Archives
February 2023 (24)
- 02-08: Material Dashboard 2 SQL Injection (0)
- 02-08: 101news By Mayuri K 1.0 SQL Injection (0)
- 02-08: Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution (0)
- 02-08: Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution (0)
- 02-07: Windows Kernel Registry Virtualization Memory Corruption (0)
- 02-07: Android Binder VMA Management Security Issues (0)
- 02-07: Apache Tomcat On Ubuntu Log Init Privilege Escalation (0)
- 02-06: Apache Tomcat On Ubuntu Log Init Privilege Escalation (0)
- 02-04: Oracle Database 12.1.0.2 Spatial Component Privilege Escalation (0)
- 02-04: F5 Big-IP Create Administrative User (0)
- 02-04: macOS Dirty Cow Arbitrary File Write Local Privilege Escalation (0)
- 02-04: Lenovo Diagnostics Driver Memory Access (0)
- 02-03: https://division4.immigration.go.th/xx.html (0)
- 02-03: http://namphonsao.go.th (0)
- 02-02: Online Eyewear Shop 1.0 SQL Injection (0)
- 02-02: eCommerce Marketplace Platform CMS 1.7 Cross Site Scripting (0)
- 02-02: eCommerce Marketplace Platform CMS 1.7 SQL Injection (0)
- 02-02: vmwgfx Driver File Descriptor Handling Privilege Escalation (0)
- 02-02: io_uring Same Type Object Reuse Privilege Escalation (0)
- 02-02: Packet Storm New Exploits For January, 2023 (0)
- 02-01: mRemoteNG 1.76.20 Privilege Escalation (0)
- 02-01: PHPJabbers Auto Classifieds Script 3.2 Cross Site Scripting (0)
- 02-01: PHPJabbers Business Directory Script 3.2 Cross Site Scripting (0)
- 02-01: Control Web Panel Unauthenticated Remote Command Execution (0)
January 2023 (155)
- 01-31: PHPJabbers Property Listing Script 3.1 Cross Site Scripting (0)
- 01-31: PHPJabbers Property Listing Script 3.1 SQL Injection (0)
- 01-31: PHPJabbers Travel Tours Script 1.0 Cross Site Scripting (0)
- 01-31: PHPJabbers Travel Tours Script 1.0 SQL Injection (0)
- 01-31: PHPJabbers Event Ticketing System Script 1.0 Cross Site Scripting (0)
- 01-31: Zstore 6.6.0 Cross Site Scripting (0)
- 01-31: PHPJabbers Car Park Booking System 2.0 Cross Site Scripting (0)
- 01-31: Broadcast Signal Intrusion – Hacking Radio Stations (0)
- 01-30: http://www.hanghong.go.th/poop.php (0)
- 01-30: https://nsw1.go.th/freedom.php (0)
- 01-28: Apple Security Advisory 2023-01-24-1 (0)
- 01-28: PHPJabbers Car Rental Script 3.0 SQL Injection (0)
- 01-28: Micro Focus GroupWise Session ID Disclosure (0)
- 01-28: Razer Synapse 3.7.0731.072516 Local Privilege Escalation (0)
- 01-27: Secure Web Gateway 10.2.11 Cross Site Scripting (0)
- 01-26: Inout Music 5.1.1 SQL Injection (0)
- 01-26: Inout Jobs Portal 2.2.2 SQL Injection (0)
- 01-26: Inout Jobs Portal 2.2.2 Cross Site Scripting (0)
- 01-25: Apple Security Advisory 2023-01-23-1 (0)
- 01-25: Apple Security Advisory 2023-01-23-2 (0)
- 01-25: Apple Security Advisory 2023-01-23-3 (0)
- 01-25: Apple Security Advisory 2023-01-23-4 (0)
- 01-25: Apple Security Advisory 2023-01-23-5 (0)
- 01-25: Apple Security Advisory 2023-01-23-6 (0)
- 01-25: Apple Security Advisory 2023-01-23-7 (0)
- 01-25: Apple Security Advisory 2023-01-23-8 (0)
- 01-25: Inout Homestay 2.2 SQL Injection (0)
- 01-25: Inout Search Engine 10.1.3 Cross Site Scripting (0)
- 01-25: Cacti 1.2.22 Command Injection (0)
- 01-24: http://kuedchang.go.th (0)
- 01-24: http://kcph.go.th (0)
- 01-24: AmazCart Laravel Ecommerce System CMS 3.4 Cross Site Scripting (0)
- 01-24: Food Ordering System 2 Shell Upload (0)
- 01-24: Inout RealEstate 2.1.3 SQL Injection (0)
- 01-24: ERPGo SaaS 3.9 CSV Injection (0)
- 01-24: Active eCommerce CMS 6.5.0 Cross Site Scripting (0)
- 01-21: Inout Multi-Vendor Shopping Cart 3.2.3 Cross Site Scripting (0)
- 01-21: Inout Multi-Vendor Shopping Cart 3.2.3 SQL Injection (0)
- 01-21: ASKEY RTF3505VW-N1 Privilege Escalation (0)
- 01-21: wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read (0)
- 01-21: NetChess 2.1 Buffer Overflow (0)
- 01-21: OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation (0)
- 01-21: Patient Record Management System 1.0 Authentication Bypass (0)
- 01-21: Solaris 10 dtprintinfo / libXm / libXpm Security Issues (0)
- 01-21: Solaris 10 dtprintinfo Local Privilege Escalation (0)
- 01-20: http://www.bnk.go.th/f7xp.html (0)
- 01-20: SLIMS 9.5.2 Cross Site Scripting (0)
- 01-19: http://www.sdm.dmr.go.th/b.htm (0)
- 01-19: KesionCMS X 1.5 Add Administrator (0)
- 01-19: Yazilimi Jettweb Haber 3 SQL Injection (0)
- 01-19: xcash 1.5 Insecure Settings (0)
- 01-19: WordPress WPtouch Pro 3.0.9.1 Open Redirection (0)
- 01-19: WordPress WPtouch 3.8.2 Open Redirection (0)
- 01-19: Active Matrimonial CMS 3.6 SQL Injection (0)
- 01-19: WordPress WPtouch Pro 3.3.4 Open Redirection (0)
- 01-19: WordPress WPtouch 4.3.47 Open Redirection (0)
- 01-19: WordPress WPtouch 3.7.5 Open Redirection (0)
- 01-19: Zstore 6.5.4 Cross Site Scripting (0)
- 01-19: PHP Hazir Haber Sitesi Scripti 3 SQL Injection (0)
- 01-19: Active eCommerce CMS 6.5.0 SQL Injection (0)
- 01-19: Chrome JSNativeContextSpecialization::BuildElementAccess Bypass (0)
- 01-19: Jettweb Ready Rent A Car Script 4 Cross Site Scripting (0)
- 01-19: Ivanti Cloud Services Appliance (CSA) Command Injection (0)
- 01-18: Yuvan Education CRM 3.0 SQL Injection (0)
- 01-18: Infokart 1.1 SQL Injection (0)
- 01-18: Global Infotech CMS 1.0 SQL Injection (0)
- 01-18: Infobool 3.0 SQL Injection (0)
- 01-18: KesionCMS X 1.5.160902 Insecure Settings (0)
- 01-18: Inlislite 3.2 Insecure Settings (0)
- 01-18: Incrementer CMS 0.1 Insecure Settings (0)
- 01-18: Yazilimi Jettweb 3 Cross Site Scripting (0)
- 01-18: Active Matrimonial CMS 3.5 Insecure Settings (0)
- 01-18: Citrix Workspace App For Linux 2212 Credential Leak (0)
- 01-18: XNU VM Copy-On-Write Bypass (0)
- 01-18: XNU vm_map_copy_overwrite_unaligned Race Condition (0)
- 01-18: BootCommerce 3.2.1 Cross Site Scripting (0)
- 01-18: BootCommerce 3.2.1 SQL Injection (0)
- 01-18: LISTSERV 17 Cross Site Scripting (0)
- 01-18: LISTSERV 17 Insecure Direct Object Reference (0)
- 01-17: http://www.webiad.moe.go.th/locked.txt (0)
- 01-15: http://www.research.doae.go.th/tak_ash4.htm (0)
- 01-14: http://www.plan.doae.go.th/tak_ash4.htm (0)
- 01-13: Laravel 9.47.0 Information Disclosure (0)
- 01-13: Global Education And Technoworld 4.1 Backup Disclosure (0)
- 01-13: WordPress Profile Builder 3.0.5 SQL Injection (0)
- 01-13: WordPress Slider Revolution 3.0.8 Directory Traversal (0)
- 01-13: WordPress Slider Revolution 4.1.2 Directory Traversal (0)
- 01-13: WordPress Slider Revolution 4.1.3 Directory Traversal (0)
- 01-13: WordPress Slider Revolution 4.6.5 Directory Traversal (0)
- 01-13: WordPress Slider Revolution 4.9.2 Directory Traversal (0)
- 01-13: WordPress Slider Revolution 4.x.x Shell Upload (0)
- 01-13: ChiKoi New-MVC-SHOP 1.0 Cross Site Scripting (0)
- 01-13: Academy LMS 5.11 Cross Site Scripting (0)
- 01-13: WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free (0)
- 01-13: libCoreEntitlements CEContextQuery Arbitrary Entitlement Returns (0)
- 01-12: Windows Kernel NtNotifyChangeMultipleKeys Use-After-Free (0)
- 01-12: Gold Filled CRM 2.0 Arbitrary File Upload (0)
- 01-12: Online Food Ordering System 2.0 SQL Injection (0)
- 01-12: 2ad Guestbook 2.0 Database Disclosure (0)
- 01-12: Blesta 5.4.1 Insecure Settings (0)
- 01-12: Deprixa Pro 7.5 Insecure Settings (0)
- 01-12: ChiKoi 1.0 SQL Injection (0)
- 01-12: Flex 5.22 Insecure Settings (0)
- 01-12: Foloosi Shopping 5.5.7 Insecure Settings (0)
- 01-12: Online Food Ordering System 2.0 Shell Upload (0)
- 01-12: eCart Web 5.0.0 Cross Site Scripting (0)
- 01-11: CMS Global-PC Technology 1.0 Insecure Settings (0)
- 01-11: Concepts Informatics CMS 7 SQL Injection (0)
- 01-11: eCart Multi Vendor eCommerce System 1.x Insecure Settings (0)
- 01-11: eCart Web 4.0.0 Insecure Settings (0)
- 01-11: ERPGo SaaS CRM 3.3 Arbitrary File Upload (0)
- 01-11: Medisense-Healthcare Solutions CRM 2.0 Cross Site Request Forgery (0)
- 01-11: Tiki Wiki CMS Groupware 25.0 Cross Site Scripting (0)
- 01-11: Online Food Ordering System 2.0 Cross Site Scripting (0)
- 01-11: Linux khugepaged Race Conditions (0)
- 01-11: WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls (0)
- 01-10: ADMINA BULGARIA Ltd 1.0 SQL Injection (0)
- 01-10: AdminSeg 2.15 Insecure Direct Object Reference (0)
- 01-10: BDWeb-Link LMS 1.11.5 Insecure Direct Object Reference (0)
- 01-10: Corpatech CMS 2 SQL Injection (0)
- 01-10: Dcastalia CMS 1.2 Insecure Direct Object Reference (0)
- 01-10: Deprixa Pro CMS 3.2.5 Insecure Settings (0)
- 01-10: WordPress Slider Revolution 4.6.5 Shell Upload (0)
- 01-10: WordPress Mega Main Menu 2.2.2 Information Disclosure (0)
- 01-10: Online Food Ordering System 2.0 Shell Upload (0)
- 01-10: Online Food Ordering System 2.0 SQL Injection (0)
- 01-10: Arm Mali CSF KBASE_REG_NO_USER_FREE Unsafe Use Use-After-Free (0)
- 01-10: Linux 4.10 Use-After-Free (0)
- 01-10: MOV.AI Robotics Engine 2.2.3-3 Cross Site Scripting (0)
- 01-10: Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery (0)
- 01-10: Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution (0)
- 01-10: Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection (0)
- 01-10: Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection (0)
- 01-09: Control Web Panel 7 Remote Code Execution (0)
- 01-09: Excel Net Computer Institute 4.1 SQL Injection (0)
- 01-09: Eatself 1.1.5 SQL Injection (0)
- 01-09: Linux videobuf2 Use-After-Free (0)
- 01-06: Rackspace Blames Ransomware Woes On Zero-Day Attack (0)
- 01-06: Linear eMerge E3-Series Access Controller Command Injection (0)
- 01-06: Oracle Database Vault Metadata Exposure (0)
- 01-06: Linux videobuf2 Use-After-Free (0)
- 01-05: Oracle Database Vault Metadata Exposure (0)
- 01-05: http://www.nokmuang.go.th (0)
- 01-04: Linux PT_SUSPEND_SECCOMP Permission Bypass / Ptracer Death Race (0)
- 01-04: Oracle DBMS_REDACT Dynamic Data Masking Bypass (0)
- 01-04: Nexxt Router Firmware 42.103.1.5095 Remote Code Execution (0)
- 01-03: Oracle DBMS_REDACT Dynamic Data Masking Bypass (0)
- 01-03: BDWeb-Link LMS 1.11.5 SQL Injection (0)
- 01-03: SugarCRM Shell Upload (0)
- 01-03: Oracle Unified Audit Policy Bypass (0)
- 01-03: crewjam/saml Signature Bypass (0)
- 01-03: Chrome Synchronous Mojo Use-After-Free (0)
- 01-03: Packet Storm New Exploits For December, 2022 (0)
- 01-03: Packet Storm New Exploits For 2022 (0)
- 01-02: Packet Storm New Exploits For 2022 (0)
December 2022 (134)
- 12-30: ProLink PRS1841 Backdoor Account (0)
- 12-30: Hughes Satellite Router Remote File Inclusion Cross Frame Scripting (0)
- 12-29: Hughes Satellite Router Remote File Inclusion Cross Frame Scripting (0)
- 12-29: https://www.ppao.go.th/a.htm (0)
- 12-29: http://www.sangkhacity.go.th (0)
- 12-28: ProLink PRS1841 PLDT Router Backdoor (0)
- 12-28: Student Attendance Management System 1.0 SQL Injection (0)
- 12-28: Active Ecommerce CMS 6.4.0 Backdoor Account (0)
- 12-28: Botble 5.28.3 Backdoor Account (0)
- 12-28: Car Dealer Pro 2.01 Backdoor Account (0)
- 12-28: Consultine Consulting Business And Finance Website CMS 1.8 Backdoor Account (0)
- 12-28: Courier Deprixa 2.5 Backdoor Account (0)
- 12-28: Enlightenment 0.25.3 Privilege Escalation (0)
- 12-27: Enlightenment 0.25.3 Privilege Escalation (0)
- 12-24: Stock Management System 2022 1.0 From Erick Cesar SQL Injection (0)
- 12-24: WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload (0)
- 12-24: OpenTSDB 2.4.0 Command Injection (0)
- 12-24: http://ecase.dopa.go.th (0)
- 12-24: http://khamyai-ks.go.th/public/ (0)
- 12-24: http://khaokhlung.go.th/public/dz.php (0)
- 12-24: http://sukhothaipao.go.th/public/ (0)
- 12-24: http://khaochangum.go.th/public/ (0)
- 12-23: OpenTSDB 2.4.0 Command Injection (0)
- 12-22: Senayan Library Management System 9.2.2 Cross Site Scripting (0)
- 12-22: Senayan Library Management System 9.2.2 SQL Injection (0)
- 12-22: 4images 1.9 Remote Command Execution (0)
- 12-22: Eclipse Business Intelligence Reporting Tool 4.11.0 Remote Code Execution (0)
- 12-22: Apple Security Advisory 2022-12-13-1 (0)
- 12-22: Apple Security Advisory 2022-12-13-2 (0)
- 12-22: Apple Security Advisory 2022-12-13-3 (0)
- 12-22: Apple Security Advisory 2022-12-13-4 (0)
- 12-22: Apple Security Advisory 2022-12-13-5 (0)
- 12-22: Apple Security Advisory 2022-12-13-6 (0)
- 12-22: Apple Security Advisory 2022-12-13-7 (0)
- 12-22: Apple Security Advisory 2022-12-13-8 (0)
- 12-22: Apple Security Advisory 2022-12-13-9 (0)
- 12-21: Senayan Library Management System 9.2.1 Cross Site Scripting (0)
- 12-21: Senayan Library Management System 9.2.1 SQL Injection (0)
- 12-20: Senayan Library Management System 9.2.1 SQL Injection (0)
- 12-20: Senayan Library Management System 9.1.1 Cross Site Scripting (0)
- 12-20: Senayan Library Management System 9.1.1 SQL Injection (0)
- 12-20: Senayan Library Management System 9.2.0 Cross Site Scripting (0)
- 12-20: Senayan Library Management System 9.2.0 SQL Injection (0)
- 12-20: http://tambontungpha.go.th (0)
- 12-20: http://www.kkpao.go.th/kkpao_plan/images/banner/ownz4.JPG (0)
- 12-20: http://web.kalasin3.go.th/web/members_pic/i2iskiness452.jpg (0)
- 12-19: Senayan Library Management System 9.2.0 SQL Injection (0)
- 12-18: http://pattani1.go.th/izy.txt (0)
- 12-17: Bangresta 1.0 SQL Injection (0)
- 12-17: http://muangchan.sisaket.police.go.th/readme.html (0)
- 12-16: Bangresta 1.0 SQL Injection (0)
- 12-16: Syncovery For Linux Web-GUI Authenticated Remote Command Execution (0)
- 12-16: Acronis TrueImage XPC Privilege Escalation (0)
- 12-16: SOUND4 Server Service 4.1.102 Local Privilege Escalation (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Cross Site Request Forgery (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Authorization Bypass (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Insufficient Session Expiration (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Disconnect Webmonitor User Denial Of Service (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x password SQL Injection (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x username SQL Injection (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ICMP Flood Attack (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Hardcoded Credentials (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Directory Traversal / File Write (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Persistent Cross Site Scripting (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Information Disclosure (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x dns.php Command Injection (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Radio Steam Disclosure (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ping.php Command Injection (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated File Disclosure (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x services Command Injection (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x password Command Injection (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x username Command Injection (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x traceroute.php Conditional Command Injection (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution (0)
- 12-16: SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated Factory Reset (0)
- 12-15: http://mnoi.takesa2.go.th/file_editor/ww.jpg (0)
- 12-15: Shoplazza 1.1 Cross Site Scripting (0)
- 12-15: Backdoor.Win32.InCommander.17.b MVID-2022-0665 Hardcoded Credentials (0)
- 12-15: Ransom.Win64.AtomSilo MVID-2022-0666 Cryptography Logic Flaw (0)
- 12-15: Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection (0)
- 12-15: SAP@ Host Agent Privilege Escalation (0)
- 12-14: SAP@ Host Agent Privilege Escalation (0)
- 12-13: CANAL+ / Microsoft PlayReady Cryptography Shortcomings / Authorization Bypass (0)
- 12-13: Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) MVID-2022-0664 Insecure Proprietary Password Encryption (0)
- 12-13: Judging Management System 1.0 SQL Injection (0)
- 12-13: Judging Management System 1.0 Shell Upload (0)
- 12-13: https://palm.dit.go.th/net.html (0)
- 12-11: http://nongbua.nfe.go.th/ok.htm (0)
- 12-10: Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS (0)
- 12-10: Delta Electronics DVW-W02W2-E2 2.42 Command Injection (0)
- 12-10: Planet eStream Code Execution / SQL Injection / XSS / Broken Control (0)
- 12-10: snap-confine must_mkdir_and_open_with_perms() Race Condition (0)
- 12-10: Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks (0)
- 12-10: Intel Data Center Manager 5.1 Local Privilege Escalation (0)
- 12-10: Intel Data Center Manager 4.1 SQL Injection (0)
- 12-10: ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect (0)
- 12-10: Senayan Library Management System 9.4.0 Cross Site Scripting (0)
- 12-10: Senayan Library Management System 9.0.0 Cross Site Scripting (0)
- 12-10: Senayan Library Management System 9.0.0 SQL Injection (0)
- 12-10: Senayan Library Management System 9.1.0 SQL Injection (0)
- 12-10: Spitfire CMS 1.0.475 PHP Object Injection (0)
- 12-09: ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect (0)
- 12-09: https://office.cpd.go.th/area2/ (0)
- 12-09: Windows HTTP.SYS Kerberos PAC Verification Bypass / Privilege Escalation (0)
- 12-08: pixman pixman_sample_floor_y Integer Overflow (0)
- 12-08: py7zr 0.20.0 Directory Traversal (0)
- 12-08: SentinelOne sentinelagent 22.3.2.5 Privilege Escalation (0)
- 12-08: http://nites.ayutthaya2.go.th/oni.html (0)
- 12-08: http://financial.ayutthaya2.go.th/oni.html (0)
- 12-08: http://director.ayutthaya2.go.th/oni.html (0)
- 12-08: http://ita.ayutthaya2.go.th/oni.html (0)
- 12-08: http://itaaya2.ayutthaya2.go.th/oni.html (0)
- 12-08: http://lawyer.ayutthaya2.go.th/oni.html (0)
- 12-08: http://pattana.ayutthaya2.go.th/oni.html (0)
- 12-08: http://planning.ayutthaya2.go.th/oni.html (0)
- 12-07: SentinelOne sentinelagent 22.3.2.5 Privilege Escalation (0)
- 12-07: https://ecd.police.go.th/Fighter.html (0)
- 12-07: Senayan Library Management System 9.5.1 SQL Injection (0)
- 12-07: VMware vCenter vScalation Privilege Escalation (0)
- 12-06: Zillya Total Security 3.0.2367.0 / 3.0.2368.0 Local Privilege Escalation (0)
- 12-06: Automotive Shop Management System 1.0 SQL Injection (0)
- 12-06: Drupal H5P Module 2.0.0 Zip Slip Traversal (0)
- 12-05: Drupal H5P Module 2.0.0 Zip Slip Traversal (0)
- 12-05: http://audit.ayutthaya2.go.th/oni.html (0)
- 12-05: http://ict.ayutthaya2.go.th/oni.html (0)
- 12-03: IBM Websphere Application Server 7.0 Cross Site Scripting (0)
- 12-03: Backdoor.Win32.Delf.gj MVID-2022-0663 Information Disclosure (0)
- 12-03: Packet Storm New Exploits For November, 2022 (0)
- 12-02: Browser Zero Days Linked To Commercial IT Firm In Spain (0)
- 12-01: Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection (0)
- 12-01: OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption (0)
- 12-01: Microsoft Exchange ProxyNotShell Remote Code Execution (0)
- 12-01: perfSONAR 4.4.4 Open Proxy / Relay (0)
- 12-01: perfSONAR 4.4.5 Cross Site Request Forgery (0)
November 2022 (102)
- 11-30: Concrete CMS 9.1.3 XPATH Injection (0)
- 11-30: Remote Control Collection Remote Code Execution (0)
- 11-29: vBulletin 5.5.2 PHP Object Injection (0)
- 11-27: http://r10.ldd.go.th/0x.html (0)
- 11-26: XNU Dangling PTE Entry (0)
- 11-26: XNU vm_object Use-After-Free (0)
- 11-26: Chrome blink::LocalFrameView::PerformLayout Use-After-Free (0)
- 11-26: Sanitization Management System 1.0 SQL Injection (0)
- 11-26: Helmet Store Showroom 1.0 SQL Injection (0)
- 11-26: Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL (0)
- 11-26: Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw (0)
- 11-26: Backdoor.Win32.Autocrat.b MVID-2022-0660 Weak Hardcoded Credential (0)
- 11-25: Ecommerce 1.0 Cross Site Scripting / Open Redirect (0)
- 11-25: F5 BIG-IP iControl Remote Command Execution (0)
- 11-24: F5 BIG-IP iControl Remote Command Execution (0)
- 11-24: Backdoor.Win32.Serman.a MVID-2022-0659 Unauthenticated Open Proxy (0)
- 11-22: Trojan.Win32.Platinum.gen MVID-2022-0657 Code Execution (0)
- 11-22: ClicShopping 3.402 Cross Site Scripting (0)
- 11-22: ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service (0)
- 11-22: Backdoor.Win32.Oblivion.01.a MVID-2022-0658 Insecure Transit (0)
- 11-22: WordPress BeTheme 26.5.1.4 PHP Object Injection (0)
- 11-22: ZTE ZXHN-H108NS Authentication Bypass (0)
- 11-22: Microsoft Outlook 2019 16.0.12624.20424 Out-Of-Bounds Read (0)
- 11-22: Microsoft Outlook 2019 16.0.13231.20262 Remote Code Execution (0)
- 11-22: Boa Web Server 0.94.13 / 0.94.14 Authentication Bypass (0)
- 11-22: Roxy Fileman 1.4.6 Remote Shell Upload (0)
- 11-22: F5 BIG-IP iControl Cross Site Request Forgery (0)
- 11-22: ChurchInfo 1.2.13-1.3.0 Remote Code Execution (0)
- 11-19: AppleAVD deallocateKernelMemoryInternal Missing Surface Lock (0)
- 11-19: AppleAVD AppleAVDUserClient::decodeFrameFig Memory Corruption (0)
- 11-19: https://naluangsen.go.th/fine.html (0)
- 11-18: Gitea Git Fetch Remote Code Execution (0)
- 11-18: http://tpso4.m-society.go.th/bdkr.htm (0)
- 11-17: Gitea Git Fetch Remote Code Execution (0)
- 11-17: Internet Download Manager 6.41 Build 3 Man-In-The-Middle (0)
- 11-17: Backdoor.Win32.Quux MVID-2022-0656 Hardcoded Credential (0)
- 11-17: Revenue Collection System 1.0 SQL Injection / Remote Code Execution (0)
- 11-17: Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass (0)
- 11-16: VMware NSX Manager XStream Unauthenticated Remote Code Execution (0)
- 11-16: Cisco Secure Email Gateway Malware Detection Evasion (0)
- 11-16: WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery (0)
- 11-16: Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass (0)
- 11-16: BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection (0)
- 11-16: Payara Platform Path Traversal (0)
- 11-16: Apple Security Advisory 2022-11-09-1 (0)
- 11-16: Apple Security Advisory 2022-11-09-2 (0)
- 11-15: Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution (0)
- 11-15: libxml2 Attribute Parsing Double-Free (0)
- 11-15: libxml2 xmlParseNameComplex Integer Overflow (0)
- 11-15: Node-saml Root Element Signature Bypass (0)
- 11-15: https://www.kohsichang.go.th/vz.txt (0)
- 11-12: Open Web Analytics 1.7.3 Remote Code Execution (0)
- 11-12: IOTransfer 4 Unquoted Service Path (0)
- 11-12: CVAT 2.0 Server-Side Request Forgery (0)
- 11-12: SmartRG Router SR510n 2.6.13 Remote Code Execution (0)
- 11-12: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal (0)
- 11-12: MSNSwitch Firmware MNT.2408 Remote Code Execution (0)
- 11-11: Windows Kernel Long Registry Path Memory Corruption (0)
- 11-11: HEUR:Trojan.MSIL.Agent.gen MVID-2022-0654 Information Disclosure (0)
- 11-11: Windows Kernel Long Registry Key / Value Out-Of-Bounds Read (0)
- 11-11: Backdoor.Win32.Aphexdoor.LiteSock MVID-2022-0653 Buffer Overflow (0)
- 11-11: Chrome password_manager::WellKnownChangePasswordState::SetChangePasswordResponseCode Use-After-Free (0)
- 11-11: [remote] SmartRG Router SR510n 2.6.13 – RCE (Remote Code Execution) (0)
- 11-11: [local] IOTransfer V4 – Unquoted Service Path (0)
- 11-11: [remote] AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 – Path Traversal (0)
- 11-11: [remote] MSNSwitch Firmware MNT.2408 – Remote Code Exectuion (RCE) (0)
- 11-11: [webapps] CVAT 2.0 – SSRF (Server Side Request Forgery) (0)
- 11-11: [webapps] Open Web Analytics 1.7.3 – Remote Code Execution (RCE) (0)
- 11-10: http://bankoksuwan.go.th/p.htm (0)
- 11-10: http://www.thungyai-ssk.go.th/p.htm (0)
- 11-10: WordPress Blog2Social 6.9.11 Missing Authorization (0)
- 11-10: Microsoft Squashes 6 Security Bugs Already Exploited In The Wild (0)
- 11-09: Forma SPOT-LMS 3.2.1 Cross Site Scripting (0)
- 11-09: Forma SPOT-LMS 3.2.1 Cross Site Scripting (0)
- 11-09: Windows Kernel Type Confusion Memory Corruption (0)
- 11-09: Windows Kernel Type Confusion Memory Corruption (0)
- 11-09: http://lpa.nfe.go.th/net.html (0)
- 11-08: Apple Security Advisory 2022-11-01-1 (0)
- 11-08: Windows Kernel Registry Use-After-Free (0)
- 11-07: http://lansakae.go.th (0)
- 11-05: Senayan Library Management System 9.5.0 SQL Injection (0)
- 11-05: WebKit HTMLSelectElement Use-After-Free (0)
- 11-04: Automated Tank Gauge (ATG) Remote Configuration Disclosure (0)
- 11-03: http://korat4.go.th/zah.txt (0)
- 11-03: http://ssd.go.th/read.html (0)
- 11-03: Webmin 1.984 File Manager Remote Code Execution (0)
- 11-03: FLIR AX8 1.46.16 Remote Command Injection (0)
- 11-03: Apache CouchDB Erlang Remote Code Execution (0)
- 11-02: Packet Storm New Exploits For October, 2022 (0)
- 11-02: https://www.dwf-lampang.go.th/fine.html (0)
- 11-01: Ecommerce CodeIgniter Bootstrap 1.0 Cross Site Scripting (0)
- 11-01: wolfSSL Buffer Overflow (0)
- 11-01: Train Scheduler App 1.0 Insecure Direct Object Reference (0)
- 11-01: Simple Cold Storage Management System 1.0 SQL Injection (0)
- 11-01: Leeloo Multipath Authorization Bypass / Symlink Attack (0)
- 11-01: Apple Security Advisory 2022-10-27-9 (0)
- 11-01: Apple Security Advisory 2022-10-27-10 (0)
- 11-01: Apple Security Advisory 2022-10-27-11 (0)
- 11-01: Apple Security Advisory 2022-10-27-12 (0)
- 11-01: Apple Security Advisory 2022-10-27-13 (0)
- 11-01: Apple Security Advisory 2022-10-27-14 (0)
- 11-01: Apple Security Advisory 2022-10-27-15 (0)
October 2022 (124)
- 10-31: Apple Security Advisory 2022-10-24-1 (0)
- 10-31: Apple Security Advisory 2022-10-24-2 (0)
- 10-31: Apple Security Advisory 2022-10-24-3 (0)
- 10-31: Apple Security Advisory 2022-10-24-4 (0)
- 10-31: Apple Security Advisory 2022-10-24-5 (0)
- 10-31: Apple Security Advisory 2022-10-24-6 (0)
- 10-31: Apple Security Advisory 2022-10-24-7 (0)
- 10-31: Apple Security Advisory 2022-10-27-1 (0)
- 10-31: Apple Security Advisory 2022-10-27-2 (0)
- 10-31: Apple Security Advisory 2022-10-27-3 (0)
- 10-31: Apple Security Advisory 2022-10-27-4 (0)
- 10-31: Apple Security Advisory 2022-10-27-5 (0)
- 10-31: Apple Security Advisory 2022-10-27-6 (0)
- 10-31: Apple Security Advisory 2022-10-27-7 (0)
- 10-31: Apple Security Advisory 2022-10-27-8 (0)
- 10-29: Siemens APOGEE PXC / TALON TC Authentication Bypass (0)
- 10-28: https://tamkrataitong.go.th (0)
- 10-28: Vagrant Synced Folder Vagrantfile Breakout (0)
- 10-27: ERP Sankhya 4.13.x Cross Site Scripting (0)
- 10-27: Dinstar FXO Analog VoIP Gateway DAG2000-16O Cross Site Scripting (0)
- 10-27: http://kalasin.nfe.go.th/bdkr.htm (0)
- 10-26: Apple Releases Patch For iPhone And iPad Zero Day (0)
- 10-26: ZKTeco ZEM500-510-560-760 / ZEM600-800 / ZEM720 / ZMM Missing Authentication (0)
- 10-26: GLPI 10.0.2 Command Injection (0)
- 10-25: Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass (0)
- 10-25: Pega Platform 8.7.3 Remote Code Execution (0)
- 10-25: Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution (0)
- 10-25: Backdoor.Win32.Psychward.10 MVID-2022-0651 Remote Command Execution (0)
- 10-23: http://wangrongyai.go.th (0)
- 10-23: http://nongfan.go.th (0)
- 10-23: http://donlocal.go.th (0)
- 10-23: http://muangnat.go.th (0)
- 10-23: http://dongklang.go.th (0)
- 10-23: http://nongbuawnoi.go.th (0)
- 10-22: https://www.donwaicity.go.th/read.txt (0)
- 10-21: Chrome offline_items_collection::OfflineContentAggregator::OnItemRemoved Heap Buffer Overflow (0)
- 10-21: Cisco Jabber XMPP Stanza Smuggling (0)
- 10-21: Chrome AccountSelectionBubbleView::OnAccountImageFetched Heap Use-After-Free (0)
- 10-21: Zimbra Collaboration Suite TAR Path Traversal (0)
- 10-20: https://npt-2.go.th (0)
- 10-20: AVS Audio Converter 10.3 Stack Overflow (0)
- 10-20: Zimbra Privilege Escalation (0)
- 10-20: Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass (0)
- 10-18: Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection (0)
- 10-18: Joomla OSG Courts Reservation 1.4.9 SQL Injection (0)
- 10-18: Knap Advanced PHP Login 3.1.3 Cross Site Scripting (0)
- 10-18: Vicidial 2.14-783a Cross Site Scripting (0)
