PoC) (0)
04-15: [dos] UltraVNC Launcher 1.2.2.4 – 'Path' Denial of Service (PoC) (0)
04-15: [webapps] DirectAdmin 1.561 – Multiple Vulnerabilities (0)
04-15: [remote] Cisco RV130W Routers – Management Interface Remote Command Execution (Metasploit) (0)
04-15: [shellcode] Linux/x86 – Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes) (0)
04-15: [dos] UltraVNC Viewer 1.2.2.4 – 'VNC Server' Denial of Service (PoC) (0)
04-15: [remote] MailCarrier 2.51 – POP3 'TOP' SEH Buffer Overflow (0)
04-15: [remote] MailCarrier 2.51 – POP3 'LIST' SEH Buffer Overflow (0)
04-15: [remote] MailCarrier 2.51 – POP3 'USER' Buffer Overflow (0)
04-15: [remote] CuteNews 2.1.2 – 'avatar' Remote Code Execution (Metasploit) (0)
04-15: [remote] RemoteMouse 3.008 – Arbitrary Remote Command Execution (0)
04-15: [shellcode] Linux/x86 – MMX-PUNPCKLBW Encoder Shellcode (61 bytes) (0)
04-15: [remote] MailCarrier 2.51 – 'RCPT TO' Buffer Overflow (0)
04-14: http://www.onep.go.th/by.htm (0)
04-13: Internet Explorer Zero-Day Lets Hackers Steal Files From Windows PCs (0)
04-13: CyberArk EPM 10.2.1.603 Security Restrictions Bypass (0)
04-13: ATutor file_manager Remote Code Execution (0)
04-13: DirectAdmin 1.561 Cross Site Scripting (0)
04-12: Microsoft Internet Explorer 11 XML Injection (0)
04-12: Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF (0)
04-12: Microsoft Windows Contact File Format Arbitary Code Execution (0)
04-12: [webapps] ATutor < 2.2.4 – 'file_manager' Remote Code Execution (Metasploit) (0)
04-12: [shellcode] Linux/x86 – Add User to Passwd File Shellcode (149 bytes) (0)
04-12: [local] Microsoft Internet Explorer 11 – XML External Entity Injection (0)
04-12: [local] CyberArk EPM 10.2.1.603 – Security Restrictions Bypass (0)
04-11: PHP 7.2 imagecolormatch() Out-Of-Band Heap Write (0)
04-11: Ashop Shopping Cart Software SQL Injection (0)
04-11: TP-LINK TL-WR940N / TL-WR941ND Buffer Overflow (0)
04-11: Loytec LGATE-902 XSS / Traversal / File Deletion (0)
04-11: EasyIO 30P Authentication Bypass / Cross Site Scripting (0)
04-11: Apache Axis 1.4 Remote Code Execution (0)
04-11: Microsoft Windows AppX Deployment Service Privilege Escalation (0)
04-11: Dell KACE Systems Management Appliance (K1000) 6.4.120756 Code Execution (0)
04-11: D-Link DI-524 2.06RU Cross Site Scripting (0)
04-11: FTPShell Server 6.83 Virtual Path Mapping Local Buffer Overflow (0)
04-11: FTPShell Server 6.83 Account Name To Ban Local Buffer Overflow (0)
04-11: NekoCMS 2.5 Database Disclosure (0)
04-11: Themosis Framework BookStore 1.3.0 Database Disclosure (0)
04-11: YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure (0)
04-11: Chrome FileChooserImpl Use-After-Free (0)
04-11: Horde Form Shell Upload (0)
04-10: Jobgator SQL Injection (0)
04-10: ShoreTel Connect ONSITE Cross Site Scripting / Session Fixation (0)
04-10: FlexHEX 2.71 Buffer Overflow (0)
04-10: Bolt CMS 3.6.6 Cross Site Request Forgery / Code Execution (0)
04-10: River Past Cam Do 3.7.6 Local Buffer Overflow (0)
04-10: WordPress Limit Login Attempts Reloaded 2.7.4 Bypass (0)
04-10: AllPlayer 7.4 SEH Buffer Overflow (0)
04-10: CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) Cross Site Scripting (0)