- 10-18: Garage Management System 1.0 Cross Site Scripting (0)
- 10-18: Stripe Green Downloads 2.03 Cross Site Scripting (0)
- 10-18: WordPress ImageMagick-Engine 1.7.4 Remote Code Execution (0)
- 10-18: Windows Kernel Registry Subkey Lists Integer Overflow (0)
- 10-18: MapTool 1.11.5 Denial Of Service (0)
- 10-18: MapTool 1.11.5 Cross Site Scripting (0)
- 10-18: Joomla Vik Appointments 1.7.3 Cross Site Scripting (0)
- 10-18: MiniDVBLinux 5.4 Configuration Download (0)
- 10-18: MiniDVBLinux 5.4 SVDRP Control (0)
- 10-18: MiniDVBLinux 5.4 Change Root Password (0)
- 10-18: Backdoor.Win32.DarkSky.23 MVID-2022-0648 Buffer Overflow (0)
- 10-18: MiniDVBLinux 5.4 Unauthenticated Stream Disclosure (0)
- 10-18: Webile 1.0.1 Directory Traversal (0)
- 10-18: Spring Cloud Gateway 3.1.0 Remote Code Execution (0)
- 10-18: pfSense pfBlockerNG 2.1.4_26 Shell Upload (0)
- 10-18: MiniDVBLinux 5.4 Remote Root Command Injection (0)
- 10-18: Backdoor.Win32.Redkod.d MVID-2022-0649 Hardcoded Credential (0)
- 10-18: WiFi File Transfer 1.0.8 Cross Site Scripting (0)
- 10-18: MiniDVBLinux 5.4 Remote Root Command Execution (0)
- 10-18: WordPress Photo Gallery 1.8.0 Cross Site Scripting (0)
- 10-18: MiniDVBLinux 5.4 Arbitrary File Read (0)
- 10-18: Apple Security Advisory 2022-10-10-1 (0)
- 10-18: Apple Music Android Application 3.10.2 Man-In-The-Middle (0)
- 10-17: [webapps] Wordpress Plugin ImageMagick-Engine 1.7.4 – Remote Code Execution (RCE) (Authenticated) (0)
- 10-13: http://kaokum.go.th/m6.htm (0)
- 10-13: http://wianglocal.go.th/m6.htm (0)
- 10-11: macOS 12.3.1 Local Root (0)
- 10-11: Zentao Project Management System 17.0 Remote Code Execution (0)
- 10-11: Crealogix EBICS Cross Site Scripting (0)
- 10-11: Web Based Student Clearance 1.0 Shell Upload (0)
- 10-11: Joomla Vik Rent Car 1.14 Cross Site Scripting (0)
- 10-11: WordPress / Joomla JReviews 4.1.5 Cross Site Scripting (0)
- 10-11: WordPress eCommerce Product Catalog 3.0.70 Cross Site Scripting (0)
- 10-11: Online Shopping System Advanced 1.0 SQL Injection (0)
- 10-11: Linux munmap() Race Condition / Use-After-Free (0)
- 10-08: WordPress Zephyr Project Manager 3.2.42 SQL Injection (0)
- 10-08: Joomla Vik Booking 1.15.0 Cross Site Scripting (0)
- 10-07: Joomla JoomBri Freelance 4.5.0 Cross Site Scripting (0)
- 10-07: Joomla JoomBri Careers 3.3.0 Cross Site Scripting (0)
- 10-07: Linux 3.19 anon_vma Use-After-Free (0)
- 10-07: Joomla KSAdvertiser 2.5.37 Cross Site Scripting (0)
- 10-07: http://ped.go.th (0)
- 10-07: https://www.lripeo.go.th/robots.txt (0)
- 10-06: Canteen Management 1.0-2022 Cross Site Scripting (0)
- 10-06: Ubuntu 22.04.1 X64 Desktop Enlightenment 0.25.3-1 Privilege Escalation (0)
- 10-06: Remote Mouse 4.110 Remote Code Execution (0)
- 10-06: [webapps] Wordpress Plugin Zephyr Project Manager 3.2.42 – Multiple SQLi (0)
- 10-05: http://ict.krabihospital.go.th/read.html (0)
- 10-05: Joomla Solidres 2.12.9 Cross Site Scripting (0)
- 10-05: Canteen Management 1.0-2022 SQL Injection (0)
- 10-05: Joomla RAXO All-Mode PRO 2.01 Cross Site Scripting (0)
- 10-05: WordPress Elementor 3.6.2 Shell Upload (0)
- 10-05: WordPress WPvivid Backup Path Traversal (0)
- 10-04: http://www.kksec.go.th/read.html (0)
- 10-04: Joomla JUX Charity Hub 1.0.4 SQL Injection (0)
- 10-04: Joomla Easy Shop 1.4.1 Cross Site Scripting (0)
- 10-04: Joomla JKassa ShoppingCart 2.0.0 SQL Injection (0)
- 10-04: Google Chrome 103.0.5060.53 Autofill Assistant Universal Cross Site Scripting (0)
- 10-04: Google Chrome 103.0.5060.53 network::URLLoader::NotifyCompleted Heap Use-After-Free (0)
- 10-04: Joomla MarvikShop ShoppingCart 3.4 SQL Injection (0)
- 10-04: Joomla MarvikShop ShoppingCart 3.4 Cross Site Scripting (0)
- 10-04: Password Manager For IIS 2.0 Cross Site Scripting (0)
- 10-04: Backdoor.Win32.NTRC MVID-2022-0646 Hardcoded Credential (0)
- 10-04: Joomla Rentalot Plus 19.05 Cross Site Scripting (0)
- 10-04: Backdoor.Win32.Delf.eg MVID-2022-0647 Remote Command Execution (0)
- 10-02: Joomla jMarket 5.15 Cross Site Scripting (0)
- 10-02: Joomla JS Jobs Pro 1.3.6 SQL Injection (0)
- 10-02: Joomla MyMuse 4.3.0 SQL Injection (0)
- 10-02: GuppY CMS 6.00.10 Shell Upload (0)
- 10-02: Centreon 22.04.0 Cross Site Scripting (0)
- 10-02: ZKSecurity BIO 4.1.2 SQL Injection / Code Execution (0)
- 10-02: ZKSecurity BIO 3.0.5.0_R Privilege Escalation (0)
- 10-02: Packet Storm New Exploits For September, 2022 (0)
- 10-01: http://www.krabihospital.go.th (0)
- 10-01: Joomla JoomRecipe 4.2.2 Cross Site Scripting (0)
- 10-01: jCart For OpenCart 3.0.3.19 Cross Site Scripting (0)
- 10-01: Joomla DJ-Classifieds Ads 3.9 Cross Site Scripting (0)
September 2022 (165)
- 09-30: Exchange Server Zero-Day Being Actively Exploited (0)
- 09-30: Exchange Server Zero-Day Being Actively Exploited (0)
- 09-30: Online Examination System 1.0 Cross Site Scripting (0)
- 09-30: Joomla EDocman 1.23.3 Cross Site Scripting (0)
- 09-30: Online Examination System 1.0 SQL Injection (0)
- 09-30: Bus Pass Management System 1.0 Cross Site Scripting (0)
- 09-30: Joomla AdsManager 3.2.0 SQL Injection (0)
- 09-30: qdPM 9.1 Authenticated Shell Upload (0)
- 09-29: WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting (0)
- 09-29: EShop Joomla Shopping-Cart 3.6.0 Cross Site Scripting (0)
- 09-29: Netfilter nft_set_elem_init Heap Overflow Privilege Escalation (0)
- 09-29: Mobile Mouse Remote Code Execution (0)
- 09-28: http://pbns.go.th/robots.txt (0)
- 09-28: http://www.spin.dss.go.th/bas/public/site/images/admin1/mwhehe.gif (0)
- 09-28: Food Ordering Management System 1.0 SQL Injection (0)
- 09-28: Online Birth Certificate Management System 1.0 Cross Site Request Forgery (0)
- 09-28: Online Birth Certificate Management System 1.0 Insecure Direct Object Reference (0)
- 09-28: Online Birth Certificate Management System 1.0 Cross Site Scripting (0)
- 09-28: Online Birth Certificate Management System 1.0 Cross Site Scripting (0)
- 09-28: COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read (0)
- 09-27: pfBlockerNG 2.1.4_26 Shell Upload (0)
- 09-27: osCommerce Shopping Cart 4 Cross Site Scripting (0)
- 09-27: LivelyCart Pro 3 Cross Site Scripting (0)
- 09-27: Active eCommerce CMS 6.3.0 Arbitrary File Download (0)
- 09-27: Active eCommerce CMS 6.3.0 Cross Site Scripting (0)
- 09-27: Backdoor.Win32.Bingle.b MVID-2022-0643 Hardcoded Credential (0)
- 09-27: Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential (0)
- 09-27: WooCommerce BRW Booking Rental 1.3.1 Cross Site Scripting (0)
- 09-27: Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload (0)
- 09-27: WordPress Sabai Discuss 1.4.13 Cross Site Scripting (0)
- 09-27: WordPress Forym 1.5.7 Cross Site Scripting (0)
- 09-27: Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution (0)
- 09-27: Veritas Backup Exec Agent Remote Code Execution (0)
- 09-27: WiFi Mouse 1.8.3.4 Remote Code Execution (0)
- 09-24: TP-Link Tapo c200 1.1.15 Remote Code Execution (0)
- 09-24: Testa 3.5.1 Cross Site Scripting (0)
- 09-24: Feehi CMS 2.1.1 Remote Code Execution (0)
- 09-24: Teleport 10.1.1 Remote Code Execution (0)
- 09-24: WordPress WP-UserOnline 2.88.0 Cross Site Scripting (0)
- 09-24: WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting (0)
- 09-23: Multix 2.4 Cross Site Scripting (0)
- 09-23: Multix 2.4 Cross Site Request Forgery (0)
- 09-23: WorkOrder CMS 0.1.0 SQL Injection (0)
- 09-23: WorkOrder CMS 0.1.0 Cross Site Scripting (0)
- 09-23: Linux Stable 5.4 / 5.10 Use-After-Free / Race Condition (0)
- 09-23: Bitbucket Git Command Injection (0)
- 09-23: [webapps] Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS) (0)
- 09-23: [webapps] Aero CMS v0.0.1 – SQLi (0)
- 09-23: [webapps] Wordpress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS) (0)
- 09-23: [webapps] Wordpress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS) (0)
- 09-23: [remote] Teleport v10.1.1 – Remote Code Execution (RCE) (0)
- 09-23: [webapps] TP-Link Tapo c200 1.1.15 – Remote Code Execution (RCE) (0)
- 09-23: [webapps] Feehi CMS 2.1.1 – Remote Code Execution (RCE) (Authenticated) (0)
- 09-22: WiFiMouse 1.8.3.4 Remote Code Execution (0)
- 09-22: Unified Remote Authentication Bypass / Code Execution (0)
- 09-21: Trojan-Dropper.Win32.Corty.10 MVID-2022-0639 Insecure Credential Storage (0)
- 09-21: Bookwyrm 0.4.3 Authentication Bypass (0)
- 09-21: Trojan.Ransom.Ryuk.A MVID-2022-0640 Code Execution (0)
- 09-21: Buffalo TeraStation Network Attached Storage (NAS) 1.66 Authentication Bypass (0)
- 09-21: ProcessMaker Privilege Escalation (0)
- 09-21: Blink1Control2 2.2.7 Weak Password Encryption (0)
- 09-21: Backdoor.Win32.Hellza.120 MVID-2022-0642 Authentication Bypass (0)
- 09-21: Backdoor.Win32.Hellza.120 MVID-2022-0641 Remote Command Execution (0)
- 09-21: Arm Mali Released Buffer Use-After-Free (0)
- 09-21: Arm Mali Physical Address Exposure (0)
- 09-21: Arm Mali Race Condition (0)
- 09-21: Arm Mali CSF Missing Buffer Size Check (0)
- 09-21: [remote] Wifi HD Wireless Disk Drive 11 – Local File Inclusion (0)
- 09-21: [remote] WiFiMouse 1.8.3.4 – Remote Code Execution (RCE) (0)
- 09-20: Genesys PureConnect Cross Site Scripting (0)
- 09-20: WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting (0)
- 09-20: OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection (0)
- 09-20: Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion (0)
- 09-20: PhotoSync 4.7 Local File Inclusion (0)
- 09-20: SoX 14.4.2 Division-By-Zero / Denial Of Service (0)
- 09-20: VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload (0)
- 09-20: [local] Blink1Control2 2.2.7 – Weak Password Encryption (0)
- 09-20: [webapps] Buffalo TeraStation Network Attached Storage (NAS) 1.66 – Authentication Bypass (0)
- 09-20: [remote] Airspan AirSpot 5410 version 0.3.4.1 – Remote Code Execution (RCE) (0)
- 09-20: [webapps] Bookwyrm v0.4.3 – Authentication Bypass (0)
- 09-20: [remote] Mobile Mouse 3.6.0.4 – Remote Code Execution (RCE) (0)
- 09-19: https://www.nongpailom.go.th/index.html (0)
- 09-19: http://nonsomboonlocal.go.th (0)
- 09-18: https://www.cntpeo.go.th/o.htm (0)
- 09-17: Chrome LinkToTextMenuObserver::CompleteWithError Heap Use-After-Free (0)
- 09-17: Rocket LMS 1.6 SQL Injection (0)
- 09-17: Social Share Button 2.2.3 SQL Injection (0)
- 09-17: SAP SAProuter Improper Access Control (0)
- 09-17: Palo Alto Networks Authenticated Remote Code Execution (0)
- 09-17: SAP SAPControl Web Service Interface Local Privilege Escalation (0)
- 09-16: Gitea 1.16.6 Remote Code Execution (0)
- 09-16: News247 News Magazine 1.0 Cross Site Scripting (0)
- 09-15: WordPress WPGateway 3.5 Privilege Escalation (0)
- 09-15: [webapps] Gitea 1.16.6 – Remote Code Execution (RCE) (Metasploit) (0)
- 09-14: http://itservice.fpo.go.th/z.php (0)
- 09-14: http://www.rattanaburilocal.go.th/!.php (0)
- 09-14: Rocket LMS 1.6 Shell Upload (0)
- 09-14: Rocket LMS 1.6 Cross Site Scripting (0)
- 09-14: Academy Learning Management System 5.7 Shell Upload (0)
- 09-14: TIBCO JasperReports Server 8.0.2 Community Edition Code Execution (0)
- 09-14: Apple Security Advisory 2022-09-12-1 (0)
- 09-14: Apple Security Advisory 2022-09-12-2 (0)
- 09-14: Apple Security Advisory 2022-09-12-4 (0)
- 09-14: Apple Security Advisory 2022-09-12-5 (0)
- 09-13: SmartRG Router 2.6.13 Remote Code Execution (0)
- 09-13: Infix LMS 4.3.0 IFRAME Injection (0)
- 09-13: Infix LMS 4.3.0 Shell Upload (0)
- 09-13: ETAP Safety Manager 1.0.0.32 Cross Site Scripting (0)
- 09-12: http://myoffice.suratpeo.go.th/2563/laysen/55.jpg (0)
- 09-12: http://myoffice.surin3.go.th/2563/laysen/658.jpg (0)
- 09-12: http://myoffice.surat1.go.th/2563/laysen/1999.jpg (0)
- 09-12: http://www.ska2.go.th/myoffice/2563/laysen/2282.jpg (0)
- 09-12: http://myoffice.takesa2.go.th/myoffice/2563/laysen/10.jpg (0)
- 09-12: https://phonics.lamphuncity.go.th/index.txt (0)
- 09-12: https://www.pongphrae.go.th/r.htm (0)
- 09-10: SACCO-2022 SQL Injection (0)
- 09-10: Windows Kernel Refcount Overflow Use-After-Free (0)
- 09-10: Windows Kernel Unchecked Blink Cell Index Invalid Read/Write (0)
- 09-10: Windows Kernel Registry Hive Memory Problems (0)
- 09-10: Windows Credential Guard ASN1 Decoder Type Confusion Privilege Escalation (0)
- 09-10: Windows Credential Guard BCrypt Context Use-After-Free Privilege Escalation (0)
- 09-10: @Drive 2.8 Local File Inclusion (0)
- 09-10: Windows Credential Guard Insufficient Checks On Kerberos Encryption Type Use (0)
- 09-10: Windows Credential Guard Kerberos Change Password Privilege Escalation (0)
- 09-10: AirDisk 7.5.5 Cross Site Scripting (0)
- 09-10: mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting (0)
- 09-10: Online Notice Board 2022 SQL Injection (0)
- 09-10: Windows Credential Guard KerbIumCreateApReqAuthenticator Key Information Disclosure (0)
- 09-10: Windows Credential Guard KerbIumGetNtlmSupplementalCredential Information Disclosure (0)
- 09-10: InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal (0)
- 09-10: Windows Credential Guard TGT Renewal Information Disclosure (0)
- 09-10: .NET XML Signature Verification External Entity Injection (0)
- 09-10: Sagemath 9.0 Overflow / Denial Of Service (0)
- 09-10: http://amss.ayutthaya2.go.th/read.html (0)
- 09-10: http://salary.ayutthaya2.go.th/read.html (0)
- 09-10: http://sawat.ayutthaya2.go.th/read.html (0)
- 09-10: http://smss.ayutthaya2.go.th/read.html (0)
- 09-09: Apache Spark Unauthenticated Command Injection (0)
- 09-08: Trojan.Win32.Autoit.fhj MVID-2022-0637 Insecure Permissions (0)
- 09-08: FTPManager 8.2 Local File Inclusion / Directory Traversal (0)
- 09-08: Backdoor.Win32.Winshell.5_0 MVID-2022-0633 Hardcoded Credential (0)
- 09-08: Backdoor.Win32.Hupigon.aspg MVID-2022-0634 Unquoted Service Path (0)
- 09-08: Trojan-Spy.Win32.Pophot.bsl MVID-2022-0635 Insecure Permissions (0)
- 09-08: FE File Explorer 11.0.4 Local File Inclusion (0)
- 09-08: Trojan.Win32.Autoit.fhj MVID-2022-0638 NULL DACL (0)
- 09-08: Trojan-Ransom.Win32.Hive.bv MVID-2022-0636 Code Execution (0)
- 09-07: http://phpmyadmin.ayutthaya2.go.th/read.html (0)
- 09-07: http://new.ayutthaya2.go.th/read.html (0)
- 09-07: Online Employee Leave Management System 1.0 Cross Site Request Forgery (0)
- 09-07: Wifi HD Wireless Disk Drive 11 Local File Inclusion (0)
- 09-06: Apple macOS Remote Events Memory Corruption (0)
- 09-06: Mobile Mouse 3.6.0.4 Remote Code Execution (0)
- 09-06: Online Market Place Site 1.0 SQL Injection (0)
- 09-06: Online Market Place Site 1.0 Cross Site Scripting (0)
- 09-06: Cisco ASA-X With FirePOWER Services Authenticated Command Injection (0)
- 09-03: WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting (0)
- 09-02: Apple Security Advisory 2022-08-31-1 (0)
- 09-02: Doctor's Appointment System 1.0 Cross Site Scripting (0)
- 09-02: Doctor's Appointment System 1.0 SQL Injection (0)
- 09-02: [webapps] WordPress Plugin Netroics Blog Posts Grid 1.0 – Stored Cross-Site Scripting (XSS) (0)
- 09-02: [webapps] WordPress Plugin Testimonial Slider and Showcase 2.2.6 – Stored Cross-Site Scripting (XSS) (0)
- 09-02: [webapps] Sophos XG115w Firewall 17.0.10 MR-10 – Authentication Bypass (0)
- 09-01: WordPress Core Cross Site Scripting / SQL Injection (0)
- 09-01: Zyxel Firewall SUID Binary Privilege Escalation (0)
- 09-01: Packet Storm New Exploits For August, 2022 (0)
August 2022 (148)
- 08-31: Linux KVM Instruction Emulation Issue (0)
- 08-30: AeroCMS 0.0.1 SQL Injection (0)
- 08-28: http://ss-muni.go.th/index.php (0)
- 08-28: http://tambonbansong.go.th/index.php (0)
- 08-28: http://www.khokyanglocal.go.th/index.php (0)
- 08-28: http://donmuang-local.go.th/index.php (0)
- 08-26: Xalan-J XSLTC Integer Truncation (0)
- 08-26: http://www.sungnoenabt.go.th/read.html (0)
- 08-25: Zimbra Zip Path Traversal (0)
- 08-25: Arm Mali CSF VMA Split Mishandling (0)
- 08-25: PrestaShop Ap Pagebuilder 2.4.4 SQL Injection (0)
- 08-25: Centreon 22.04.0 Cross Site Scripting (0)
- 08-24: Zimbra Zip Path Traversal (0)
- 08-23: 10-Strike Network Inventory Explorer 9.3 Buffer Overflow (0)
- 08-23: WordPress Duplicator 1.4.7.2 Backup Disclosure (0)
- 08-23: Teleport 9.3.6 Command Injection (0)
- 08-23: http://www.wangdaeng.go.th/capcha/read.html (0)
- 08-22: AppleAVD AVC_RBSP::parseSliceHeader ref_pic_list_modification Overflow (0)
- 08-22: Personnel Property Equipment 2015-2022 SQL Injection (0)
- 08-22: Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution (0)
- 08-22: https://cri.nfe.go.th (0)
- 08-20: FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS (0)
- 08-20: Transposh WordPress Translation 1.0.8.1 Incorrect Authorization (0)
- 08-20: Apple Security Advisory 2022-08-17-2 (0)
- 08-20: Apple Security Advisory 2022-08-17-1 (0)
- 08-20: Apple Security Advisory 2022-08-18-1 (0)
- 08-20: Transposh WordPress Translation 1.0.8.1 Incorrect Authorization (0)
- 08-19: FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation (0)
- 08-19: Polar Flow Android 5.7.1 Secret Disclosure (0)
- 08-19: Advantech iView NetworkServlet Command Injection (0)
- 08-19: FLIX AX8 1.46.16 Remote Command Execution (0)
- 08-19: Chrome content::ServiceWorkerVersion::MaybeTimeoutRequest Heap Use-After-Free (0)
- 08-18: Advantech iView NetworkServlet Command Injection (0)
- 08-18: Update Chrome Now To Patch Actively Exploited Zero Day (0)
- 08-17: TypeORM 0.3.7 Information Disclosure (0)
- 08-17: Race Against The Sandbox (0)
- 08-16: Race Against The Sandbox (0)
- 08-16: Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure (0)
- 08-16: Inout SiteSearch 2.0.1 Cross Site Scripting (0)
- 08-16: Inout RealEstate 2.1.2 SQL Injection (0)
- 08-16: Win32.Ransom.BlueSky MVID-2022-0632 Code Execution (0)
- 08-16: Windows Credential Guard Domain-Joined Device Public Key Privilege Escalation (0)
- 08-15: Windows Credential Guard Domain-Joined Device Public Key Privilege Escalation (0)
- 08-13: Readymade Job Portal Script SQL Injection (0)
- 08-13: Gas Agency Management 2022 SQL Injection / XSS / Shell Upload (0)
- 08-13: Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow (0)
- 08-13: Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow (0)
- 08-12: Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow (0)
- 08-12: Intelbras ATA 200 Cross Site Scripting (0)
- 08-12: Fiberhome AN5506-02-B Cross Site Scripting (0)
- 08-12: http://www.yangngam.go.th/index.php (0)
- 08-12: http://www.tungluang.go.th/index.php (0)
- 08-12: http://www.sajorakhea.go.th/index.php (0)
- 08-12: https://www.secpt.go.th (0)
- 08-12: http://www.bankruatcity.go.th/index.php (0)
- 08-11: Fiberhome AN5506-02-B Cross Site Scripting (0)
- 08-11: Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass (0)
- 08-11: AirSpot 5410 0.3.4.1-4 Remote Command Injection (0)
- 08-11: Zimbra zmslapd Privilege Escalation (0)
- 08-11: Webmin Package Updates Command Injection (0)
- 08-10: Microsoft Patches Dogwalk Zero Day And 17 Critical Flaws (0)
- 08-10: Webmin Package Updates Command Injection (0)
- 08-10: Prestashop Blockwishlist 2.1.0 SQL Injection (0)
- 08-10: Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage (0)
- 08-10: PAN-OS 10.0 Remote Code Execution (0)
- 08-10: Matrimonial PHP Script 1.0 SQL Injection (0)
- 08-10: Feehi CMS 2.1.1 Cross Site Scripting (0)
- 08-09: http://www.kasetwisai.go.th/index.php (0)
- 08-09: http://www.kukasinglocal.go.th/index.php (0)
- 08-09: http://kham-saengcity.go.th/index.php (0)
- 08-09: http://www.nongjabok.go.th/index.php (0)
- 08-09: http://www.mabkrad.go.th/index.php (0)
- 08-09: http://www.muangmailocal.go.th/index.php (0)
- 08-09: http://ptb.go.th/index.php (0)
- 08-09: http://www.plubpla101.go.th/index.php (0)
- 08-09: http://www.nongyueng.go.th/index.php (0)
- 08-09: http://www.muangphoe.go.th/index.php (0)
- 08-09: http://www.prasuk.go.th/index.php (0)
- 08-09: http://rmchaiyaphum.go.th/index.php (0)
- 08-09: http://www.borthong.go.th/index.php (0)
- 08-09: Feehi CMS 2.1.1 Cross Site Scripting (0)
- 08-09: Nortek Linear eMerge E3-Series Credential Disclosure (0)
- 08-09: Nortek Linear eMerge E3-Series Command Injection (0)
- 08-09: Nortek Linear eMerge E3-Series Account Takeover (0)
- 08-09: WordPress Duplicator 1.4.7.1 Backup Disclosure (0)
- 08-09: ManageEngine ADAudit Plus Path Traversal / XML Injection (0)
- 08-09: Thingsboard 3.3.1 Cross Site Scripting (0)
- 08-09: [remote] PAN-OS 10.0 – Remote Code Execution (RCE) (Authenticated) (0)
- 08-09: [webapps] ThingsBoard 3.3.1 'name' – Stored Cross-Site Scripting (XSS) (0)
- 08-09: [webapps] Feehi CMS 2.1.1 – Stored Cross-Site Scripting (XSS) (0)
- 08-09: [webapps] Prestashop blockwishlist module 2.1.0 – SQLi (0)
- 08-09: [webapps] ThingsBoard 3.3.1 'description' – Stored Cross-Site Scripting (XSS) (0)
- 08-08: Thingsboard 3.3.1 Cross Site Scripting (0)
- 08-06: WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting (0)
- 08-06: Online Admission System 1.0 SQL Injection (0)
- 08-06: Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass (0)
- 08-06: Backdoor.Win32.Bushtrommel.122 MVID-2022-0630 Remote Command Execution (0)
- 08-06: WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery (0)
- 08-06: Zimbra UnRAR Path Traversal (0)
- 08-05: Zimbra UnRAR Path Traversal (0)
- 08-05: WordPress Duplicator 1.4.7 Unauthenticated Backup Download (0)
- 08-05: WordPress Download Manager 3.2.50 Arbitrary File Deletion (0)
- 08-05: Backdoor.Win32.Jokerdoor MVID-2022-0628 Buffer Overflow (0)
- 08-05: Chrome WebGL Uniform Integer Overflows (0)
- 08-05: VMware Workspace ONE Access Privilege Escalation (0)
- 08-05: https://khamtalayso.go.th/Sec.html (0)
- 08-05: https://nonyor.go.th/Sec.html (0)
- 08-05: https://samrong.go.th/Sec.html (0)
- 08-05: https://kangplu.go.th/Sec.html (0)
- 08-05: https://naimeung.go.th/Sec.html (0)
- 08-04: VMware Workspace ONE Access Privilege Escalation (0)
- 08-04: IObit Malware Fighter 9.2 Tampering / Privilege Escalation (0)
- 08-04: Multi-Language Hotel Management 2022 1.0 SQL Injection (0)
- 08-04: MobileIron Log4Shell Remote Command Execution (0)
- 08-04: Zoho Password Manager Pro XML-RPC Java Deserialization (0)
- 08-03: Zoho Password Manager Pro XML-RPC Java Deserialization (0)
- 08-03: uftpd 2.10 Directory Traversal (0)
- 08-02: uftpd 2.10 Directory Traversal (0)
- 08-02: Crime Reporting System 1.0 SQL Injection (0)
- 08-02: WordPress SeatReg 1.23.0 Open Redirect (0)
- 08-02: Wavlink WN533A8 Cross Site Scripting (0)
- 08-02: Wavlink WN533A8 Password Disclosure (0)
- 08-02: Wavlink WN530HG4 Password Disclosure (0)
- 08-02: Easy Chat Server 3.1 Buffer Overflow (0)
- 08-02: CodeIgniter CMS 4.2.0 SQL Injection (0)
- 08-02: Webmin 1.996 Remote Code Execution (0)
- 08-02: WordPress Duplicator 1.4.7 Information Disclosure (0)
- 08-02: WordPress Duplicator 1.4.6 Backup Disclosure (0)
- 08-02: mPDF 7.0 Local File Inclusion (0)
- 08-02: Backdoor.Win32.Destrukor.20 MVID-2022-0626 Authentication Bypass / Code Execution (0)
- 08-02: CuteEditor For PHP 6.6 Directory Traversal (0)
- 08-02: NanoCMS 0.4 Remote Code Execution (0)
- 08-02: Omnia MPX 1.5.0+r1 Path Traversal (0)
- 08-02: Backdoor.Win32.Destrukor.20 MVID-2022-0627 Remote Command Execution (0)
- 08-02: Packet Storm New Exploits For July, 2022 (0)
- 08-02: [remote] uftpd 2.10 – Directory Traversal (Authenticated) (0)
- 08-01: Packet Storm New Exploits For July, 2022 (0)
- 08-01: [webapps] Wavlink WN533A8 – Password Disclosure (0)
- 08-01: [webapps] Wavlink WN533A8 – Cross-Site Scripting (XSS) (0)
- 08-01: [remote] Easy Chat Server 3.1 – Remote Stack Buffer Overflow (SEH) (0)
- 08-01: [webapps] Wavlink WN530HG4 – Password Disclosure (0)
- 08-01: [webapps] WordPress Plugin Duplicator 1.4.6 – Unauthenticated Backup Download (0)
- 08-01: [webapps] Webmin 1.996 – Remote Code Execution (RCE) (Authenticated) (0)
- 08-01: [webapps] NanoCMS v0.4 – Remote Code Execution (RCE) (Authenticated) (0)
- 08-01: [remote] Omnia MPX 1.5.0+r1 – Path Traversal (0)
- 08-01: [webapps] mPDF 7.0 – Local File Inclusion (0)
- 08-01: [webapps] CuteEditor for PHP 6.6 – Directory Traversal (0)
- 08-01: [webapps] WordPress Plugin Duplicator 1.4.7 – Information Disclosure (0)
July 2022 (197)
- 07-30: WordPress WP-UserOnline 2.87.6 Cross Site Scripting (0)
- 07-30: Transposh WordPress Translation 1.0.7 Cross Site Scripting (0)
- 07-30: Transposh WordPress Translation 1.0.7 Cross Site Scripting (0)
- 07-30: Dingtian-DT-R002 3.1.276A Authentication Bypass (0)
- 07-30: Transposh WordPress Translation 1.0.7 Incorrect Authorization (0)
- 07-30: rpc.py 0.6.0 Remote Code Execution (0)
- 07-30: Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery (0)
- 07-30: Crime Reporting System 1.0 Cross Site Scripting (0)
- 07-30: Transposh WordPress Translation 1.0.8.1 Information Disclosure (0)
- 07-30: Geonetwork 4.2.0 XML Injection (0)
- 07-30: Transposh WordPress Translation 1.0.8.1 Improper Authorization (0)
- 07-30: Transposh WordPress Translation 1.0.8.1 SQL Injection (0)
- 07-30: Transposh WordPress Translation 1.0.8.1 Remote Code Execution (0)
- 07-30: http://www.pasanghospital.go.th/404.php (0)
- 07-29: http://www.tago.go.th/tago/gallery/hai.html (0)
- 07-29: http://www.arpon.go.th/arpon/mainfile/hai.html (0)
- 07-29: http://www.krabuang.go.th/krabuang/file_editor/hai.html (0)
- 07-29: http://srinarong.go.th/srinarong/mainfile/hai.html (0)
- 07-29: http://nanuan.go.th/nanuan/module_eservice1/ (0)
- 07-29: Transposh WordPress Translation 1.0.8.1 Remote Code Execution (0)
- 07-29: Loan Management System 1.0 SQL Injection (0)
- 07-29: Loan Management System 1.0 Cross Site Scripting (0)
- 07-29: [webapps] WordPress Plugin WP-UserOnline 2.87.6 – Stored Cross-Site Scripting (XSS) (0)
- 07-29: [remote] Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) – Remote Code Execution (0)
- 07-29: [webapps] Geonetwork 4.2.0 – XML External Entity (XXE) (0)
- 07-29: [webapps] Carel pCOWeb HVAC BACnet Gateway 2.1.0 – Directory Traversal (0)
- 07-29: [local] Asus GameSDK v1.0.0.4 – 'GameSDK.exe' Unquoted Service Path (0)
- 07-29: [webapps] Dingtian-DT-R002 3.1.276A – Authentication Bypass (0)
- 07-29: [remote] rpc.py 0.6.0 – Remote Code Execution (RCE) (0)
- 07-28: http://www.kalasin-pao.go.th/antidrug//images/id.gif (0)
- 07-27: PCProtect Endpoint 5.17.470 Tampering / Privilege Escalation (0)
- 07-27: Expert X Jobs Portal And Resume Builder 1.0 SQL Injection (0)
- 07-27: Garage Management System 1.0 Shell Upload (0)
- 07-27: Hospital Information System 1.0 SQL Injection (0)
- 07-27: Roxy-WI Remote Command Execution (0)
- 07-26: Roxy-WI Remote Command Execution (0)
- 07-26: Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection (0)
- 07-26: Patlite 1.46 Buffer Overflow (0)
- 07-26: [webapps] WordPress Plugin Visual Slide Box Builder 3.2.9 – SQLi (0)
- 07-25: Patlite 1.46 Buffer Overflow (0)
- 07-23: Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential (0)
- 07-23: http://www.kokkrabuang.go.th/index.php (0)
- 07-23: Apple Security Advisory 2022-07-20-1 (0)
- 07-23: Apple Security Advisory 2022-07-20-2 (0)
- 07-23: Apple Security Advisory 2022-07-20-3 (0)
- 07-23: Apple Security Advisory 2022-07-20-4 (0)
- 07-23: Apple Security Advisory 2022-07-20-5 (0)
- 07-23: Apple Security Advisory 2022-07-20-6 (0)
- 07-23: Apple Security Advisory 2022-07-20-7 (0)
- 07-22: Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential (0)
- 07-22: DASDEC Cross Site Scripting / HTML Injection (0)
- 07-22: IOTransfer 4.0 Remote Code Execution (0)
- 07-22: Dr. Fone 4.0.8 Unquoted Service Path (0)
- 07-22: Kite 1.2021.610.0 Unquoted Service Path (0)
- 07-22: OctoBot WebInterface 0.4.3 Remote Code Execution (0)
- 07-22: CodoForum 5.1 Remote Code Execution (0)
- 07-22: Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root (0)
- 07-22: Chrome Scope Break (0)
- 07-22: Chrome Scope Break (0)
- 07-21: http://khlongkhwai.go.th/counter.txt (0)
- 07-21: http://monnanglocal.go.th/counter.txt (0)
- 07-21: http://www.naleng.go.th/index.php (0)
- 07-21: http://www.cheewuek.go.th/index.php (0)