04-10: CARPE (DIEM) Apache 2.4.x Local Privilege Escalation (0)
04-10: [webapps] D-Link DI-524 V2.06RU – Multiple Cross-Site Scripting (0)
04-10: [local] FTPShell Server 6.83 – 'Virtual Path Mapping' Local Buffer (0)
04-10: [local] FTPShell Server 6.83 – 'Account name to ban' Local Buffer (0)
04-10: [webapps] Dell KACE Systems Management Appliance (K1000) 6.4.120756 – Unauthenticated Remote Code Execution (0)
04-09: [local] Microsoft Windows – AppX Deployment Service Privilege Escalation (0)
04-09: [remote] Apache Axis 1.4 – Remote Code Execution (0)
04-09: [webapps] Ashop Shopping Cart Software – 'bannedcustomers.php?blacklistitemid' SQL Injection (0)
04-09: [shellcode] Linux/x64 – XANAX Decoder Shellcode (127 bytes) (0)
04-09: [shellcode] Linux/x64 – XANAX Encoder Shellcode (127 bytes) (0)
04-09: [remote] TP-LINK TL-WR940N / TL-WR941ND – Buffer Overflow (0)
04-08: [local] Apache 2.4.17 < 2.4.38 – 'apache2ctl graceful' 'logrotate' Local Privilege Escalation (0)
04-08: [webapps] Bolt CMS 3.6.6 – Cross-Site Request Forgery / Remote Code Execution (0)
04-08: [webapps] Jobgator – 'experience' SQL Injection (0)
04-08: [local] FlexHEX 2.71 – SEH Buffer Overflow (Unicode) (0)
04-08: [webapps] ShoreTel Connect ONSITE < 19.49.1500.0 – Multiple Vulnerabilities (0)
04-08: [webapps] SaLICru -SLC-20-cube3(5) – HTML Injection (0)
04-08: [remote] QNAP Netatalk < 3.1.12 – Authentication Bypass (0)
04-08: [webapps] ManageEngine ServiceDesk Plus 9.3 – User Enumeration (0)
04-08: [local] Download Accelerator Plus (DAP) 10.0.6.0 – SEH Buffer Overflow (0)
04-08: [webapps] Tradebox CryptoCurrency – 'symbol' SQL Injection (0)
04-08: [webapps] WordPress Plugin Limit Login Attempts Reloaded 2.7.4 – Login Limit Bypass (0)
04-08: [webapps] CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) – Cross-Site Scripting (0)
04-08: [local] River Past Cam Do 3.7.6 – 'Activation Code' Local Buffer Overflow (0)
04-08: [local] AllPlayer 7.4 – SEH Buffer Overflow (Unicode) (0)
04-07: Arris Touchstone TG1672 Credential Disclosure (0)
04-07: Open-Xchange AppSuite 7.10.1 Information Disclosure / Improper Access Control (0)
04-07: WordPress Form Maker 1.13.2 Cross Site Request Forgery / Local File Inclusion (0)
04-07: NC450 1.5.0 Build 181022 Rel.3A033D Hardcoded Credentials (0)
04-06: Magic ISO Maker 5.5 Build 281 Denial Of Service (0)
04-06: Lupusec XT2 Plus Main Panel Shared Secrets / Secret Disclosure / CSRF (0)
04-06: WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery (0)
04-06: AIDA64 Extreme 5.99.4900 SEH Buffer Overflow (0)
04-06: Manage Engine ServiceDesk Plus 9.3 Privilege Escalation (0)
04-06: FreeSMS 2.1.2 SQL Injection (0)
04-06: WordPress 5.0.0 crop-image Shell Upload (0)
04-05: iScripts ReserveLogic SQL Injection (0)
04-05: Ashop Shopping Cart Software SQL Injection (0)
04-05: AIDA64 Business 5.99.4900 SEH Buffer Overflow (0)
04-05: PhreeBooks ERP 5.2.3 Arbitrary File Upload (0)
04-05: PhreeBooks ERP 5.2.3 Remote Command Execution (0)
04-05: Clinic Pro 4 SQL Injection (0)
04-05: TeemIp IPAM Command Injection (0)
04-05: Apache 2.4.38 Root Privilege Escalation (0)