- 07-21: Emporium eCommerce Online Shopping CMS 1.2 SQL Injection (0)
- 07-21: http://www.bannalocal.go.th (0)
- 07-21: http://www.tungkula.go.th (0)
- 07-21: http://www.tonglang.go.th (0)
- 07-21: http://www.tamafaiwan.go.th (0)
- 07-21: http://www.muangkae.go.th (0)
- 07-21: http://www.huaycan.go.th (0)
- 07-21: [webapps] OctoBot WebInterface 0.4.3 – Remote Code Execution (RCE) (0)
- 07-21: [webapps] CodoForum v5.1 – Remote Code Execution (RCE) (0)
- 07-21: [local] Dr. Fone 4.0.8 – 'net_updater32.exe' Unquoted Service Path (0)
- 07-21: [remote] IOTransfer 4.0 – Remote Code Execution (RCE) (0)
- 07-21: [webapps] Magnolia CMS 6.2.19 – Stored Cross-Site Scripting (XSS) (0)
- 07-21: [local] Kite 1.2021.610.0 – Unquoted Service Path (0)
- 07-20: Emporium eCommerce Online Shopping CMS 1.2 SQL Injection (0)
- 07-20: http://www.muangfak.go.th (0)
- 07-20: http://www.makha-sm.go.th (0)
- 07-20: http://www.nonpradoo.go.th (0)
- 07-20: http://rangam.go.th (0)
- 07-20: http://nongbuakhok.go.th (0)
- 07-20: http://www.kohloybanghak-chonburi.go.th (0)
- 07-20: http://hinkhon.go.th (0)
- 07-20: http://www.lumpeak.go.th/index.php (0)
- 07-20: http://www.thungchanghan.go.th (0)
- 07-20: http://www.nongdon.go.th (0)
- 07-20: http://nongkham.go.th (0)
- 07-20: http://www.samrit.go.th (0)
- 07-20: http://www.chiangkhwan.go.th (0)
- 07-20: http://www.banbua.go.th/index.php (0)
- 07-20: http://www.pakthongchai.go.th/index.php (0)
- 07-20: http://www.songchan.go.th/index.php (0)
- 07-20: http://koksoong.go.th/index.php (0)
- 07-20: http://www.sisuk.go.th (0)
- 07-20: http://www.kwianhug.go.th (0)
- 07-20: http://www.sao-nongbua.go.th (0)
- 07-20: Asus GameSDK 1.0.0.4 Unquoted Service Path (0)
- 07-20: Spryker Commerce OS Remote Command Execution (0)
- 07-20: https://www.medcannabis.go.th (0)
- 07-20: http://nongpluang.go.th/coremain/images/theme/hai.html (0)
- 07-20: http://sawanpraya.go.th/coremain/images/border/ (0)
- 07-19: Spryker Commerce OS Remote Command Execution (0)
- 07-19: http://takook.go.th (0)
- 07-19: Travel Tours Script 1.0 SQL Injection (0)
- 07-19: Property Listing Script 3.1 SQL Injection (0)
- 07-19: Orange Station 1.0 SQL Injection (0)
- 07-19: Backdoor.Win32.HoneyPot.a MVID-2022-0622 Weak Hardcoded Password (0)
- 07-19: Builder XtremeRAT 3.7 MVID-2022-0623 Insecure Permissions (0)
- 07-19: Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass (0)
- 07-18: Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass (0)
- 07-18: http://lumkhaw.go.th/index.php (0)
- 07-18: http://www.khokkung.go.th/index.php (0)
- 07-18: http://khokmamuang.go.th/index.php (0)
- 07-18: http://klongtabchan.go.th/index.php (0)
- 07-18: http://www.dontanin.go.th/index.php (0)
- 07-17: http://www.soengsanglocal.go.th/index.php (0)
- 07-17: http://www.sakot.go.th/index.php (0)
- 07-17: http://www.sampanieng.go.th/index.php (0)
- 07-17: http://www.srapra.go.th/index.php (0)
- 07-16: Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation (0)
- 07-16: Windows Kernel nt!MiRelocateImage Invalid Read (0)
- 07-15: http://www.bankangcity.go.th/index.php (0)
- 07-15: http://www.tungsawang.go.th/index.php (0)
- 07-15: Windows Kernel nt!MiRelocateImage Invalid Read (0)
- 07-15: PrestaShop 1.7.6.7 Cross Site Scripting (0)
- 07-14: PrestaShop 1.7.6.7 Cross Site Scripting (0)
- 07-14: Sourcegraph gitserver sshCommand Remote Command Execution (0)
- 07-14: Sourcegraph gitserver sshCommand Remote Command Execution (0)
- 07-13: http://amss.ses26.go.th (0)
- 07-13: http://amssplus.ses26.go.th (0)
- 07-13: JBOSS EAP/AS 6.x Remote Code Execution (0)
- 07-13: JBOSS EAP/AS 6.x Remote Code Execution (0)
- 07-12: Mutt mutt_decode_uuencoded() Memory Disclosure (0)
- 07-12: Xen TLB Flush Bypass (0)
- 07-12: Chrome PaintImage Deserialization Out-Of-Bounds Read (0)
- 07-12: Nginx 1.20.0 Denial Of Service (0)
- 07-12: Sashimi Evil OctoBot Tentacle (0)
- 07-12: WordPress Visual Slide Box Builder 3.2.9 SQL Injection (0)
- 07-11: WordPress Visual Slide Box Builder 3.2.9 SQL Injection (0)
- 07-11: https://sanpong.go.th/riz.htm (0)
- 07-11: [remote] Nginx 1.20.0 – Denial of Service (DOS) (0)
- 07-08: Windows Kerberos KerbRetrieveEncodedTicketMessage AppContainer Privilege Escalation (0)
- 07-08: http://www.plailocal.go.th/index.php (0)
- 07-07: Windows Kerberos KerbRetrieveEncodedTicketMessage AppContainer Privilege Escalation (0)
- 07-07: Magnolia CMS 6.2.19 Cross Site Scripting (0)
- 07-07: EQS Integrity Line Cross Site Scripting / Information Disclosure (0)
- 07-07: Xen PV Guest Non-SELFSNOOP CPU Memory Corruption (0)
- 07-07: Windows Kerberos Redirected Logon Buffer Privilege Escalation (0)
- 07-06: Windows Kerberos Redirected Logon Buffer Privilege Escalation (0)
- 07-06: http://www.sptn.dss.go.th/bas/public/site/images/zbiok/Ox.gif (0)
- 07-06: Windows Defender Remote Credential Guard Authentication Relay Privilege Escalation (0)
- 07-06: Advanced Testimonials Manager 5.6 SQL Injection (0)
- 07-06: Ransom Lockbit 3.0 MVID-2022-0621 Code Execution (0)
- 07-05: Google: Half Of Zero-Day Exploits Linked To Poor Software Fixes (0)
- 07-05: Ransom Lockbit 3.0 MVID-2022-0621 Code Execution (0)
- 07-05: Stock Management System 2020 SQL Injection (0)
- 07-05: Paymoney 3.3 Cross Site Scripting (0)
- 07-05: DouPHP 1.2 Release 20141027 SQL Injection (0)
- 07-05: Ransom Lockbit 3.0 MVID-2022-0620 Buffer Overflow (0)
- 07-04: https://web.sakon2.go.th/daka.htm (0)
- 07-04: https://bigdata.sakon2.go.th/daka.htm (0)
- 07-04: https://emoney.sakon2.go.th/daka.htm (0)
- 07-04: https://material.sakon2.go.th/daka.htm (0)
- 07-04: Ransom Lockbit 3.0 MVID-2022-0620 Buffer Overflow (0)
- 07-03: https://www.khaochot.go.th/Matigan.php (0)
- 07-02: TypeORM SQL Injection (0)
- 07-02: Classified Listing 2.2.9 Cross Site Scripting (0)
- 07-02: BigBlueButton 2.3 / 2.4.7 Cross Site Scripting (0)
- 07-02: PHP Library Remote Code Execution (0)
- 07-02: Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal (0)
- 07-02: Packet Storm New Exploits For June, 2022 (0)
- 07-01: Packet Storm New Exploits For June, 2022 (0)
- 07-01: Backdoor.Win32.Cafeini.b MVID-2022-0617 Hardcoded Credential (0)
- 07-01: Backdoor.Win32.EvilGoat.b MVID-2022-0619 Hardcoded Credential (0)
- 07-01: Backdoor.Win32.Coredoor.10.a MVID-2022-0618 Authentication Bypass (0)
- 07-01: http://keumchad.go.th/zz.html (0)
- 07-01: http://namatoom.go.th/zz.html (0)
- 07-01: http://nkt.go.th/zz.html (0)
- 07-01: http://sridonpai.go.th/zz.html (0)
- 07-01: http://phimainuea.go.th/zz.html (0)
- 07-01: http://pimoon.go.th/zz.html (0)
- 07-01: http://phanokkhao.go.th/zz.html (0)
- 07-01: http://sammuang.go.th/zz.html (0)
- 07-01: http://simeun.go.th/zz.html (0)
- 07-01: http://preakasamai.go.th/zz.html (0)
- 07-01: http://tal.go.th/zz.html (0)
- 07-01: http://phanthongnongkakha.go.th/zz.html (0)
- 07-01: http://thanonkhad.go.th/zz.html (0)
- 07-01: http://thangphra.go.th/zz.html (0)
- 07-01: http://suansom.go.th/zz.html (0)
- 07-01: http://tasala-loei.go.th/zz.html (0)
- 07-01: http://tasawang.go.th/zz.html (0)
- 07-01: http://whd.go.th/zz.html (0)
- 07-01: http://tln.go.th/zz.html (0)
- 07-01: http://yaicha.go.th/zz.html (0)
- 07-01: [remote] WiFi Mouse 1.7.8.5 – Remote Code Execution(v2) (0)
June 2022 (179)
- 06-30: http://myoffice.sesao14.go.th/myoffice/2565/laysen/2007.jpg (0)
- 06-30: https://myoffice.sesaskss.go.th/laysen/89.jpg (0)
- 06-30: https://web.sesao8.go.th/myoffice/2565/laysen/3827.jpg (0)
- 06-30: http://myoffice.nonpeo.go.th/laysen/31.jpg (0)
- 06-30: http://office.sea12.go.th/2564/laysen/734.jpg (0)
- 06-30: http://buengkan.immigration.go.th/admin/pic/3a7f0cb8f403f782e9d9fd0c4514aa0b.jpg (0)
- 06-30: Backdoor.Win32.Coredoor.10.a MVID-2022-0618 Authentication Bypass (0)
- 06-30: http://ict.utd2.go.th/readme.txt (0)
- 06-30: http://e-salary2.utd2.go.th/readme.txt (0)
- 06-30: https://ww.utd2.go.th/readme.txt (0)
- 06-30: http://amss.utd2.go.th/readme.txt (0)
- 06-30: https://smss.aya1.go.th/daka.htm (0)
- 06-30: https://bigdata.nb2.go.th/daka.htm (0)
- 06-30: https://amss-old.nb2.go.th/daka.htm (0)
- 06-30: https://e-salary.nb2.go.th/daka.htm (0)
- 06-30: https://e-bamnan.nb2.go.th/daka.htm (0)
- 06-30: https://amss.nb2.go.th/daka.htm (0)
- 06-30: Laundry Management System 1.0 SQL Injection (0)
- 06-30: Fruits-Bazar 2021 1.0 SQL Injection (0)
- 06-30: Fruits-Bazar 2021 1.0 SQL Injection (0)
- 06-29: Zoo Management System 1.0 Cross Site Scripting (0)
- 06-29: OpenCart 3.x So Filter Shop By SQL Injection (0)
- 06-29: AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service (0)
- 06-28: AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service (0)
- 06-28: WSO2 Management Console Cross Site Scripting (0)
- 06-28: Library Management System With QR Code 1.0 Shell Upload (0)
- 06-28: Library Management System With QR Code 1.0 Cross Site Scripting (0)
- 06-28: Library Management System With QR Code 1.0 SQL Injection (0)
- 06-28: Coffee Shop Cashiering System 1.0 SQL Injection (0)
- 06-28: WordPress Weblizar 8.9 Code Execution (0)
- 06-28: WordPress W-DALIL 2.0 Cross Site Scripting (0)
- 06-28: Mailhog 1.0.1 Cross Site Scripting (0)
- 06-28: WordPress Simple Page Transition 1.4.1 Cross Site Scripting (0)
- 06-27: WordPress Simple Page Transition 1.4.1 Cross Site Scripting (0)
- 06-27: [webapps] Mailhog 1.0.1 – Stored Cross-Site Scripting (XSS) (0)
- 06-27: [webapps] WSO2 Management Console (Multiple Products) – Unauthenticated Reflected Cross-Site Scripting (XSS) (0)
- 06-27: [webapps] WordPress Plugin Weblizar 8.9 – Backdoor (0)
- 06-25: Yashma Ransomware Builder 1.2 MVID-2022-0613 Insecure Permissions (0)
- 06-25: Backdoor.Win32.Shark.btu MVID-2022-0615 Insecure Permissions (0)
- 06-25: Trojan-Mailfinder.Win32.VB.p MVID-2022-0616 Insecure Permissions (0)
- 06-25: Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions (0)
- 06-24: Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions (0)
- 06-23: Zoo Management System 1.0 Cross Site Scripting (0)
- 06-23: WordPress Download Manager 3.2.43 Cross Site Scripting (0)
- 06-22: WordPress Download Manager 3.2.43 Cross Site Scripting (0)
- 06-22: SAP Fiori Launchpad Cross Site Scripting (0)
- 06-22: SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal (0)
- 06-22: SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal (0)
- 06-22: SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication (0)
- 06-22: SAP FRUN 2.00 / 3.00 Cross Site Scripting (0)
- 06-21: http://phonkho.go.th/back.txt (0)
- 06-21: Marval MSM 14.19.0.12476 Remote Code Execution (0)
- 06-21: Kitty 0.76.0.8 Stack Buffer Overflow (0)
- 06-21: Marval MSM 14.19.0.12476 Cross Site Request Forgery (0)
- 06-21: Warehouse Management System 2022 SQL Injection (0)
- 06-21: Virtua Software Cobranca 12S SQL Injection (0)
- 06-21: ChurchCRM 4.4.5 SQL Injection (0)
- 06-21: JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect (0)
- 06-21: HP LaserJet Professional M1210 MFP Series Receive Fax Service Unquoted Service Path (0)
- 06-21: Algo 8028 Control Panel Remote Code Execution (0)
- 06-21: Pandora FMS 7.0NG.742 Remote Code Execution (0)
- 06-21: Sourcegraph Gitserver 3.36.3 Remote Code Execution (0)
- 06-21: Multi Language Pharmacy Management System 1.0 Shell Upload (0)
- 06-21: Old Age Home Management System 1.0 SQL Injection (0)
- 06-21: Chrome WebGPUDecoderImpl::DoRequestDevice Missing Bounds Check (0)
- 06-21: Chrome CVE-2022-1096 Incomplete Fix (0)
- 06-21: XNU Flow Divert Race Condition Use-After-Free (0)
- 06-21: phpIPAM 1.4.5 Remote Code Execution (0)
- 06-21: TP-Link AX50 Remote Code Execution (0)
- 06-21: SolarView Compact 6.00 Cross Site Scripting (0)
- 06-21: Gentics CMS 5.36.29 Cross Site Scripting / Deserialization (0)
- 06-21: SoftGuard SNMP Network Management Extension HTML Injection / File Download (0)
- 06-21: Mitel 6800/6900 Series SIP Phones Backdoor Access (0)
- 06-21: Lepin EP-KP001 KP001_V19 Authentication Bypass (0)
- 06-21: Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor (0)
- 06-21: SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting (0)
- 06-20: SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting (0)
- 06-19: http://nonedu2.go.th/kz.html (0)
- 06-19: https://sakon2.go.th/daka.htm (0)
- 06-18: http://www7.djop.go.th/index2.html (0)
- 06-16: http://nongjom.go.th (0)
- 06-15: http://bookshelf.senate.go.th/lol.txt (0)
- 06-15: http://questionnaire.senate.go.th/lol.txt (0)
- 06-15: http://legalxml.senate.go.th/lol.txt (0)
- 06-15: http://question.senate.go.th/lol.txt (0)
- 06-15: http://budget.senate.go.th/lol.txt (0)
- 06-15: http://mail3.senate.go.th/lol.txt (0)
- 06-15: http://act.senate.go.th/lol.txt (0)
- 06-15: http://money.senate.go.th/lol.txt (0)
- 06-14: http://mueangkhaen.go.th/zz.php (0)
- 06-14: http://sanc.go.th/zz.php (0)
- 06-14: https://www.phukethealthfund.go.th/zz.php (0)
- 06-14: [local] Real Player 16.0.3.51 – 'external::Import()' Directory Traversal to Remote Code Execution (RCE) (0)
- 06-14: [webapps] SolarView Compact 6.00 – 'pow' Cross-Site Scripting (XSS) (0)
- 06-14: [local] Real Player v.20.0.8.310 G2 Control – 'DoGoToURL()' Remote Code Execution (RCE) (0)
- 06-14: [webapps] SolarView Compact 6.00 – 'time_begin' Cross-Site Scripting (XSS) (0)
- 06-14: [webapps] Avantune Genialcloud ProJ 10 – Cross-Site Scripting (XSS) (0)
- 06-14: [remote] Marval MSM v14.19.0.12476 – Remote Code Execution (RCE) (Authenticated) (0)
- 06-14: [webapps] Old Age Home Management System 1.0 – SQLi Authentication Bypass (0)
- 06-14: [webapps] ChurchCRM 4.4.5 – SQLi (0)
- 06-14: [remote] Sourcegraph Gitserver 3.36.3 – Remote Code Execution (RCE) (0)
- 06-14: [remote] TP-Link Router AX50 firmware 210730 – Remote Code Execution (RCE) (Authenticated) (0)
- 06-14: [webapps] phpIPAM 1.4.5 – Remote Code Execution (RCE) (Authenticated) (0)
- 06-14: [remote] Algo 8028 Control Panel – Remote Code Execution (RCE) (Authenticated) (0)
- 06-14: [webapps] Pandora FMS v7.0NG.742 – Remote Code Execution (RCE) (Authenticated) (0)
- 06-14: [remote] Virtua Software Cobranca 12S – SQLi (0)
- 06-14: [local] HP LaserJet Professional M1210 MFP Series Receive Fax Service – Unquoted Service Path (0)
- 06-14: [remote] Marval MSM v14.19.0.12476 – Cross-Site Request Forgery (CSRF) (0)
- 06-11: https://taladlocal.go.th/kz.html (0)
- 06-11: WordPress Motopress Hotel Booking Lite 4.2.4 Cross Site Scripting (0)
- 06-11: Kik Messenger XMPP Stanza Smuggling (0)
- 06-10: https://wangsomboonhospital.go.th/1975.html (0)
- 06-10: Kik Messenger XMPP Stanza Smuggling (0)
- 06-10: https://khamthoa.go.th/kz.html (0)
- 06-10: https://sikhiotown.go.th/kz.html (0)
- 06-10: [webapps] Confluence Data Center 7.18.0 – Remote Code Execution (RCE) (0)
- 06-10: [webapps] WordPress Plugin Motopress Hotel Booking Lite 4.2.4 – Stored Cross-Site Scripting (XSS) (0)
- 06-09: WordPress Download Manager 3.2.42 Cross Site Scripting (0)
- 06-09: Atlassian Confluence Namespace OGNL Injection (0)
- 06-08: Atlassian Confluence Namespace OGNL Injection (0)
- 06-08: Confluence OGNL Injection Remote Code Execution (0)
- 06-08: Through The Wire CVE-2022-26134 Confluence Proof Of Concept (0)
- 06-08: Confluence OGNL Injection Proof Of Concept (0)
- 06-08: Trojan-Banker.Win32.Banker.agzg MVID-2022-0608 Insecure Permissions (0)
- 06-08: Trojan-Banker.Win32.Banbra.cyt MVID-2022-0611 Insecure Permissions (0)
- 06-08: Trojan-Proxy.Win32.Symbab.o MVID-2022-0610 Heap Corruption (0)
- 06-08: Ransom.Haron MVID-2022-0609 Code Execution (0)
- 06-08: Backdoor.Win32.Cabrotor.10.d MVID-2022-0612 Remote Command Execution (0)
- 06-08: Microsoft Office Word MSDTJS Code Execution (0)
- 06-07: Microsoft Office Word MSDTJS Code Execution (0)
- 06-07: http://www.singburihosp.go.th/0x.jpg (0)
- 06-07: http://satun.nfe.go.th/t_khokoa/web1/file_editor/0x.txt (0)
- 06-07: http://www.sahathat.go.th/obec/web1/file_editor/0x.txt (0)
- 06-07: Apache 2.4.50 Remote Code Execution (0)
- 06-07: Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure (0)
- 06-07: Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure (0)
- 06-07: Korenix JetPort 5601V3 Backdoor Account (0)
- 06-07: dbus-broker-29 Memory Corruption (0)
- 06-07: Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass (0)
- 06-07: Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection (0)
- 06-06: Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection (0)
- 06-04: http://spb3.go.th/rz.php (0)
- 06-04: Zyxel USG FLEX 5.21 Command Injection (0)
- 06-04: Microweber CMS 1.2.15 Account Takeover (0)
- 06-04: Contao 4.13.2 Cross Site Scripting (0)
- 06-04: SolarView Compact 6.00 Directory Traversal (0)
- 06-04: Telesquare SDT-CW3B1 1.1.0 Command Injection (0)
- 06-04: IIPImage Remote Memory Corruption (0)
- 06-04: Real Player 20.1.0.312 / 20.0.3.317 DLL Hijacking (0)
- 06-04: NVIDIA Data Center GPU Manager Remote Memory Corruption (0)
- 06-03: Zero-Day Exploitation Of Atlassian Confluence (0)
- 06-03: NVIDIA Data Center GPU Manager Remote Memory Corruption (0)
- 06-03: dotCMS Shell Upload (0)
- 06-03: Product Show Room Site 1.0 Cross Site Scripting (0)
- 06-03: libMeshb Buffer Overflow (0)
- 06-03: libMeshb Buffer Overflow (0)
- 06-03: [remote] SolarView Compact 6.00 – Directory Traversal (0)
- 06-03: [remote] Telesquare SDT-CW3B1 1.1.0 – OS Command Injection (0)
- 06-03: [webapps] Microweber CMS 1.2.15 – Account Takeover (0)
- 06-03: [remote] Zyxel USG FLEX 5.21 – OS Command Injection (0)
- 06-03: [webapps] Contao 4.13.2 – Cross-Site Scripting (XSS) (0)
- 06-03: [remote] Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 – Remote Code Execution (RCE) (0)
- 06-02: Real Player 20.0.8.310 G2 Control DoGoToURL() Remote Code Execution (0)
- 06-02: Real Player 16.00.282 / 16.0.3.51 / Cloud 17.0.9.17 / 20.0.7.309 Remote Code Execution (0)
- 06-02: Real Player 16.0.3.51 / Cloud 17.0.9.17 / 20.0.7.309 DCP URI Remote Code Execution (0)
- 06-02: Avantune Genialcloud ProJ 10 Cross Site Scripting (0)
- 06-02: OpenSSL 1.0.2 / 1.1.1 / 3.0 BN_mod_sqrt() Infinite Loop (0)
- 06-02: libxml2 xmlBufAdd Heap Buffer Overflow (0)
- 06-02: Packet Storm New Exploits For May, 2022 (0)
- 06-02: GtkRadiant 1.6.6 Buffer Overflow (0)
- 06-02: http://yala.nfe.go.th/betong/web1/file_editor/0x.txt (0)
- 06-02: http://phuket.nfe.go.th/kathu/web1/file_editor/0x.txt (0)
- 06-02: GtkRadiant 1.6.6 Buffer Overflow (0)
- 06-02: Microsoft Releases Workaround For 1-Click 0-Day Under Active Attack (0)
- 06-01: Fast Food Ordering System 1.0 Cross Site Scripting (0)
- 06-01: Microsoft Follina Proof Of Concept (0)
- 06-01: Microsoft Office MSDT Follina Proof Of Concept (0)
- 06-01: MyBB Admin Control Remote Code Execution (0)
- 06-01: MyBB Admin Control Remote Code Execution (0)
May 2022 (260)
- 05-31: http://thongfah.dit.go.th/krd.html (0)
- 05-31: http://blueflag.dit.go.th/krd.html (0)
- 05-31: https://lowpricemap.dit.go.th/krd.html (0)
- 05-31: Fast Food Ordering System 1.0 SQL Injection (0)
- 05-31: Ingredient Stock Management System 1.0 SQL Injection (0)
- 05-31: Ingredient Stock Management System 1.0 Account Takeover (0)
- 05-31: WordPress User Meta Lite / Pro 2.4.3 Path Traversal (0)
- 05-31: Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root (0)
- 05-30: Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root (0)
- 05-29: https://loei2.go.th/1975.html (0)
- 05-28: https://amnat-ed.go.th/1975.html (0)
- 05-27: http://www.mhs-pao.go.th/zil.php (0)
- 05-27: qdPM 9.1 Remote Code Execution (0)
- 05-27: ChromeOS usbguard Bypass (0)
- 05-27: Tigase XMPP Server Stanza Smuggling (0)
- 05-26: Tigase XMPP Server Stanza Smuggling (0)
- 05-26: http://cems.diw.go.th/sadme.htm (0)
- 05-26: http://policeubon.go.th/o.htm (0)
- 05-26: Print Spooler Remote DLL Injection (0)
- 05-25: Print Spooler Remote DLL Injection (0)
- 05-25: Zoom XMPP Stanza Smuggling Remote Code Execution (0)
- 05-25: CLink Office 2.0 SQL Injection (0)
- 05-25: Online Fire Reporting System 1.0 SQL Injection (0)
- 05-25: Online Fire Reporting System 1.0 SQL Injection (0)
- 05-25: [webapps] qdPM 9.1 – Remote Code Execution (RCE) (Authenticated) (v2) (0)
- 05-24: OpenCart Newsletter 3.0.2.0 SQL Injection (0)
- 05-24: Blockchain AltExchanger 1.2.1 SQL Injection (0)
- 05-24: Blockchain FiatExchanger 2.2.1 SQL Injection (0)
- 05-24: m1k1o's Blog 1.3 Remote Code Execution (0)
- 05-24: iTop Remote Command Execution (0)
- 05-23: iTop Remote Command Execution (0)
- 05-23: [webapps] m1k1o's Blog v.10 – Remote Code Execution (RCE) (Authenticated) (0)
- 05-23: [webapps] OpenCart v3.x Newsletter Module – Blind SQLi (0)
- 05-21: Linux USB Use-After-Free (0)
- 05-20: Linux USB Use-After-Free (0)
- 05-20: PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting (0)
- 05-20: LiquidFiles 3.4.15 Cross Site Scripting (0)
- 05-20: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization (0)
- 05-19: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization (0)
- 05-19: Emby Media Server 4.7.0.60 Cross Site Scripting (0)
- 05-18: APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days (0)
- 05-18: Emby Media Server 4.7.0.60 Cross Site Scripting (0)
- 05-18: SolarView Compact 6.0 Command Injection (0)
- 05-18: Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting (0)
- 05-18: T-Soft E-Commerce 4 Cross Site Scripting (0)
- 05-18: T-Soft E-Commerce 4 SQL Injection (0)
- 05-18: OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization (0)
- 05-18: Showdoc 2.10.3 Cross Site Scripting (0)
- 05-18: Online Discussion Forum Site 1.0 SQL Injection (0)
- 05-18: SDT-CW3B1 1.1.0 Command Injection (0)
- 05-18: Trojan-Ransom.Thanos MVID-2022-0607 Code Execution (0)
- 05-18: Apple Security Advisory 2022-05-16-1 (0)
- 05-18: Apple Security Advisory 2022-05-16-2 (0)
- 05-18: Apple Security Advisory 2022-05-16-3 (0)
- 05-18: Apple Security Advisory 2022-05-16-4 (0)
- 05-18: Apple Security Advisory 2022-05-16-5 (0)
- 05-18: Apple Security Advisory 2022-05-16-6 (0)
- 05-18: Apple Security Advisory 2022-05-16-7 (0)
- 05-18: Apple Security Advisory 2022-05-16-8 (0)
- 05-18: Trojan-Ransom.Thanos MVID-2022-0607 Code Execution (0)
- 05-17: Ransom.Conti MVID-2022-0601 Code Execution (0)
- 05-17: Ransom.Conti MVID-2022-0602 Code Execution (0)
- 05-17: Ransom.Conti MVID-2022-0603 Code Execution (0)
- 05-17: HighCMS/HighPortal 12.x SQL Injection (0)
- 05-17: Ransom.Conti MVID-2022-0604 Code Execution (0)
- 05-17: WordPress WP Event Manager 3.1.27 Cross Site Scripting (0)
- 05-17: Ransom.Conti MVID-2022-0605 Code Execution (0)
- 05-17: Zyxel Remote Command Execution (0)
- 05-17: Ransom.Conti MVID-2022-0606 Code Execution (0)
- 05-17: IpMatcher 1.0.4.1 Server-Side Request Forgery (0)
- 05-17: Chrome 100 extensions::ExtensionApiFrameIdMap::GetFrameId Heap Use-After-Free (0)
- 05-17: Zyxel Firewall ZTP Unauthenticated Command Injection (0)
- 05-17: [webapps] Showdoc 2.10.3 – Stored Cross-Site Scripting (XSS) (0)
- 05-17: [remote] SolarView Compact 6.0 – OS Command Injection (0)
- 05-17: [webapps] T-Soft E-Commerce 4 – SQLi (Authenticated) (0)
- 05-17: [remote] SDT-CW3B1 1.1.0 – OS Command Injection (0)
- 05-17: [webapps] T-Soft E-Commerce 4 – 'UrunAdi' Stored Cross-Site Scripting (XSS) (0)
- 05-17: [webapps] Survey Sparrow Enterprise Survey Software 2022 – Stored Cross-Site Scripting (XSS) (0)
- 05-16: Zyxel Firewall ZTP Unauthenticated Command Injection (0)
- 05-14: Konica Minolta bizhub MFP Printer Terminal Sandbox Escape (0)
- 05-13: Konica Minolta bizhub MFP Printer Terminal Sandbox Escape (0)
- 05-13: F5 BIG-IP 16.0.x Remote Code Execution (0)
- 05-13: Royal Event Management System 1.0 SQL Injection (0)
- 05-13: Ransom.REvil MVID-2022-0596 Code Execution (0)
- 05-13: TLR-2005KSH Arbitrary File Delete (0)
- 05-13: College Management System 1.0 SQL Injection (0)
- 05-13: AppleVideoDecoder CreateHeaderBuffer Out-Of-Bounds Free (0)
- 05-13: F5 BIG-IP iControl Remote Code Execution (0)
- 05-13: Ransom.REvil MVID-2022-0595 Code Execution (0)
- 05-13: Ransom.REvil MVID-2022-0597 Code Execution (0)
- 05-13: Ransom.REvil MVID-2022-0598 Code Execution (0)
- 05-13: Ransom.REvil MVID-2022-0599 Code Execution (0)
- 05-13: Ransom.REvil MVID-2022-0600 Code Execution (0)
- 05-12: Ransom.REvil MVID-2022-0600 Code Execution (0)
- 05-12: e107 CMS 3.2.1 Arbitrary File Upload / Cross Site Scripting (0)
- 05-12: Apache CouchDB 3.2.1 Remote Code Execution (0)
- 05-12: Wondershare Dr.Fone 12.0.7 Privilege Escalation (0)
- 05-12: Wondershare Dr.Fone 12.0.7 Privilege Escalation (0)
- 05-12: ExifTool 12.23 Arbitrary Code Execution (0)
- 05-12: Cyclos 4.14.7 Cross Site Scripting (0)
- 05-12: DLINK DIR850 Open Redirection (0)
- 05-12: DLINK DIR850 Insecure Direct Object Reference (0)
- 05-12: Wondershare Dr.Fone 11.4.10 Insecure Permissions (0)
- 05-12: SAP BusinessObjects Intelligence 4.3 XML Injection (0)
- 05-12: Microsoft CMD.EXE Integer Overflow (0)
- 05-12: ManageEngine ADSelfService Plus Build 6118 NTLMv2 Hash Exposure (0)
- 05-12: TCQ Unquoted Service Path (0)
- 05-12: UDisk Monitor Z5 Phone 2.0.3.0 Unquoted Service Path (0)
- 05-12: Anuko Time Tracker 1.20.0.5640 SQL Injection (0)
- 05-12: Navigate CMS 2.9.4 Server-Side Request Forgery (0)
- 05-12: Google Chrome 78.0.3904.70 Remote Code Execution (0)
- 05-12: PyScript 2022-05-04-Alpha Source Code Disclosure (0)
- 05-12: DLINK DAP-1620 A1 1.01 Directory Traversal (0)
- 05-12: Beehive Forum 1.5.2 Account Takeover (0)
- 05-12: MyBB 1.8.29 Remote Code Execution (0)
- 05-12: WordPress Blue Admin 21.06.01 Cross Site Request Forgery (0)
- 05-12: Joomla SexyPolling 2.1.7 SQL Injection (0)
- 05-12: Ruijie Reyee Mesh Router Remote Code Execution (0)
- 05-12: Cisco RV340 SSL VPN Unauthenticated Remote Code Execution (0)
- 05-12: Actively Exploited Zero-Day Bug Patched By Microsoft (0)
- 05-12: Cisco RV340 SSL VPN Unauthenticated Remote Code Execution (0)
- 05-12: [webapps] TLR-2005KSH – Arbitrary File Delete (0)
- 05-12: [webapps] College Management System 1.0 – 'course_code' SQL Injection (Authenticated) (0)
- 05-12: [webapps] Royal Event Management System 1.0 – 'todate' SQL Injection (Authenticated) (0)
- 05-12: [remote] F5 BIG-IP 16.0.x – Remote Code Execution (RCE) (0)
- 05-11: Spring4Shell Spring Framework Class Property Remote Code Execution (0)
- 05-11: Printix 1.3.1106.0 Privilege Escalation (0)
- 05-11: Printix 1.3.1106.0 Privileged API Abuse (0)
- 05-11: https://area2.kkzone1.go.th/resize-image-class.php (0)
- 05-11: https://area3.kkzone1.go.th/resize-image-class.php (0)
- 05-11: https://area5.kkzone1.go.th/resize-image-class.php (0)
- 05-11: https://area7.kkzone1.go.th/resize-image-class.php (0)
- 05-11: https://area10.kkzone1.go.th/resize-image-class.php (0)
- 05-11: https://area8.kkzone1.go.th/resize-image-class.php (0)
- 05-11: https://area9.kkzone1.go.th/resize-image-class.php (0)
- 05-11: [webapps] TLR-2005KSH – Arbitrary File Upload (0)
- 05-11: [remote] ManageEngine ADSelfService Plus Build 6118 – NTLMv2 Hash Exposure (0)
- 05-11: [webapps] Microfinance Management System 1.0 – 'customer_number' SQLi (0)
- 05-11: [webapps] e107 CMS v3.2.1 – Multiple Vulnerabilities (0)
- 05-11: [webapps] WebTareas 2.4 – Blind SQLi (Authenticated) (0)
- 05-11: [local] ExifTool 12.23 – Arbitrary Code Execution (0)
- 05-11: [webapps] WordPress Plugin Advanced Uploader 4.2 – Arbitrary File Upload (Authenticated) (0)
- 05-11: [local] Wondershare Dr.Fone 12.0.7 – Privilege Escalation (ElevationService) (0)
- 05-11: [remote] Bookeen Notea – Directory Traversal (0)
- 05-11: [local] Wondershare Dr.Fone 12.0.7 – Privilege Escalation (InstallAssistService) (0)
- 05-11: [webapps] CSZ CMS 1.3.0 – 'Multiple' Blind SQLi (0)
- 05-11: [remote] Apache CouchDB 3.2.1 – Remote Code Execution (RCE) (0)
- 05-11: [local] UDisk Monitor Z5 Phone – 'MonServiceUDisk.exe' Unquoted Service Path (0)
- 05-11: [webapps] Anuko Time Tracker – SQLi (Authenticated) (0)
- 05-11: [local] Wondershare Dr.Fone 11.4.10 – Insecure File Permissions (0)
- 05-11: [remote] Tenda HG6 v3.3.0 – Remote Command Injection (0)
- 05-11: [remote] Prime95 Version 30.7 build 9 – Remote Code Execution (RCE) (0)
- 05-11: [remote] Google Chrome 78.0.3904.70 – Remote Code Execution (0)
- 05-11: [remote] DLINK DIR850 – Open Redirect (0)
- 05-11: [remote] PyScript – Read Remote Python Source Code (0)
- 05-11: [webapps] Cyclos 4.14.7 – 'groupId' DOM Based Cross-Site Scripting (XSS) (0)
- 05-11: [remote] DLINK DAP-1620 A1 v1.01 – Directory Traversal (0)
- 05-11: [remote] Akka HTTP 10.1.14 – Denial of Service (0)
- 05-11: [webapps] Explore CMS 1.0 – SQL Injection (0)
- 05-11: [webapps] Magento eCommerce CE v2.3.5-p2 – Blind SQLi (0)
- 05-11: [webapps] Navigate CMS 2.9.4 – Server-Side Request Forgery (SSRF) (Authenticated) (0)
- 05-11: [webapps] Bitrix24 – Remote Code Execution (RCE) (Authenticated) (0)
- 05-11: [webapps] WordPress Plugin stafflist 3.1.2 – SQLi (Authenticated) (0)
- 05-11: [webapps] Joomla Plugin SexyPolling 2.1.7 – SQLi (0)
- 05-11: [webapps] WordPress Plugin Blue Admin 21.06.01 – Cross-Site Request Forgery (CSRF) (0)
- 05-11: [webapps] Beehive Forum – Account Takeover (0)
- 05-11: [webapps] MyBB 1.8.29 – MyBB 1.8.29 – Remote Code Execution (RCE) (Authenticated) (0)
- 05-11: [remote] USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 – Remote Root Backdoor (0)
- 05-11: [webapps] PHProjekt PhpSimplyGest v1.3. – Stored Cross-Site Scripting (XSS) (0)
- 05-11: [webapps] Cyclos 4.14.7 – DOM Based Cross-Site Scripting (XSS) (0)
- 05-11: [webapps] ImpressCMS v1.4.4 – Unrestricted File Upload (0)
- 05-11: [remote] Ruijie Reyee Mesh Router – Remote Code Execution (RCE) (Authenticated) (0)
- 05-11: [remote] DLINK DIR850 – Insecure Access Control (0)
- 05-11: [remote] SAP BusinessObjects Intelligence 4.3 – XML External Entity (XXE) (0)
- 05-11: [local] TCQ – ITeCProteccioAppServer.exe – Unquoted Service Path (0)
- 05-10: Printix 1.3.1106.0 Privileged API Abuse (0)
- 05-10: Ransom.Cryakl Code Execution (0)
- 05-10: Ransom.Petya Code Execution (0)
- 05-10: Travel Management System 1.0 SQL Injection (0)
- 05-10: School Dormitory Management 1.0 SQL Injection (0)
- 05-10: Ransom.Conti Code Execution (0)
- 05-10: Ransom.Satana Code Execution (0)
- 05-10: School Dormitory Management System 1.0 SQL Injection (0)
- 05-10: APT28 FancyBear Code Execution (0)
- 05-10: Chrome content::DisplayCutoutHostImpl::SendSafeAreaToFrame Use-After-Free (0)
- 05-10: Linux PT_SUSPEND_SECCOMP Permission Bypass / Death Race (0)
- 05-10: F5 BIG-IP Remote Code Execution (0)
- 05-09: F5 BIG-IP Remote Code Execution (0)
- 05-09: https://www.spmnan.go.th/readmee.htm (0)
- 05-09: https://nptedu.go.th/readmee.htm (0)
- 05-09: http://esanpt1.go.th/daka.htm (0)
- 05-08: http://www.nb1.go.th/daka.htm (0)
- 05-08: https://www.trang1.go.th/daka.htm (0)
- 05-07: REvil.Ransom Code Execution (0)
- 05-07: Trojan.Ransom.Cryptowall Code Execution (0)
- 05-07: ChatBot Application With A Suggestion Feature 1.0 SQL Injection (0)
- 05-07: Trojan-Ransom.LockerGoga Code Execution (0)
- 05-07: Trojan-Ransom.Cerber Code Execution (0)
- 05-07: Ransom.CTBLocker Code Execution (0)
- 05-07: Craft CMS 3.7.36 Password Reset Poisoning Attack (0)
- 05-07: Trojan.CryptoLocker Code Execution (0)
- 05-07: Trojan-Ransom.Radamant Code Execution (0)
- 05-07: http://ret2.go.th/readme.htm (0)
- 05-06: Craft CMS 3.7.36 Password Reset Poisoning Attack (0)
- 05-06: Red Planet Laundry Management System 1.0 SQL Injection (0)
- 05-06: SAP Web Dispatcher HTTP Request Smuggling (0)
- 05-06: PHProjekt PhpSimplyGest / MyProjects 1.3.0 Cross Site Scripting (0)
- 05-06: ZoneMinder Language Settings Remote Code Execution (0)
- 05-06: ZoneMinder Language Settings Remote Code Execution (0)
- 05-05: Conti.Ransom Code Execution (0)
- 05-05: Ransom.Conti Code Execution (0)
- 05-05: REvil.Ransom Code Execution (0)
- 05-05: Ransom.WannaCry Code Execution (0)
- 05-04: https://ict.amnat-ed.go.th/readmee.htm (0)
- 05-04: https://e-office.amnat-ed.go.th/readmee.htm (0)
- 05-04: https://e-news.amnat-ed.go.th/readmee.htm (0)
- 05-04: https://e-network.amnat-ed.go.th/readmee.htm (0)
- 05-04: https://salary.amnat-ed.go.th/readmee.htm (0)
- 05-04: http://cmarea3.go.th/readmee.htm (0)
- 05-04: http://loei3.go.th/readme.txt (0)
- 05-04: Ransom.WannaCry Code Execution (0)
- 05-04: WordPress Stafflist 3.1.2 Cross Site Scripting (0)
- 05-04: Tenda HG6 3.3.0 Remote Command Injection (0)
- 05-04: VMware Workspace ONE Access Template Injection / Command Execution (0)
- 05-04: Ransom.AvosLocker Code Execution (0)
- 05-04: BlackBasta Ransom Code Execution (0)
- 05-04: LokiLocker Ransom Code Execution (0)
- 05-04: Conti Ransom Code Execution (0)
- 05-04: REvil Ransom Code Execution (0)
- 05-04: RedLine.Stealer Code Execution (0)
- 05-03: RedLine.Stealer Code Execution (0)
- 05-03: http://www.krajai.go.th/readme.html (0)
- 05-03: http://www.nakhamloei.go.th/readme.html (0)
- 05-03: http://www.napongloei.go.th/readme.html (0)
- 05-03: http://www.nonghin.go.th/readme.html (0)
- 05-03: http://www.nonpasang.go.th/readme.html (0)
- 05-03: http://www.nonpodaeng.go.th/readme.html (0)
- 05-03: http://www.npt.go.th/readme.html (0)
- 05-03: http://www.pnt.go.th/readme.html (0)
- 05-03: http://www.raitai.go.th/readme.html (0)
- 05-03: http://www.srithan.go.th/readme.html (0)
- 05-03: http://www.taladjinda.go.th/readme.html (0)
- 05-03: http://www.tambolbangyang.go.th/readme.html (0)
- 05-03: http://www.tessabanna-o.go.th/readme.html (0)
- 05-03: http://www.tessabannahaeo.go.th/readme.html (0)
- 05-03: http://www.thachangklong.go.th/readme.html (0)
- 05-03: http://www.thamchalong.go.th/readme.html (0)
- 05-03: http://www.thasaklocal.go.th/readme.html (0)
- 05-03: http://www.thungkrabam.go.th/readme.html (0)
- 05-03: http://www.wangdin.go.th/readme.html (0)
- 05-03: http://www.wangsaphung.go.th/readme.html (0)
- 05-03: Toll Tax Management System 1.0 SQL Injection (0)
- 05-03: Covid 19 Travel Pass Management System 1.0 SQL Injection (0)
- 05-03: Ransom.LockBit DLL Hijacking (0)
- 05-03: Strapi 3.6.8 Password Disclosure / Insecure Handling (0)
- 05-03: WordPress Stafflist 3.1.2 SQL Injection (0)
- 05-03: WordPress Stafflist 3.1.2 Cross Site Request Forgery (0)
- 05-03: WSO Arbitrary File Upload / Remote Code Execution (0)
- 05-03: Packet Storm New Exploits For April, 2022 (0)
- 05-02: Packet Storm New Exploits For April, 2022 (0)
April 2022 (222)
- 04-29: Home Clean Service System 1.0 SQL Injection (0)
- 04-28: Home Clean Service System 1.0 SQL Injection (0)
- 04-28: WordPress Curtain 1.0.2 Cross Site Scripting (0)
- 04-28: Prime95 30.7 Build 9 Buffer Overflow (0)
- 04-28: Trojan-Banker.Win32.Banker.heq Insecure Permissions (0)
- 04-28: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
- 04-28: Net-Worm.Win32.Kibuv.c Authentication Bypass (0)
- 04-28: Email-Worm.Win32.Sidex Remote Command Execution (0)
- 04-28: Virus.Win32.Qvod.b Insecure Permissions (0)
- 04-28: Trojan-Downloader.Win32.Small.ahlq Insecure Permissions (0)
- 04-28: Backdoor.Win32.Cafeini.b Hardcoded Credential (0)
- 04-28: Backdoor.Win32.Cafeini.b Man-In-The-Middle (0)
- 04-28: Backdoor.Win32.GF.j Remote Command Execution (0)
- 04-28: Trojan-Downloader.Win32.Agent Insecure Permissions (0)
- 04-28: Backdoor.Win32.Agent.aegg Hardcoded Credential (0)
- 04-28: Miele Benchmark Programming Tool 1.1.49 / 1.2.71 Privilege Escalation (0)
- 04-28: Zepp 6.1.4-play User Account Enumeration (0)
- 04-28: Redis Lua Sandbox Escape (0)
- 04-28: Redis Lua Sandbox Escape (0)
- 04-27: http://www.ssk3.go.th/zz.html (0)
- 04-27: WordPress WP-Invoice 4.3.1 Cross Site Scripting (0)
- 04-27: Gitlab 14.9 Authentication Bypass (0)
- 04-27: Gitlab 14.9 Cross Site Scripting (0)
- 04-27: WordPress Coru LFMember 1.0.2 Cross Site Scripting (0)
- 04-26: WordPress Coru LFMember 1.0.2 Cross Site Scripting (0)
- 04-26: http://phutthaisonglocal.go.th/pentest.php (0)
- 04-26: WordPress ScrollReveal.js Effects 1.1.1 Cross Site Scripting (0)
- 04-26: Joomla Sexy Polling 2.1.7 SQL Injection (0)
- 04-26: Hackers Are Exploiting Zero Days More Than Ever (0)
- 04-26: [webapps] GitLab 14.9 – Stored Cross-Site Scripting (XSS) (0)
- 04-26: [webapps] Gitlab 14.9 – Authentication Bypass (0)
- 04-25: Joomla Sexy Polling 2.1.7 SQL Injection (0)
- 04-22: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor (0)
- 04-22: Watch Queue Out-Of-Bounds Write (0)
- 04-22: ManageEngine ADSelfService Plus Custom Script Execution (0)
- 04-21: ManageEngine ADSelfService Plus Custom Script Execution (0)
- 04-21: Jenkins Remote Code Execution (0)
- 04-21: 7-Zip 16 DLL Hijacking (0)
- 04-21: Online Restaurant Table Reservation System 1.0 SQL Injection (0)
- 04-21: Pharmacy Management System 1.0 Shell Upload (0)
- 04-21: Pharmacy Management System 1.0 SQL Injection (0)
- 04-20: Google: 2021 Was A Banner Year For Exploited 0-Day Bugs (0)
- 04-20: Pharmacy Management System 1.0 SQL Injection (0)
- 04-20: http://www.budhosp.go.th/kurdish.html (0)
- 04-20: Microsoft Exchange Active Directory Topology 15.0.847.40 Unquoted Service Path (0)
- 04-20: Fuel CMS 1.5.0 Cross Site Request Forgery (0)
- 04-20: Zyxel NWA-1100-NH Command Injection (0)
- 04-20: Scriptcase 9.7 Shell Upload (0)
- 04-20: PTPublisher 2.3.4 Unquoted Service Path (0)
- 04-20: EaseUS Data Recovery 15.1.0.0 Unquoted Service Path (0)
- 04-20: HackTool.Win32.Delf.vs Insecure Credential Storage (0)
- 04-20: WordPress Elementor 3.6.2 Shell Upload (0)
- 04-20: Backdoor.Win32.Loselove Denial Of Service (0)
- 04-20: WordPress Videos Sync PDF 1.7.4 Cross Site Scripting (0)
- 04-20: Trojan.Win32.TScash.c Insecure Permissions (0)
- 04-20: Backdoor.Win32.Hupigon.haqj Unquoted Service Path (0)
- 04-20: PKP Open Journals System 3.3 Cross Site Scripting (0)
- 04-20: 7-Zip 21.07 Code Execution / Privilege Escalation (0)
- 04-20: ManageEngine ADSelfService Plus 6.1 User Enumeration (0)
- 04-20: Backdoor.Win32.Psychward.03.a Weak Hardcoded Password (0)
- 04-20: Responsive Online Blog 1.0 SQL Injection (0)
- 04-20: WordPress Popup Maker 1.16.5 Cross Site Scripting (0)
- 04-20: Backdoor.Win32.GateHell.21 Man-In-The-Middle (0)
- 04-20: Linux watch_queue Filter Out-Of-Bounds Write (0)
- 04-20: WordPress Motopress Hotel Booking Lite 4.2.4 SQL Injection (0)
- 04-20: Linux FUSE Use-After-Free (0)
- 04-20: Backdoor.Win32.Delf.zn Insecure Credential Storage (0)
- 04-20: Backdoor.Win32.GateHell.21 Authentication Bypass (0)
- 04-20: BlueZ Key Theft / bluetoothd Double-Free (0)
- 04-19: BlueZ Key Theft / bluetoothd Double-Free (0)
- 04-19: [webapps] Scriptcase 9.7 – Remote Code Execution (RCE) (0)
- 04-19: [webapps] Easy Appointments 1.4.2 – Information Disclosure (0)
- 04-19: [remote] Zyxel NWA-1100-NH – Command Injection (0)
- 04-19: [webapps] WordPress Plugin Motopress Hotel Booking Lite 4.2.4 – SQL Injection (0)
- 04-19: [local] Microsoft Exchange Mailbox Assistants 15.0.847.40 – 'Service MSExchangeMailboxAssistants' Unquoted Service Path (0)
- 04-19: [local] EaseUS Data Recovery – 'ensserver.exe' Unquoted Service Path (0)
- 04-19: [local] Microsoft Exchange Active Directory Topology 15.0.847.40 – 'Service MSExchangeADTopology' Unquoted Service Path (0)
- 04-19: [local] PTPublisher v2.3.4 – Unquoted Service Path (0)
- 04-19: [remote] ManageEngine ADSelfService Plus 6.1 – User Enumeration (0)
- 04-19: [webapps] WordPress Plugin Videos sync PDF 1.7.4 – Stored Cross Site Scripting (XSS) (0)
- 04-19: [webapps] Fuel CMS 1.5.0 – Cross-Site Request Forgery (CSRF) (0)
- 04-19: [local] 7-zip – Code Execution / Local Privilege Escalation (0)
- 04-19: [webapps] WordPress Plugin Elementor 3.6.2 – Remote Code Execution (RCE) (Authenticated) (0)
- 04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cookie User Password Disclosure (0)
- 04-19: [webapps] PKP Open Journals System 3.3 – Cross-Site Scripting (XSS) (0)
- 04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Request Forgery (CSRF) (0)
- 04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Scripting (XSS) (0)
- 04-19: [webapps] WordPress Plugin Popup Maker 1.16.5 – Stored Cross-Site Scripting (Authenticated) (0)
- 04-19: [webapps] REDCap 11.3.9 – Stored Cross Site Scripting (0)
- 04-19: [remote] Verizon 4G LTE Network Extender – Weak Credentials Algorithm (0)
- 04-18: http://www2.utd2.go.th/readme.txt (0)
- 04-18: https://education-phatthalungcity.go.th (0)
- 04-18: http://sikhoraphumcity.go.th/zz.html (0)
- 04-17: https://office.yst1.go.th/1975.html (0)
- 04-16: Microsoft HTTP Protocol Stack Denial Of Service (0)
- 04-16: Backdoor.Win32.MotivFTP.12 Authentication Bypass (0)
- 04-16: Backdoor.Win32.Prorat.cwx Insecure Permissions (0)
- 04-16: Backdoor.Win32.Psychward.03.a Weak Hardcoded Password (0)
- 04-16: HackTool.Win32.IpcScan.c Buffer Overflow (0)
- 04-16: Backdoor.Win32.Kilo.016 Denial Of Service (0)
- 04-16: Email-Worm.Win32.Pluto.b Insecure Permissions (0)
- 04-16: Backdoor.Win32.NinjaSpy.c Authentication Bypass (0)
- 04-16: Backdoor.Win32.NetCat32.10 Remote Command Execution (0)
- 04-16: Backdoor.Win32.NetSpy.10 Remote Command Execution (0)
- 04-16: Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication (0)
- 04-15: Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication (0)
- 04-15: REDCap Cross Site Scripting (0)
- 04-15: Online Car Wash Booking System 1.0 SQL Injection (0)
- 04-15: Online Car Wash Booking System 1.0 Blind SQL Injection (0)
- 04-15: Delta Controls enteliTOUCH 3.40.3935 Cross Site Request Forgery (0)
- 04-15: Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting (0)
- 04-15: Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure (0)
- 04-14: https://www.nsw2.go.th/1975.html (0)
- 04-14: https://nb2.go.th/1975.html (0)
- 04-14: http://www.chon3.go.th/1975.html (0)
- 04-14: Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure (0)
- 04-14: Verizon 4G LTE Network Extender 0.4.038.2131 Weak Credential Algorithm (0)
- 04-14: Spring4Shell Code Execution (0)
- 04-14: Microsoft Zero Days, Wormable Bugs Spark Concern (0)
- 04-13: Spring4Shell Code Execution (0)
- 04-13: Explore CMS 1.0 SQL Injection (0)
- 04-13: Easy!Appointments Information Disclosure (0)
- 04-12: MiniTool Partition Wizard 12.0 Unquoted Service Path (0)
- 04-12: SAM SUNNY TRIPOWER 5.0 Insecure Direct Object Reference (0)
- 04-12: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion (0)
- 04-12: Telesquare TLR-2855KS6 Arbitrary File Creation (0)
- 04-12: Telesquare TLR-2855KS6 Arbitrary File Deletion (0)
- 04-12: WordPress LayerSlider Cross Site Scripting (0)
- 04-12: WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting (0)
- 04-12: Razer Sila 2.0.418 Local File Inclusion (0)
- 04-12: Razer Sila 2.0.418 Command Injection (0)
- 04-12: Razer Sila 2.0.418 Command Injection (0)
- 04-11: [webapps] Telesquare TLR-2855KS6 – Arbitrary File Deletion (0)
- 04-11: [webapps] Telesquare TLR-2855KS6 – Arbitrary File Creation (0)
- 04-11: [remote] Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 – Local File Inclusion (LFI) (0)
- 04-11: [local] MiniTool Partition Wizard – Unquoted Service Path (0)
- 04-11: [webapps] SAM SUNNY TRIPOWER 5.0 – Insecure Direct Object Reference (IDOR) (0)
- 04-09: School Club Application System 1.0 Local File Inclusion (0)
- 04-09: Online Sports Complex Booking System 1.0 Cross Site Scripting (0)
- 04-09: WordPress SiteGround Security 1.2.5 Authentication Bypass (0)
- 04-09: Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure (0)
- 04-09: PHPGurukul Zoo Management System 1.0 SQL Injection (0)
- 04-09: AeroCMS 0.0.1 Cross Site Scripting (0)
- 04-09: Social Codia SMS 1 Cross Site Scripting (0)
- 04-09: PHPGurukul Zoo Management System 1.0 Shell Upload (0)
- 04-09: E-Commerce Website 1.0 Shell Upload (0)
- 04-09: Musical World 1 Shell Upload (0)
- 04-09: E-Commerce Website 1.1.0 Shell Upload (0)
- 04-09: Social Codia SMS 1 Shell Upload (0)
- 04-09: Simple House Rental System 1 Shell Upload (0)
- 04-09: Car Rental System 1.0 SQL Injection (0)
- 04-09: Movie Seat Reservation System 1.0 File Disclosure / SQL Injection (0)
- 04-09: AeroCMS 0.0.1 Shell Upload (0)
- 04-08: FFS Colibri Controller Module 1.8.19.8580 Directory Traversal (0)
- 04-08: Backdoor.Win32.FTP.Lana.01.d Hardcoded Credential (0)
- 04-08: Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle (0)
- 04-08: CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution (0)
- 04-08: School Club Application System 1.0 SQL Injection (0)
- 04-08: Backdoor.Win32.Ptakks.XP.a Insecure Credential Storage (0)
- 04-08: Backdoor.Win32.Xingdoor Denial Of Service (0)
- 04-08: Zenario CMS 9.0.54156 Remote Code Execution (0)
- 04-08: binutils 2.37 Objdump Segmentation Fault (0)
- 04-08: Opmon 9.11 Cross Site Scripting (0)
- 04-08: Backdoor.Win32.Wisell Buffer Overflow (0)
- 04-08: Small HTTP Server 3.06 Remote Buffer Overflow (0)
- 04-08: Kramer VIAware Remote Code Execution (0)
- 04-08: Backdoor.Win32.Wisell Remote Command Execution (0)
- 04-08: WordPress Loco Translate Cross Site Scripting (0)
- 04-08: WordPress Ad Inserter Cross Site Scripting (0)
- 04-08: ICEHRM 31.0.0.0S Cross Site Request Forgery (0)
- 04-08: WordPress Hummingbird Cross Site Scripting (0)
- 04-08: minewebcms 1.15.2 Cross Site Scripting (0)
- 04-08: qdPM 9.2 Cross Site Request Forgery (0)
- 04-08: WordPress UpdraftPlus Cross Site Scripting (0)
- 04-08: WordPress WP Downgrade Cross Site Scripting (0)
- 04-08: KLiK Social Media Website 1.0 SQL Injection (0)
- 04-08: Backdoor.Win32.Verify.h Remote Command Execution (0)
- 04-08: Backdoor.Win32.XLog.21 Authentication Bypass / Race Condition (0)
- 04-07: [remote] Opmon 9.11 – Cross-site Scripting (0)
- 04-07: [local] binutils 2.37 – Objdump Segmentation Fault (0)
- 04-07: [webapps] Zenario CMS 9.0.54156 – Remote Code Execution (RCE) (Authenticated) (0)
- 04-07: [webapps] KLiK Social Media Website 1.0 – 'Multiple' SQLi (0)
- 04-07: [remote] Kramer VIAware – Remote Code Execution (RCE) (Root) (0)
- 04-07: [webapps] ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Deletion (0)
- 04-07: [webapps] qdPM 9.2 – Cross-site Request Forgery (CSRF) (0)
- 04-07: [local] Sherpa Connector Service v2020.2.20328.2050 – Unquoted Service Path (0)
- 04-07: [webapps] minewebcms 1.15.2 – Cross-site Scripting (XSS) (0)
- 04-06: SAP Information System 1.0 Shell Upload (0)
- 04-06: Online Sports Complex Booking System 1.0 SQL Injection (0)
- 04-06: cmark-gfm Integer overflow (0)
- 04-06: Bakery Shop Management System 1.0 SQL Injection (0)
- 04-06: Bakery Shop Management System 1.0 Local File Inclusion (0)
- 04-06: https://www.kkpho.go.th/planyut/ (0)
- 04-05: Gadget Store Management System 1.0 Shell Upload (0)
- 04-05: Online Banquet Booking System 1.0 Cross Site Request Forgery (0)
- 04-05: Multi Store Inventory Management System 1.0 Information Disclosure (0)
- 04-05: Multi Store Inventory Management System 1.0 Account Takeover (0)
- 04-04: ALLMediaServer 1.6 Buffer Overflow (0)
- 04-04: Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path (0)
- 04-04: Backdoor.Win32.Wollf.h Remote Command Execution (0)
- 04-04: Barco Control Room Management Suite Directory Traversal (0)
- 04-04: Backdoor.Win32.Jokerdoor Hardcoded Credential (0)
- 04-04: Payroll Management System 1.0 SQL Injection (0)
- 04-04: Backdoor.Win32.Delf.ps Information Disclosure (0)
- 04-04: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass (0)
- 04-04: https://patrol-psd.go.th/v3n.html (0)
- 04-03: https://mdh.go.th/1975index.html (0)
- 04-03: https://npte2.go.th/1975index.html (0)
- 04-02: Apple Rushes Out Patches For Two Zero Days Threatening Users (0)
- 04-02: Apple Security Advisory 2022-03-31-2 (0)
- 04-02: Apple Security Advisory 2022-03-31-1 (0)
- 04-01: Message System 1.0 Cross Site Scripting (0)
- 04-01: Message System 1.0 SQL Injection (0)
- 04-01: Medical Hub Directory Site 1.0 SQL Injection (0)
- 04-01: Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path (0)
- 04-01: EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path (0)
- 04-01: Chrome DeserializeFromMessage Validation Issue (0)
- 04-01: IdeaRE RefTree Shell Upload (0)
- 04-01: IdeaRE RefTree Path Traversal (0)
- 04-01: Spring Cloud Function SpEL Injection (0)
- 04-01: WordPress Uleak Security Dashboard 1.2.3 Cross Site Scripting (0)
- 04-01: Packet Storm New Exploits For March, 2022 (0)
March 2022 (271)
- 03-30: Sports Complex Booking System 1.0 Local File Inclusion (0)
- 03-30: Fingerprint Attendance 1.0 SQL Injection (0)
- 03-30: Fingerprint Attendance 1.0 Shell Upload (0)
- 03-30: Fingerprint Attendance 1.0 Account Takeover (0)
- 03-30: Message System 1.0 Local File Inclusion (0)
- 03-30: Message System 1.0 Shell Upload (0)
- 03-30: WordPress Curtain 1.0.2 Cross Site Request Forgery (0)
- 03-30: WordPress Clipr 1.2.3 Cross Site Scripting (0)
- 03-30: WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting (0)
- 03-30: Atom CMS 1.0.2 Shell Upload (0)
- 03-30: WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion (0)
- 03-30: WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion (0)
- 03-30: CSZ CMS 1.2.9 SQL Injection (0)
- 03-30: Medical Hub Directory Site 1.0 Local File Inclusion (0)
- 03-30: Medical Hub Directory Site 1.0 Cross Site Scripting (0)
- 03-30: Medical Hub Directory Site 1.0 Shell Upload (0)
- 03-30: Medical Hub Directory Site 1.0 SQL Injection (0)
- 03-30: PostgreSQL 11.7 Remote Code Execution (0)
- 03-30: Kramer VIAware 2.5.0719.1034 Remote Code Execution (0)
- 03-30: WordPress CleanTalk 5.173 Cross Site Scripting (0)
- 03-30: WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting (0)
- 03-30: Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal (0)
- 03-30: Chrome safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails Use-After-Free (0)
- 03-30: [remote] Kramer VIAware 2.5.0719.1034 – Remote Code Execution (RCE) (0)
- 03-30: [remote] PostgreSQL 9.3-11.7 – Remote Code Execution (RCE) (Authenticated) (0)
- 03-30: [webapps] CSZ CMS 1.2.9 – 'Multiple' Blind SQLi(Authenticated) (0)
- 03-30: [webapps] WordPress Plugin video-synchro-pdf 1.7.4 – Local File Inclusion (0)
- 03-30: [webapps] WordPress Plugin cab-fare-calculator 1.0.3 – Local File Inclusion (0)
- 03-30: [webapps] WordPress Plugin Curtain 1.0.2 – Cross-site Request Forgery (CSRF) (0)
- 03-30: [webapps] Atom CMS 2.0 – Remote Code Execution (RCE) (0)
- 03-30: [webapps] ImpressCMS 1.4.2 – Remote Code Execution (RCE) (0)
- 03-29: Message System 1.0 Shell Upload (0)
- 03-29: One Church Management System 1.0 Cross Site Scripting (0)
- 03-29: Microfinance Management System 1.0 SQL Injection (0)
- 03-29: One Church Management System 1.0 SQL Injection (0)
- 03-29: FruityWifi Remote Code Execution (0)
- 03-29: ALLMediaServer 1.6 Remote Buffer Overflow (0)
- 03-29: Backdoor.Win32.Cyn.20 Insecure Permissions (0)
- 03-29: Pay Slip PDF Generator System 1.0 SQL Injection (0)
- 03-29: Pay Slip PDF Generator System 1.0 Shell Upload (0)
- 03-29: Backdoor.Win32.Cafeini.b Denial Of Service (0)
- 03-29: PDF Generator Web App Using TCPDF 1.0 Local File Inclusion (0)
- 03-29: Microfinance Management System 1.0 Cross Site Scripting (0)
- 03-29: Backdoor.Win32.Chubo.c Remote Command Execution (0)
- 03-29: Backdoor.Win32.Chubo.c Cross Site Scripting (0)
- 03-29: Online Banking System 1.0 SQL Injection (0)
- 03-29: WordPress Admin Word Count Column 2.2 Local File Inclusion (0)
- 03-29: Backdoor.Win32.Avstral.e Remote Command Execution (0)
- 03-29: Royale Event Management System 1.0 Privilege Escalation (0)
- 03-29: Royale Event Management System 1.0 Cross Site Scripting (0)
- 03-29: PDF Generator Web Application 1.0 SQL Injection (0)
- 03-29: Covid-19 Directory On Vaccination System 1.0 SQL Injection (0)
- 03-29: Covid-19 Directory On Vaccination System 1.0 SQL Injection (0)
- 03-29: Backdoor.Win32.Cafeini.b Hardcoded Credential (0)
- 03-29: Razer Synapse 3.6.x DLL Hijacking (0)
- 03-28: Razer Synapse 3.6.x DLL Hijacking (0)
- 03-26: RTLO Injection URI Spoofing (0)
- 03-25: RTLO Injection URI Spoofing (0)
- 03-25: containerd Image Volume Insecure Handling (0)
- 03-25: Online Sports Complex Booking System 1.0 Account Takeover (0)
- 03-25: Online Sports Complex Booking System 1.0 SQL Injection (0)
- 03-25: Sports Complex Booking System 1.0 Shell Upload (0)
- 03-25: Foxit PDF Editor (iOS) 11.3.1 Arbitrary File Upload (0)
- 03-25: Trend Micro Virtual Mobile Infrastructure 6.0.1278 Denial Of Service (0)
- 03-25: Sports Complex Booking System 1.0 SQL Injection (0)
- 03-25: Microfinance Management System 1.0 SQL Injection (0)
- 03-25: Event Management System 1.0 Shell Upload (0)
- 03-25: http://e-learning.rid.go.th/kz.html (0)
- 03-24: WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read (0)
- 03-24: Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting (0)
- 03-24: WordPress Contact Form 7 5.5.6 Cross Site Scripting (0)
- 03-24: WordPress Akismet Spam Protection 4.2.2 Cross Site Scripting (0)
- 03-24: ProtonVPN 1.26.0 Unquoted Service Path (0)
- 03-24: ImpressCMS 1.4.2 SQL Injection / Remote Code Execution (0)
- 03-24: Event Management System 1.0 Shell Upload (0)
- 03-24: http://www.na-khu.go.th/attach_file/1643522665_lisence.txt (0)
- 03-24: https://khoksanga.go.th/forms_file/6db2c2dc3227a2ff2a652b94fb661f87.txt (0)
- 03-24: https://www.chaisor.go.th/forms_file/426e821c0353711d536ced779734e5f6.txt (0)
- 03-24: http://www.silakhonkaen.go.th/sapa_file/1643523403_lisence.txt (0)
- 03-24: https://www.pordang.go.th/sapa_file/c6ba3e75f31da3729f234e5b6e05bdbe.txt (0)
- 03-24: https://www.ksk.go.th/forms_file/27fac990cc86a94393fce412b01f0683.txt (0)
- 03-24: https://www.thaiudom.go.th/forms_file/645201e4087caa162a86146173bf9f21.txt (0)
- 03-24: https://banthaenlocal.go.th/forms_file/817f62a0e632dd5385414460a56497e9.txt (0)
- 03-24: https://huaipichai.go.th/forms_file/17e538ffaee4c83152db25dfbcc7e592.txt (0)
- 03-23: ProtonVPN 1.26.0 Unquoted Service Path (0)
- 03-23: ImpressCMS 1.4.2 Authentication Bypass (0)
- 03-23: Sysax FTP Automation 6.9.0 Privilege Escalation (0)
- 03-23: Backdoor.Win32.Agent.bxxn Open Proxy (0)
- 03-23: iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution (0)
- 03-23: Backdoor.Win32.BirdSpy.b Hardcoded Credential (0)
- 03-23: ICEHRM 31.0.0.0S Cross Site Request Forgery (0)
- 03-23: ImpressCMS 1.4.2 Path Traversal (0)
- 03-23: ImpressCMS 1.4.2 Incorrect Access Control (0)
- 03-23: ImpressCMS 1.4.2 SQL Injection (0)
- 03-23: [webapps] WordPress Plugin amministrazione-aperta 3.7.3 – Local File Read – Unauthenticated (0)
- 03-23: [local] ProtonVPN 1.26.0 – Unquoted Service Path (0)
- 03-22: ImpressCMS 1.4.2 SQL Injection (0)
- 03-22: SAP Knowledge Warehouse 7.50 / 7.40 / 7.31 / 7.30 Cross Site Scripting (0)
- 03-22: WordPress iQ Block Country 1.2.13 Arbitrary File Deletion (0)
- 03-22: Inventory Management System 1.0 Cross Site Scripting (0)
- 03-22: Inventory Management System 1.0 SQL Injection (0)
- 03-22: Home Owners Collection Management System 1.0 SQL Injection (0)
- 03-22: Amazing CD Ripper 1.2 Buffer Overflow (0)
- 03-22: Xlight FTP 3.9.3.2 Buffer Overflow (0)
- 03-22: Ivanti Endpoint Manager CSA 4.5 / 4.6 Remote Code Execution (0)
- 03-22: Poultry Farm Management System 1.0 Shell Upload (0)
- 03-22: OX App Suite 7.10.5 Cross Site Scripting (0)
- 03-22: ICT Protege GX/WX 2.08 Cross Site Scripting (0)
- 03-22: ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure (0)
- 03-22: [remote] ICT Protege GX/WX 2.08 – Client-Side SHA1 Password Hash Disclosure (0)
- 03-22: [remote] ICT Protege GX/WX 2.08 – Stored Cross-Site Scripting (XSS) (0)
- 03-22: [local] Sysax FTP Automation 6.9.0 – Privilege Escalation (0)
- 03-22: [remote] Ivanti Endpoint Manager 4.6 – Remote Code Execution (RCE) (0)
- 03-22: [remote] iRZ Mobile Router – CSRF to RCE (0)
- 03-22: [webapps] ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Takeover (0)
- 03-21: [webapps] Wordpress Plugin iQ Block Country 1.2.13 – Arbitrary File Deletion via Zip Slip (Authenticated) (0)