04-05: Chrome 73.0.3683.86 Stable Proof Of Concept (0)
04-05: [remote] WordPress 5.0.0 – Crop-image Shell Upload (Metasploit) (0)
04-05: [webapps] WordPress Plugin Contact Form Maker 1.13.1 – Cross-Site Request Forgery (0)
04-05: [local] AIDA64 Extreme 5.99.4900 – 'Logging' SEH Buffer Overflow (0)
04-05: [webapps] Manage Engine ServiceDesk Plus 9.3 – Privilege Escalation (0)
04-04: [webapps] FreeSMS 2.1.2 – SQL Injection (Authentication Bypass) (0)
04-04: [local] AIDA64 Engineer 5.99.4900 – 'Load from file' Field Buffer Overflow (SEH) (0)
04-04: [dos] Magic ISO Maker 5.5(build 281) – 'Serial Code' Denial of Service (PoC) (0)
04-03: XNU Unsafe Pidversion Increment During Execve (0)
04-03: WebKitGTK+ ThreadedCompositor Race Condition (0)
04-03: Chrome V8TrustedTypePolicyOptions::ToImpl Type Confusion (0)
04-03: Chrome JSPromise::TriggerPromiseReactions Type Confusion (0)
04-03: Chrome ReadableStream Internal Object Leak (0)
04-03: Inout RealEstate SQL Injection (0)
04-03: Inout EasyRooms Ultimate Edition 1.0 SQL Injection (0)
04-03: WordPress PayPal Checkout Payment Gateway 1.6.8 Parameter Tampering (0)
04-03: AIDA64 Extreme Edition 5.99.4800 Buffer Overflow (0)
04-03: CMS Made Simple SQL Injection (0)
04-03: LimeSurvey Deserialization Remote Code Execution (0)
04-03: HP Color LaserJet CP4025 Printers 6.7.0.x Authentication Bypass (0)
04-03: HP Color LaserJet CP4525 Printers 6.7.0.x Authentication Bypass (0)
04-03: HP LaserJet 5200 HP LaserJet 5200 Authentication Bypass (0)
04-03: HP LaserJet P3015 Printers 6.7.0.x Authentication Bypass (0)
04-03: HP LaserJet P4014/P4015 Printers 6.7.0.x Authentication Bypass (0)
04-03: JioFi 4G M2S 1.0.2 Cross Site Request Forgery (0)
04-03: Coders Survey 3.4.10 Database Disclosure (0)
04-03: DataWrapper ProtoType 0.8 Database Disclosure (0)
04-03: Ektron CMS 9 Database Disclosure (0)
04-03: Mash Project Integrated 4.2.7.1 Database Disclosure (0)
04-03: Shinobi Security Software 1.0 Database Disclosure (0)
04-03: Directus Suite CMS 7.0.15 Database Disclosure (0)
04-03: Oracle Weblogic Server Deserialization RMI UnicastRef Remote Code Execution (0)
04-03: phpFileManager 1.7.8 Local File Inclusion (0)
04-03: [dos] SpiderMonkey – IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion) (0)
04-03: [dos] WebKitGTK+ – 'ThreadedCompositor' Race Condition (0)
04-03: [webapps] iScripts ReserveLogic – SQL Injection (0)
04-03: [dos] Google Chrome 72.0.3626.81 – 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion (0)
04-03: [webapps] Clinic Pro v4 – 'month' SQL Injection (0)
04-03: [dos] Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 – 'ReadableStream' Internal Object Leak Type Confusion (0)
04-03: [webapps] PhreeBooks ERP 5.2.3 – Arbitrary File Upload (0)
04-03: [remote] Cisco RV320 and RV325 – Unauthenticated Remote Code Execution (Metasploit) (0)
04-03: [remote] PhreeBooks ERP 5.2.3 – Remote Command Execution (0)
04-03: [webapps] Ashop Shopping Cart Software – SQL Injection (0)
04-03: [remote] TeemIp IPAM < 2.4.0 – 'new_config' Command Injection (Metasploit) (0)
04-03: [local] AIDA64 Business 5.99.4900 – SEH Buffer Overflow (EggHunter) (0)
04-03: [dos] WebKit JavaScriptCore – CodeBlock Dangling Watchpoints Use-After-Free (0)
04-03: [dos] WebKit JavaScriptCore – Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check (0)
04-03: [dos] iOS < 12.2 / macOS < 10.14.4 XNU – pidversion Increment During execve is Unsafe (0)
04-03: [dos] WebKit JavaScriptCore – 'createRegExpMatchesArray' Type Confusion (0)
04-03: [remote] Google Chrome 72.0.3626.96 / 74.0.3702.0 – 'JSPromise::TriggerPromiseReactions' Type Confusion (0)
04-02: https://hearing.dmf.go.th/q.htm (0)
04-02: [webapps] phpFileManager 1.7.8 – Local File Inclusion (0)
04-02: [webapps] Fiverr Clone Script 1.2.2 – SQL Injection / Cross-Site Scripting (0)
04-02: [local] AIDA64 Extreme Edition 5.99.4800 – Local SEH Buffer Overflow (0)
04-02: [webapps] CMS Made Simple < 2.2.10 – SQL Injection (0)
04-02: [webapps] LimeSurvey < 3.16 – Remote Code Execution (0)
04-02: [webapps] WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 – Parameter Tampering (0)
04-02: [webapps] JioFi 4G M2S 1.0.2 – Cross-Site Request Forgery (0)
04-02: [webapps] Inout EasyRooms – SQL Injection (0)
04-02: [webapps] Inout RealEstate – 'city' SQL Injection (0)
04-01: Packet Storm New Exploits For March, 2019 (0)
04-01: WordPress Feed Statistics 4.1 Open Redirection (0)
04-01: Classified Ad Lister 2.0 Arbitrary File Upload (0)
04-01: SphereFTP 2.0 Denial Of Service (0)
04-01: Zeuscart 3.0 User Detail Disclosure (0)
04-01: zipperSNAP 7.0.28 Directory Traversal (0)
04-01: zipperSNAP 7.0.28 Cross Site Scripting (0)
04-01: zStore 1.10 Cross Site Scripting (0)
04-01: WordPress Ultimate Member 2.0.38 Cross Site Request Forgery (0)
04-01: Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection (0)
04-01: https://www.labour.go.th/pwnd.txt (0)

March 2019 (347)

03-30: CentOS Web Panel 0.9.8.789 Cross Site Scripting (0)
03-30: Cisco RV320 / RV325 Unauthenticated Remote Code Execution (0)
03-29: Google Drops Zero Day On TP-Link Smart Home Routers (0)
03-29: Masch CMStudio Banners 8.6.1 Open Redirection (0)
03-29: WordPress Ultimate Form Builder 1.0 Database Disclosure (0)
03-29: Magento 2.3.0 SQL Injection (0)
03-29: Pydio 8 Command Execution / Cross Site Scripting (0)
03-29: Apple Security Advisory 2019-3-27-1 (0)
03-29: [webapps] CentOS Web Panel 0.9.8.789 – NameServer Field Persistent Cross-Site Scripting (0)
03-28: WordPress AND-AntiBounce 1.0.3 Open Redirection (0)
03-28: Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation (0)
03-28: WordPress WP-Forum 1.7.8 Database Disclosure (0)
03-28: SJS Simple Job Script SQL Injection / Cross Site Scripting (0)
03-28: Jettweb Php Hazir ilan Sitesi Scripti 2 SQL Injection (0)
03-28: Rukovoditel ERP And CRM 2.4.1 Cross Site Scripting (0)
03-28: XooGallery SQL Injection (0)
03-28: XooDigital SQL Injection (0)
03-28: Firefox Array.prototype.slice Buffer Overflow (0)
03-28: Jettweb Hazir Rent A Car Scripti 4 SQL Injection (0)
03-28: Joomla ARI Image Slider 2.2.0 Cross Site Request Forgery / Shell Upload (0)
03-28: Cisco RV320 Unauthenticated Configuration Export (0)
03-28: Cisco RV320 Unauthenticated Diagnostic Data Retrieval (0)
03-28: Cisco RV320 Command Injection (0)
03-28: Fat Free CRM 0.19.0 HTML Injection (0)