- 03-19: Simple Mobile Comparison Website 1.0 Cross Site Scripting (0)
- 03-19: Chrome chrome_pdf::PDFiumEngine::RequestThumbnail Heap Buffer Overflow (0)
- 03-18: https://bdlh.go.th/noname.html (0)
- 03-18: BuilderOrcus Insecure Permissions (0)
- 03-18: BuilderOrcus Insecure Credential Storage (0)
- 03-18: BuilderPandoraRat.b Insecure Credential Storage (0)
- 03-18: BuilderTorCTPHPRAT.b Insecure Credential Storage (0)
- 03-18: BuilderTorCTPHPRAT.b Shell Upload (0)
- 03-18: BuilderTorCTPHPRAT.b Cross Site Scripting (0)
- 03-18: BuilderRevengeRAT XML Injection (0)
- 03-17: Apache APISIX 2.12.1 Remote Code Execution (0)
- 03-17: Tiny File Manager 2.4.6 Shell Upload (0)
- 03-17: Hikvision IP Camera Backdoor (0)
- 03-17: Pluck CMS 4.7.16 Shell Upload (0)
- 03-17: Moodle 3.11.5 SQL Injection (0)
- 03-17: Chrome HandleTable::AddDispatchersFromTransit Integer Overflow (0)
- 03-17: Windows SpoolFool Privilege Escalation (0)
- 03-16: College Website Management System 1.0 SQL Injection (0)
- 03-16: Laravel Media Library Pro 2.1.6 Shell Upload (0)
- 03-16: Apple Security Advisory 2022-03-14-8 (0)
- 03-16: Apple Security Advisory 2022-03-14-9 (0)
- 03-16: Apple Security Advisory 2022-03-14-6 (0)
- 03-16: Apple Security Advisory 2022-03-14-7 (0)
- 03-16: Apple Security Advisory 2022-03-14-10 (0)
- 03-16: Apple Security Advisory 2022-03-14-5 (0)
- 03-16: Apple Security Advisory 2022-03-14-3 (0)
- 03-16: Apple Security Advisory 2022-03-14-1 (0)
- 03-16: Apple Security Advisory 2022-03-14-2 (0)
- 03-16: Apple Security Advisory 2022-03-14-4 (0)
- 03-16: [remote] Apache APISIX 2.12.1 – Remote Code Execution (RCE) (0)
- 03-16: [webapps] Tiny File Manager 2.4.6 – Remote Code Execution (RCE) (0)
- 03-16: [remote] Hikvision IP Camera – Backdoor (0)
- 03-16: [webapps] Pluck CMS 4.7.16 – Remote Code Execution (RCE) (Authenticated) (0)
- 03-16: [webapps] Moodle 3.11.5 – SQLi (Authenticated) (0)
- 03-15: Baixar GLPI Project 9.4.6 SQL Injection (0)
- 03-15: Insurance Management System 1.0 SQL Injection (0)
- 03-15: Student Grading System 1.0 SQL Injection (0)
- 03-15: Automatic Question Paper Generator System 1.0 Insecure Direct Object Reference (0)
- 03-15: VIVE Runtime Service 1.0.0.4 Unquoted Service Path (0)
- 03-15: Automatic Question Paper Generator System 1.0 Cross Site Scripting (0)
- 03-15: RedLine.MainPanel Insecure Permissions (0)
- 03-15: Hades RAT Web Panel Insecure Credential Storage (0)
- 03-15: Hades RAT Web Panel Information Disclosure (0)
- 03-15: Hades RAT Web Panel Cross Site Scripting (0)
- 03-14: [local] VIVE Runtime Service – 'ViveAgentService' Unquoted Service Path (0)
- 03-14: [webapps] Baixar GLPI Project 9.4.6 – SQLi (0)
- 03-12: FLEX 1080/1085 Web 1.6.0 Information Disclosure (0)
- 03-12: Tdarr 2.00.15 Command Injection (0)
- 03-12: Employee Performance Evaluation System 1.0 SQL Injection (0)
- 03-12: Seowon SLR-120 Router Remote Code Execution (0)
- 03-11: Sony Playmemories Home Unquoted Service Path (0)
- 03-11: BattlEye 0.9 Unquoted Service Path (0)
- 03-11: McAfee Safe Connect VPN Unquoted Service Path (0)
- 03-11: Sandboxie-Plus 5.50.2 Unquoted Service Path (0)
- 03-11: WOW21 5.0.1.9 Unquoted Service Path (0)
- 03-11: Siemens S7-1200 4.5 Unauthenticated Access (0)
- 03-11: Zabbix 5.0.17 Remote Code Execution (0)
- 03-11: Dirty Pipe Local Privilege Escalation (0)
- 03-11: [remote] Tdarr 2.00.15 – Command Injection (0)
- 03-11: [remote] Seowon SLR-120 Router – Remote Code Execution (Unauthenticated) (0)
- 03-10: Wondershare Dr.Fone 12.0.18 Unquoted Service Path (0)
- 03-10: Cobian Backup 0.9 Unquoted Service Path (0)
- 03-10: Webmin 1.984 Remote Code Execution (0)
- 03-10: Printix Client 1.3.1106.0 Privilege Escalation (0)
- 03-10: Audio Conversion Wizard 2.01 Buffer Overflow (0)
- 03-10: DEOS AG OPEN 710/810 Cross Site Scripting (0)
- 03-10: Chinese APT Zero Days Compromised US State Governments (0)
- 03-10: [remote] Siemens S7-1200 – Unauthenticated Start/Stop Command (0)
- 03-10: [local] Sandboxie-Plus 5.50.2 – 'Service SbieSvc' Unquoted Service Path (0)
- 03-10: [local] McAfee(R) Safe Connect VPN – Unquoted Service Path Elevation Of Privilege (0)
- 03-10: [local] WOW21 5.0.1.9 – 'Service WOW21_Service' Unquoted Service Path (0)
- 03-10: [local] Sony playmemories home – 'PMBDeviceInfoProvider' Unquoted Service Path (0)
- 03-10: [webapps] Zabbix 5.0.17 – Remote Code Execution (RCE) (Authenticated) (0)
- 03-10: [local] BattlEye 0.9 – 'BEService' Unquoted Service Path (0)
- 03-09: Dirty Pipe Linux Privilege Escalation (0)
- 03-09: Dirty Pipe SUID Binary Hijack Privilege Escalation (0)
- 03-09: http://phon-thong.go.th (0)
- 03-09: http://www.takdad.go.th (0)
- 03-09: http://www.nongleng-bk.go.th (0)
- 03-09: http://www.tohdeng.go.th (0)
- 03-09: [local] Audio Conversion Wizard v2.01 – Buffer Overflow (0)
- 03-09: [local] Cobian Backup 0.9 – Unquoted Service Path (0)
- 03-09: [webapps] Webmin 1.984 – Remote Code Execution (Authenticated) (0)
- 03-08: Foxit PDF Reader 11.0 Unquoted Service Path (0)
- 03-08: Malwarebytes 4.5 Unquoted Service Path (0)
- 03-08: Cloudflare WARP 1.4 Unquoted Service Path (0)
- 03-08: Matrimony 1.0 SQL Injection (0)
- 03-08: Loki RAT (Relapse) Directory Traversal / Arbitrary File Deletion (0)
- 03-08: Private Internet Access 3.3 Unquoted Service Path (0)
- 03-08: Loki RAT (Relapse) SQL Injection (0)
- 03-08: part-db 0.5.11 Remote Code Execution (0)
- 03-08: Spring Cloud Gateway 3.1.0 Remote Code Execution (0)
- 03-08: Hasura GraphQL 2.2.0 Information Disclosure (0)
- 03-08: Attendance And Payroll System 1.0 SQL Injection (0)
- 03-08: Attendance And Payroll System 1.0 Remote Code Execution (0)
- 03-08: Apache APISIX Remote Code Execution (0)
- 03-08: http://sangsawang.go.th/kz.html (0)
- 03-08: http://buayainan.go.th/kz.html (0)
- 03-08: http://phothonglocal.go.th/kz.html (0)
- 03-08: http://banchiang.go.th/kz.html (0)
- 03-08: http://singkok.go.th/kz.html (0)
- 03-08: http://tungtom.go.th/kz.html (0)
- 03-08: http://khamkhaen.go.th/kz.html (0)
- 03-08: http://phanphrao.go.th/kz.html (0)
- 03-08: http://khaosan.go.th/kz.html (0)
- 03-08: [local] Linux Kernel 5.8 < 5.16.11 – Local Privilege Escalation (DirtyPipe) (0)
- 03-07: http://mungtong.go.th/readme.html (0)
- 03-07: http://nangua.go.th/readme.html (0)
- 03-07: [local] Foxit PDF Reader 11.0 – Unquoted Service Path (0)
- 03-07: [local] Cloudflare WARP 1.4 – Unquoted Service Path (0)
- 03-07: [local] Private Internet Access 3.3 – 'pia-service' Unquoted Service Path (0)
- 03-07: [webapps] Hasura GraphQL 2.2.0 – Information Disclosure (0)
- 03-07: [webapps] Attendance and Payroll System v1.0 – Remote Code Execution (RCE) (0)
- 03-07: [webapps] Attendance and Payroll System v1.0 – SQLi Authentication Bypass (0)
- 03-07: [webapps] Spring Cloud Gateway 3.1.0 – Remote Code Execution (RCE) (0)
- 03-07: [webapps] part-db 0.5.11 – Remote Code Execution (RCE) (0)
- 03-07: [local] Malwarebytes 4.5 – Unquoted Service Path (0)
- 03-06: https://atsamart.go.th (0)
- 03-06: http://www.yasothon.go.th/index.php (0)
- 03-05: Backdoor.Win32.Augudor.a Remote File Write / Code Execution (0)
- 03-05: Backdoor.Win32.BNLite Buffer Overflow (0)
- 03-05: Polkit pkexec Privilege Escalation (0)
- 03-05: Backdoor.Win32.FTP.Nuclear.10 Hardcoded Credential (0)
- 03-05: Backdoor.Win32.DirectConnection.103 Weak Hardcoded Password (0)
- 03-05: Backdoor.Win32.BluanWeb Information Disclosure (0)
- 03-05: Backdoor.Win32.BluanWeb Remote Code Execution (0)
- 03-05: Backdoor.Win32.BluanWeb Remote Command Execution (0)
- 03-05: pfSense 2.5.2 Shell Upload (0)
- 03-05: Backdoor.Win32.RemoteNC.beta4 Remote Command Execution (0)
- 03-04: Polkit pkexec Local Privilege Escalation (0)
- 03-03: Printix Client 1.3.1106.0 Remote Code Execution (0)
- 03-03: Xerte 3.10.3 Directory Traversal (0)
- 03-03: Xerte 3.9 Remote Code Execution (0)
- 03-03: Car Driving School Management 1.0 SQL Injection (0)
- 03-03: Prowise Reflect 1.0.9 Remote Keystroke Injection (0)
- 03-03: Zyxel ZyWALL 2 Plus Cross Site Scripting (0)
- 03-03: http://suratpeo.go.th/boy.html (0)
- 03-02: http://www.krabi.go.th/kt.html (0)
- 03-02: Rufus 3.17.1846 DLL Hijacking (0)
- 03-02: Firefox MCallGetProperty Write Side Effects Use-After-Free (0)
- 03-02: Packet Storm New Exploits For February, 2022 (0)
- 03-02: [remote] Printix Client 1.3.1106.0 – Remote Code Execution (RCE) (0)
- 03-02: [webapps] Zyxel ZyWALL 2 Plus Internet Security Appliance – Cross-Site Scripting (XSS) (0)
- 03-02: [remote] Prowise Reflect v1.0.9 – Remote Keystroke Injection (0)
- 03-02: [webapps] Xerte 3.9 – Remote Code Execution (RCE) (Authenticated) (0)
- 03-02: [webapps] Xerte 3.10.3 – Directory Traversal (Authenticated) (0)
- 03-01: Cobian Reflector 0.9.93 RC1 Denial Of Service (0)
- 03-01: Cobian Backup 11 Gravity 11.2.0.582 Denial Of Service (0)
- 03-01: Cobian Backup Gravity 11.2.0.582 Unquoted Service Path (0)
- 03-01: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation (0)
- 03-01: Cipi Control Panel 3.1.15 Cross Site Scripting (0)
- 03-01: Casdoor 1.13.0 SQL Injection (0)
- 03-01: Hikvision IP Camera Unauthenticated Command Injection (0)
- 03-01: Axis IP Camera Shell Upload (0)
- 03-01: Win32k ConsoleControl Offset Confusion / Privilege Escalation (0)
February 2022 (254)
- 02-28: [remote] WAGO 750-8212 PFC200 G2 2ETH RS – Privilege Escalation (0)
- 02-28: [local] Cobian Backup Gravity 11.2.0.582 – 'CobianBackup11' Unquoted Service Path (0)
- 02-28: [local] Cobian Backup 11 Gravity 11.2.0.582 – 'Password' Denial of Service (PoC) (0)
- 02-28: [local] Cobian Reflector 0.9.93 RC1 – 'Password' Denial of Service (PoC) (0)
- 02-28: [webapps] Cipi Control Panel 3.1.15 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
- 02-28: [webapps] Casdoor 1.13.0 – SQL Injection (Unauthenticated) (0)
- 02-26: Dahua ToolBox 1.010.0000000.0 DLL Hijacking (0)
- 02-26: Technitium Installer 4.4 DLL Hijacking (0)
- 02-26: WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting (0)
- 02-26: Bank Management System 1.0 SQL Injection (0)
- 02-26: Microsoft Exchange Server Remote Code Execution (0)
- 02-25: Wondershare MirrorGo 2.0.11.346 Insecure File Permissions (0)
- 02-25: Simple Mobile Comparison Website 1.0 SQL Injection (0)
- 02-24: Backdoor.Win32.Acropolis.10 Insecure Permissions (0)
- 02-24: Adobe ColdFusion 11 Remote Code Execution (0)
- 02-24: aaPanel 6.8.21 Directory Traversal (0)
- 02-24: Backdoor.Win32.FTP.Ics Man-In-The-Middle (0)
- 02-24: WebHMI 4.1 Cross Site Scripting (0)
- 02-24: WebHMI 4.1.1 Remote Code Execution (0)
- 02-24: Backdoor.Win32.FTP.Ics Authentication Bypass / Code Execution (0)
- 02-24: Microweber CMS 1.2.10 Local File Inclusion (0)
- 02-24: Backdoor.Win32.FTP.Ics Remote Command Execution (0)
- 02-24: [local] Wondershare MirrorGo 2.0.11.346 – Insecure File Permissions (0)
- 02-23: Trojan.Win32.Cosmu.abix Insecure Permissions (0)
- 02-23: Air Cargo Management System 1.0 SQL Injection (0)
- 02-23: WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting (0)
- 02-23: Backdoor.Win32.Agent.baol Insecure Permissions (0)
- 02-23: Agirhnet 1.0 Cross Site Scripting (0)
- 02-23: Backdoor.Win32.Dsocks.10 Hardcoded Password (0)
- 02-23: ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification (0)
- 02-23: [webapps] Student Record System 1.0 – 'cid' SQLi (Authenticated) (0)
- 02-23: [webapps] aaPanel 6.8.21 – Directory Traversal (Authenticated) (0)
- 02-23: [webapps] Air Cargo Management System v1.0 – SQLi (0)
- 02-23: [remote] Adobe ColdFusion 11 – LDAP Java Object Deserialization Remode Code Execution (RCE) (0)
- 02-23: [webapps] Simple Real Estate Portal System 1.0 – 'id' SQLi (0)
- 02-22: Cab Management System 1.0 Remote Code Execution (0)
- 02-22: Cab Management System 1.0 SQL Injection (0)
- 02-22: Microsoft Gaming Services 2.52.13001.0 Unquoted Service Path (0)
- 02-22: HMA VPN 5.3 Unquoted Service Path (0)
- 02-22: Auto Spare Parts Management 1.0 SQL Injection (0)
- 02-22: Thinfinity VirtualUI 2.5.41.0 IFRAME Injection (0)
- 02-22: Thinfinity VirtualUI 2.5.26.2 Information Disclosure (0)
- 02-22: WordPress WP User Frontend 3.5.25 SQL Injection (0)
- 02-22: WordPress Perfect Survey 1.5.1 SQL Injection (0)
- 02-22: FileCloud 21.2 Cross Site Request Forgery (0)
- 02-22: Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion (0)
- 02-22: Microweber 1.2.11 Shell Upload (0)
- 02-22: Simple Real Estate Portal System 1.0 SQL Injection (0)
- 02-22: Cyclades Serial Console Server 3.3.0 Privilege Escalation (0)
- 02-22: Chrome RenderFrameHostImpl Use-After-Free (0)
- 02-22: https://www.dannok.go.th/kz.html (0)
- 02-21: [webapps] Thinfinity VirtualUI 2.5.26.2 – Information Disclosure (0)
- 02-21: [webapps] Cab Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
- 02-21: [webapps] Microweber 1.2.11 – Remote Code Execution (RCE) (Authenticated) (0)
- 02-21: [webapps] Cab Management System 1.0 – 'id' SQLi (Authenticated) (0)
- 02-21: [local] HMA VPN 5.3 – Unquoted Service Path (0)
- 02-21: [webapps] WordPress Plugin Perfect Survey – 1.5.1 – SQLi (Unauthenticated) (0)
- 02-21: [webapps] Thinfinity VirtualUI 2.5.41.0 – IFRAME Injection (0)
- 02-19: Wondershare UBackit 2.0.5 Unquoted Service Path (0)
- 02-19: Wondershare FamiSafe 1.0 Unquoted Service Path (0)
- 02-19: Wondershare MobileTrans 3.5.9 Unquoted Service Path (0)
- 02-19: Wondershare Dr.Fone 11.4.9 Unquoted Service Path (0)
- 02-19: Connectify Hotspot 2018 Unquoted Service Path (0)
- 02-19: Intel Management Engine Components 6.0.0.1189 Unquoted Service Path (0)
- 02-19: File Santizer For HP ProtectTools 5.0.1.3 Unquoted Service Path (0)
- 02-19: Bluetooth Application 5.4.277 Unquoted Service Path (0)
- 02-19: TOSHIBA DVD PLAYER Navi Support Service 1.00.0000 Unquoted Service Path (0)
- 02-19: Cosmetics And Beauty Product Online Store 1.0 Cross Site Scripting (0)
- 02-19: Cosmetics And Beauty Product Online Store 1.0 SQL Injection (0)
- 02-19: Hotel Druid 3.0.3 Remote Code Execution (0)
- 02-19: Fortinet Fortimail 7.0.1 Cross Site Scripting (0)
- 02-19: WordPress dzs-zoomsounds 6.60 Shell Upload (0)
- 02-19: WordPress MasterStudy LMS 2.7.5 Account Creation (0)
- 02-18: Telegram Android 8.4.4 Denial Of Service (0)
- 02-18: Backdoor.Win32.Zombam.b Buffer Overflow (0)
- 02-18: Backdoor.Win32.Zombam.b Information Disclosure (0)
- 02-18: Car Portal Template Cross Site Scripting (0)
- 02-18: Backdoor.Win32.Zombam.b Cross Site Scripting (0)
- 02-18: Backdoor.Win32.Prorat.lkt Weak Hardcoded Password (0)
- 02-18: Vicidial 2.14-783a SQL Injection (0)
- 02-18: Email-Worm.Win32.Lama Insecure Permissions (0)
- 02-18: MartFury Marketplace Cross Site Scripting (0)
- 02-18: Backdoor.Win32.Prosti.b Insecure Permissions (0)
- 02-18: Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder Insecure Permissions (0)
- 02-18: Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control (0)
- 02-18: [webapps] WordPress Plugin dzs-zoomsounds 6.60 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 02-18: [webapps] WordPress Plugin MasterStudy LMS 2.7.5 – Unauthenticated Admin Account Creation (0)
- 02-18: [local] File Sanitizer for HP ProtectTools 5.0.1.3 – 'HPFSService' Unquoted Service Path (0)
- 02-18: [local] Connectify Hotspot 2018 'ConnectifyService' – Unquoted Service Path (0)
- 02-18: [webapps] Hotel Druid 3.0.3 – Remote Code Execution (RCE) (0)
- 02-18: [local] Wondershare Dr.Fone 11.4.9 – 'DFWSIDService' Unquoted Service Path (0)
- 02-18: [local] Intel(R) Management Engine Components 6.0.0.1189 – 'LMS' Unquoted Service Path (0)
- 02-18: [local] Bluetooth Application 5.4.277 – 'BlueSoleilCS' Unquoted Service Path (0)
- 02-18: [local] TOSHIBA DVD PLAYER Navi Support Service – 'TNaviSrv' Unquoted Service Path (0)
- 02-18: [local] Wondershare UBackit 2.0.5 – 'wsbackup' Unquoted Service Path (0)
- 02-18: [webapps] Fortinet Fortimail 7.0.1 – Reflected Cross-Site Scripting (XSS) (0)
- 02-18: [local] Wondershare MobileTrans 3.5.9 – 'ElevationService' Unquoted Service Path (0)
- 02-18: [local] Wondershare FamiSafe 1.0 – 'FSService' Unquoted Service Path (0)
- 02-17: WordPress Error Log Viewer 1.1.1 Arbitrary File Deletion (0)
- 02-17: Emerson PAC Machine Edition 9.80 Build 8695 Unquoted Service Path (0)
- 02-17: ServiceNow Orlando Username Enumeration (0)
- 02-17: Medical Store Management System 1.0 SQL Injection (0)
- 02-17: Simple Student Quarterly Result / Grade System 1.0 SQL Injection (0)
- 02-17: Google Play Protect 22.4.25 Detection Bypass (0)
- 02-17: Multi-Vendor Online Groceries Management System 1.0 SQL Injection (0)
- 02-17: Ignition Remote Code Execution (0)
- 02-17: TeamSpeak 3.5.6 Insecure File Permissions (0)
- 02-17: Network Video Recorder NVR304-16EP Cross Site Scripting (0)
- 02-17: Tiny File Manager 2.4.3 Shell Upload (0)
- 02-17: http://healthnmd.nmd.go.th/wh.html (0)
- 02-17: http://hwd.nmd.go.th/wh.html (0)
- 02-17: http://knowledge.nmd.go.th/wh.html (0)
- 02-17: http://mssd.nmd.go.th/wh.html (0)
- 02-17: http://navylady.nmd.go.th/wh.html (0)
- 02-17: http://phisweb.nmd.go.th/wh.html (0)
- 02-17: http://person.nmd.go.th/wh.html (0)
- 02-17: http://pmqa.nmd.go.th/wh.html (0)
- 02-17: http://strategy.nmd.go.th/wh.html (0)
- 02-17: http://srknurse.nmd.go.th/wh.html (0)
- 02-17: http://support.nmd.go.th/wh.html (0)
- 02-16: [webapps] WordPress Plugin Error Log Viewer 1.1.1 – Arbitrary File Clearing (Authenticated) (0)
- 02-16: [webapps] Network Video Recorder NVR304-16EP – Reflected Cross-Site Scripting (XSS) (Unauthenticated) (0)
- 02-16: [local] TeamSpeak 3.5.6 – Insecure File Permissions (0)
- 02-16: [remote] H3C SSL VPN – Username Enumeration (0)
- 02-16: [webapps] Simple Student Quarterly Result/Grade System 1.0 – SQLi Authentication Bypass (0)
- 02-16: [webapps] ServiceNow – Username Enumeration (0)
- 02-16: [webapps] Multi-Vendor Online Groceries Management System 1.0 – 'id' Blind SQL Injection (0)
- 02-16: [local] Emerson PAC Machine Edition 9.80 Build 8695 – 'TrapiServer' Unquoted Service Path (0)
- 02-15: WordPress International SMS For Contact Form 7 Integration 1.2 CSRF (0)
- 02-15: Slurp 1.10.2 Format String (0)
- 02-15: Simple Bakery Shop Management System 1.0 SQL Injection (0)
- 02-15: H3C SSL VPN Username Enumeration (0)
- 02-15: Nagios XI Autodiscovery Shell Upload (0)
- 02-15: Patch Now: Adobe Releases Emergency Fix For Exploited Commerce, Magenta Zero Day (0)
- 02-15: Patch Now: Adobe Releases Emergency Fix For Exploited Commerce, Magenta Zero Day (0)
- 02-14: https://phapae.go.th (0)
- 02-13: https://king9.nrct.go.th/0x48.htm (0)
- 02-12: Kyocera Command Center RX ECOSYS M2035dn Directory Traversal (0)
- 02-12: Accounting Journal Management System 1.0 SQL Injection (0)
- 02-12: Subrion CMS 4.2.1 Cross Site Request Forgery (0)
- 02-12: Nokia Transport Module Authentication Bypass (0)
- 02-12: SIEMENS-SINEMA Remote Connect 1.0 SP3 HF1 Open Redirection (0)
- 02-12: Apple Security Advisory 2022-02-10-1 (0)
- 02-12: Apple Security Advisory 2022-02-10-2 (0)
- 02-12: Apple Security Advisory 2022-02-10-3 (0)
- 02-11: Apple Patches Actively Exploited WebKit Zero Day (0)
- 02-11: WordPress 5.9 Cross Site Scripting (0)
- 02-11: Cain And Abel 4.9.56 Unquoted Service Path (0)
- 02-11: WordPress Jetpack 9.1 Cross Site Scripting (0)
- 02-11: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQL Injection / Code Execution (0)
- 02-11: WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection (0)
- 02-11: Hospital Management Startup 1.0 SQL Injection (0)
- 02-11: WordPress VeronaLabs WP Statistics 13.1.4 SQL Injection (0)
- 02-11: Home Owners Collection Management System 1.0 SQL Injection (0)
- 02-11: Home Owners Collection Management System 1.0 Account Takeover (0)
- 02-11: Home Owners Collection Management System 1.0 Shell Upload (0)
- 02-11: [webapps] Kyocera Command Center RX ECOSYS M2035dn – Directory Traversal File Disclosure (Unauthenticated) (0)
- 02-11: [webapps] Accounting Journal Management System 1.0 – 'id' SQLi (Authenticated) (0)
- 02-11: [webapps] Subrion CMS 4.2.1 – Cross Site Request Forgery (CSRF) (Add Amin) (0)
- 02-10: Backdoor.Win32.Frauder.jt Insecure Permissions (0)
- 02-10: Backdoor.Win32.XRat.k Remote Command Execution (0)
- 02-10: Exam Reviewer Management System 1.0 SQL Injection (0)
- 02-10: Exam Reviewer Management System 1.0 Shell Upload (0)
- 02-10: Backdoor.Win32.Prexot.a Man-In-The-Middle (0)
- 02-10: Backdoor.Win32.Wdoor.11 Remote Command Execution (0)
- 02-10: Atom CMS 2.0 SQL Injection (0)
- 02-10: Backdoor.Win32.Prexot.a Authentication Bypass (0)
- 02-10: Backdoor.Win32.Freddy.2001 Authentication Bypass / Command Execution (0)
- 02-10: Grandstream GXV31XX settimezone Unauthenticated Command Execution (0)
- 02-10: [webapps] WordPress Plugin Jetpack 9.1 – Cross Site Scripting (XSS) (0)
- 02-10: [webapps] WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 – SQL-Injection (Unauthenticated) (0)
- 02-10: [webapps] Home Owners Collection Management System 1.0 – 'id' Blind SQL Injection (0)
- 02-10: [webapps] Home Owners Collection Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
- 02-10: [webapps] Hospital Management Startup 1.0 – 'Multiple' SQLi (0)
- 02-10: [webapps] Home Owners Collection Management System 1.0 – Account Takeover (Unauthenticated) (0)
- 02-10: [local] Cain & Abel 4.9.56 – Unquoted Service Path (0)
- 02-10: [webapps] WordPress Plugin Contact Form Builder 1.6.1 – Cross-Site Scripting (XSS) (0)
- 02-09: FileBrowser 2.17.2 Code Execution / Cross Site Request Forgery (0)
- 02-09: WordPress Security Audit 1.0.0 Cross Site Scripting (0)
- 02-09: WordPress CP Blocks 1.0.14 Cross Site Scripting (0)
- 02-09: WordPress Contact Form Builder 1.6.1 Cross Site Scripting (0)
- 02-09: Hotel Reservation System 1.0 SQL Injection (0)
- 02-09: WordPress Simple Job Board 2.9.3 Local File Inclusion (0)
- 02-09: Wing FTP Server 4.3.8 Remote Code Execution (0)
- 02-09: PHP Everywhere 2.0.3 Remote Code Execution (0)
- 02-09: Strapi CMS 3.0.0-beta.17.4 Privilege Escalation (0)
- 02-09: QEMU Monitor HMP migrate Command Execution (0)
- 02-09: [webapps] AtomCMS v2.0 – SQLi (0)
- 02-09: [webapps] Exam Reviewer Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
- 02-09: [webapps] Exam Reviewer Management System 1.0 – ‘id’ SQL Injection (0)
- 02-08: Chrome storage::BlobBuilderFromStream Uninitializaed On-Stack Pointer (0)
- 02-08: Backdoor.Win32.Small.er Code Execution (0)
- 02-08: Hospital Management System 4.0 SQL Injection (0)
- 02-08: WordPress International SMS For Contact Form 7 Integration 1.2 XSS (0)
- 02-08: [webapps] Wordpress Plugin Simple Job Board 2.9.3 – Local File Inclusion (0)
- 02-08: [remote] Wing FTP Server 4.3.8 – Remote Code Execution (RCE) (Authenticated) (0)
- 02-08: [webapps] WordPress Plugin International Sms For Contact Form 7 Integration V1.2 – Cross Site Scripting (XSS) (0)
- 02-08: [webapps] Hospital Management System 4.0 – 'multiple' SQL Injection (0)
- 02-08: [webapps] FileBrowser 2.17.2 – Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE) (0)
- 02-08: [webapps] Hotel Reservation System 1.0 – SQLi (Unauthenticated) (0)
- 02-08: [webapps] Strapi CMS 3.0.0-beta.17.4 – Set Password (Unauthenticated) (Metasploit) (0)
- 02-05: WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting (0)
- 02-05: FLAME II MODEM USB Unquoted Service Path (0)
- 02-05: Servisnet Tessa Authentication Bypass (0)
- 02-05: Servisnet Tessa MQTT Credential Disclosure (0)
- 02-05: WBCE CMS 1.5.2 Remote Code Execution (0)
- 02-05: Servisnet Tessa Privilege Escalation (0)
- 02-05: WAGO 750-8xxx PLC Denial Of Service / User Enumeration (0)
- 02-05: Korenix Technology JetWave CSRF / Command Injection / Missing Authentication (0)
- 02-05: Voltage SecureMail Server Business Logic Bypass (0)
- 02-05: Shopmetrics Mystery Shopping Software Broken Access Control / XSS (0)
- 02-04: Feberr 12.7 Shell Upload (0)
- 02-04: Vivellio 1.2.1 User Account Enumeration (0)
- 02-04: [webapps] Servisnet Tessa – Add sysAdmin User (Unauthenticated) (Metasploit) (0)
- 02-04: [webapps] Servisnet Tessa – Privilege Escalation (Metasploit) (0)
- 02-04: [webapps] WordPress Plugin IP2Location Country Blocker 2.26.7 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
- 02-04: [local] FLAME II MODEM USB – Unquoted Service Path (0)
- 02-04: [webapps] WBCE CMS 1.5.2 – Remote Code Execution (RCE) (Authenticated) (0)
- 02-04: [webapps] Servisnet Tessa – MQTT Credentials Dump (Unauthenticated) (Metasploit) (0)
- 02-03: CONTPAQi AdminPAQ 14.0.0 Unquoted Service Path (0)
- 02-03: WordPress 404 To 301 2.0.2 SQL Injection (0)
- 02-03: WordPress Post Grid 2.1.1 Cross Site Scripting (0)
- 02-03: WordPress Product Slider For WooCommerce 1.13.21 Cross Site Scripting (0)
- 02-03: Chamilo LMS 1.11.14 Cross Site Scripting / Account Takeover (0)
- 02-03: WordPress Download Monitor WordPress 4.4.4 SQL Injection (0)
- 02-03: Backdoor.Win32.Wollf.m Weak Hardcoded Password (0)
- 02-03: WordPress Domain Check 1.0.16 Cross Site Scripting (0)
- 02-03: PHP Unit 4.8.28 Remote Code Execution (0)
- 02-03: WordPress Contact Form Check Tester 1.0.2 XSS / Access Control (0)
- 02-03: Mozilla Firefox 67 Array.pop JIT Type Confusion (0)
- 02-03: PHP Restaurants 1.0 SQL Injection (0)
- 02-03: Backdoor.Win32.Zxman Code Execution (0)
- 02-03: Moodle 3.11.4 SQL Injection (0)
- 02-03: Huawei DG8045 Router 1.0 Credential Disclosure (0)
- 02-03: Backdoor.Win32.Small.bu Remote Command Execution (0)
- 02-03: WordPress Learnpress 4.1.4.1 Arbitrary Image Renaming (0)
- 02-02: Cisco Small Business RV Series Authentication Bypass / Command Injection (0)
- 02-02: Packet Storm New Exploits For January, 2022 (0)
- 02-02: [webapps] Moodle 3.11.4 – SQL Injection (0)
- 02-02: [webapps] Wordpress Plugin 404 to 301 2.0.2 – SQL-Injection (Authenticated) (0)
- 02-02: [webapps] WordPress Plugin Domain Check 1.0.16 – Reflected Cross-Site Scripting (XSS) (Authenticated) (0)
- 02-02: [local] CONTPAQi(R) AdminPAQ 14.0.0 – Unquoted Service Path (0)
- 02-02: [local] Mozilla Firefox 67 – Array.pop JIT Type Confusion (0)
- 02-01: HackTool.Win32.Muzzer.a Buffer Overflow (0)
- 02-01: Backdoor.Win32.Tiny.c Code Execution (0)
- 02-01: Moxa TN-5900 Firmware Upgrade Checksum Validation (0)
- 02-01: Moxa TN-5900 Post Authentication Command Injection (0)
- 02-01: Apple Security Advisory 2022-01-26-1 (0)
- 02-01: Apple Security Advisory 2022-01-26-2 (0)
- 02-01: Apple Security Advisory 2022-01-26-3 (0)
- 02-01: Apple Security Advisory 2022-01-26-4 (0)
- 02-01: Apple Security Advisory 2022-01-26-5 (0)
- 02-01: Apple Security Advisory 2022-01-26-6 (0)
- 02-01: Apple Security Advisory 2022-01-26-7 (0)
January 2022 (216)
- 01-29: Fetch Softworks Fetch FTP Client 5.8 Denial Of Service (0)
- 01-28: WordPress Mortgage Calculators WP 1.52 Cross Site Scripting (0)
- 01-28: Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion (0)
- 01-28: PolicyKit-1 0.105-31 Privilege Escalation (0)
- 01-28: WordPress Modern Events Calendar 6.1 SQL Injection (0)
- 01-28: WordPress RegistrationMagic V 5.0.1.5 SQL Injection (0)
- 01-27: Apple Fixes 2 Zero-Day Security Bugs, One Exploited In the Wild (0)
- 01-27: Polkit pkexec CVE-2021-4034 Local Root (0)
- 01-27: Backdoor.Win32.WinShell.50 Weak Hardcoded Password (0)
- 01-27: Polkit pkexec CVE-2021-4034 Proof Of Concept (0)
- 01-27: Polkit pkexec CVE-2021-4034 Local Root (0)
- 01-27: Linux Kernel Slab Out-Of-Bounds Write (0)
- 01-27: Linux Kernel Slab Out-Of-Bounds Write (0)
- 01-27: [remote] Oracle WebLogic Server 14.1.1.0.0 – Local File Inclusion (0)
- 01-27: [webapps] WordPress Plugin Modern Events Calendar V 6.1 – SQL Injection (Unauthenticated) (0)
- 01-27: [webapps] WordPress Plugin RegistrationMagic V 5.0.1.5 – SQL Injection (Authenticated) (0)
- 01-27: [webapps] WordPress Plugin Mortgage Calculators WP 1.52 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
- 01-26: TYPO3 femanager 6.3.0 Cross Site Scripting (0)
- 01-26: H2 Database Console Remote Code Execution (0)