03-28: GnuTLS verify_crt() Use-After-Free (0)
03-28: SpiderMonkey IonMonkey Type Confusion (0)
03-28: Oracle Weblogic Server Deserialization Remote Code Execution (0)
03-28: CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution (0)
03-28: [dos] Microsoft Visio 2016 16.0.4738.1000 – 'Log in accounts' Denial of Service (0)
03-28: [remote] CMS Made Simple (CMSMS) Showtime2 – File Upload RCE (Metasploit) (0)
03-28: [webapps] Airbnb Clone Script – Multiple SQL Injection (0)
03-28: [remote] Oracle Weblogic Server Deserialization RCE – Raw Object (Metasploit) (0)
03-28: [webapps] WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 – Local File Inclusion (0)
03-28: [webapps] Fat Free CRM 0.19.0 – HTML Injection (0)
03-28: [webapps] Thomson Reuters Concourse & Firm Central < 2.13.0097 – Directory Traversal / Local File Inclusion (0)
03-28: [dos] gnutls 3.6.6 – 'verify_crt()' Use-After-Free (0)
03-28: [local] Base64 Decoder 1.1.2 – Local Buffer Overflow (SEH Egghunter) (0)
03-28: [webapps] Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 – 'arac_kategori_id' SQL Injection (0)
03-28: [webapps] Job Portal 3.1 – 'job_submit' SQL Injection (0)
03-28: [webapps] BigTree 4.3.4 CMS – Multiple SQL Injection (0)
03-28: [webapps] i-doit 1.12 – 'qr.php' Cross-Site Scripting (0)
03-28: [webapps] WordPress Plugin Loco Translate 2.2.1 – Local File Inclusion (0)
03-27: Titan FTP Server 2019 Build 3505 Directory Traversal (0)
03-27: [webapps] Jettweb Hazır Rent A Car Scripti V4 – SQL Injection (0)
03-26: Apple Security Advisory 2019-3-25-2 (0)
03-26: Apple Security Advisory 2019-3-25-7 (0)
03-26: Apple Security Advisory 2019-3-25-4 (0)
03-26: Apple Security Advisory 2019-3-25-3 (0)
03-26: Apple Security Advisory 2019-3-25-5 (0)
03-26: Apple Security Advisory 2019-3-25-1 (0)
03-26: Apple Security Advisory 2019-3-25-6 (0)
03-26: X-NetStat Pro 5.63 Local Buffer Overflow (0)
03-26: Jettweb PHP Hazir Haber Sitesi Scripti 1 SQL Injection (0)
03-26: WordPress Plugins Open Redirection 2019/03/25 (0)
03-26: Jettweb PHP Hazir Haber Sitesi Scripti 2 SQL Injection (0)
03-26: Jettweb PHP Hazir Haber Sitesi Scripti 3 SQL Injection (0)
03-26: VMware Host VMX Process Impersonation Hijack Privilege Escalation (0)
03-26: VMware Host VMX Process COM Class Hijack Privilege Escalation (0)
03-26: Zeeways Matrimony CMS SQL Injection (0)
03-26: Zeeways Jobsite CMS SQL Injection (0)
03-26: SPIP CMS 2.x / 3.x Add Administrator / File Upload (0)
03-26: PCMan FTP Server 2.0 CDUP Remote Buffer Overflow (0)
03-26: DASAN H660RM Information Disclosure / Hardcoded Key (0)
03-26: WordPress article2pdf 0.24 DoS / File Deletion / Disclosure (0)
03-26: Advanced Bash-Scripting Guide Code Execution (0)
03-26: [dos] Spidermonkey – IonMonkey Type Inference is Incorrect for Constructors Entered via OSR (0)
03-26: [dos] Microsoft Windows 7/2008 – 'Win32k' Denial of Service (PoC) (0)
03-26: [webapps] SJS Simple Job Script – SQL Injection / Cross-Site Scripting (0)
03-26: [webapps] Titan FTP Server Version 2019 Build 3505 – Directory Traversal / Local File Inclusion (0)
03-26: [webapps] XooDigital – 'p' SQL Injection (0)