- 01-26: Online Project Time Management System 1.0 Cross Site Scripting (0)
- 01-26: Backdoor.Win32.Agent.uq Insecure Permissions (0)
- 01-26: Backdoor.Win32.FTP99 Authentication Bypass (0)
- 01-26: Backdoor.Win32.FTP99 Man-In-The-Middle (0)
- 01-26: PHPIPAM 1.4.4 SQL Injection (0)
- 01-26: WebACMS 2.1.0 Cross Site Scripting (0)
- 01-26: Backdoor.Win32.Hanuman.b Code Execution (0)
- 01-26: Backdoor.Win32.FTP.Lana.01.d Weak Hardcoded Password (0)
- 01-26: Online Project Time Management System 1.0 SQL Injection (0)
- 01-26: Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle (0)
- 01-26: Ametys CMS 4.4.1 Cross Site Scripting (0)
- 01-26: Backdoor.Win32.DRA.c Weak Hardcoded Password (0)
- 01-26: CosaNostra Builder Insecure Permissions (0)
- 01-26: Xerox Versalink Denial Of Service (0)
- 01-26: CosaNostra Builder WebPanel Insecure Cryptographic Storage (0)
- 01-26: FAUST iServer 9.0.018.018.4 Local File Inclusion (0)
- 01-26: uBidAuction 2.0.1 Cross Site Scripting (0)
- 01-26: CosaNostra Builder WebPanel Cross Site Request Forgery (0)
- 01-26: Ethercreative Logs 3.0.3 Path Traversal (0)
- 01-26: Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution (0)
- 01-25: XNU Kernel mach_msg Use-After-Free (0)
- 01-25: UniFi Network Application Unauthenticated Log4Shell Remote Code Execution (0)
- 01-25: [webapps] PHPIPAM 1.4.4 – SQLi (Authenticated) (0)
- 01-25: [webapps] Online Project Time Management System 1.0 – Multiple Stored Cross Site Scripting (XSS) (Authenticated) (0)
- 01-25: [webapps] Online Project Time Management System 1.0 – SQLi (Authenticated) (0)
- 01-24: [webapps] Landa Driving School Management System 2.0.1 – Arbitrary File Upload (0)
- 01-22: Online Project Time Management 1.0 SQL Injection (0)
- 01-22: Banco Guayaquil 8.0.0 Cross Site Scripting (0)
- 01-22: Backdoor.Win32.Wollf.16 Authentication Bypass (0)
- 01-22: Backdoor.Win32.Wollf.16 Hardcoded Credential (0)
- 01-21: VulturiBuilder Insecure Permissions (0)
- 01-21: CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage (0)
- 01-21: CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle (0)
- 01-21: Backdoor.Win32.Wisell Remote Command Execution (0)
- 01-21: Ransomware Builder Babuk Insecure Permissions (0)
- 01-21: VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution (0)
- 01-21: Grandstream GXV3175 Unauthenticated Command Execution (0)
- 01-20: WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting (0)
- 01-19: Nyron 1.0 SQL Injection (0)
- 01-19: Simple Chatbot Application 1.0 SQL Injection (0)
- 01-19: Simple Chatbot Application 1.0 Shell Upload (0)
- 01-19: Online Resort Management System 1.0 SQL Injection (0)
- 01-19: Landa Driving School Management System 2.0.1 Arbitrary File Upload (0)
- 01-19: Archeevo 5.0 Local File Inclusion (0)
- 01-19: [webapps] Affiliate Pro 1.7 – 'Multiple' Cross Site Scripting (XSS) (0)
- 01-19: [webapps] Rocket LMS 1.1 – Persistent Cross Site Scripting (XSS) (0)
- 01-19: [webapps] uDoctorAppointment v2.1.1 – 'Multiple' Cross Site Scripting (XSS) (0)
- 01-18: Worktime 10.20 Build 4967 DLL Hijacking (0)
- 01-18: Worktime 10.20 Build 4967 Unquoted Service Path (0)
- 01-18: HTTP Protocol Stack Denial Of Service / Remote Code Execution (0)
- 01-18: Cisco IP Phone Cleartext Password Storage (0)
- 01-18: Ab Stealer Web Panel Cross Site Scripting (0)
- 01-18: Win32.MarsStealer Web Panel Information Disclosure (0)
- 01-18: SB Admin Cross Site Request Forgery / SQL Injection (0)
- 01-18: Win32.MarsStealer Web Panel Cross Site Scripting (0)
- 01-18: Win32.MarsStealer Web Panel Unauthenticated Remote Data Deletion (0)
- 01-18: OpenBMCS 2.4 Cross Site Request Forgery (0)
- 01-18: Chaos Ransomware Builder 4 Insecure Permissions (0)
- 01-18: OpenBMCS 2.4 SQL Injection (0)
- 01-18: OpenBMCS 2.4 Remote Privilege Escalation (0)
- 01-18: AgentTesla Builder Web Panel Cross Site Scripting (0)
- 01-18: AgentTesla Builder Web Panel SQL Injection (0)
- 01-18: OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery (0)
- 01-18: OpenBMCS 2.4 Secret Disclosure (0)
- 01-18: [webapps] OpenBMCS 2.4 – Cross Site Request Forgery (CSRF) (0)
- 01-18: [webapps] Simple Chatbot Application 1.0 – 'message' Blind SQLi (0)
- 01-18: [webapps] Simple Chatbot Application 1.0 – Remote Code Execution (RCE) (0)
- 01-18: [webapps] OpenBMCS 2.4 – Information Disclosure (0)
- 01-18: [webapps] OpenBMCS 2.4 – Create Admin / Remote Privilege Escalation (0)
- 01-18: [webapps] OpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated) (0)
- 01-18: [webapps] OpenBMCS 2.4 – SQLi (Authenticated) (0)
- 01-18: [webapps] Online Resort Management System 1.0 – SQLi (Authenticated) (0)
- 01-18: [local] WorkTime 10.20 Build 4967 – Unquoted Service Path (0)
- 01-18: [remote] Archeevo 5.0 – Local File Inclusion (0)
- 01-14: Microsoft Windows EFSRPC Arbitrary File Upload / Privilege Escalation (0)
- 01-14: Chrome IPC::ChannelAssociatedGroupController Memory Corruption (0)
- 01-14: SonicWall SMA 100 Series Authenticated Command Injection (0)
- 01-14: Apple Security Advisory 2022-01-12-1 (0)
- 01-14: Apple ColorSync Out-Of-Bounds Read (0)
- 01-13: RLM 14.2 Cross Site Scripting (0)
- 01-13: Online Diagnostic Lab Management System 1.0 Missing Access Control (0)
- 01-13: Online Diagnostic Lab Management System 1.0 Cross Site Scripting (0)
- 01-13: Online Diagnostic Lab Management System 1.0 SQL Injection (0)
- 01-13: WordPress Frontend Uploader 1.3.2 Cross Site Scripting (0)
- 01-13: Libstagefright Heap Out-Of-Bounds Write (0)
- 01-13: Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure (0)
- 01-13: Log4Shell HTTP Header Injection (0)
- 01-13: Microsoft Starts 2022 With Big Bundle Fixes For 96 Security Bugs In Its Software (0)
- 01-13: [webapps] WordPress Core 5.8.2 – 'WP_Query' SQL Injection (0)
- 01-13: [webapps] Online Diagnostic Lab Management System 1.0 – Stored Cross Site Scripting (XSS) (0)
- 01-13: [webapps] Online Diagnostic Lab Management System 1.0 – Account Takeover (Unauthenticated) (0)
- 01-13: [webapps] SalonERP 3.0.1 – 'sql' SQL Injection (Authenticated) (0)
- 01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'room_list' Stored Cross Site Scripting (XSS) (0)
- 01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'doctors' Stored Cross Site Scripting (XSS) (0)
- 01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'room_types' Stored Cross Site Scripting (XSS) (0)
- 01-13: [webapps] Online Diagnostic Lab Management System 1.0 – SQL Injection (Unauthenticated) (0)
- 01-12: Microsoft Starts 2022 With Big Bundle Fixes For 96 Security Bugs In Its Software (0)
- 01-12: Microsoft Windows .Reg File Dialog Spoofing / Mitigation Bypass (0)
- 01-12: Microsoft Windows Defender / Detection Bypass (0)
- 01-12: Backdoor.Win32.Controlit.10 Code Execution (0)
- 01-12: [webapps] WordPress Plugin Frontend Uploader 1.3.2 – Stored Cross Site Scripting (XSS) (Unauthenticated) (0)
- 01-12: [local] Microsoft Windows Defender – Detections Bypass (0)
- 01-12: [local] Microsoft Windows .Reg File – Dialog Spoof / Mitigation Bypass (0)
- 01-11: CoreFTP Server Build 725 Directory Traversal (0)
- 01-11: VUPlayer 2.49 Buffer Overflow (0)
- 01-11: Online Railway Reservation System 1.0 Cross Site Scripting (0)
- 01-11: Online Railway Reservation System 1.0 Missing Access Control (0)
- 01-11: Online Railway Reservation System 1.0 Remote Code Execution (0)
- 01-11: Online Railway Reservation System 1.0 SQL Injection (0)
- 01-11: Online Resort Management System 1.0 SQL Injection (0)
- 01-11: Online Examination System Project 1.0 SQL Injection (0)
- 01-11: HTTP Commander 3.1.9 Cross Site Scripting (0)
- 01-11: WordPress Contact Form Entries Cross Site Scripting (0)
- 01-11: Open-AudIT Community 4.2.0 Cross Site Scripting (0)
- 01-11: Linux Garbage Collection Memory Corruption (0)
- 01-10: [local] VUPlayer 2.49 – '.wax' Local Buffer Overflow (DEP Bypass) (0)
- 01-10: [webapps] Online Railway Reservation System 1.0 – 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated) (0)
- 01-10: [webapps] Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated) (0)
- 01-10: [webapps] HTTP Commander 3.1.9 – Stored Cross Site Scripting (XSS) (0)
- 01-10: [webapps] Online Railway Reservation System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 01-10: [webapps] Online Railway Reservation System 1.0 – 'id' SQL Injection (Unauthenticated) (0)
- 01-08: Online Veterinary Appointment System 1.0 SQL Injection (0)
- 01-08: Chrome storage::BlobURLStoreImpl::Revoke Heap Use-After-Free (0)
- 01-08: Microsoft Windows SMB Direct Session Takeover (0)
- 01-08: Google Project Zero 0-Days Exploited In-The-Wild (0)
- 01-07: Backdoor.Win32.Jtram.a Insecure Credential Storage (0)
- 01-07: Backdoor.Win32.Dsklite.a Denial Of Service (0)
- 01-07: Simple Music Cloud Community System 1.0 SQL Injection (0)
- 01-07: Backdoor.Win32.Jtram.a Man-In-The-Middle (0)
- 01-07: Backdoor.Win32.SVC Buffer Overflow (0)
- 01-07: XNU inm_merge Heap Use-After-Free (0)
- 01-07: Backdoor.Win32.Dsklite.a Insecure Transit (0)
- 01-07: Backdoor.Win32.SubSeven.c Buffer Overflow (0)
- 01-07: Backdoor.Win32.SVC Directory Traversal (0)
- 01-07: [webapps] Online Veterinary Appointment System 1.0 – 'Multiple' SQL Injection (0)
- 01-06: Movie Rating System 1.0 Broken Access Control (0)
- 01-06: Movie Rating System 1.0 SQL Injection / Code Execution (0)
- 01-06: Nettmp NNT 5.1 SQL Injection (0)
- 01-06: Safari Montage 8.5 Cross Site Scripting (0)
- 01-06: RiteCMS 3.1.0 Arbitrary File Deletion (0)
- 01-06: RiteCMS 3.1.0 Arbitrary File Overwrite (0)
- 01-06: cWifi Hotspot Wireless CP Code Execution (0)
- 01-06: Virtual Airline Manager 2.6.2 SQL Injection (0)
- 01-06: AWebServer GhostBuilding 18 Denial Of Service (0)
- 01-06: Easy Cart Shopping Cart 2021 Cross Site Scripting (0)
- 01-06: Hospitals Patient Records Management System 1.0 SQL Injection (0)
- 01-06: Vodafone H-500-s 3.5.10 WiFi Password Disclosure (0)
- 01-06: Automox Agent 32 Local Privilege Escalation (0)
- 01-06: uDoctorAppointment 2.1.1 Cross Site Scripting (0)
- 01-06: WordPress AAWP 3.16 Cross Site Scripting (0)
- 01-06: Hospitals Patient Records Management System 1.0 Account TakeOver (0)
- 01-06: Online Admission System 1.0 Remote Code Execution (0)
- 01-06: openSIS Student Information System 8.0 SQL Injection (0)
- 01-06: Rocket LMS 1.1 Cross Site Scripting (0)
- 01-06: TermTalk Server 3.24.0.2 Arbitrary File Read (0)
- 01-06: Hostel Management System 2.1 Cross Site Scripting (0)
- 01-06: Affiliate Pro 1.7 Cross Site Scripting (0)
- 01-06: Gerapy 0.9.7 Remote Code Execution (0)
- 01-06: Dixell XWEB 500 Arbitrary File Write (0)
- 01-06: WordPress Catch Themes Demo Import Shell Upload (0)
- 01-05: Projeqtor 9.3.1 Cross Site Scripting (0)
- 01-05: [webapps] Virtual Airlines Manager 2.6.2 – 'multiple' SQL Injection (0)
- 01-05: [webapps] Movie Rating System 1.0 – SQLi to RCE (Unauthenticated) (0)
- 01-05: [webapps] Online Admission System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 01-05: [local] TRIGONE Remote System Monitor 3.61 – Unquoted Service Path (0)
- 01-05: [webapps] BeyondTrust Remote Support 6.0 – Reflected Cross-Site Scripting (XSS) (Unauthenticated) (0)
- 01-05: [webapps] Hospitals Patient Records Management System 1.0 – Account TakeOver (0)
- 01-05: [remote] AWebServer GhostBuilding 18 – Denial of Service (DoS) (0)
- 01-05: [webapps] Hospitals Patient Records Management System 1.0 – 'id' SQL Injection (Authenticated) (0)
- 01-05: [webapps] Nettmp NNT 5.1 – SQLi Authentication Bypass (0)
- 01-05: [webapps] Hostel Management System 2.1 – Cross Site Scripting (XSS) (0)
- 01-05: [webapps] Library System in PHP 1.0 – 'publisher name' Stored Cross-Site Scripting (XSS) (0)
- 01-05: [webapps] SAFARI Montage 8.5 – Reflected Cross Site Scripting (XSS) (0)
- 01-05: [webapps] WordPress Plugin The True Ranker 2.2.2 – Arbitrary File Read (Unauthenticated) (0)
- 01-05: [remote] ConnectWise Control 19.2.24707 – Username Enumeration (0)
- 01-05: [webapps] RiteCMS 3.1.0 – Remote Code Execution (RCE) (Authenticated) (0)
- 01-05: [webapps] RiteCMS 3.1.0 – Arbitrary File Deletion (Authenticated) (0)
- 01-05: [webapps] RiteCMS 3.1.0 – Arbitrary File Overwrite (Authenticated) (0)
- 01-05: [webapps] CMSimple 5.4 – Cross Site Scripting (XSS) (0)
- 01-05: [webapps] WordPress Plugin Contact Form Entries 1.1.6 – Cross Site Scripting (XSS) (Unauthenticated) (0)
- 01-05: [dos] Siemens S7 Layer 2 – Denial of Service (DoS) (0)
- 01-04: Computer And Mobile Repair Shop Management 1.0 SQL Injection (0)
- 01-04: TRIGONE Remote System Monitor 3.61 Unquoted Service Path (0)
- 01-04: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
- 01-04: Backdoor.Win32.Wollf.m Weak Hardcoded Password (0)
- 01-04: Backdoor.Win32.Wollf.m Authentication Bypass (0)
- 01-04: BeyondTrust Remote Support 6.0 Cross Site Scripting (0)
- 01-04: Backdoor.Win32.Fantador Insecure Password Storage (0)
- 01-04: Backdoor.Win32.Fantador Denial Of Service (0)
- 01-04: Backdoor.Win32.Skrat Insecure Password Storage (0)
- 01-04: Backdoor.Win32.SilentSpy.10 Authentication Bypass / Command Execution (0)
- 01-04: WordPress CRM Form Entries Cross Site Scripting (0)
- 01-04: Backdoor.Win32.SilentSpy.10 Authentication Race Condition (0)
- 01-04: Zoom Chat Message Processing Buffer Overflow (0)
- 01-04: Zoom MMR Server Information Leak (0)
- 01-02: Packet Storm New Exploits For December, 2021 (0)
- 01-02: Packet Storm New Exploits For 2021 (0)
December 2021 (169)
- 12-29: Microsoft Windows Explorer Preview Pane Security Bypass (0)
- 12-29: Backdoor.Win32.Visiotrol.10 Insecure Password Storage (0)
- 12-29: Backdoor.Win32.FTP.Simpel.12 Man-In-The-Middle (0)
- 12-29: Windows Explorer Preview Pane HTML File Link Spoofing (0)
- 12-29: Backdoor.Win32.FTP.Simpel.12 Insecure Crypto Implementation (0)
- 12-29: Terramaster F4-210 / F2-210 Remote Code Execution (0)
- 12-29: ManageEngine ServiceDesk Plus Remote Code Execution (0)
- 12-24: Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service (0)
- 12-22: WBCE CMS 1.5.1 Admin Password Reset (0)
- 12-22: phpKF CMS 3.00 Beta y6 Remote Code Execution (0)
- 12-22: Exponent CMS 2.6 Cross Site Scripting / Brute Force (0)
- 12-22: Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets (0)
- 12-21: Alfa Team Shell Tesla 4.1 Remote Code Execution (0)
- 12-21: Signup PHP Portal 2.1 Shell Upload (0)
- 12-21: Video Sharing Website 1.0 SQL Injection (0)
- 12-21: Bazaar Web PHP Social Listings Shell Upload (0)
- 12-21: WordPress Popular Posts 5.3.2 Remote Code Execution (0)
- 12-20: [webapps] Exponent CMS 2.6 – Multiple Vulnerabilities (0)
- 12-20: [webapps] phpKF CMS 3.00 Beta y6 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 12-20: [webapps] WBCE CMS 1.5.1 – Admin Password Reset (0)
- 12-18: Backdoor.Win32.BNLite Buffer Overflow (0)
- 12-18: Backdoor.Win32.Mellpon.b Information Disclosure (0)
- 12-18: Android VM_MAYWRITE Access To Shared Zygote JIT Mapping (0)
- 12-18: Apple Security Advisory 2021-12-15-1 (0)
- 12-18: Apple Security Advisory 2021-12-15-2 (0)
- 12-18: Apple Security Advisory 2021-12-15-3 (0)
- 12-18: Apple Security Advisory 2021-12-15-4 (0)
- 12-18: Apple Security Advisory 2021-12-15-5 (0)
- 12-18: Apple Security Advisory 2021-12-15-6 (0)
- 12-18: Apple Security Advisory 2021-12-15-7 (0)
- 12-17: Child's Day Care Management System 1.0 SQL Injection (0)
- 12-17: Arunna 1.0.0 Cross Site Request Forgery (0)
- 12-17: Croogo 3.0.2 Cross Site Scripting (0)
- 12-17: Croogo 3.0.2 Shell Upload (0)
- 12-17: Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration (0)
- 12-17: Chrome blink::NativeIOFile::DoRead Heap Use-After-Free (0)
- 12-17: Chrome ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread Heap Use-After-Free (0)
- 12-17: Chrome NavigationPreloadRequest Site Isolation Bypass (0)
- 12-16: Log4j2 Log4Shell Regexes (0)
- 12-16: Log4j Payload Generator (0)
- 12-16: Oliver Library Server 5 Arbitrary File Download (0)
- 12-16: Simple Cold Storage Management System 1.0 SQL Injection (0)
- 12-16: OpenEMR 6.0.0 / 6.1.0-dev SQL Injection (0)
- 12-16: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection (0)
- 12-16: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection (0)
- 12-16: SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection (0)
- 12-16: L4sh Log4j Remote Code Execution (0)
- 12-16: Log4j Remote Code Execution Word Bypassing (0)
- 12-16: log4j-scan Extensive Scanner (0)
- 12-16: Actively Attacked Microsoft Zero Day Allows App Spoofing (0)
- 12-16: [webapps] Arunna 1.0.0 – 'Multiple' Cross-Site Request Forgery (CSRF) (0)
- 12-16: [webapps] Croogo 3.0.2 – Unrestricted File Upload (0)
- 12-16: [webapps] Croogo 3.0.2 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
- 12-16: [webapps] Cibele Thinfinity VirtualUI 2.5.41.0 – User Enumeration (0)
- 12-15: Apache Log4j2 2.14.1 Information Disclosure (0)
- 12-15: Booked Scheduler 2.7.5 Shell Upload (0)
- 12-15: AbanteCart Arbitrary File Upload / Cross Site Scripting (0)
- 12-15: Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery (0)
- 12-15: Ticket Booking 1.0 SQL Injection (0)
- 12-15: Apache Log4j2 2.14.1 Remote Code Execution (0)
- 12-15: Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting (0)
- 12-15: meterN 1.2.3 Remote Command Execution (0)
- 12-15: WordPress Typebot 1.4.3 Cross Site Scripting (0)
- 12-15: Laravel Valet 2.0.3 Privilege Escalation (0)
- 12-15: Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting (0)
- 12-15: [remote] Oliver Library Server v5 – Arbitrary File Download (0)
- 12-14: Backdoor.Win32.Mechbot.a Insecure Permissions (0)
- 12-14: Backdoor.IRC.Subhuman Unauthenticated Open Proxy (0)
- 12-14: Backdoor.Win32.Asylum.014 Insecure Password Storage (0)
- 12-14: Backdoor.Win32.Nucleroot.mf Buffer Overflow (0)
- 12-14: HD-Network Real-Time Monitoring System 2.0 Local File Inclusion (0)
- 12-14: Backdoor.Win32.Ncx.b Code Execution (0)
- 12-14: Backdoor.Win32.Ncx.b Buffer Overflow (0)
- 12-14: Backdoor.Win32.BackAttack.20 Code Execution (0)
- 12-14: Simple Forum-Discussion System 1.0 SQL Injection (0)
- 12-14: Backdoor.Win32.BackAttack.20 Authentication Bypass / Code Execution (0)
- 12-14: Backdoor.Win32.FTP.Matiteman Weak Hardcoded Password (0)
- 12-14: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
- 12-14: WebHMI 4.0 Remote Code Execution (0)
- 12-14: Backdoor.Win32.Ramus Code Execution (0)
- 12-14: Oracle Database Protection Mechanism Bypass (0)
- 12-14: Backdoor.Win32.Phase.11 Code Execution (0)
- 12-14: Oracle Database Weak NNE Integrity Key Derivation (0)
- 12-14: [local] Microsoft Internet Explorer / ActiveX Control – Security Bypass (0)
- 12-14: [webapps] WordPress Plugin Typebot 1.4.3 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
- 12-14: [remote] Apache Log4j 2 – Remote Code Execution (RCE) (0)
- 12-14: [local] Laravel Valet 2.0.3 – Local Privilege Escalation (macOS) (0)
- 12-14: [remote] Apache Log4j2 2.14.1 – Information Disclosure (0)
- 12-13: Log4j Zero Day Flaw: What You Need To Know And How To Protect Yourself (0)
- 12-13: [webapps] WebHMI 4.0 – Remote Code Execution (RCE) (Authenticated) (0)
- 12-13: [remote] HD-Network Real-time Monitoring System 2.0 – Local File Inclusion (LFI) (0)
- 12-11: Apache Log4j2 2.14.1 Remote Code Execution (0)
- 12-11: Polkit CVE-2021-3560 Research (0)
- 12-11: Free School Management Software 1.0 Shell Upload (0)
- 12-11: Free School Management Software 1.0 Cross Site Scripting (0)
- 12-11: OpenCATS 0.9.4 Remote Code Execution (0)
- 12-10: Raspberry Pi 5.10 Default Credentials (0)
- 12-10: Kabir Alhasan Student Management System 1.0 SQL Injection (0)
- 12-10: Employees Daily Task Management System 1.0 Cross Site Scripting (0)
- 12-10: Employees Daily Task Management System 1.0 SQL Injection (0)
- 12-10: Chikitsa Patient Management System 2.0.2 Backup Remote Code Execution (0)
- 12-10: Chikitsa Patient Management System 2.0.2 Plugin Remote Code Execution (0)
- 12-10: MTPutty 1.0.1.21 SSH Password Disclosure (0)
- 12-10: WordPress Catch Themes Demo Import 1.6.1 Shell Upload (0)
- 12-10: TestLink 1.19 Arbitrary File Download (0)
- 12-10: LimeSurvey 5.2.4 Remote Code Execution (0)
- 12-10: Microsoft Office Word MSHTML Remote Code Execution (0)
- 12-10: Grafana 8.3.0 Directory Traversal / Arbitrary File Read (0)
- 12-10: [webapps] OpenCATS 0.9.4 – Remote Code Execution (RCE) (0)
- 12-09: Docker runc Command Execution Proof Of Concept (0)
- 12-09: Reprise License Manager 14.2 User Enumeration (0)
- 12-09: Reprise License Manager 14.2 Unauthenticated Password Change (0)
- 12-09: Reprise License Manager 14.2 Session Hijacking (0)
- 12-09: Reprise License Manager 14.2 Buffer Overflow (0)
- 12-09: Reprise License Manager 14.2 Remote Binary Execution (0)
- 12-09: Grafana Arbitrary File Reading (0)
- 12-09: Steghide Hidden Data Extraction (0)
- 12-09: ETS5 Password Recovery Tool (0)
- 12-09: [webapps] Grafana 8.3.0 – Directory Traversal and Arbitrary File Read (0)
- 12-09: [webapps] Wordpress Plugin Catch Themes Demo Import 1.6.1 – Remote Code Execution (RCE) (Authenticated) (0)
- 12-09: [webapps] Student Management System 1.0 – SQLi Authentication Bypass (0)
- 12-09: [webapps] TestLink 1.19 – Arbitrary File Download (Unauthenticated) (0)
- 12-09: [webapps] Employees Daily Task Management System 1.0 – 'username' SQLi Authentication Bypass (0)
- 12-09: [webapps] Chikitsa Patient Management System 2.0.2 – 'backup' Remote Code Execution (RCE) (Authenticated) (0)
- 12-09: [webapps] Chikitsa Patient Management System 2.0.2 – Remote Code Execution (RCE) (Authenticated) (0)
- 12-07: Simple Online Men's Salon Management System 1.0 SQL Injection (0)
- 12-07: HCL Lotus Notes 12 Unquoted Service Path (0)
- 12-07: Microsoft Internet Explorer Active-X Control Security Bypass (0)
- 12-07: Croogo 3.0.2 Remote Code Execution (0)
- 12-07: Auerswald COMfortel 1400/2600/3600 IP 2.8F Authentication Bypass (0)
- 12-07: Auerswald COMpact 8.0B Privilege Escalation (0)
- 12-07: runc / libcontainer Bind Mount Sources Insecure Handling (0)
- 12-07: Auerswald COMpact 8.0B Arbitrary File Disclosure (0)
- 12-07: Auerswald COMpact 8.0B Backdoors (0)
- 12-06: [webapps] Croogo 3.0.2 – Remote Code Execution (Authenticated) (0)
- 12-06: [remote] Auerswald COMpact 8.0B – Multiple Backdoors (0)
- 12-06: [remote] Auerswald COMpact 8.0B – Arbitrary File Disclosure (0)
- 12-06: [remote] Auerswald COMfortel 2.8F – Authentication Bypass (0)
- 12-06: [remote] Auerswald COMpact 8.0B – Privilege Escalation (0)
- 12-06: [local] HCL Lotus Notes V12 – Unquoted Service Path (0)
- 12-04: DuckDuckGo 7.64.4 Address Bar Spoofing (0)
- 12-04: Trojan.Win32.Mucc.ivk Unquoted Service Path (0)
- 12-04: Online Pre-Owned / Used Car Showroom Management System 1.0 SQL Injection (0)
- 12-04: M-Files Web Denial Of Service (0)
- 12-04: Backdoor.Win32.Vernet.axt Insecure Permissions (0)
- 12-04: Backdoor.Win32.Bionet.10 Authentication Bypass / Code Execution (0)
- 12-04: Online Magazine Management System 1.0 SQL Injection (0)
- 12-04: WordPress DZS Zoomsounds 6.45 Arbitrary File Read (0)
- 12-04: Backdoor.Win32.WinShell.50 Hardcoded Password (0)
- 12-04: WordPress Slider By Soliloquy 2.6.2 Cross Site Scripting (0)
- 12-04: Ubuntu Overlayfs Local Privilege Escalation (0)
- 12-04: WordPress All-In-One Video Gallery 2.4.9 Local File Inclusion (0)
- 12-04: Backdoor.Win32.WinShell.50 Hardcoded Password (0)
- 12-04: OrbiTeam BSCW Server XSS / LFI / User Enumeration (0)
- 12-03: Android vold Unsafe Mounting (0)
- 12-03: [webapps] WordPress Plugin DZS Zoomsounds 6.45 – Arbitrary File Read (Unauthenticated) (0)
- 12-03: [webapps] WordPress Plugin All-in-One Video Gallery plugin 2.4.9 – Local File Inclusion (LFI) (0)
- 12-03: [webapps] Online Magazine Management System 1.0 – SQLi Authentication Bypass (0)
- 12-03: [webapps] WordPress Plugin Slider by Soliloquy 2.6.2 – 'title' Stored Cross Site Scripting (XSS) (Authenticated) (0)
- 12-03: [webapps] Online Pre-owned/Used Car Showroom Management System 1.0 – SQLi Authentication Bypass (0)
- 12-02: Online Enrollment Management System In PHP And PayPal 1.0 Cross Site Scripting (0)
- 12-02: Advanced Comment System 1.0 Remote Command Execution (0)
- 12-02: NSS Signature Validation Memory Corruption (0)
- 12-02: MilleGPG5 5.7.2 Luglio 2021 Privilege Escalation (0)
- 12-02: Packet Storm New Exploits For November, 2021 (0)
- 12-01: Laundry Booking Management System 1.0 Remote Code Execution (0)
- 12-01: [webapps] Advanced Comment System 1.0 – Remote Command Execution (RCE) (0)
- 12-01: [local] MilleGPG5 5.7.2 Luglio 2021 – Local Privilege Escalation (0)
- 12-01: [webapps] Online Enrollment Management System in PHP and PayPal 1.0 – 'U_NAME' Stored Cross-Site Scripting (0)
November 2021 (251)
- 11-30: Nextar C472 POS DLL Hijacking (0)
- 11-30: Polkit Authentication Bypass / Local Privilege Escalation (0)
- 11-30: Apache HTTP Server 2.4.50 CVE-2021-42013 Exploitation (0)
- 11-30: Opencart 3.0.3.8 Session Injection (0)
- 11-30: Orangescrum 1.8.0 Cross Site Scripting (0)
- 11-30: Orangescrum 1.8.0 SQL Injection (0)
- 11-30: Orangescrum 1.8.0 Privilege Escalation (0)
- 11-30: [webapps] Laundry Booking Management System 1.0 – Remote Code Execution (RCE) (0)
- 11-29: [webapps] opencart 3.0.3.8 – Sessjion Injection (0)
- 11-29: [webapps] orangescrum 1.8.0 – 'Multiple' SQL Injection (Authenticated) (0)
- 11-29: [webapps] orangescrum 1.8.0 – 'Multiple' Cross-Site Scripting (XSS) (Authenticated) (0)
- 11-29: [webapps] orangescrum 1.8.0 – Privilege escalation (Authenticated) (0)
- 11-28: Gerdab.ir SQL Injection (0)
- 11-28: Bagisto 1.3.3 Client-Side Template Injection (0)
- 11-28: Backdoor.Win32.Coredoor.10.a Authentication Bypass / Code Execution (0)
- 11-28: Email-Worm.Win32.Deltad Insecure Permissions (0)
- 11-28: Backdoor.Win32.Coredoor.10.a Man-In-The-Middle (0)
- 11-28: D-Link DSL-3782 Pre-Authentication Remote Root (0)
- 11-28: ManageEngine ADSelfService Plus Authentication Bypass / Code Execution (0)
- 11-26: [webapps] Bagisto 1.3.3 – Client-Side Template Injection (0)
- 11-25: Serva 4.4.0 TFTP Remote Buffer Overflow (0)
- 11-25: CMSimple 5.4 Local File Inclusion / Remote Code Execution (0)
- 11-25: HTTPDebuggerPro 9.11 Unquoted Service Path (0)
- 11-25: Apple ColorSync CMMNDimLinear::Interpolate Uninitialized Memory (0)
- 11-24: Attackers Actively Target Windows Installer Zero-Day (0)
- 11-24: Samsung NPU (Neural Processing Unit) Memory Corruption (0)
- 11-24: GNU gdbserver 9.2 Remote Command Execution (0)
- 11-24: FLEX 1085 Web 1.6.0 HTML Injection (0)
- 11-24: Webrun 3.6.0.42 SQL Injection (0)
- 11-24: Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation (0)
- 11-24: WordPress WP Guppy 1.1 Information Disclosure (0)
- 11-24: [webapps] CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated) (0)
- 11-24: [local] HTTPDebuggerPro 9.11 – Unquoted Service Path (0)
- 11-23: PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection (0)
- 11-23: Backdoor.Win32.Acropolis.10 Insecure Permissions (0)
- 11-23: Backdoor.Win32.Curioso.zp Insecure Permissions (0)
- 11-23: Modbus Slave 7.3.1 Buffer Overflow (0)
- 11-23: Backdoor.Win32.Antilam.11 Code Execution (0)
- 11-23: Backdoor.Win32.Wollf.a Hardcoded Password (0)
- 11-23: Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass (0)
- 11-23: OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal (0)
- 11-23: Backdoor.Win32.Wollf.h Hardcoded Password (0)
- 11-23: Pinkie 2.15 Remote Buffer Overflow (0)
- 11-23: Wipro Holmes Orchestrator 20.4.1 File Disclosure (0)
- 11-23: Backdoor.Win32.Agent.ad Insecure Credential Storage (0)
- 11-23: Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection (0)
- 11-23: Backdoor.Win32.BNLite Buffer Overflow (0)
- 11-23: Backdoor.Win32.BlueAdept.02.a Buffer Overflow (0)
- 11-23: OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure (0)
- 11-23: Wipro Holmes Orchestrator 20.4.1 Report Disclosure (0)
- 11-23: [webapps] FLEX 1085 Web 1.6.0 – HTML Injection (0)
- 11-23: [webapps] Bus Pass Management System 1.0 – 'Search' SQL injection (0)
- 11-23: [webapps] Webrun 3.6.0.42 – 'P_0' SQL Injection (0)
- 11-23: [local] Linux Kernel 5.1.x – 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2) (0)
- 11-23: [webapps] Wordpress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure (0)
- 11-23: [remote] GNU gdbserver 9.2 – Remote Command Execution (RCE) (0)
- 11-22: [webapps] Aimeos Laravel ecommerce platform 2021.10 LTS – 'sort' SQL injection (0)
- 11-22: [dos] Modbus Slave 7.3.1 – Buffer Overflow (DoS) (0)
- 11-22: [dos] Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC) (0)
- 11-20: Apache Storm Nimbus 2.2.0 Command Execution (0)
- 11-19: FBI: FatPipe VPN Zero-Day Exploited By APT For 6 Months (0)
- 11-19: Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free (0)
- 11-18: Bludit 3.13.1 Cross Site Scripting (0)
- 11-18: Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting (0)
- 11-18: GitLab 13.10.2 Remote Code Execution (0)
- 11-18: LiquidFiles 3.5.13 Privilege Escalation (0)
- 11-18: WordPress Smart Product Review 1.0.4 Shell Upload (0)
- 11-18: SuiteCRM 7.11.18 Remote Code Execution (0)
- 11-17: Fuel CMS 1.4.13 SQL Injection (0)
- 11-17: Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection (0)
- 11-17: KONGA 0.14.9 Privilege Escalation (0)
- 11-17: WordPress Contact Form To Email 1.3.24 Cross Site Scripting (0)
- 11-17: Simple Subscription Website 1.0 SQL Injection (0)
- 11-17: Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download (0)
- 11-17: PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting (0)
- 11-17: WordPress WPSchoolPress 2.1.16 Cross Site Scripting (0)
- 11-17: CMDBuild 3.3.2 Cross Site Scripting (0)
- 11-17: Online Reviewer System 2.4.0 SQL Injection (0)
- 11-17: Online Learning System 2.0 Remote Code Execution (0)
- 11-17: Sitecore Experience Platform (XP) Remote Code Execution (0)
- 11-17: [webapps] Quick.CMS 6.7 – Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated) (0)
- 11-17: [webapps] Bludit 3.13.1 – 'username' Cross Site Scripting (XSS) (0)
- 11-16: WordPress WPSchoolPress 2.1.16 Cross Site Scripting (0)
- 11-16: [webapps] Online Learning System 2.0 – Remote Code Execution (RCE) (0)
- 11-16: [webapps] CMDBuild 3.3.2 – 'Multiple' Cross Site Scripting (XSS) (0)
- 11-15: [webapps] PHP Laravel 8.70.1 – Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF) (0)
- 11-15: [webapps] Fuel CMS 1.4.13 – 'col' Blind SQL Injection (Authenticated) (0)
- 11-15: [webapps] Simple Subscription Website 1.0 – SQLi Authentication Bypass (0)
- 11-15: [webapps] KONGA 0.14.9 – Privilege Escalation (0)
- 11-15: [webapps] WordPress Plugin Contact Form to Email 1.3.24 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
- 11-15: [webapps] WordPress Plugin WPSchoolPress 2.1.16 – 'Multiple' Cross Site Scripting (XSS) (0)
- 11-13: Mumara Classic 2.93 SQL Injection (0)
- 11-13: Microsoft Windows MultiPoint Server 2011 SP1 Local Privilege Escalation (0)
- 11-13: WordPress WP Symposium Pro 2021.10 Cross Site Scripting (0)
- 11-13: Xlight FTP 3.9.3.1 Buffer Overflow (0)
- 11-13: WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting (0)
- 11-13: Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution (0)
- 11-13: Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution (0)
- 11-12: [webapps] Mumara Classic 2.93 – 'license' SQL Injection (Unauthenticated) (0)
- 11-12: [local] Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation (0)
- 11-12: [dos] Xlight FTP 3.9.3.1 – Buffer Overflow (PoC) (0)
- 11-12: [webapps] WordPress Plugin AccessPress Social Icons 1.8.2 – 'icon title' Stored Cross-Site Scripting (XSS) (0)
- 11-12: [webapps] WordPress Plugin WP Symposium Pro 2021.10 – 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS) (0)
- 11-11: Employee And Visitor Gate Pass Logging System 1.0 Cross Site Scripting (0)
- 11-11: Employee Daily Task Management System 1.0 Cross Site Scripting (0)
- 11-11: Dolibarr ERP / CRM 13.0.2 Cross Site Scripting (0)
- 11-11: Dolibarr ERP / CRM 13.0.2 Remote Code Execution (0)
- 11-11: Microsoft OMI Management Interface Authentication Bypass (0)
- 11-11: Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation (0)
- 11-11: FormaLMS 2.4.4 Authentication Bypass (0)
- 11-11: YeaLink SIP-TXXXP 53.84.0.15 Command Injection (0)
- 11-11: AbsoluteTelnet 11.24 Denial Of Service (0)
- 11-11: Apache HTTP Server 2.4.50 Remote Code Execution (0)
- 11-11: Microsoft Windows WSAQuerySocketSecurity AppContainer Privilege Escalation (0)
- 11-11: Massive Zero-Day Hole Found In Palo Alto Security Appliances (0)
- 11-11: Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation (0)
- 11-11: [webapps] FormaLMS 2.4.4 – Authentication Bypass (0)
- 11-11: [dos] AbsoluteTelnet 11.24 – 'Phone' Denial of Service (PoC) (0)
- 11-11: [dos] AbsoluteTelnet 11.24 – 'Username' Denial of Service (PoC) (0)
- 11-11: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (3) (0)
- 11-11: [webapps] YeaLink SIP-TXXXP 53.84.0.15 – 'cmd' Command Injection (Authenticated) (0)
- 11-10: Movable Type 7 r.5002 XMLRPC API Remote Command Injection (0)
- 11-10: Google Assistant Authentication Bypass (0)
- 11-10: Google Assistant Authentication Bypass (0)
- 11-10: [webapps] Employee and Visitor Gate Pass Logging System 1.0 – 'name' Stored Cross-Site Scripting (XSS) (0)
- 11-10: [webapps] Employee Daily Task Management System 1.0 – 'Name' Stored Cross-Site Scripting (XSS) (0)
- 11-09: Backdoor.Win32.VB.afu Insecure Permissions (0)
- 11-09: FusionPBX 4.5.29 Remote Code Execution (0)
- 11-09: Money Transfer Management System 1.0 SQL Injection (0)
- 11-09: Backdoor.Win32.VB.afu Insecure Transit (0)
- 11-09: WordPress Backup And Restore 1.0.3 Arbitrary File Deletion (0)
- 11-09: Backdoor.Win32.Pahador.aj Authentication Bypass / Code Execution (0)
- 11-09: Froxlor 0.10.29.1 SQL Injection (0)
- 11-09: Backdoor.Win32.Hupigon.nqr Unauthenticated Open Proxy (0)
- 11-09: zlog 1.2.15 Buffer Overflow (0)
- 11-09: HEUR.Backdoor.Win32.Denis.gen Denial Of Service (0)
- 11-09: Backdoor.Win32.Hupigon.bnbb Unquoted Service Path (0)
- 11-09: Kmaleon 1.1.0.205 SQL Injection (0)
- 11-09: Trojan.Win32.Servstar.poa Unquoted Service Path (0)
- 11-09: Simple Client Management System 1.0 Cross Site Scripting (0)
- 11-09: Trojan.Win32.SkynetRef.x Unauthenticated Open Proxy (0)
- 11-09: Trojan.Win32.SkynetRef.y Unauthenticated Open Proxy (0)
- 11-09: Email-Worm.Win32.Plexus.b Code Execution (0)
- 11-08: Email-Worm.Win32.Plexus.b Code Execution (0)
- 11-08: [webapps] FusionPBX 4.5.29 – Remote Code Execution (RCE) (Authenticated) (0)
- 11-08: [local] zlog 1.2.15 – Buffer Overflow (0)
- 11-08: [webapps] Simple Client Management System 1.0 – SQLi (Authentication Bypass) (0)
- 11-08: [webapps] WordPress Plugin Backup and Restore 1.0.3 – Arbitrary File Deletion (0)
- 11-08: [webapps] Froxlor 0.10.29.1 – SQL Injection (Authenticated) (0)
- 11-08: [webapps] Money Transfer Management System 1.0 – Authentication Bypass (0)
- 11-08: [webapps] Simple Client Management System 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
- 11-08: [webapps] Kmaleon 1.1.0.205 – 'tipocomb' SQL Injection (Authenticated) (0)
- 11-06: Khamenei.ir SQL Injection (0)
- 11-06: Backdoor.Win32.Optix.03.b Code Execution (0)
- 11-06: 10-Strike Network Inventory Explorer Pro 9.31 Unquoted Service Path (0)
- 11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution (0)
- 11-06: Payment Terminal 2.x / 3.x Cross Site Scripting (0)
- 11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass (0)
- 11-06: Backdoor.Win32.Ncx.b Buffer Overflow (0)
- 11-06: PHP Event Calendar Lite Edition SQL Injection (0)
- 11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control (0)
- 11-06: ImportExportTools NG 10.0.4 HTML Injection (0)
- 11-06: Backdoor.Win32.Ncx.b Code Execution (0)
- 11-06: IBM Sterling B2B Integrator Cross Site Scripting (0)
- 11-06: PHP Event Calendar Lite Edition Cross Site Scripting (0)
- 11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass (0)
- 11-06: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
- 11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration (0)
- 11-06: HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy (0)
- 11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection (0)
- 11-05: Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection (0)
- 11-05: Opencart 3 Extension TMD Vendor System SQL Injection (0)
- 11-05: GitLab Unauthenticated Remote ExifTool Command Injection (0)
- 11-05: [webapps] Payment Terminal 3.1 – 'Multiple' Cross-Site Scripting (XSS) (0)
- 11-05: [local] 10-Strike Network Inventory Explorer Pro 9.31 – 'srvInventoryWebServer' Unquoted Service Path (0)
- 11-04: GitLab Unauthenticated Remote ExifTool Command Injection (0)
- 11-04: Fuel CMS 1.4.1 Remote Code Execution (0)
- 11-04: Fuel CMS 1.4.1 Remote Code Execution (0)
- 11-04: [webapps] Opencart 3 Extension TMD Vendor System – Blind SQL Injection (0)
- 11-04: [webapps] Opencart 3 Extension TMD Vendor System – Blind SQL Injection (0)
- 11-03: YouTube Video Grabber 1.9.9.1 Buffer Overflow (0)
- 11-03: Kingdia CD Extractor 3.0.2 Buffer Overflow (0)
- 11-03: Codiad 2.8.4 Shell Upload (0)
- 11-03: WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution (0)
- 11-03: 10-Strike Network Inventory Explorer Pro 9.31 Buffer Overflow (0)
- 11-03: Employee Record Management System 1.2 SQL Injection (0)
- 11-03: Dynojet Power Core 2.3.0 Unquoted Service Path (0)
- 11-03: Ericsson Network Location MPS GMPC21 Remote Code Execution (0)
- 11-03: Ericsson Network Location MPS GMPC21 Privilege Escalation (0)
- 11-03: i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw (0)
- 11-03: [webapps] Eclipse Jetty 11.0.5 – Sensitive File Disclosure (0)
- 11-03: [webapps] Fuel CMS 1.4.1 – Remote Code Execution (3) (0)
- 11-03: [webapps] WordPress Plugin Hotel Listing 3 – 'Multiple' Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] WordPress Plugin Popup Anything 2.0.3 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] PHPJabbers Simple CMS 5 – 'name' Persistent Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] Ultimate POS 4.4 – 'name' Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] OpenAM 13.0 – LDAP Injection (0)
- 11-03: [webapps] Vanguard 2.1 – 'Search' Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] Isshue Shopping Cart 3.5 – 'Title' Cross Site Scripting (XSS) (0)
- 11-03: [webapps] Mult-e-Cart Ultimate 2.4 – 'id' SQL Injection (0)
- 11-03: [webapps] PHP Melody 3.0 – Persistent Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] PHP Melody 3.0 – 'vid' SQL Injection (0)
- 11-03: [webapps] PHP Melody 3.0 – 'Multiple' Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] Sonicwall SonicOS 6.5.4 – 'Common Name' Cross-Site Scripting (XSS) (0)
- 11-03: [local] RDP Manager 4.9.9.3 – Denial-of-Service (PoC) (0)
- 11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' SQL Injection (0)
- 11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] Ultimate POS 4.4 – 'name' Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] OpenAM 13.0 – LDAP Injection (0)
- 11-03: [webapps] Vanguard 2.1 – 'Search' Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] Isshue Shopping Cart 3.5 – 'Title' Cross Site Scripting (XSS) (0)
- 11-03: [webapps] Mult-e-Cart Ultimate 2.4 – 'id' SQL Injection (0)
- 11-03: [webapps] PHP Melody 3.0 – Persistent Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] PHP Melody 3.0 – 'vid' SQL Injection (0)
- 11-03: [webapps] PHP Melody 3.0 – 'Multiple' Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] Sonicwall SonicOS 6.5.4 – 'Common Name' Cross-Site Scripting (XSS) (0)
- 11-03: [local] RDP Manager 4.9.9.3 – Denial-of-Service (PoC) (0)
- 11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' SQL Injection (0)
- 11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] Fuel CMS 1.4.1 – Remote Code Execution (3) (0)
- 11-03: [webapps] WordPress Plugin Hotel Listing 3 – 'Multiple' Cross-Site Scripting (XSS) (0)
- 11-03: [webapps] PHPJabbers Simple CMS 5 – 'name' Persistent Cross-Site Scripting (XSS) (0)
- 11-02: i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw (0)
- 11-02: Trojan.Win32.Pasta.mca Insecure Permissions (0)
- 11-02: PHPJabbers Simple CMS 5 Cross Site Scripting (0)
- 11-02: WordPress Hotel Listing 3.x Cross Site Scripting (0)
- 11-02: My Movie Collection Sinatra App Movie Cross Site Scripting (0)
- 11-02: My Movie Collection Sinatra App Login Cross Site Scripting (0)
- 11-02: Trojan.Win32.Phires.zm Insecure Permissions (0)
- 11-02: Trojan.Win32.Delf.bna Information Disclosure (0)
- 11-02: Backdoor.Win32.Agent.sah Heap Corruption (0)
- 11-02: Packet Storm New Exploits For October, 2021 (0)
- 11-02: [webapps] Employee Record Management System 1.2 – 'empid' SQL injection (Unauthenticated) (0)
- 11-02: [local] Dynojet Power Core 2.3.0 – Unquoted Service Path (0)
- 11-02: [webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (4) (0)
- 11-02: [webapps] i3 International Annexxus Cameras Ax-n 5.2.0 – Application Logic Flaw (0)
- 11-02: [local] 10-Strike Network Inventory Explorer Pro 9.31 – Buffer Overflow (SEH) (0)
- 11-02: [local] YouTube Video Grabber 1.9.9.1 – Buffer Overflow (SEH) (0)
- 11-02: [local] Kingdia CD Extractor 3.0.2 – Buffer Overflow (SEH) (0)
- 11-02: [webapps] Ericsson Network Location MPS GMPC21 – Privilege Escalation (Metasploit) (0)
- 11-02: [webapps] Ericsson Network Location MPS GMPC21 – Remote Code Execution (RCE) (Metasploit) (0)
- 11-02: [webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (4) (0)
- 11-02: [webapps] i3 International Annexxus Cameras Ax-n 5.2.0 – Application Logic Flaw (0)
- 11-02: [local] 10-Strike Network Inventory Explorer Pro 9.31 – Buffer Overflow (SEH) (0)
- 11-02: [local] YouTube Video Grabber 1.9.9.1 – Buffer Overflow (SEH) (0)
- 11-02: [local] Kingdia CD Extractor 3.0.2 – Buffer Overflow (SEH) (0)
- 11-02: [webapps] Ericsson Network Location MPS GMPC21 – Remote Code Execution (RCE) (Metasploit) (0)
- 11-02: [webapps] Ericsson Network Location MPS GMPC21 – Privilege Escalation (Metasploit) (0)
- 11-02: [local] Dynojet Power Core 2.3.0 – Unquoted Service Path (0)
- 11-02: [webapps] Employee Record Management System 1.2 – 'empid' SQL injection (Unauthenticated) (0)
- 11-01: Packet Storm New Exploits For October, 2021 (0)
October 2021 (382)
- 10-30: Umbraco 8.14.1 Server-Side Request Forgery (0)
- 10-30: Mini-XML 3.2 Heap Overflow (0)
- 10-30: Android NFC Type Confusion (0)
- 10-30: Movable Type 7 r.5002 XMLRPC API Remote Command Injection (0)
- 10-30: WordPress NextScripts: Social Networks Auto-Poster 4.3.20 XSS (0)
- 10-30: WebCTRL OEM 6.5 Cross Site Scripting (0)
- 10-30: Google Fixes Two High Severity Zero Day Flaws In Chrome (0)
- 10-29: WebCTRL OEM 6.5 Cross Site Scripting (0)
- 10-29: Trojan.Win32.Akl.bc Insecure Permissions (0)
- 10-29: Backdoor.Win32.Delf.arjo Unquoted Service Path (0)
- 10-29: Backdoor.Win32.Hupigon.acio Unquoted Service Path (0)
- 10-29: WordPress Supsystic Contact Form 1.7.18 Cross Site Scripting (0)
- 10-29: Backdoor.Win32.Hupigon.acio Unauthenticated Open Proxy (0)
- 10-29: Backdoor.Win32.Hupigon.afjk Directory Traversal (0)
- 10-29: Backdoor.Win32.Hupigon.afjk Man-In-The-Middle (0)
- 10-29: Backdoor.Win32.Hupigon.afjk Authentication Bypass / Code Execution (0)
- 10-29: Hostel Management System 2.1 Cross Site Request Forgery / Cross Site Scripting (0)
- 10-29: Backdoor.Win32.Mazben.es Unauthenticated Open Proxy (0)
- 10-29: HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy (0)
- 10-29: Backdoor.Win32.Antilam.14.o Remote Command Execution (0)
- 10-29: Virus.Win32.Ipamor.c Unauthenticated Reboot (0)
- 10-29: Microsoft OMI Management Interface Authentication Bypass (0)
- 10-29: Backdoor.Win32.Prorat.ntz Man-In-The-Middle (0)
- 10-29: Backdoor.Win32.Prorat.ntz Weak Hardcoded Password (0)
- 10-29: Sophos UTM WebAdmin SID Command Injection (0)
- 10-29: Apple Security Advisory 2021-10-26-4 (0)
- 10-29: Apple Security Advisory 2021-10-26-5 (0)
- 10-29: Apple Security Advisory 2021-10-26-6 (0)
- 10-29: Apple Security Advisory 2021-10-26-7 (0)
- 10-29: Apple Security Advisory 2021-10-26-8 (0)
- 10-29: Apple Security Advisory 2021-10-26-9 (0)
- 10-29: Apple Security Advisory 2021-10-26-10 (0)
- 10-29: Apple Security Advisory 2021-10-26-11 (0)
- 10-29: [webapps] Movable Type 7 r.5002 – XMLRPC API OS Command Injection (Metasploit) (0)
- 10-29: [local] Mini-XML 3.2 – Heap Overflow (0)
- 10-29: [webapps] Movable Type 7 r.5002 – XMLRPC API OS Command Injection (Metasploit) (0)
- 10-29: [webapps] WebCTRL OEM 6.5 – 'locale' Reflected Cross-Site Scripting (XSS) (0)
- 10-29: [webapps] Umbraco v8.14.1 – 'baseUrl' SSRF (0)
- 10-29: [webapps] Umbraco v8.14.1 – 'baseUrl' SSRF (0)
- 10-28: Sophos UTM WebAdmin SID Command Injection (0)
- 10-28: Apple Security Advisory 2021-10-26-1 (0)
- 10-28: Apple Security Advisory 2021-10-26-2 (0)
- 10-28: Apple Security Advisory 2021-10-26-3 (0)
- 10-28: [webapps] PHPGurukul Hostel Management System 2.1 – Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) (0)
- 10-28: [webapps] WordPress Plugin Supsystic Contact Form 1.7.18 – 'label' Stored Cross-Site Scripting (XSS) (0)
- 10-28: [webapps] PHPGurukul Hostel Management System 2.1 – Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) (0)
- 10-28: [webapps] WordPress Plugin Supsystic Contact Form 1.7.18 – 'label' Stored Cross-Site Scripting (XSS) (0)
- 10-27: RDP Manager 4.9.9.3 Denial Of Service (0)
- 10-27: Simplephpscripts Simple CMS 2.1 Cross Site Scripting (0)
- 10-27: Simplephpscripts Simple CMS 2.1 Cross Site Scripting (0)
- 10-27: Simplephpscripts Simple CMS 2.1 SQL Injection (0)
- 10-27: WordPress Filterable Portfolio Gallery 1.0 Cross Site Scripting (0)
- 10-27: Sonicwall SonicOS 6.5.4 Cross Site Scripting (0)
- 10-27: Mult-e-Cart Ultimate 2.4 SQL Injection (0)
- 10-27: BMW Online Cross Site Scripting (0)
- 10-27: SPA Cart CMS 2021 SQL Injection (0)
- 10-27: PHP Melody 3.0 Cross Site Scripting (0)
- 10-27: PHP Melody 3.0 SQL Injection (0)
- 10-27: PHP Melody 3.0 Cross Site Scripting (0)
- 10-27: PHP Melody 3.0 Cross Site Scripting (0)
- 10-27: Isshue Shopping Cart 3.5 Cross Site Scripting (0)
- 10-27: Vanguard 2.1 Cross Site Scripting (0)
- 10-27: Linux SELinux PTRACE_TRACEME Handler Use-After-Free (0)
- 10-27: Ultimate POS 4.4 Cross Site Scripting (0)
- 10-27: Ultimate POS 4.4 Cross Site Scripting (0)
- 10-26: Engineers Online Portal 1.0 Shell Upload (0)
- 10-26: Apache HTTP Server 2.4.50 Remote Code Execution (0)
- 10-26: Hikvision Web Server Build 210702 Command Injection (0)
- 10-26: WordPress TaxoPress 3.0.7.1 Cross Site Scripting (0)
- 10-26: Build Smart ERP 21.0817 SQL Injection (0)
- 10-26: Netgear Genie 2.4.64 Unquoted Service Path (0)
- 10-26: Balbooa Joomla Forms Builder 2.0.6 SQL Injection (0)
- 10-26: OpenClinic GA 5.194.18 Privilege Escalation (0)
- 10-26: Online Event Booking And Reservation System 1.0 Cross Site Scripting (0)
- 10-26: Engineers Online Portal 1.0 Cross Site Scripting (0)
- 10-26: Engineers Online Portal 1.0 SQL Injection (0)
- 10-26: GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal (0)
- 10-26: FreeSWITCH 1.10.6 SIP Digest Leak (0)
- 10-26: phpMyAdmin 4.8.1 Remote Code Execution (0)
- 10-26: FreeSWITCH 1.10.6 SIP Flooding Denial Of Service (0)
- 10-26: Online Student Admission System 1.0 SQL Injection / Shell Upload (0)
- 10-26: WordPress Media-Tags 3.2.0.2 Cross Site Scripting (0)
- 10-26: Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution (0)
- 10-26: FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication (0)
- 10-26: WordPress Ninja Tables 4.1.7 Cross Site Scripting (0)
- 10-26: WordPress 4.9.6 Arbitrary File Deletion (0)
- 10-26: Gestionale Open 11.00.00 Privilege Escalation (0)
- 10-26: FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication (0)
- 10-26: FreeSWITCH 1.10.6 SRTP Packet Denial Of Service (0)
- 10-26: FreeSWITCH 1.10.6 SRTP Packet Denial Of Service (0)
- 10-26: [webapps] WordPress Plugin Filterable Portfolio Gallery 1.0 – 'title' Stored Cross-Site Scripting (XSS) (0)
- 10-26: [webapps] WordPress Plugin Filterable Portfolio Gallery 1.0 – 'title' Stored Cross-Site Scripting (XSS) (0)
- 10-25: [local] OpenClinic GA 5.194.18 – Local Privilege Escalation (0)
- 10-25: [webapps] Balbooa Joomla Forms Builder 2.0.6 – SQL Injection (Unauthenticated) (0)
- 10-25: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (2) (0)
- 10-25: [webapps] Build Smart ERP 21.0817 – 'eidValue' SQL Injection (Unauthenticated) (0)
- 10-25: [local] Netgear Genie 2.4.64 – Unquoted Service Path (0)
- 10-25: [webapps] Engineers Online Portal 1.0 – File Upload Remote Code Execution (RCE) (0)
- 10-25: [webapps] Hikvision Web Server Build 210702 – Command Injection (0)
- 10-25: [local] Gestionale Open 11.00.00 – Local Privilege Escalation (0)
- 10-25: [webapps] WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
- 10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
- 10-25: [webapps] Online Event Booking and Reservation System 1.0 – 'reason' Stored Cross-Site Scripting (XSS) (0)
- 10-25: [webapps] phpMyAdmin 4.8.1 – Remote Code Execution (RCE) (0)
- 10-25: [webapps] Wordpress 4.9.6 – Arbitrary File Deletion (Authenticated) (2) (0)
- 10-25: [webapps] WordPress Plugin Ninja Tables 4.1.7 – Stored Cross-Site Scripting (XSS) (0)
- 10-25: [webapps] WordPress Plugin Media-Tags 3.2.0.2 – Stored Cross-Site Scripting (XSS) (0)
- 10-25: [webapps] Engineers Online Portal 1.0 – 'id' SQL Injection (0)
- 10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Authentication Bypass (0)
- 10-25: [webapps] WordPress Plugin Ninja Tables 4.1.7 – Stored Cross-Site Scripting (XSS) (0)
- 10-25: [webapps] WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
- 10-25: [local] Netgear Genie 2.4.64 – Unquoted Service Path (0)
- 10-25: [webapps] Engineers Online Portal 1.0 – 'id' SQL Injection (0)
- 10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Authentication Bypass (0)
- 10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
- 10-25: [local] Gestionale Open 11.00.00 – Local Privilege Escalation (0)
- 10-25: [webapps] Online Event Booking and Reservation System 1.0 – 'reason' Stored Cross-Site Scripting (XSS) (0)
- 10-25: [webapps] Balbooa Joomla Forms Builder 2.0.6 – SQL Injection (Unauthenticated) (0)
- 10-25: [local] OpenClinic GA 5.194.18 – Local Privilege Escalation (0)
- 10-25: [webapps] Build Smart ERP 21.0817 – 'eidValue' SQL Injection (Unauthenticated) (0)
- 10-25: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (2) (0)
- 10-25: [webapps] Engineers Online Portal 1.0 – File Upload Remote Code Execution (RCE) (0)
- 10-25: [webapps] Hikvision Web Server Build 210702 – Command Injection (0)
- 10-23: Jetty 9.4.37.v20210219 Information Disclosure (0)
- 10-23: Clinic Management System 1.0 Code Execution / SQL Injection (0)
- 10-23: Online Course Registration 1.0 SQL Injection (0)
- 10-23: Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation (0)
- 10-22: Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation (0)
- 10-22: Easy Chat Server 3.1 Directory Traversal (0)
- 10-22: NIMax 5.3.1f0 Denial Of Service (0)
- 10-22: Small CRM 3.0 Cross Site Scripting (0)
- 10-22: [webapps] Clinic Management System 1.0 – SQL injection to Remote Code Execution (0)
- 10-22: [webapps] Jetty 9.4.37.v20210219 – Information Disclosure (0)
- 10-22: [webapps] Online Course Registration 1.0 – Blind Boolean-Based SQL Injection (Authenticated) (0)
- 10-22: [webapps] Online Course Registration 1.0 – Blind Boolean-Based SQL Injection (Authenticated) (0)
- 10-22: [webapps] Clinic Management System 1.0 – SQL injection to Remote Code Execution (0)
- 10-22: [webapps] Jetty 9.4.37.v20210219 – Information Disclosure (0)
- 10-21: Small CRM 3.0 Cross Site Scripting (0)
- 10-21: Macro Expert 4.7 Unquoted Service Path (0)
- 10-21: SonicWall SMA 10.2.1.0-17sv Password Reset (0)
- 10-21: Apple Security Advisory 2021-10-11-1 (0)
- 10-21: [webapps] Easy Chat Server 3.1 – Directory Traversal and Arbitrary File Read (0)
- 10-21: [dos] NIMax 5.3.1f0 – 'VISA Alias' Denial of Service (PoC) (0)
- 10-21: [webapps] Small CRM 3.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
- 10-21: [dos] NIMax 5.3.1 – 'Remote VISA System' Denial of Service (PoC) (0)
- 10-21: [webapps] Small CRM 3.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
- 10-21: [dos] NIMax 5.3.1 – 'Remote VISA System' Denial of Service (PoC) (0)
- 10-21: [dos] NIMax 5.3.1f0 – 'VISA Alias' Denial of Service (PoC) (0)
- 10-20: http://keelek-phatumrat.go.th (0)
- 10-20: SonicWall SMA 10.2.1.0-17sv Password Reset (0)
- 10-20: http://old.ddc.moph.go.th/data/br4in(36).gif (0)
- 10-20: http://www.khunpadpeng.go.th/editor/ (0)
- 10-20: http://www.srapanglan.go.th/editor/ (0)
- 10-20: http://www.banrome.go.th/editor/ (0)
- 10-20: http://www.wangwa.go.th/editor/ (0)
- 10-20: http://www.thajaosanook.go.th/editor/ (0)
- 10-20: http://nangbuach.go.th/editor/ (0)
- 10-20: http://www.khaodin.go.th/editor/ (0)
- 10-20: Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation (0)
- 10-20: Online Motorcycle (Bike) Rental System 1.0 SQL Injection (0)
- 10-20: WordPress Enfold Theme 4.8.3 Cross Site Scripting (0)
- 10-20: [webapps] Dolibarr ERP-CRM 14.0.2 – Stored Cross-Site Scripting (XSS) / Privilege Escalation (0)
- 10-20: [local] Macro Expert 4.7 – Unquoted Service Path (0)
- 10-20: [webapps] SonicWall SMA 10.2.1.0-17sv – Password Reset (0)
- 10-20: [webapps] Dolibarr ERP-CRM 14.0.2 – Stored Cross-Site Scripting (XSS) / Privilege Escalation (0)
- 10-20: [local] Macro Expert 4.7 – Unquoted Service Path (0)
- 10-20: [webapps] SonicWall SMA 10.2.1.0-17sv – Password Reset (0)
- 10-19: WordPress Enfold Theme 4.8.3 Cross Site Scripting (0)
- 10-19: Support Board 3.3.4 Cross Site Scripting (0)
- 10-19: Trojan-Spy.Win32.Ardamax.ocx Insecure Permissions (0)
- 10-19: Worm.Win32.Fasong.c Unquoted Service Path (0)
- 10-19: Company's Recruitment Management System 1.0 Cross Site Scripting (0)
- 10-19: Company's Recruitment Management System 1.0 Cross Site Request Forgery (0)
- 10-19: Trojan-Proxy.Win32.Ranky.dh Unauthenticated Open Proxy (0)
- 10-19: Plastic SCM 10.0.16.5622 Insecure Direct Object Reference (0)
- 10-19: Worm.Win32.Runfer.bpo Unquoted Service Path (0)
- 10-19: WordPress Duplicator 1.3.26 Arbitrary File Read (0)
- 10-19: Trojan-Proxy.Win32.Ranky.z Unauthenticated Open Proxy (0)
- 10-19: Engineers Online Portal 1.0 SQL Injection (0)
- 10-19: Virus.Win32.Ipamor.c Unauthenticated Remote System Reboot (0)
- 10-19: Mitsubishi Electric / INEA SmartRTU Cross Site Scripting (0)
- 10-19: Mitsubishi Electric / INEA SmartRTU Source Code Disclosure (0)
- 10-19: Backdoor.Win32.LanFiltrator.11.b Code Execution (0)
- 10-19: Backdoor.Win32.LanaFTP.k Heap Corruption (0)
- 10-19: [webapps] myfactory FMS 7.1-911 – 'Multiple' Reflected Cross-Site Scripting (XSS) (0)
- 10-19: [webapps] WordPress Theme Enfold 4.8.3 – Reflected Cross-Site Scripting (XSS) (0)
- 10-19: [webapps] Online Motorcycle (Bike) Rental System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
- 10-19: [webapps] Online Motorcycle (Bike) Rental System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
- 10-19: [webapps] myfactory FMS 7.1-911 – 'Multiple' Reflected Cross-Site Scripting (XSS) (0)
- 10-19: [webapps] WordPress Theme Enfold 4.8.3 – Reflected Cross-Site Scripting (XSS) (0)
- 10-18: Backdoor.Win32.LanaFTP.k Heap Corruption (0)
- 10-18: Plastic SCM 10.0.16.5622 Improper Access Control (0)
- 10-18: [webapps] Company's Recruitment Management System 1.0 – 'Add New user' Cross-Site Request Forgery (CSRF) (0)
- 10-18: [webapps] Plastic SCM 10.0.16.5622 – WebAdmin Server Access (0)
- 10-18: [webapps] Support Board 3.3.4 – 'Message' Stored Cross-Site Scripting (XSS) (0)