03-26: [webapps] XooGallery – Multiple SQL Injection (0)
03-26: [webapps] Rukovoditel ERP & CRM 2.4.1 – 'path' Cross-Site Scripting (0)
03-26: [papers] JMX RMI – Multiple Applications Remote Code Execution (0)
03-26: [webapps] Jettweb Php Hazır İlan Sitesi Scripti V2 – SQL Injection (0)
03-26: [dos] Firefox < 66.0.1 – 'Array.prototype.slice' Buffer Overflow (0)
03-25: Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting (0)
03-25: TCPDF 6.2.19 Deserialization / Remote Code Execution (0)
03-25: [webapps] Zeeways Matrimony CMS – SQL Injection (0)
03-25: [webapps] Zeeways Jobsite CMS – 'id' SQL Injection (0)
03-25: [local] VMware Workstation 14.1.5 / VMware Player 15 – Host VMX Process COM Class Hijack Privilege Escalation (0)
03-25: [local] VMware Workstation 14.1.5 / VMware Player 15.0.2 – Host VMX Process Impersonation Hijack Privilege Escalation (0)
03-25: [webapps] Jettweb PHP Hazır Haber Sitesi Scripti V3 – SQL Injection (0)
03-25: [webapps] Jettweb PHP Hazır Haber Sitesi Scripti V1 – SQL Injection (0)
03-25: [webapps] Jettweb PHP Hazır Haber Sitesi Scripti V2 – SQL Injection (Authentication Bypass) (0)
03-25: [webapps] Apache CouchDB 2.3.1 – Cross-Site Request Forgery / Cross-Site Scripting (0)
03-25: [local] X-NetStat Pro 5.63 – Local Buffer Overflow (0)
03-23: Meeplace Business Review Script SQL Injection (0)
03-23: Inout Article Base CMS SQL Injection (0)
03-23: Matri4Web Matrimony Web Script SQL Injection (0)
03-23: WordPress Themes Open Redirection 2019/03/22 (0)
03-22: Netartmedia Vlog System SQL Injection (0)
03-22: snap seccomp TIOCSTI Blacklist Circumvention (0)
03-22: https://hrh.go.th/kurd.html (0)
03-22: [dos] snap – seccomp BBlacklist for TIOCSTI can be Circumvented (0)
03-22: [webapps] Inout Article Base CMS – SQL Injection (0)
03-22: [webapps] Meeplace Business Review Script – 'id' SQL Injection (0)
03-22: [webapps] Matri4Web Matrimony Website Script – Multiple SQL Injection (0)
03-21: Netartmedia Deals Portal SQL Injection (0)
03-21: Netartmedia PHP Car Dealer SQL Injection (0)
03-21: Netartmedia PHP Dating Site SQL Injection (0)
03-21: 202CMS 10beta SQL Injection (0)
03-21: Netartmedia PHP Business Directory 4.2 SQL Injection (0)
03-21: Netartmedia Jobs Portal 6.1 SQL Injection (0)
03-21: Netartmedia PHP Real Estate Agency 4.0 SQL Injection (0)
03-21: PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery (0)
03-21: PLC Wireless Router GPN2.4P21-C-CN Incorrect Access Control (0)
03-21: NetShareWatcher 1.5.8.0 Local SEH Buffer Overflow (0)
03-21: JFrog Artifactory Administrator Authentication Bypass (0)
03-21: NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash (0)
03-21: http://www.hadnangkaew.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.koktoom.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.nmtb.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.nondeangcity.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.tharttong.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.chongsammor.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.huay-ang.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kaengdinso.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kapangpolice.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.khamsomboon.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kohloi.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kokhan.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.nongphailom.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.saiyong-chaiwan.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.sama.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.t-nakham.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.talad.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.tambonbuayai.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.thanangnaew.go.th/activity/images/ph.hitachi.shtml (0)
03-21: [webapps] Bootstrapy CMS – Multiple SQL Injection (0)
03-21: [dos] Canarytokens 2019-03-01 – Detection Bypass (0)
03-20: MyBB Upcoming Events 1.32 Cross Site Scripting (0)
03-20: Netartmedia Real Estate Portal 5.0 SQL Injection (0)
03-20: Netartmedia Event Portal 2.0 SQL Injection (0)
03-20: Gila CMS 1.9.1 Cross Site Scripting (0)
03-20: Netartmedia PHP Mall 4.1 SQL Injection (0)
03-20: eNdonesia Portal 8.7 Iframe Injection / SQL Injection (0)
03-20: Chrome ExtensionsGuestViewMessageFilter Data Race (0)
03-20: Advanced Host Monitor 11.92 Beta Local Buffer Overflow (0)
03-20: Chrome FileSystemOperationRunner Use-After-Free (0)
03-20: Chrome MidiManagerWin Use-After-Free (0)
03-20: Microsoft Windows IE11 VBScript Execution Policy Bypass In MSHTML (0)
03-20: Chrome StoragePartitionService Double-Destruction Race (0)
03-20: JFrog Artifactory Pro 6.5.9 Signature Validation (0)
03-20: VBScript VbsErase Memory Corruption (0)
03-20: Microsoft Edge Flash click2play Bypass (0)
03-19: PHP MySQLi Database Class 2.9.2 SQL Injection (0)
03-19: CSZ CMS 1.2.1 Arbitrary File Upload (0)
03-19: WordPress FormCraft 2.0 CSRF / Shell Upload (0)
03-19: WinMPG Video Convert 9.3.5 Denial Of Service (0)
03-19: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service (0)
03-19: TheCarProject 2 SQL Injection (0)
03-19: Gitea 1.7.3 HTML Injection (0)
03-19: libseccomp Incorrect Compilation Of Arithmetic Comparisons (0)
03-19: exacqVision 9.8 Unquoted Service Path Privilege Escalation (0)
03-19: Jenkins ACL Bypass / Metaprogramming Remote Code Execution (0)
03-19: [webapps] Netartmedia Real Estate Portal 5.0 – SQL Injection (0)
03-19: [webapps] Netartmedia PHP Mall 4.1 – SQL Injection (0)
03-19: [local] Advanced Host Monitor 11.92 beta – Local Buffer Overflow (0)
03-19: [webapps] Netartmedia Event Portal 2.0 – 'Email' SQL Injection (0)
03-19: [webapps] eNdonesia Portal 8.7 – Multiple Vulnerabilities (0)
03-19: [webapps] Gila CMS 1.9.1 – Cross-Site Scripting (0)
03-19: [webapps] MyBB Upcoming Events Plugin 1.32 – Cross-Site Scripting (0)
03-18: [remote] BMC Patrol Agent – Privilege Escalation Code Execution Execution (Metasploit) (0)
03-18: [webapps] TheCarProject 2 – Multiple SQL Injection (0)
03-18: [dos] WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 – Denial of Service (0)
03-18: [dos] WinMPG Video Convert 9.3.5 – Denial of Service (0)
03-16: Laundry CMS SQL / Iframe Injection (0)
03-16: NetData 1.13.0 HTML Injection (0)
03-16: Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure (0)
03-16: CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload (0)
03-16: ICE HRM 23.0 SQL / Iframe Injection (0)
03-16: Mail Carrier 2.5.1 Buffer Overflow (0)
03-16: Moodle 3.4.1 Remote Code Execution (0)
03-16: BMC Patrol Agent Privilege Escalation / Command Execution (0)
03-16: Webmin 1.900 Upload Authenticated Remote Command Execution (0)
03-15: Root Cause Of The CVE-2019-0808 Kernel Privilege Escalation (0)
03-15: FTPGetter Standard 5.97.0.177 Remote Code Execution (0)
03-15: Pegasus CMS 1.0 Remote Code Execution (0)
03-15: Apache UNO API Remote Code Execution (0)
03-15: Proof Of Concept Code Published For Windows 7 Zero Day (0)
03-15: [webapps] Moodle 3.4.1 – Remote Code Execution (0)
03-15: [webapps] Vembu Storegrid Web Interface 4.4.0 – Multiple Vulnerabilities (0)
03-15: [webapps] ICE HRM 23.0 – Multiple Vulnerabilities (0)
03-15: [remote] Mail Carrier 2.5.1 – 'MAIL FROM' Buffer Overflow (0)
03-15: [webapps] NetData 1.13.0 – HTML Injection (0)
03-15: [webapps] CMS Made Simple Showtime2 Module 3.6.2 – Authenticated Arbitrary File Upload (0)
03-15: [webapps] Laundry CMS – Multiple Vulnerabilities (0)
03-14: Microsoft Windows MSHTML Engine Edit Remote Code Execution (0)
03-14: WordPress GraceMedia Media Player 1.0 Local File Inclusion (0)
03-14: pfSense 2.4.4-p1 (HAProxy Package 0.59_14) Cross Site Scripting (0)
03-14: Apache Tika Server Command Injection (0)
03-14: ntopng 3.8.190307 Community Edition Cross Site Scripting (0)
03-14: Intel Modular Server System 10.18 Cross Site Request Forgery (0)
03-14: [webapps] Pegasus CMS 1.0 – 'extra_fields.php' Plugin Remote Code Execution (0)
03-14: [webapps] Intel Modular Server System 10.18 – Cross-Site Request Forgery (Change Admin Password) (0)
03-14: [remote] Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API – Remote Code Execution (0)
03-14: [remote] FTPGetter Standard 5.97.0.177 – Remote Code Execution (0)
03-13: CoreFTP Server FTP / SFTP Server 2 Build 674 MDTM Directory Traversal (0)
03-13: WordPress WP Fastest Cache 0.8.9.0 Arbitrary File Deletion (0)
03-13: NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution (0)
03-13: Microsoft Windows .Reg File / Dialog Box Message Spoofing (0)
03-13: Core FTP 2.0 Build 653 PBSZ Denial Of Service (0)
03-13: PilusCart 1.4.1 Cross Site Request Forgery (0)
03-13: elFinder PHP Connector exiftran Command Injection (0)
03-13: Unpatched Windows Bug Allows Attackers To Spoof Security Dialog Boxes (0)
03-13: [webapps] WordPress Plugin GraceMedia Media Player 1.0 – Local File Inclusion (0)
03-13: [dos] Core FTP Server FTP / SFTP Server v2 Build 674 – 'MDTM' Directory Traversal (0)
03-13: [dos] Microsoft Windows – .reg File / Dialog Box Message Spoofing (0)
03-13: [dos] Core FTP Server FTP / SFTP Server v2 Build 674 – 'SIZE' Directory Traversal (0)
03-12: MeteoTemplate 17.1 Nectarine Diary 4.0 Open Redirection (0)
03-12: MeteoTemplate 17.1 Nectarine globalSnow 1.1 Open Redirection (0)
03-12: Meteotemplate 17.1 Nectarine indoorData 4.0 Open Redirection (0)
03-12: TeamCity Disabled Registration Bypass (0)
03-12: DirectAdmin 1.55 Cr