- 10-18: [webapps] Company's Recruitment Management System 1.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
- 10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Reflected Cross-Site Scripting (XSS) (0)
- 10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Source Code Disclosure (0)
- 10-18: [webapps] Wordpress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (0)
- 10-18: [webapps] Company's Recruitment Management System 1.0. – 'title' Stored Cross-Site Scripting (XSS) (0)
- 10-18: [webapps] Company's Recruitment Management System 1.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
- 10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Source Code Disclosure (0)
- 10-18: [webapps] Company's Recruitment Management System 1.0. – 'title' Stored Cross-Site Scripting (XSS) (0)
- 10-18: [webapps] Wordpress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (0)
- 10-18: [webapps] Support Board 3.3.4 – 'Message' Stored Cross-Site Scripting (XSS) (0)
- 10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Reflected Cross-Site Scripting (XSS) (0)
- 10-16: i-Panel Administration System 2.0 Cross Site Scripting (0)
- 10-15: i-Panel Administration System 2.0 Cross Site Scripting (0)
- 10-15: SolarWinds Kiwi CatTools 3.11.8 Unquoted Service Path (0)
- 10-15: TextPattern CMS 4.8.7 Shell Upload (0)
- 10-15: IFSC Code Finder Project 1.0 SQL Injection (0)
- 10-15: Yellowfin Cross Site Scripting / Insecure Direct Object Reference (0)
- 10-15: WebKit PointerCaptureController::processPendingPointerCapture Heap Use-After-Free (0)
- 10-15: WebKit EventHandler::keyEvent Heap Use-After-Free (0)
- 10-15: WebKit DOMWindow::open Heap Use-After-Free (0)
- 10-15: [webapps] i-Panel Administration System 2.0 – Reflected Cross-site Scripting (XSS) (0)
- 10-15: [webapps] i-Panel Administration System 2.0 – Reflected Cross-site Scripting (XSS) (0)
- 10-14: WebKit DOMWindow::open Heap Use-After-Free (0)
- 10-14: Pharmacy Point Of Sale System 1.0 Cross Site Request Forgery (0)
- 10-14: Simple Issue Tracker System 1.0 SQL Injection (0)
- 10-14: Student Quarterly Grading System 1.0 Cross Site Scripting (0)
- 10-14: Lifestyle Store 1.0 Cross Site Scripting (0)
- 10-14: Logitech Media Server 8.2.0 Cross Site Scripting (0)
- 10-14: Simple Payroll System 1.0 SQL Injection (0)
- 10-14: Alchemy CMS 6.0.0 Arbitrary File Upload (0)
- 10-14: Keycloak 12.0.1 Server-Side Request Forgery (0)
- 10-14: Apache HTTP Server 2.4.50 Path Traversal / Code Execution (0)
- 10-14: Sonicwall SonicOS 7.0 Host Header Injection (0)
- 10-14: myfactory.FMS 7.1-911 Cross Site Scripting (0)
- 10-14: [local] SolarWinds Kiwi CatTools 3.11.8 – Unquoted Service Path (0)
- 10-14: [webapps] TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated) (0)
- 10-14: [webapps] TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated) (0)
- 10-14: [local] SolarWinds Kiwi CatTools 3.11.8 – Unquoted Service Path (0)
- 10-13: myfactory.FMS 7.1-911 Cross Site Scripting (0)
- 10-13: Moodle Authenticated Spelling Binary Remote Code Execution (0)
- 10-13: Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution (0)
- 10-13: Moodle SpellChecker Path Authenticated Remote Command Execution (0)
- 10-13: Moodle Admin Shell Upload (0)
- 10-13: Zero-Day Hunters Seek Laws To Prevent Vendors Suing Them For Helping Out And Doing Their Jobs (0)
- 10-13: [webapps] Sonicwall SonicOS 7.0 – Host Header Injection (0)
- 10-13: [webapps] Logitech Media Server 8.2.0 – 'Title' Cross-Site Scripting (XSS) (0)
- 10-13: [webapps] Student Quarterly Grading System 1.0 – 'grade' Stored Cross-Site Scripting (XSS) (0)
- 10-13: [webapps] Simple Issue Tracker System 1.0 – SQLi Authentication Bypass (0)
- 10-13: [webapps] Online Learning System 2.0 – 'Multiple' SQLi Authentication Bypass (0)
- 10-13: [remote] Cypress Solutions CTM-200 2.7.1 – Root Remote OS Command Injection (0)
- 10-13: [webapps] Pharmacy Point of Sale System 1.0 – 'Add New User' Cross-Site Request Forgery (CSRF) (0)
- 10-13: [webapps] Apache HTTP Server 2.4.50 – Path Traversal & Remote Code Execution (RCE) (0)
- 10-13: [remote] Cypress Solutions CTM-200/CTM-ONE – Hard-coded Credentials Remote Root (Telnet/SSH) (0)
- 10-13: [webapps] Keycloak 12.0.1 – 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) (0)
- 10-13: [webapps] Company's Recruitment Management System 1.0 – 'Multiple' SQL Injection (Unauthenticated) (0)
- 10-13: [webapps] Simple Payroll System 1.0 – SQLi Authentication Bypass (0)
- 10-12: Moodle Admin Shell Upload (0)
- 10-12: Aviatrix Controller 6.x Path Traversal / Code Execution (0)
- 10-12: Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root (0)
- 10-12: Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection (0)
- 10-11: Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection (0)
- 10-11: https://www.spr.go.th/er.php (0)
- 10-09: Loan Management System 1.0 SQL Injection (0)
- 10-09: Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation (0)
- 10-09: django-unicorn 0.35.3 Cross Site Scripting (0)
- 10-09: Online Traffic Offense Management System 1.0 Privilege Escalation (0)
- 10-09: Maian-Cart 3.8 Remote Code Execution (0)
- 10-09: WordPress Pie Register 3.7.1.4 Privilege Escalation (0)
- 10-09: Simple Online College Entrance Exam System 1.0 Account Takeover (0)
- 10-09: IFSC Code Finder Project 1.0 SQL Injection (0)
- 10-09: Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation (0)
- 10-09: Online Enrollment Management System 1.0 SQL Injection (0)
- 10-09: Online Employees Work From Home Attendance System 1.0 SQL Injection (0)
- 10-09: Cmder Console Emulator 1.3.18 Denial Of Service (0)
- 10-09: Simple Online College Entrance Exam System 1.0 SQL Injection (0)
- 10-08: Cmder Console Emulator 1.3.18 Denial Of Service (0)
- 10-08: https://www.samtambon.go.th/silence.html (0)
- 10-08: http://www.phichit.go.th/wh.html (0)
- 10-08: Google SLO-Generator 2.0.0 Code Execution (0)
- 10-08: Online DJ Booking Management System 1.0 Cross Site Scripting (0)
- 10-08: Simple Online College Entrance Exam System 1.0 SQL Injection (0)
- 10-08: Online Traffic Offense Management System 1.0 Shell Upload (0)
- 10-08: Online Traffic Offense Management System 1.0 Cross Site Scripting (0)
- 10-08: Online Traffic Offense Management System 1.0 SQL Injection (0)
- 10-08: Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation (0)
- 10-08: VMware vCenter Server Analytics (CEIP) Service File Upload (0)
- 10-08: [webapps] Online Employees Work From Home Attendance System 1.0 – SQLi Authentication Bypass (0)
- 10-08: [webapps] Online Enrollment Management System 1.0 – Authentication Bypass (0)
- 10-08: [webapps] Simple Online College Entrance Exam System 1.0 – Account Takeover (0)
- 10-08: [webapps] Simple Online College Entrance Exam System 1.0 – Unauthenticated Admin Creation (0)
- 10-08: [webapps] WordPress Plugin Pie Register 3.7.1.4 – Admin Privilege Escalation (Unauthenticated) (0)
- 10-08: [webapps] django-unicorn 0.35.3 – Stored Cross-Site Scripting (XSS) (0)
- 10-08: [webapps] Maian-Cart 3.8 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 10-08: [webapps] IFSC Code Finder Project 1.0 – SQL injection (Unauthenticated) (0)
- 10-08: [webapps] Online Traffic Offense Management System 1.0 – Privilage escalation (Unauthenticated) (0)
- 10-08: [webapps] Simple Online College Entrance Exam System 1.0 – 'Multiple' SQL injection (0)
- 10-07: VMware vCenter Server Analytics (CEIP) Service File Upload (0)
- 10-07: Odine Solutions GateKeeper 1.0 SQL Injection (0)
- 10-07: G Data EndpointProtection Enterprise 17.08.2021 Privilege Escalation (0)
- 10-07: Talariax sendQuick Alertplus 4.3 SQL Injection (0)
- 10-07: Apache HTTP Server 2.4.49 Path Traversal (0)
- 10-07: Microsoft Office OneNote 2007 Remote Code Execution (0)
- 10-07: WordPress BulletProof Security 5.1 Information Disclosure (0)
- 10-07: Online-Food-Ordering-Web-App SQL Injection (0)
- 10-07: Dahua Authentication Bypass (0)
- 10-07: High Infinity Technology HiKam S6 1.3.26 Spoofing / Broken Authentication (0)
- 10-07: [webapps] Simple Online College Entrance Exam System 1.0 – SQLi Authentication Bypass (0)
- 10-07: [webapps] Online Traffic Offense Management System 1.0 – Multiple RCE (Unauthenticated) (0)
- 10-07: [webapps] Online Traffic Offense Management System 1.0 – Multiple XSS (Unauthenticated) (0)
- 10-07: [webapps] Online Traffic Offense Management System 1.0 – Multiple SQL Injection (Unauthenticated) (0)
- 10-07: [webapps] Online DJ Booking Management System 1.0 – 'Multiple' Blind Cross-Site Scripting (0)
- 10-07: [local] Google SLO-Generator 2.0.0 – Code Execution (0)
- 10-06: High Infinity Technology HiKam S6 1.3.26 Spoofing / Broken Authentication (0)
- 10-06: Virus.Win32.Renamer.a Insecure Permissions (0)
- 10-06: Backdoor.Win32.LolBot.gen Insecure Permissions (0)
- 10-06: Backdoor.Win32.Yoddos.an Unquoted Service Path (0)
- 10-06: HEUR.Trojan.Win32.Generic Unquoted Service Path (0)
- 10-06: Student Quarterly Grading System 1.0 SQL Injection (0)
- 10-06: Backdoor.Win32.Bifrose.ahyg Insecure Permissions (0)
- 10-06: Try My Recipe SQL Injection (0)
- 10-06: Backdoor.Win32.Hupigon.gy Unauthenticated Open Proxy (0)
- 10-06: Atlassian Confluence Server 7.5.1 Arbitrary File Read (0)
- 10-06: Trojan-PSW.Win32.PdPinch.gen Denial Of Service (0)
- 10-06: WordPress TheCartPress 1.5.3.6 Privilege Escalation (0)
- 10-06: WordPress MStore API 2.0.6 Shell Upload (0)
- 10-06: Atlassian Jira Server/Data Center 8.4.0 File Read (0)
- 10-06: HackTool.Win32.Agent.gi Buffer Overflow (0)
- 10-06: Backdoor.Win32.Prorat.lkt Hardcoded Password (0)
- 10-06: Tapatalk Plugins PHP Object Injection (0)
- 10-06: Backdoor.Win32.Prorat.lkt Man-In-The-Middle (0)
- 10-06: https://wanghinlad.go.th/license.txt (0)
- 10-06: https://www.sichomphu.go.th (0)
- 10-06: https://phuwiangsub.go.th (0)
- 10-06: Apache Fixes Actively Exploited Zero-Day Vulnerability, Patch Now (0)
- 10-06: [webapps] Apache HTTP Server 2.4.49 – Path Traversal (0)
- 10-06: [webapps] Wordpress Plugin BulletProof Security 5.1 – Sensitive Information Disclosure (0)
- 10-06: [webapps] Odine Solutions GateKeeper 1.0 – 'trafficCycle' SQL Injection (0)
- 10-06: [webapps] Atlassian Jira Server/Data Center 8.16.0 – Arbitrary File Read (0)
- 10-05: Backdoor.Win32.Prorat.lkt Man-In-The-Middle (0)
- 10-05: Payara Micro Community 5.2021.6 Directory Traversal (0)
- 10-05: Lodging Reservation Management System 1.0 SQL Injection (0)
- 10-05: College Management System 1.0 Arbitrary File Upload (0)
- 10-05: Pet Shop Management System 1.0 Privilege Escalation / Shell Upload (0)
- 10-05: Open Game Panel Remote Code Execution (0)
- 10-05: Vehicle Service Management System 1.0 SQL Injection (0)
- 10-05: Vehicle Service Managment System 1.0 Shell Upload (0)
- 10-05: Young Entrepreneur E-Negosyo System 1.0 SQL Injection (0)
- 10-05: Young Entrepreneur E-Negosyo System 1.0 Cross Site Scripting (0)
- 10-05: Lifestyle Store 1.0 Cross Site Scripting (0)
- 10-05: Gatekeeper Bypass Proof Of Concept (0)
- 10-05: College Management System 1.0 SQL Injection (0)
- 10-05: College Management System 1.0 Cross Site Scripting (0)
- 10-05: College Management System 1.0 Insecure Direct Object Reference (0)
- 10-05: Local Offices Contact Directory Site SQL Injection (0)
- 10-05: Company's Recruitment Management System SQL Injection (0)
- 10-05: Company’s Recruitment Management System SQL Injection (0)
- 10-05: [webapps] Wordpress Plugin MStore API 2.0.6 – Arbitrary File Upload (0)
- 10-05: [webapps] Wordpress Plugin TheCartPress 1.5.3.6 – Privilege Escalation (Unauthenticated) (0)
- 10-05: [webapps] Atlassian Confluence 7.12.2 – Pre-Authorization Arbitrary File Read (0)
- 10-05: [webapps] Student Quarterly Grading System 1.0 – SQLi Authentication Bypass (0)
- 10-04: [webapps] Young Entrepreneur E-Negosyo System 1.0 – SQL Injection Authentication Bypass (0)
- 10-04: [webapps] Open Game Panel – Remote Code Execution (RCE) (Authenticated) (0)
- 10-04: [webapps] Lodging Reservation Management System 1.0 – SQL Injection / Authentication Bypass (0)
- 10-04: [webapps] Payara Micro Community 5.2021.6 – Directory Traversal (0)
- 10-03: http://www.sidalocal.go.th/nad.htm (0)
- 10-02: CMSimple_XH 1.7.4 Remote Command Execution (0)
- 10-02: Vehicle Service Management System 1.0 Shell Upload (0)
- 10-02: Exam Form Submission System 1.0 SQL Injection (0)
- 10-02: Drupal MiniorangeSAML 8.x-2.22 Privilege Escalation (0)
- 10-02: Phpwcms 1.9.30 Cross Site Scripting (0)
- 10-02: Blood Bank System 1.0 SQL Injection (0)
- 10-02: WhatsUpGold 21.0.3 Cross Site Scripting (0)
- 10-02: Packet Storm New Exploits For September, 2021 (0)
- 10-01: Packet Storm New Exploits For September, 2021 (0)
- 10-01: Azure Active Directory Brute Forcer (0)
- 10-01: Pharmacy Point Of Sale System 1.0 SQL Injection (0)
- 10-01: WordPress JS Jobs Manager 1.1.7 Authorization Bypass (0)
- 10-01: Cmsimple 5.4 Remote Code Execution (0)
- 10-01: PlaceOS 1.2109.1 Open Redirection (0)
- 10-01: [webapps] CMSimple_XH 1.7.4 – Remote Code Execution (RCE) (Authenticated) (0)
- 10-01: [webapps] WhatsUpGold 21.0.3 – Stored Cross-Site Scripting (XSS) (0)
- 10-01: [webapps] Vehicle Service Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 10-01: [webapps] Phpwcms 1.9.30 – File Upload to XSS (0)
- 10-01: [webapps] Blood Bank System 1.0 – SQL Injection / Authentication Bypass (0)
- 10-01: [webapps] Exam Form Submission System 1.0 – SQL Injection Authentication Bypass (0)
- 10-01: [webapps] Dairy Farm Shop Management System 1.0 – SQL Injection Authentication Bypass (0)
- 10-01: [webapps] Drupal Module MiniorangeSAML 8.x-2.22 – Privilege escalation via XML Signature Wrapping (0)
September 2021 (321)
- 09-30: PlaceOS 1.2109.1 Open Redirection (0)
- 09-30: Covid Vaccination Scheduler System 1.0 SQL Injection / Cross Site Scripting (0)
- 09-30: OpenSIS 8.0 Cross Site Scripting (0)
- 09-30: WordPress Select All Categories And Taxonomies 1.3.1 Cross Site Scripting (0)
- 09-30: WordPress Redirect 404 To Parent 1.3.0 Cross Site Scripting (0)
- 09-30: Storage Unit Rental Management System 1.0 Shell Upload (0)
- 09-30: Google Extensible Service Proxy Header Forgery (0)
- 09-30: Mitrastar GPT-2541GNAC-N1 Privilege Escalation (0)
- 09-30: Pet Shop Management System 1.0 Shell Upload (0)
- 09-30: [webapps] Pharmacy Point of Sale System 1.0 – 'Multiple' SQL Injection (SQLi) (0)
- 09-30: [webapps] Cmsimple 5.4 – Remote Code Execution (RCE) (Authenticated) (0)
- 09-30: [webapps] Cyber Cafe Management System Project (CCMS) 1.0 – SQL Injection Authentication Bypass (0)
- 09-30: [webapps] Wordpress Plugin JS Jobs Manager 1.1.7 – Unauthenticated Plugin Install/Activation (0)
- 09-29: Pet Shop Management System 1.0 Shell Upload (0)
- 09-29: WordPress TranslatePress 2.0.8 Cross Site Scripting (0)
- 09-29: WordPress Contact Form 1.7.14 Cross Site Scripting (0)
- 09-29: WordPress Popup 1.10.4 Cross Site Scripting (0)
- 09-29: Apache James Server 2.3.2 Remote Command Execution (0)
- 09-29: WordPress Ultimate Maps 1.2.4 Cross Site Scripting (0)
- 09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Cross Site Request Forgery (0)
- 09-29: FatPipe Networks WARP 10.2.2 Authorization Bypass (0)
- 09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Configuration Disclosure (0)
- 09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Backdoor Account (0)
- 09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation (0)
- 09-29: [webapps] Pet Shop Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 09-29: [remote] Mitrastar GPT-2541GNAC-N1 – Privilege escalation (0)
- 09-29: [webapps] WordPress Plugin Redirect 404 to Parent 1.3.0 – Reflected Cross-Site Scripting (XSS) (0)
- 09-29: [webapps] WordPress Plugin Select All Categories and Taxonomies 1.3.1 – Reflected Cross-Site Scripting (XSS) (0)
- 09-29: [webapps] OpenSIS 8.0 – 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS) (0)
- 09-29: [webapps] Storage Unit Rental Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 09-28: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation (0)
- 09-28: iOS 15.0 Gamed Information Disclosure (0)
- 09-28: iOS 15.0 nehelper Enumeration (0)
- 09-28: iOS 15.0 Nehelper Wifi Info Entitlement Check Bypass (0)
- 09-28: [remote] Apache James Server 2.3.2 – Remote Command Execution (RCE) (Authenticated) (2) (0)
- 09-28: [webapps] WordPress Plugin Popup 1.10.4 – Reflected Cross-Site Scripting (XSS) (0)
- 09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – 'Add Admin' Cross-Site Request Forgery (CSRF) (0)
- 09-28: [webapps] WordPress Plugin Ultimate Maps 1.2.4 – Reflected Cross-Site Scripting (XSS) (0)
- 09-28: [webapps] WordPress Plugin Contact Form 1.7.14 – Reflected Cross-Site Scripting (XSS) (0)
- 09-28: [webapps] WordPress Plugin TranslatePress 2.0.8 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
- 09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – Hidden Backdoor Account (Write Access) (0)
- 09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – Remote Privilege Escalation (0)
- 09-28: [webapps] FatPipe Networks WARP 10.2.2 – Authorization Bypass (0)
- 09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – Config Download (Unauthenticated) (0)
- 09-27: Simple Attendance System 1.0 Authentication Bypass (0)
- 09-27: [local] Cyberfox Web Browser 52.9.1 – Denial-of-Service (PoC) (0)
- 09-27: [remote] Cisco small business RV130W 1.0.3.44 – Inject Counterfeit Routers (0)
- 09-27: [webapps] Library System 1.0 – 'student_id' SQL injection (Authenticated) (0)
- 09-27: [local] Ether_MP3_CD_Burner 1.3.8 – Buffer Overflow (SEH) (0)
- 09-27: [webapps] WordPress Plugin Wappointment 2.2.4 – Stored Cross-Site Scripting (XSS) (0)
- 09-25: https://www.ombudsman.go.th/krd.html (0)
- 09-25: SmarterTools SmarterTrack 7922 Information Disclosure (0)
- 09-25: OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service (0)
- 09-25: OpenVPN Monitor 1.1.3 Command Injection (0)
- 09-25: OpenVPN Monitor 1.1.3 Cross Site Request Forgery (0)
- 09-25: Apple Security Advisory 2021-09-23-1 (0)
- 09-25: Apple Security Advisory 2021-09-23-2 (0)
- 09-24: OpenVPN Monitor 1.1.3 Cross Site Request Forgery (0)
- 09-24: Apple Patches 3 More Zero-Days Under Active Attack (0)
- 09-24: 100M IoT Devices Exposed By Zero-Day Bug (0)
- 09-24: http://pymr.go.th/er.php (0)
- 09-24: Gurock Testrail 7.2.0.3014 Improper Access Control (0)
- 09-24: Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution (0)
- 09-24: WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery (0)
- 09-24: WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting (0)
- 09-24: Redragon Gaming Mouse Denial Of Service (0)
- 09-24: Police Crime Record Management Project 1.0 SQL Injection (0)
- 09-24: Pharmacy Point Of Sale System 1.0 SQL Injection (0)
- 09-24: WordPress 3DPrint Lite 1.9.1.4 Shell Upload (0)
- 09-24: [webapps] Pharmacy Point of Sale System 1.0 – SQLi Authentication BYpass (0)
- 09-24: [webapps] SmarterTools SmarterTrack 7922 – 'Multiple' Information Disclosure (0)
- 09-23: WordPress 3DPrint Lite 1.9.1.4 Shell Upload (0)
- 09-23: Cloudron 6.2 Cross Site Scripting (0)
- 09-23: Simple Attendance System 1.0 SQL Injection (0)
- 09-23: TotalAV 5.15.69 Unquoted Service Path (0)
- 09-23: Filerun 2021.03.26 Remote Code Execution (0)
- 09-23: Sentry 8.2.0 Remote Code Execution (0)
- 09-23: South Gate Inn Online Reservation System 1.0 Shell Upload / SQL Injection (0)
- 09-23: Online Reviewer System 1.0 Shell Upload (0)
- 09-23: e107 CMS 2.3.0 Shell Upload (0)
- 09-23: E-Negosyo System 1.0 SQL Injection (0)
- 09-23: E-Negosyo System 1.0 Shell Upload (0)
- 09-23: OpenCats 0.9.4-2 XML Injection (0)
- 09-23: Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race (0)
- 09-23: [webapps] Police Crime Record Management Project 1.0 – Time Based SQLi (0)
- 09-23: [webapps] WordPress Plugin Fitness Calculators 1.9.5 – Cross-Site Request Forgery (CSRF) (0)
- 09-23: [webapps] WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 – Reflected Cross-Site Scripting (XSS) (0)
- 09-23: [webapps] Backdrop CMS 1.20.0 – 'Multiple' Cross-Site Request Forgery (CSRF) (0)
- 09-23: [webapps] Wordpress Plugin 3DPrint Lite 1.9.1.4 – Arbitrary File Upload (0)
- 09-23: [dos] Redragon Gaming Mouse – 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) (0)
- 09-23: [webapps] Gurock Testrail 7.2.0.3014 – 'files.md5' Improper Access Control (0)
- 09-23: [webapps] Budget and Expense Tracker System 1.0 – Arbitrary File Upload (0)
- 09-22: Apple Security Advisory 2021-09-20-1 (0)
- 09-22: Apple Security Advisory 2021-09-20-2 (0)
- 09-22: Apple Security Advisory 2021-09-20-3 (0)
- 09-22: Apple Security Advisory 2021-09-20-4 (0)
- 09-22: Apple Security Advisory 2021-09-20-5 (0)
- 09-22: Apple Security Advisory 2021-09-20-6 (0)
- 09-22: Apple Security Advisory 2021-09-20-7 (0)
- 09-22: Apple Security Advisory 2021-09-20-8 (0)
- 09-22: Apple Security Advisory 2021-09-20-9 (0)
- 09-22: Apple Security Advisory 2021-09-20-10 (0)
- 09-22: Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race (0)
- 09-22: Yenkee Hornet Gaming Mouse Denial Of Service (0)
- 09-22: Church Management System 1.0 SQL Injection / Code Execution (0)
- 09-22: Trojan.Win32.Agent.xaamkd Insecure Permissions (0)
- 09-22: Budgets And Expense Tracker System 1.0 Shell Upload (0)
- 09-22: WebsiteBaker 2.13.0 Remote Code Execution (0)
- 09-22: Backdoor.Win32.Hupigon.asqx Unauthenticated Open Proxy (0)
- 09-22: Backdoor.Win32.Minilash.10.b Denial Of Service (0)
- 09-22: OpenCats 0.9.4 XML Injection (0)
- 09-22: ManageEngine OpManager SumPDU Java Deserialization (0)
- 09-22: [webapps] Filerun 2021.03.26 – Remote Code Execution (RCE) (Authenticated) (0)
- 09-22: [webapps] Simple Attendance System 1.0 – Unauthenticated Blind SQLi (0)
- 09-21: ManageEngine OpManager SumPDU Java Deserialization (0)
- 09-21: Maxpatrol 8 / Xspider Denial Of Service (0)
- 09-21: WordPress 5.7 Media Library XML Injection (0)
- 09-21: Church Management System 1.0 Shell Upload (0)
- 09-21: Online Food Ordering System 2.0 Shell Upload (0)
- 09-21: Budget And Expense Tracker System 1.0 SQL Injection (0)
- 09-21: Church Management System 1.0 SQL Injection (0)
- 09-21: T-Soft E-Commerce 4 Cross Site Request Forgery (0)
- 09-21: Microsoft Windows MSHTML Overview (0)
- 09-21: Apple Security Advisory 2021-09-13-1 (0)
- 09-21: Apple Security Advisory 2021-09-13-2 (0)
- 09-21: Apple Security Advisory 2021-09-13-3 (0)
- 09-21: Apple Security Advisory 2021-09-13-4 (0)
- 09-21: Apple Security Advisory 2021-09-13-5 (0)
- 09-21: [dos] Yenkee Hornet Gaming Mouse – 'GM312Fltr.sys' Denial-Of-Service (PoC) (0)
- 09-21: [webapps] WebsiteBaker 2.13.0 – Remote Code Execution (RCE) (Authenticated) (0)
- 09-21: [webapps] Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 09-20: Microsoft Windows MSHTML Overview (0)
- 09-20: http://chaleang.go.th/er.php (0)
- 09-20: [webapps] Budget and Expense Tracker System 1.0 – Authenticated Bypass (0)
- 09-20: [webapps] Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 09-20: [webapps] Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
- 09-20: [webapps] WordPress 5.7 – 'Media Library' XML External Entity Injection (XXE) (Authenticated) (0)
- 09-20: [webapps] Church Management System 1.0 – 'search' SQL Injection (Unauthenticated) (0)
- 09-20: [webapps] T-Soft E-Commerce 4 – change 'admin credentials' Cross-Site Request Forgery (CSRF) (0)
- 09-18: Simple Attendance System 1.0 SQL Injection (0)
- 09-18: Cloudron 6.2 Cross Site Scripting (0)
- 09-18: Library Management System 1.0 SQL Injection (0)
- 09-18: WordPress WooCommerce Booster 5.4.3 Authentication Bypass (0)
- 09-18: Geutebruck instantrec Remote Command Execution (0)
- 09-17: Geutebruck instantrec Remote Command Execution (0)
- 09-17: Impress CMS 1.4.2 Remote Code Execution (0)
- 09-17: Microsoft Windows cmd.exe Stack Buffer Overflow (0)
- 09-17: Git git-lfs Remote Code Execution (0)
- 09-17: Azure Zero Day Flaws Highlight Lurking Supply Chain Risk (0)
- 09-17: [webapps] Simple Attendance System 1.0 – Authenticated bypass (0)
- 09-17: [webapps] Library Management System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
- 09-17: [webapps] WordPress Plugin WooCommerce Booster Plugin 5.4.3 – Authentication Bypass (0)
- 09-16: Git git-lfs Remote Code Execution (0)
- 09-16: Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload (0)
- 09-16: Evolution CMS 3.1.6 Remote Code Execution (0)
- 09-16: AHSS-PHP 1.0 Cross Site Scripting / SQL Injection (0)
- 09-16: Support Board 3.3.3 SQL Injection (0)
- 09-16: elFinder Archive Command Injection (0)
- 09-16: [webapps] ImpressCMS 1.4.2 – Remote Code Execution (RCE) (Authenticated) (0)
- 09-15: elFinder Archive Command Injection (0)
- 09-15: http://kpp.nfe.go.th/kurd.html (0)
- 09-15: Men Salon Management System 1.0 Cross Site Scripting / SQL Injection (0)
- 09-15: WordPress Download From Files 1.48 Shell Upload (0)
- 09-15: Apartment Visitor Management System 1.0 Shell Upload / SQL Injection (0)
- 09-15: Active WebCam 11.5 Unquoted Service Path (0)
- 09-15: Purchase Order Management System 1.0 Shell Upload (0)
- 09-15: Facebook ParlAI 1.0.0 Code Execution / Deserialization (0)
- 09-15: Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload (0)
- 09-15: Ulfius Web Framework Remote Memory Corruption (0)
- 09-15: DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting (0)
- 09-15: Pair Of Google Chrome Zero Day Bugs Actively Exploited (0)
- 09-15: [webapps] AlphaWeb XE – File Upload Remote Code Execution (RCE) (Authenticated) (0)
- 09-15: [webapps] Seowon 130-SLC router – 'queriesCnt' Remote Code Execution (Unauthenticated) (0)
- 09-15: [webapps] Evolution CMS 3.1.6 – Remote Code Execution (RCE) (Authenticated) (0)
- 09-15: [webapps] Support Board 3.3.3 – 'Multiple' SQL Injection (Unauthenticated) (0)
- 09-14: DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting (0)
- 09-14: [webapps] Purchase Order Management System 1.0 – Remote File Upload (0)
- 09-13: [webapps] Men Salon Management System 1.0 – Multiple Vulnerabilities (0)
- 09-13: [local] Active WebCam 11.5 – Unquoted Service Path (0)
- 09-13: [webapps] Apartment Visitor Management System (AVMS) 1.0 – SQLi to RCE (0)
- 09-13: [local] Facebook ParlAI 1.0.0 – Deserialization of Untrusted Data in parlai (0)
- 09-13: [webapps] ECOA Building Automation System – Weak Default Credentials (0)
- 09-13: [webapps] ECOA Building Automation System – Path Traversal Arbitrary File Upload (0)
- 09-13: [webapps] Wordpress Plugin Download From Files 1.48 – Arbitrary File Upload (0)
- 09-13: [webapps] ECOA Building Automation System – Arbitrary File Deletion (0)
- 09-13: [webapps] ECOA Building Automation System – Local File Disclosure (0)
- 09-13: [local] ECOA Building Automation System – Missing Encryption Of Sensitive Information (0)
- 09-13: [webapps] ECOA Building Automation System – Remote Privilege Escalation (0)
- 09-13: [webapps] ECOA Building Automation System – Hidden Backdoor Accounts and backdoor() Function (0)
- 09-13: [remote] ECOA Building Automation System – Hard-coded Credentials SSH Access (0)
- 09-13: [webapps] ECOA Building Automation System – Cookie Poisoning Authentication Bypass (0)
- 09-13: [webapps] ECOA Building Automation System – Configuration Download Information Disclosure (0)
- 09-13: [webapps] ECOA Building Automation System – Directory Traversal Content Disclosure (0)
- 09-13: [webapps] ECOA Building Automation System – 'multiple' Cross-Site Request Forgery (CSRF) (0)
- 09-10: POMS-PHP 1.0 SQL Injection (0)
- 09-10: ECOA Building Automation System Hidden Backdoor Accounts (0)
- 09-10: HEUR.Trojan.Win32.Generic Insecure Permissions (0)
- 09-10: ECOA Building Automation System Weak Default Credentials (0)
- 09-10: ECOA Building Automation System Path Traversal / Arbitrary File Upload (0)
- 09-10: ECOA Building Automation System Directory Traversal (0)
- 09-10: