__–::: Deepquest :::–__ » Archives

rss feed

Archives

May 2022 (240)

05-25: Print Spooler Remote DLL Injection (0)
05-25: Zoom XMPP Stanza Smuggling Remote Code Execution (0)
05-25: CLink Office 2.0 SQL Injection (0)
05-25: Online Fire Reporting System 1.0 SQL Injection (0)
05-25: Online Fire Reporting System 1.0 SQL Injection (0)
05-24: OpenCart Newsletter 3.0.2.0 SQL Injection (0)
05-24: Blockchain AltExchanger 1.2.1 SQL Injection (0)
05-24: Blockchain FiatExchanger 2.2.1 SQL Injection (0)
05-24: m1k1o's Blog 1.3 Remote Code Execution (0)
05-24: iTop Remote Command Execution (0)
05-23: iTop Remote Command Execution (0)
05-23: [webapps] m1k1o's Blog v.10 – Remote Code Execution (RCE) (Authenticated) (0)
05-23: [webapps] OpenCart v3.x Newsletter Module – Blind SQLi (0)
05-21: Linux USB Use-After-Free (0)
05-20: Linux USB Use-After-Free (0)
05-20: PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting (0)
05-20: LiquidFiles 3.4.15 Cross Site Scripting (0)
05-20: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization (0)
05-19: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization (0)
05-19: Emby Media Server 4.7.0.60 Cross Site Scripting (0)
05-18: APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days (0)
05-18: Emby Media Server 4.7.0.60 Cross Site Scripting (0)
05-18: SolarView Compact 6.0 Command Injection (0)
05-18: Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting (0)
05-18: T-Soft E-Commerce 4 Cross Site Scripting (0)
05-18: T-Soft E-Commerce 4 SQL Injection (0)
05-18: OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization (0)
05-18: Showdoc 2.10.3 Cross Site Scripting (0)
05-18: Online Discussion Forum Site 1.0 SQL Injection (0)
05-18: SDT-CW3B1 1.1.0 Command Injection (0)
05-18: Trojan-Ransom.Thanos MVID-2022-0607 Code Execution (0)
05-18: Apple Security Advisory 2022-05-16-1 (0)
05-18: Apple Security Advisory 2022-05-16-2 (0)
05-18: Apple Security Advisory 2022-05-16-3 (0)
05-18: Apple Security Advisory 2022-05-16-4 (0)
05-18: Apple Security Advisory 2022-05-16-5 (0)
05-18: Apple Security Advisory 2022-05-16-6 (0)
05-18: Apple Security Advisory 2022-05-16-7 (0)
05-18: Apple Security Advisory 2022-05-16-8 (0)
05-18: Trojan-Ransom.Thanos MVID-2022-0607 Code Execution (0)
05-17: Ransom.Conti MVID-2022-0601 Code Execution (0)
05-17: Ransom.Conti MVID-2022-0602 Code Execution (0)
05-17: Ransom.Conti MVID-2022-0603 Code Execution (0)
05-17: HighCMS/HighPortal 12.x SQL Injection (0)
05-17: Ransom.Conti MVID-2022-0604 Code Execution (0)
05-17: WordPress WP Event Manager 3.1.27 Cross Site Scripting (0)
05-17: Ransom.Conti MVID-2022-0605 Code Execution (0)
05-17: Zyxel Remote Command Execution (0)
05-17: Ransom.Conti MVID-2022-0606 Code Execution (0)
05-17: IpMatcher 1.0.4.1 Server-Side Request Forgery (0)
05-17: Chrome 100 extensions::ExtensionApiFrameIdMap::GetFrameId Heap Use-After-Free (0)
05-17: Zyxel Firewall ZTP Unauthenticated Command Injection (0)
05-17: [webapps] Showdoc 2.10.3 – Stored Cross-Site Scripting (XSS) (0)
05-17: [remote] SolarView Compact 6.0 – OS Command Injection (0)
05-17: [webapps] T-Soft E-Commerce 4 – SQLi (Authenticated) (0)
05-17: [remote] SDT-CW3B1 1.1.0 – OS Command Injection (0)
05-17: [webapps] T-Soft E-Commerce 4 – 'UrunAdi' Stored Cross-Site Scripting (XSS) (0)
05-17: [webapps] Survey Sparrow Enterprise Survey Software 2022 – Stored Cross-Site Scripting (XSS) (0)
05-16: Zyxel Firewall ZTP Unauthenticated Command Injection (0)
05-14: Konica Minolta bizhub MFP Printer Terminal Sandbox Escape (0)
05-13: Konica Minolta bizhub MFP Printer Terminal Sandbox Escape (0)
05-13: F5 BIG-IP 16.0.x Remote Code Execution (0)
05-13: Royal Event Management System 1.0 SQL Injection (0)
05-13: Ransom.REvil MVID-2022-0596 Code Execution (0)
05-13: TLR-2005KSH Arbitrary File Delete (0)
05-13: College Management System 1.0 SQL Injection (0)
05-13: AppleVideoDecoder CreateHeaderBuffer Out-Of-Bounds Free (0)
05-13: F5 BIG-IP iControl Remote Code Execution (0)
05-13: Ransom.REvil MVID-2022-0595 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0597 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0598 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0599 Code Execution (0)
05-13: Ransom.REvil MVID-2022-0600 Code Execution (0)
05-12: Ransom.REvil MVID-2022-0600 Code Execution (0)
05-12: e107 CMS 3.2.1 Arbitrary File Upload / Cross Site Scripting (0)
05-12: Apache CouchDB 3.2.1 Remote Code Execution (0)
05-12: Wondershare Dr.Fone 12.0.7 Privilege Escalation (0)
05-12: Wondershare Dr.Fone 12.0.7 Privilege Escalation (0)
05-12: ExifTool 12.23 Arbitrary Code Execution (0)
05-12: Cyclos 4.14.7 Cross Site Scripting (0)
05-12: DLINK DIR850 Open Redirection (0)
05-12: DLINK DIR850 Insecure Direct Object Reference (0)
05-12: Wondershare Dr.Fone 11.4.10 Insecure Permissions (0)
05-12: SAP BusinessObjects Intelligence 4.3 XML Injection (0)
05-12: Microsoft CMD.EXE Integer Overflow (0)
05-12: ManageEngine ADSelfService Plus Build 6118 NTLMv2 Hash Exposure (0)
05-12: TCQ Unquoted Service Path (0)
05-12: UDisk Monitor Z5 Phone 2.0.3.0 Unquoted Service Path (0)
05-12: Anuko Time Tracker 1.20.0.5640 SQL Injection (0)
05-12: Navigate CMS 2.9.4 Server-Side Request Forgery (0)
05-12: Google Chrome 78.0.3904.70 Remote Code Execution (0)
05-12: PyScript 2022-05-04-Alpha Source Code Disclosure (0)
05-12: DLINK DAP-1620 A1 1.01 Directory Traversal (0)
05-12: Beehive Forum 1.5.2 Account Takeover (0)
05-12: MyBB 1.8.29 Remote Code Execution (0)
05-12: WordPress Blue Admin 21.06.01 Cross Site Request Forgery (0)
05-12: Joomla SexyPolling 2.1.7 SQL Injection (0)
05-12: Ruijie Reyee Mesh Router Remote Code Execution (0)
05-12: Cisco RV340 SSL VPN Unauthenticated Remote Code Execution (0)
05-12: Actively Exploited Zero-Day Bug Patched By Microsoft (0)
05-12: Cisco RV340 SSL VPN Unauthenticated Remote Code Execution (0)
05-12: [webapps] TLR-2005KSH – Arbitrary File Delete (0)
05-12: [webapps] College Management System 1.0 – 'course_code' SQL Injection (Authenticated) (0)
05-12: [webapps] Royal Event Management System 1.0 – 'todate' SQL Injection (Authenticated) (0)
05-12: [remote] F5 BIG-IP 16.0.x – Remote Code Execution (RCE) (0)
05-11: Spring4Shell Spring Framework Class Property Remote Code Execution (0)
05-11: Printix 1.3.1106.0 Privilege Escalation (0)
05-11: Printix 1.3.1106.0 Privileged API Abuse (0)
05-11: https://area2.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area3.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area5.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area7.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area10.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area8.kkzone1.go.th/resize-image-class.php (0)
05-11: https://area9.kkzone1.go.th/resize-image-class.php (0)
05-11: [webapps] TLR-2005KSH – Arbitrary File Upload (0)
05-11: [remote] ManageEngine ADSelfService Plus Build 6118 – NTLMv2 Hash Exposure (0)
05-11: [webapps] Microfinance Management System 1.0 – 'customer_number' SQLi (0)
05-11: [webapps] e107 CMS v3.2.1 – Multiple Vulnerabilities (0)
05-11: [webapps] WebTareas 2.4 – Blind SQLi (Authenticated) (0)
05-11: [local] ExifTool 12.23 – Arbitrary Code Execution (0)
05-11: [webapps] WordPress Plugin Advanced Uploader 4.2 – Arbitrary File Upload (Authenticated) (0)
05-11: [local] Wondershare Dr.Fone 12.0.7 – Privilege Escalation (ElevationService) (0)
05-11: [remote] Bookeen Notea – Directory Traversal (0)
05-11: [local] Wondershare Dr.Fone 12.0.7 – Privilege Escalation (InstallAssistService) (0)
05-11: [webapps] CSZ CMS 1.3.0 – 'Multiple' Blind SQLi (0)
05-11: [remote] Apache CouchDB 3.2.1 – Remote Code Execution (RCE) (0)
05-11: [local] UDisk Monitor Z5 Phone – 'MonServiceUDisk.exe' Unquoted Service Path (0)
05-11: [webapps] Anuko Time Tracker – SQLi (Authenticated) (0)
05-11: [local] Wondershare Dr.Fone 11.4.10 – Insecure File Permissions (0)
05-11: [remote] Tenda HG6 v3.3.0 – Remote Command Injection (0)
05-11: [remote] Prime95 Version 30.7 build 9 – Remote Code Execution (RCE) (0)
05-11: [remote] Google Chrome 78.0.3904.70 – Remote Code Execution (0)
05-11: [remote] DLINK DIR850 – Open Redirect (0)
05-11: [remote] PyScript – Read Remote Python Source Code (0)
05-11: [webapps] Cyclos 4.14.7 – 'groupId' DOM Based Cross-Site Scripting (XSS) (0)
05-11: [remote] DLINK DAP-1620 A1 v1.01 – Directory Traversal (0)
05-11: [remote] Akka HTTP 10.1.14 – Denial of Service (0)
05-11: [webapps] Explore CMS 1.0 – SQL Injection (0)
05-11: [webapps] Magento eCommerce CE v2.3.5-p2 – Blind SQLi (0)
05-11: [webapps] Navigate CMS 2.9.4 – Server-Side Request Forgery (SSRF) (Authenticated) (0)
05-11: [webapps] Bitrix24 – Remote Code Execution (RCE) (Authenticated) (0)
05-11: [webapps] WordPress Plugin stafflist 3.1.2 – SQLi (Authenticated) (0)
05-11: [webapps] Joomla Plugin SexyPolling 2.1.7 – SQLi (0)
05-11: [webapps] WordPress Plugin Blue Admin 21.06.01 – Cross-Site Request Forgery (CSRF) (0)
05-11: [webapps] Beehive Forum – Account Takeover (0)
05-11: [webapps] MyBB 1.8.29 – MyBB 1.8.29 – Remote Code Execution (RCE) (Authenticated) (0)
05-11: [remote] USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 – Remote Root Backdoor (0)
05-11: [webapps] PHProjekt PhpSimplyGest v1.3. – Stored Cross-Site Scripting (XSS) (0)
05-11: [webapps] Cyclos 4.14.7 – DOM Based Cross-Site Scripting (XSS) (0)
05-11: [webapps] ImpressCMS v1.4.4 – Unrestricted File Upload (0)
05-11: [remote] Ruijie Reyee Mesh Router – Remote Code Execution (RCE) (Authenticated) (0)
05-11: [remote] DLINK DIR850 – Insecure Access Control (0)
05-11: [remote] SAP BusinessObjects Intelligence 4.3 – XML External Entity (XXE) (0)
05-11: [local] TCQ – ITeCProteccioAppServer.exe – Unquoted Service Path (0)
05-10: Printix 1.3.1106.0 Privileged API Abuse (0)
05-10: Ransom.Cryakl Code Execution (0)
05-10: Ransom.Petya Code Execution (0)
05-10: Travel Management System 1.0 SQL Injection (0)
05-10: School Dormitory Management 1.0 SQL Injection (0)
05-10: Ransom.Conti Code Execution (0)
05-10: Ransom.Satana Code Execution (0)
05-10: School Dormitory Management System 1.0 SQL Injection (0)
05-10: APT28 FancyBear Code Execution (0)
05-10: Chrome content::DisplayCutoutHostImpl::SendSafeAreaToFrame Use-After-Free (0)
05-10: Linux PT_SUSPEND_SECCOMP Permission Bypass / Death Race (0)
05-10: F5 BIG-IP Remote Code Execution (0)
05-09: F5 BIG-IP Remote Code Execution (0)
05-09: https://www.spmnan.go.th/readmee.htm (0)
05-09: https://nptedu.go.th/readmee.htm (0)
05-09: http://esanpt1.go.th/daka.htm (0)
05-08: http://www.nb1.go.th/daka.htm (0)
05-08: https://www.trang1.go.th/daka.htm (0)
05-07: REvil.Ransom Code Execution (0)
05-07: Trojan.Ransom.Cryptowall Code Execution (0)
05-07: ChatBot Application With A Suggestion Feature 1.0 SQL Injection (0)
05-07: Trojan-Ransom.LockerGoga Code Execution (0)
05-07: Trojan-Ransom.Cerber Code Execution (0)
05-07: Ransom.CTBLocker Code Execution (0)
05-07: Craft CMS 3.7.36 Password Reset Poisoning Attack (0)
05-07: Trojan.CryptoLocker Code Execution (0)
05-07: Trojan-Ransom.Radamant Code Execution (0)
05-07: http://ret2.go.th/readme.htm (0)
05-06: Craft CMS 3.7.36 Password Reset Poisoning Attack (0)
05-06: Red Planet Laundry Management System 1.0 SQL Injection (0)
05-06: SAP Web Dispatcher HTTP Request Smuggling (0)
05-06: PHProjekt PhpSimplyGest / MyProjects 1.3.0 Cross Site Scripting (0)
05-06: ZoneMinder Language Settings Remote Code Execution (0)
05-06: ZoneMinder Language Settings Remote Code Execution (0)
05-05: Conti.Ransom Code Execution (0)
05-05: Ransom.Conti Code Execution (0)
05-05: REvil.Ransom Code Execution (0)
05-05: Ransom.WannaCry Code Execution (0)
05-04: https://ict.amnat-ed.go.th/readmee.htm (0)
05-04: https://e-office.amnat-ed.go.th/readmee.htm (0)
05-04: https://e-news.amnat-ed.go.th/readmee.htm (0)
05-04: https://e-network.amnat-ed.go.th/readmee.htm (0)
05-04: https://salary.amnat-ed.go.th/readmee.htm (0)
05-04: http://cmarea3.go.th/readmee.htm (0)
05-04: http://loei3.go.th/readme.txt (0)
05-04: Ransom.WannaCry Code Execution (0)
05-04: WordPress Stafflist 3.1.2 Cross Site Scripting (0)
05-04: Tenda HG6 3.3.0 Remote Command Injection (0)
05-04: VMware Workspace ONE Access Template Injection / Command Execution (0)
05-04: Ransom.AvosLocker Code Execution (0)
05-04: BlackBasta Ransom Code Execution (0)
05-04: LokiLocker Ransom Code Execution (0)
05-04: Conti Ransom Code Execution (0)
05-04: REvil Ransom Code Execution (0)
05-04: RedLine.Stealer Code Execution (0)
05-03: RedLine.Stealer Code Execution (0)
05-03: http://www.krajai.go.th/readme.html (0)
05-03: http://www.nakhamloei.go.th/readme.html (0)
05-03: http://www.napongloei.go.th/readme.html (0)
05-03: http://www.nonghin.go.th/readme.html (0)
05-03: http://www.nonpasang.go.th/readme.html (0)
05-03: http://www.nonpodaeng.go.th/readme.html (0)
05-03: http://www.npt.go.th/readme.html (0)
05-03: http://www.pnt.go.th/readme.html (0)
05-03: http://www.raitai.go.th/readme.html (0)
05-03: http://www.srithan.go.th/readme.html (0)
05-03: http://www.taladjinda.go.th/readme.html (0)
05-03: http://www.tambolbangyang.go.th/readme.html (0)
05-03: http://www.tessabanna-o.go.th/readme.html (0)
05-03: http://www.tessabannahaeo.go.th/readme.html (0)
05-03: http://www.thachangklong.go.th/readme.html (0)
05-03: http://www.thamchalong.go.th/readme.html (0)
05-03: http://www.thasaklocal.go.th/readme.html (0)
05-03: http://www.thungkrabam.go.th/readme.html (0)
05-03: http://www.wangdin.go.th/readme.html (0)
05-03: http://www.wangsaphung.go.th/readme.html (0)
05-03: Toll Tax Management System 1.0 SQL Injection (0)
05-03: Covid 19 Travel Pass Management System 1.0 SQL Injection (0)
05-03: Ransom.LockBit DLL Hijacking (0)
05-03: Strapi 3.6.8 Password Disclosure / Insecure Handling (0)
05-03: WordPress Stafflist 3.1.2 SQL Injection (0)
05-03: WordPress Stafflist 3.1.2 Cross Site Request Forgery (0)
05-03: WSO Arbitrary File Upload / Remote Code Execution (0)
05-03: Packet Storm New Exploits For April, 2022 (0)
05-02: Packet Storm New Exploits For April, 2022 (0)

April 2022 (222)

04-29: Home Clean Service System 1.0 SQL Injection (0)
04-28: Home Clean Service System 1.0 SQL Injection (0)
04-28: WordPress Curtain 1.0.2 Cross Site Scripting (0)
04-28: Prime95 30.7 Build 9 Buffer Overflow (0)
04-28: Trojan-Banker.Win32.Banker.heq Insecure Permissions (0)
04-28: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
04-28: Net-Worm.Win32.Kibuv.c Authentication Bypass (0)
04-28: Email-Worm.Win32.Sidex Remote Command Execution (0)
04-28: Virus.Win32.Qvod.b Insecure Permissions (0)
04-28: Trojan-Downloader.Win32.Small.ahlq Insecure Permissions (0)
04-28: Backdoor.Win32.Cafeini.b Hardcoded Credential (0)
04-28: Backdoor.Win32.Cafeini.b Man-In-The-Middle (0)
04-28: Backdoor.Win32.GF.j Remote Command Execution (0)
04-28: Trojan-Downloader.Win32.Agent Insecure Permissions (0)
04-28: Backdoor.Win32.Agent.aegg Hardcoded Credential (0)
04-28: Miele Benchmark Programming Tool 1.1.49 / 1.2.71 Privilege Escalation (0)
04-28: Zepp 6.1.4-play User Account Enumeration (0)
04-28: Redis Lua Sandbox Escape (0)
04-28: Redis Lua Sandbox Escape (0)
04-27: http://www.ssk3.go.th/zz.html (0)
04-27: WordPress WP-Invoice 4.3.1 Cross Site Scripting (0)
04-27: Gitlab 14.9 Authentication Bypass (0)
04-27: Gitlab 14.9 Cross Site Scripting (0)
04-27: WordPress Coru LFMember 1.0.2 Cross Site Scripting (0)
04-26: WordPress Coru LFMember 1.0.2 Cross Site Scripting (0)
04-26: http://phutthaisonglocal.go.th/pentest.php (0)
04-26: WordPress ScrollReveal.js Effects 1.1.1 Cross Site Scripting (0)
04-26: Joomla Sexy Polling 2.1.7 SQL Injection (0)
04-26: Hackers Are Exploiting Zero Days More Than Ever (0)
04-26: [webapps] GitLab 14.9 – Stored Cross-Site Scripting (XSS) (0)
04-26: [webapps] Gitlab 14.9 – Authentication Bypass (0)
04-25: Joomla Sexy Polling 2.1.7 SQL Injection (0)
04-22: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor (0)
04-22: Watch Queue Out-Of-Bounds Write (0)
04-22: ManageEngine ADSelfService Plus Custom Script Execution (0)
04-21: ManageEngine ADSelfService Plus Custom Script Execution (0)
04-21: Jenkins Remote Code Execution (0)
04-21: 7-Zip 16 DLL Hijacking (0)
04-21: Online Restaurant Table Reservation System 1.0 SQL Injection (0)
04-21: Pharmacy Management System 1.0 Shell Upload (0)
04-21: Pharmacy Management System 1.0 SQL Injection (0)
04-20: Google: 2021 Was A Banner Year For Exploited 0-Day Bugs (0)
04-20: Pharmacy Management System 1.0 SQL Injection (0)
04-20: http://www.budhosp.go.th/kurdish.html (0)
04-20: Microsoft Exchange Active Directory Topology 15.0.847.40 Unquoted Service Path (0)
04-20: Fuel CMS 1.5.0 Cross Site Request Forgery (0)
04-20: Zyxel NWA-1100-NH Command Injection (0)
04-20: Scriptcase 9.7 Shell Upload (0)
04-20: PTPublisher 2.3.4 Unquoted Service Path (0)
04-20: EaseUS Data Recovery 15.1.0.0 Unquoted Service Path (0)
04-20: HackTool.Win32.Delf.vs Insecure Credential Storage (0)
04-20: WordPress Elementor 3.6.2 Shell Upload (0)
04-20: Backdoor.Win32.Loselove Denial Of Service (0)
04-20: WordPress Videos Sync PDF 1.7.4 Cross Site Scripting (0)
04-20: Trojan.Win32.TScash.c Insecure Permissions (0)
04-20: Backdoor.Win32.Hupigon.haqj Unquoted Service Path (0)
04-20: PKP Open Journals System 3.3 Cross Site Scripting (0)
04-20: 7-Zip 21.07 Code Execution / Privilege Escalation (0)
04-20: ManageEngine ADSelfService Plus 6.1 User Enumeration (0)
04-20: Backdoor.Win32.Psychward.03.a Weak Hardcoded Password (0)
04-20: Responsive Online Blog 1.0 SQL Injection (0)
04-20: WordPress Popup Maker 1.16.5 Cross Site Scripting (0)
04-20: Backdoor.Win32.GateHell.21 Man-In-The-Middle (0)
04-20: Linux watch_queue Filter Out-Of-Bounds Write (0)
04-20: WordPress Motopress Hotel Booking Lite 4.2.4 SQL Injection (0)
04-20: Linux FUSE Use-After-Free (0)
04-20: Backdoor.Win32.Delf.zn Insecure Credential Storage (0)
04-20: Backdoor.Win32.GateHell.21 Authentication Bypass (0)
04-20: BlueZ Key Theft / bluetoothd Double-Free (0)
04-19: BlueZ Key Theft / bluetoothd Double-Free (0)
04-19: [webapps] Scriptcase 9.7 – Remote Code Execution (RCE) (0)
04-19: [webapps] Easy Appointments 1.4.2 – Information Disclosure (0)
04-19: [remote] Zyxel NWA-1100-NH – Command Injection (0)
04-19: [webapps] WordPress Plugin Motopress Hotel Booking Lite 4.2.4 – SQL Injection (0)
04-19: [local] Microsoft Exchange Mailbox Assistants 15.0.847.40 – 'Service MSExchangeMailboxAssistants' Unquoted Service Path (0)
04-19: [local] EaseUS Data Recovery – 'ensserver.exe' Unquoted Service Path (0)
04-19: [local] Microsoft Exchange Active Directory Topology 15.0.847.40 – 'Service MSExchangeADTopology' Unquoted Service Path (0)
04-19: [local] PTPublisher v2.3.4 – Unquoted Service Path (0)
04-19: [remote] ManageEngine ADSelfService Plus 6.1 – User Enumeration (0)
04-19: [webapps] WordPress Plugin Videos sync PDF 1.7.4 – Stored Cross Site Scripting (XSS) (0)
04-19: [webapps] Fuel CMS 1.5.0 – Cross-Site Request Forgery (CSRF) (0)
04-19: [local] 7-zip – Code Execution / Local Privilege Escalation (0)
04-19: [webapps] WordPress Plugin Elementor 3.6.2 – Remote Code Execution (RCE) (Authenticated) (0)
04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cookie User Password Disclosure (0)
04-19: [webapps] PKP Open Journals System 3.3 – Cross-Site Scripting (XSS) (0)
04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Request Forgery (CSRF) (0)
04-19: [remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Scripting (XSS) (0)
04-19: [webapps] WordPress Plugin Popup Maker 1.16.5 – Stored Cross-Site Scripting (Authenticated) (0)
04-19: [webapps] REDCap 11.3.9 – Stored Cross Site Scripting (0)
04-19: [remote] Verizon 4G LTE Network Extender – Weak Credentials Algorithm (0)
04-18: http://www2.utd2.go.th/readme.txt (0)
04-18: https://education-phatthalungcity.go.th (0)
04-18: http://sikhoraphumcity.go.th/zz.html (0)
04-17: https://office.yst1.go.th/1975.html (0)
04-16: Microsoft HTTP Protocol Stack Denial Of Service (0)
04-16: Backdoor.Win32.MotivFTP.12 Authentication Bypass (0)
04-16: Backdoor.Win32.Prorat.cwx Insecure Permissions (0)
04-16: Backdoor.Win32.Psychward.03.a Weak Hardcoded Password (0)
04-16: HackTool.Win32.IpcScan.c Buffer Overflow (0)
04-16: Backdoor.Win32.Kilo.016 Denial Of Service (0)
04-16: Email-Worm.Win32.Pluto.b Insecure Permissions (0)
04-16: Backdoor.Win32.NinjaSpy.c Authentication Bypass (0)
04-16: Backdoor.Win32.NetCat32.10 Remote Command Execution (0)
04-16: Backdoor.Win32.NetSpy.10 Remote Command Execution (0)
04-16: Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication (0)
04-15: Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication (0)
04-15: REDCap Cross Site Scripting (0)
04-15: Online Car Wash Booking System 1.0 SQL Injection (0)
04-15: Online Car Wash Booking System 1.0 Blind SQL Injection (0)
04-15: Delta Controls enteliTOUCH 3.40.3935 Cross Site Request Forgery (0)
04-15: Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting (0)
04-15: Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure (0)
04-14: https://www.nsw2.go.th/1975.html (0)
04-14: https://nb2.go.th/1975.html (0)
04-14: http://www.chon3.go.th/1975.html (0)
04-14: Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure (0)
04-14: Verizon 4G LTE Network Extender 0.4.038.2131 Weak Credential Algorithm (0)
04-14: Spring4Shell Code Execution (0)
04-14: Microsoft Zero Days, Wormable Bugs Spark Concern (0)
04-13: Spring4Shell Code Execution (0)
04-13: Explore CMS 1.0 SQL Injection (0)
04-13: Easy!Appointments Information Disclosure (0)
04-12: MiniTool Partition Wizard 12.0 Unquoted Service Path (0)
04-12: SAM SUNNY TRIPOWER 5.0 Insecure Direct Object Reference (0)
04-12: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion (0)
04-12: Telesquare TLR-2855KS6 Arbitrary File Creation (0)
04-12: Telesquare TLR-2855KS6 Arbitrary File Deletion (0)
04-12: WordPress LayerSlider Cross Site Scripting (0)
04-12: WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting (0)
04-12: Razer Sila 2.0.418 Local File Inclusion (0)
04-12: Razer Sila 2.0.418 Command Injection (0)
04-12: Razer Sila 2.0.418 Command Injection (0)
04-11: [webapps] Telesquare TLR-2855KS6 – Arbitrary File Deletion (0)
04-11: [webapps] Telesquare TLR-2855KS6 – Arbitrary File Creation (0)
04-11: [remote] Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 – Local File Inclusion (LFI) (0)
04-11: [local] MiniTool Partition Wizard – Unquoted Service Path (0)
04-11: [webapps] SAM SUNNY TRIPOWER 5.0 – Insecure Direct Object Reference (IDOR) (0)
04-09: School Club Application System 1.0 Local File Inclusion (0)
04-09: Online Sports Complex Booking System 1.0 Cross Site Scripting (0)
04-09: WordPress SiteGround Security 1.2.5 Authentication Bypass (0)
04-09: Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure (0)
04-09: PHPGurukul Zoo Management System 1.0 SQL Injection (0)
04-09: AeroCMS 0.0.1 Cross Site Scripting (0)
04-09: Social Codia SMS 1 Cross Site Scripting (0)
04-09: PHPGurukul Zoo Management System 1.0 Shell Upload (0)
04-09: E-Commerce Website 1.0 Shell Upload (0)
04-09: Musical World 1 Shell Upload (0)
04-09: E-Commerce Website 1.1.0 Shell Upload (0)
04-09: Social Codia SMS 1 Shell Upload (0)
04-09: Simple House Rental System 1 Shell Upload (0)
04-09: Car Rental System 1.0 SQL Injection (0)
04-09: Movie Seat Reservation System 1.0 File Disclosure / SQL Injection (0)
04-09: AeroCMS 0.0.1 Shell Upload (0)
04-08: FFS Colibri Controller Module 1.8.19.8580 Directory Traversal (0)
04-08: Backdoor.Win32.FTP.Lana.01.d Hardcoded Credential (0)
04-08: Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle (0)
04-08: CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution (0)
04-08: School Club Application System 1.0 SQL Injection (0)
04-08: Backdoor.Win32.Ptakks.XP.a Insecure Credential Storage (0)
04-08: Backdoor.Win32.Xingdoor Denial Of Service (0)
04-08: Zenario CMS 9.0.54156 Remote Code Execution (0)
04-08: binutils 2.37 Objdump Segmentation Fault (0)
04-08: Opmon 9.11 Cross Site Scripting (0)
04-08: Backdoor.Win32.Wisell Buffer Overflow (0)
04-08: Small HTTP Server 3.06 Remote Buffer Overflow (0)
04-08: Kramer VIAware Remote Code Execution (0)
04-08: Backdoor.Win32.Wisell Remote Command Execution (0)
04-08: WordPress Loco Translate Cross Site Scripting (0)
04-08: WordPress Ad Inserter Cross Site Scripting (0)
04-08: ICEHRM 31.0.0.0S Cross Site Request Forgery (0)
04-08: WordPress Hummingbird Cross Site Scripting (0)
04-08: minewebcms 1.15.2 Cross Site Scripting (0)
04-08: qdPM 9.2 Cross Site Request Forgery (0)
04-08: WordPress UpdraftPlus Cross Site Scripting (0)
04-08: WordPress WP Downgrade Cross Site Scripting (0)
04-08: KLiK Social Media Website 1.0 SQL Injection (0)
04-08: Backdoor.Win32.Verify.h Remote Command Execution (0)
04-08: Backdoor.Win32.XLog.21 Authentication Bypass / Race Condition (0)
04-07: [remote] Opmon 9.11 – Cross-site Scripting (0)
04-07: [local] binutils 2.37 – Objdump Segmentation Fault (0)
04-07: [webapps] Zenario CMS 9.0.54156 – Remote Code Execution (RCE) (Authenticated) (0)
04-07: [webapps] KLiK Social Media Website 1.0 – 'Multiple' SQLi (0)
04-07: [remote] Kramer VIAware – Remote Code Execution (RCE) (Root) (0)
04-07: [webapps] ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Deletion (0)
04-07: [webapps] qdPM 9.2 – Cross-site Request Forgery (CSRF) (0)
04-07: [local] Sherpa Connector Service v2020.2.20328.2050 – Unquoted Service Path (0)
04-07: [webapps] minewebcms 1.15.2 – Cross-site Scripting (XSS) (0)
04-06: SAP Information System 1.0 Shell Upload (0)
04-06: Online Sports Complex Booking System 1.0 SQL Injection (0)
04-06: cmark-gfm Integer overflow (0)
04-06: Bakery Shop Management System 1.0 SQL Injection (0)
04-06: Bakery Shop Management System 1.0 Local File Inclusion (0)
04-06: https://www.kkpho.go.th/planyut/ (0)
04-05: Gadget Store Management System 1.0 Shell Upload (0)
04-05: Online Banquet Booking System 1.0 Cross Site Request Forgery (0)
04-05: Multi Store Inventory Management System 1.0 Information Disclosure (0)
04-05: Multi Store Inventory Management System 1.0 Account Takeover (0)
04-04: ALLMediaServer 1.6 Buffer Overflow (0)
04-04: Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path (0)
04-04: Backdoor.Win32.Wollf.h Remote Command Execution (0)
04-04: Barco Control Room Management Suite Directory Traversal (0)
04-04: Backdoor.Win32.Jokerdoor Hardcoded Credential (0)
04-04: Payroll Management System 1.0 SQL Injection (0)
04-04: Backdoor.Win32.Delf.ps Information Disclosure (0)
04-04: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass (0)
04-04: https://patrol-psd.go.th/v3n.html (0)
04-03: https://mdh.go.th/1975index.html (0)
04-03: https://npte2.go.th/1975index.html (0)
04-02: Apple Rushes Out Patches For Two Zero Days Threatening Users (0)
04-02: Apple Security Advisory 2022-03-31-2 (0)
04-02: Apple Security Advisory 2022-03-31-1 (0)
04-01: Message System 1.0 Cross Site Scripting (0)
04-01: Message System 1.0 SQL Injection (0)
04-01: Medical Hub Directory Site 1.0 SQL Injection (0)
04-01: Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path (0)
04-01: EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path (0)
04-01: Chrome DeserializeFromMessage Validation Issue (0)
04-01: IdeaRE RefTree Shell Upload (0)
04-01: IdeaRE RefTree Path Traversal (0)
04-01: Spring Cloud Function SpEL Injection (0)
04-01: WordPress Uleak Security Dashboard 1.2.3 Cross Site Scripting (0)
04-01: Packet Storm New Exploits For March, 2022 (0)

March 2022 (271)

03-30: Sports Complex Booking System 1.0 Local File Inclusion (0)
03-30: Fingerprint Attendance 1.0 SQL Injection (0)
03-30: Fingerprint Attendance 1.0 Shell Upload (0)
03-30: Fingerprint Attendance 1.0 Account Takeover (0)
03-30: Message System 1.0 Local File Inclusion (0)
03-30: Message System 1.0 Shell Upload (0)
03-30: WordPress Curtain 1.0.2 Cross Site Request Forgery (0)
03-30: WordPress Clipr 1.2.3 Cross Site Scripting (0)
03-30: WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting (0)
03-30: Atom CMS 1.0.2 Shell Upload (0)
03-30: WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion (0)
03-30: WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion (0)
03-30: CSZ CMS 1.2.9 SQL Injection (0)
03-30: Medical Hub Directory Site 1.0 Local File Inclusion (0)
03-30: Medical Hub Directory Site 1.0 Cross Site Scripting (0)
03-30: Medical Hub Directory Site 1.0 Shell Upload (0)
03-30: Medical Hub Directory Site 1.0 SQL Injection (0)
03-30: PostgreSQL 11.7 Remote Code Execution (0)
03-30: Kramer VIAware 2.5.0719.1034 Remote Code Execution (0)
03-30: WordPress CleanTalk 5.173 Cross Site Scripting (0)
03-30: WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting (0)
03-30: Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal (0)
03-30: Chrome safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails Use-After-Free (0)
03-30: [remote] Kramer VIAware 2.5.0719.1034 – Remote Code Execution (RCE) (0)
03-30: [remote] PostgreSQL 9.3-11.7 – Remote Code Execution (RCE) (Authenticated) (0)
03-30: [webapps] CSZ CMS 1.2.9 – 'Multiple' Blind SQLi(Authenticated) (0)
03-30: [webapps] WordPress Plugin video-synchro-pdf 1.7.4 – Local File Inclusion (0)
03-30: [webapps] WordPress Plugin cab-fare-calculator 1.0.3 – Local File Inclusion (0)
03-30: [webapps] WordPress Plugin Curtain 1.0.2 – Cross-site Request Forgery (CSRF) (0)
03-30: [webapps] Atom CMS 2.0 – Remote Code Execution (RCE) (0)
03-30: [webapps] ImpressCMS 1.4.2 – Remote Code Execution (RCE) (0)
03-29: Message System 1.0 Shell Upload (0)
03-29: One Church Management System 1.0 Cross Site Scripting (0)
03-29: Microfinance Management System 1.0 SQL Injection (0)
03-29: One Church Management System 1.0 SQL Injection (0)
03-29: FruityWifi Remote Code Execution (0)
03-29: ALLMediaServer 1.6 Remote Buffer Overflow (0)
03-29: Backdoor.Win32.Cyn.20 Insecure Permissions (0)
03-29: Pay Slip PDF Generator System 1.0 SQL Injection (0)
03-29: Pay Slip PDF Generator System 1.0 Shell Upload (0)
03-29: Backdoor.Win32.Cafeini.b Denial Of Service (0)
03-29: PDF Generator Web App Using TCPDF 1.0 Local File Inclusion (0)
03-29: Microfinance Management System 1.0 Cross Site Scripting (0)
03-29: Backdoor.Win32.Chubo.c Remote Command Execution (0)
03-29: Backdoor.Win32.Chubo.c Cross Site Scripting (0)
03-29: Online Banking System 1.0 SQL Injection (0)
03-29: WordPress Admin Word Count Column 2.2 Local File Inclusion (0)
03-29: Backdoor.Win32.Avstral.e Remote Command Execution (0)
03-29: Royale Event Management System 1.0 Privilege Escalation (0)
03-29: Royale Event Management System 1.0 Cross Site Scripting (0)
03-29: PDF Generator Web Application 1.0 SQL Injection (0)
03-29: Covid-19 Directory On Vaccination System 1.0 SQL Injection (0)
03-29: Covid-19 Directory On Vaccination System 1.0 SQL Injection (0)
03-29: Backdoor.Win32.Cafeini.b Hardcoded Credential (0)
03-29: Razer Synapse 3.6.x DLL Hijacking (0)
03-28: Razer Synapse 3.6.x DLL Hijacking (0)
03-26: RTLO Injection URI Spoofing (0)
03-25: RTLO Injection URI Spoofing (0)
03-25: containerd Image Volume Insecure Handling (0)
03-25: Online Sports Complex Booking System 1.0 Account Takeover (0)
03-25: Online Sports Complex Booking System 1.0 SQL Injection (0)
03-25: Sports Complex Booking System 1.0 Shell Upload (0)
03-25: Foxit PDF Editor (iOS) 11.3.1 Arbitrary File Upload (0)
03-25: Trend Micro Virtual Mobile Infrastructure 6.0.1278 Denial Of Service (0)
03-25: Sports Complex Booking System 1.0 SQL Injection (0)
03-25: Microfinance Management System 1.0 SQL Injection (0)
03-25: Event Management System 1.0 Shell Upload (0)
03-25: http://e-learning.rid.go.th/kz.html (0)
03-24: WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read (0)
03-24: Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting (0)
03-24: WordPress Contact Form 7 5.5.6 Cross Site Scripting (0)
03-24: WordPress Akismet Spam Protection 4.2.2 Cross Site Scripting (0)
03-24: ProtonVPN 1.26.0 Unquoted Service Path (0)
03-24: ImpressCMS 1.4.2 SQL Injection / Remote Code Execution (0)
03-24: Event Management System 1.0 Shell Upload (0)
03-24: http://www.na-khu.go.th/attach_file/1643522665_lisence.txt (0)
03-24: https://khoksanga.go.th/forms_file/6db2c2dc3227a2ff2a652b94fb661f87.txt (0)
03-24: https://www.chaisor.go.th/forms_file/426e821c0353711d536ced779734e5f6.txt (0)
03-24: http://www.silakhonkaen.go.th/sapa_file/1643523403_lisence.txt (0)
03-24: https://www.pordang.go.th/sapa_file/c6ba3e75f31da3729f234e5b6e05bdbe.txt (0)
03-24: https://www.ksk.go.th/forms_file/27fac990cc86a94393fce412b01f0683.txt (0)
03-24: https://www.thaiudom.go.th/forms_file/645201e4087caa162a86146173bf9f21.txt (0)
03-24: https://banthaenlocal.go.th/forms_file/817f62a0e632dd5385414460a56497e9.txt (0)
03-24: https://huaipichai.go.th/forms_file/17e538ffaee4c83152db25dfbcc7e592.txt (0)
03-23: ProtonVPN 1.26.0 Unquoted Service Path (0)
03-23: ImpressCMS 1.4.2 Authentication Bypass (0)
03-23: Sysax FTP Automation 6.9.0 Privilege Escalation (0)
03-23: Backdoor.Win32.Agent.bxxn Open Proxy (0)
03-23: iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution (0)
03-23: Backdoor.Win32.BirdSpy.b Hardcoded Credential (0)
03-23: ICEHRM 31.0.0.0S Cross Site Request Forgery (0)
03-23: ImpressCMS 1.4.2 Path Traversal (0)
03-23: ImpressCMS 1.4.2 Incorrect Access Control (0)
03-23: ImpressCMS 1.4.2 SQL Injection (0)
03-23: [webapps] WordPress Plugin amministrazione-aperta 3.7.3 – Local File Read – Unauthenticated (0)
03-23: [local] ProtonVPN 1.26.0 – Unquoted Service Path (0)
03-22: ImpressCMS 1.4.2 SQL Injection (0)
03-22: SAP Knowledge Warehouse 7.50 / 7.40 / 7.31 / 7.30 Cross Site Scripting (0)
03-22: WordPress iQ Block Country 1.2.13 Arbitrary File Deletion (0)
03-22: Inventory Management System 1.0 Cross Site Scripting (0)
03-22: Inventory Management System 1.0 SQL Injection (0)
03-22: Home Owners Collection Management System 1.0 SQL Injection (0)
03-22: Amazing CD Ripper 1.2 Buffer Overflow (0)
03-22: Xlight FTP 3.9.3.2 Buffer Overflow (0)
03-22: Ivanti Endpoint Manager CSA 4.5 / 4.6 Remote Code Execution (0)
03-22: Poultry Farm Management System 1.0 Shell Upload (0)
03-22: OX App Suite 7.10.5 Cross Site Scripting (0)
03-22: ICT Protege GX/WX 2.08 Cross Site Scripting (0)
03-22: ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure (0)
03-22: [remote] ICT Protege GX/WX 2.08 – Client-Side SHA1 Password Hash Disclosure (0)
03-22: [remote] ICT Protege GX/WX 2.08 – Stored Cross-Site Scripting (XSS) (0)
03-22: [local] Sysax FTP Automation 6.9.0 – Privilege Escalation (0)
03-22: [remote] Ivanti Endpoint Manager 4.6 – Remote Code Execution (RCE) (0)
03-22: [remote] iRZ Mobile Router – CSRF to RCE (0)
03-22: [webapps] ICEHRM 31.0.0.0S – Cross-site Request Forgery (CSRF) to Account Takeover (0)
03-21: [webapps] Wordpress Plugin iQ Block Country 1.2.13 – Arbitrary File Deletion via Zip Slip (Authenticated) (0)
03-19: Simple Mobile Comparison Website 1.0 Cross Site Scripting (0)
03-19: Chrome chrome_pdf::PDFiumEngine::RequestThumbnail Heap Buffer Overflow (0)
03-18: https://bdlh.go.th/noname.html (0)
03-18: BuilderOrcus Insecure Permissions (0)
03-18: BuilderOrcus Insecure Credential Storage (0)
03-18: BuilderPandoraRat.b Insecure Credential Storage (0)
03-18: BuilderTorCTPHPRAT.b Insecure Credential Storage (0)
03-18: BuilderTorCTPHPRAT.b Shell Upload (0)
03-18: BuilderTorCTPHPRAT.b Cross Site Scripting (0)
03-18: BuilderRevengeRAT XML Injection (0)
03-17: Apache APISIX 2.12.1 Remote Code Execution (0)
03-17: Tiny File Manager 2.4.6 Shell Upload (0)
03-17: Hikvision IP Camera Backdoor (0)
03-17: Pluck CMS 4.7.16 Shell Upload (0)
03-17: Moodle 3.11.5 SQL Injection (0)
03-17: Chrome HandleTable::AddDispatchersFromTransit Integer Overflow (0)
03-17: Windows SpoolFool Privilege Escalation (0)
03-16: College Website Management System 1.0 SQL Injection (0)
03-16: Laravel Media Library Pro 2.1.6 Shell Upload (0)
03-16: Apple Security Advisory 2022-03-14-8 (0)
03-16: Apple Security Advisory 2022-03-14-9 (0)
03-16: Apple Security Advisory 2022-03-14-6 (0)
03-16: Apple Security Advisory 2022-03-14-7 (0)
03-16: Apple Security Advisory 2022-03-14-10 (0)
03-16: Apple Security Advisory 2022-03-14-5 (0)
03-16: Apple Security Advisory 2022-03-14-3 (0)
03-16: Apple Security Advisory 2022-03-14-1 (0)
03-16: Apple Security Advisory 2022-03-14-2 (0)
03-16: Apple Security Advisory 2022-03-14-4 (0)
03-16: [remote] Apache APISIX 2.12.1 – Remote Code Execution (RCE) (0)
03-16: [webapps] Tiny File Manager 2.4.6 – Remote Code Execution (RCE) (0)
03-16: [remote] Hikvision IP Camera – Backdoor (0)
03-16: [webapps] Pluck CMS 4.7.16 – Remote Code Execution (RCE) (Authenticated) (0)
03-16: [webapps] Moodle 3.11.5 – SQLi (Authenticated) (0)
03-15: Baixar GLPI Project 9.4.6 SQL Injection (0)
03-15: Insurance Management System 1.0 SQL Injection (0)
03-15: Student Grading System 1.0 SQL Injection (0)
03-15: Automatic Question Paper Generator System 1.0 Insecure Direct Object Reference (0)
03-15: VIVE Runtime Service 1.0.0.4 Unquoted Service Path (0)
03-15: Automatic Question Paper Generator System 1.0 Cross Site Scripting (0)
03-15: RedLine.MainPanel Insecure Permissions (0)
03-15: Hades RAT Web Panel Insecure Credential Storage (0)
03-15: Hades RAT Web Panel Information Disclosure (0)
03-15: Hades RAT Web Panel Cross Site Scripting (0)
03-14: [local] VIVE Runtime Service – 'ViveAgentService' Unquoted Service Path (0)
03-14: [webapps] Baixar GLPI Project 9.4.6 – SQLi (0)
03-12: FLEX 1080/1085 Web 1.6.0 Information Disclosure (0)
03-12: Tdarr 2.00.15 Command Injection (0)
03-12: Employee Performance Evaluation System 1.0 SQL Injection (0)
03-12: Seowon SLR-120 Router Remote Code Execution (0)
03-11: Sony Playmemories Home Unquoted Service Path (0)
03-11: BattlEye 0.9 Unquoted Service Path (0)
03-11: McAfee Safe Connect VPN Unquoted Service Path (0)
03-11: Sandboxie-Plus 5.50.2 Unquoted Service Path (0)
03-11: WOW21 5.0.1.9 Unquoted Service Path (0)
03-11: Siemens S7-1200 4.5 Unauthenticated Access (0)
03-11: Zabbix 5.0.17 Remote Code Execution (0)
03-11: Dirty Pipe Local Privilege Escalation (0)
03-11: [remote] Tdarr 2.00.15 – Command Injection (0)
03-11: [remote] Seowon SLR-120 Router – Remote Code Execution (Unauthenticated) (0)
03-10: Wondershare Dr.Fone 12.0.18 Unquoted Service Path (0)
03-10: Cobian Backup 0.9 Unquoted Service Path (0)
03-10: Webmin 1.984 Remote Code Execution (0)
03-10: Printix Client 1.3.1106.0 Privilege Escalation (0)
03-10: Audio Conversion Wizard 2.01 Buffer Overflow (0)
03-10: DEOS AG OPEN 710/810 Cross Site Scripting (0)
03-10: Chinese APT Zero Days Compromised US State Governments (0)
03-10: [remote] Siemens S7-1200 – Unauthenticated Start/Stop Command (0)
03-10: [local] Sandboxie-Plus 5.50.2 – 'Service SbieSvc' Unquoted Service Path (0)
03-10: [local] McAfee(R) Safe Connect VPN – Unquoted Service Path Elevation Of Privilege (0)
03-10: [local] WOW21 5.0.1.9 – 'Service WOW21_Service' Unquoted Service Path (0)
03-10: [local] Sony playmemories home – 'PMBDeviceInfoProvider' Unquoted Service Path (0)
03-10: [webapps] Zabbix 5.0.17 – Remote Code Execution (RCE) (Authenticated) (0)
03-10: [local] BattlEye 0.9 – 'BEService' Unquoted Service Path (0)
03-09: Dirty Pipe Linux Privilege Escalation (0)
03-09: Dirty Pipe SUID Binary Hijack Privilege Escalation (0)
03-09: http://phon-thong.go.th (0)
03-09: http://www.takdad.go.th (0)
03-09: http://www.nongleng-bk.go.th (0)
03-09: http://www.tohdeng.go.th (0)
03-09: [local] Audio Conversion Wizard v2.01 – Buffer Overflow (0)
03-09: [local] Cobian Backup 0.9 – Unquoted Service Path (0)
03-09: [webapps] Webmin 1.984 – Remote Code Execution (Authenticated) (0)
03-08: Foxit PDF Reader 11.0 Unquoted Service Path (0)
03-08: Malwarebytes 4.5 Unquoted Service Path (0)
03-08: Cloudflare WARP 1.4 Unquoted Service Path (0)
03-08: Matrimony 1.0 SQL Injection (0)
03-08: Loki RAT (Relapse) Directory Traversal / Arbitrary File Deletion (0)
03-08: Private Internet Access 3.3 Unquoted Service Path (0)
03-08: Loki RAT (Relapse) SQL Injection (0)
03-08: part-db 0.5.11 Remote Code Execution (0)
03-08: Spring Cloud Gateway 3.1.0 Remote Code Execution (0)
03-08: Hasura GraphQL 2.2.0 Information Disclosure (0)
03-08: Attendance And Payroll System 1.0 SQL Injection (0)
03-08: Attendance And Payroll System 1.0 Remote Code Execution (0)
03-08: Apache APISIX Remote Code Execution (0)
03-08: http://sangsawang.go.th/kz.html (0)
03-08: http://buayainan.go.th/kz.html (0)
03-08: http://phothonglocal.go.th/kz.html (0)
03-08: http://banchiang.go.th/kz.html (0)
03-08: http://singkok.go.th/kz.html (0)
03-08: http://tungtom.go.th/kz.html (0)
03-08: http://khamkhaen.go.th/kz.html (0)
03-08: http://phanphrao.go.th/kz.html (0)
03-08: http://khaosan.go.th/kz.html (0)
03-08: [local] Linux Kernel 5.8 < 5.16.11 – Local Privilege Escalation (DirtyPipe) (0)
03-07: http://mungtong.go.th/readme.html (0)
03-07: http://nangua.go.th/readme.html (0)
03-07: [local] Foxit PDF Reader 11.0 – Unquoted Service Path (0)
03-07: [local] Cloudflare WARP 1.4 – Unquoted Service Path (0)
03-07: [local] Private Internet Access 3.3 – 'pia-service' Unquoted Service Path (0)
03-07: [webapps] Hasura GraphQL 2.2.0 – Information Disclosure (0)
03-07: [webapps] Attendance and Payroll System v1.0 – Remote Code Execution (RCE) (0)
03-07: [webapps] Attendance and Payroll System v1.0 – SQLi Authentication Bypass (0)
03-07: [webapps] Spring Cloud Gateway 3.1.0 – Remote Code Execution (RCE) (0)
03-07: [webapps] part-db 0.5.11 – Remote Code Execution (RCE) (0)
03-07: [local] Malwarebytes 4.5 – Unquoted Service Path (0)
03-06: https://atsamart.go.th (0)
03-06: http://www.yasothon.go.th/index.php (0)
03-05: Backdoor.Win32.Augudor.a Remote File Write / Code Execution (0)
03-05: Backdoor.Win32.BNLite Buffer Overflow (0)
03-05: Polkit pkexec Privilege Escalation (0)
03-05: Backdoor.Win32.FTP.Nuclear.10 Hardcoded Credential (0)
03-05: Backdoor.Win32.DirectConnection.103 Weak Hardcoded Password (0)
03-05: Backdoor.Win32.BluanWeb Information Disclosure (0)
03-05: Backdoor.Win32.BluanWeb Remote Code Execution (0)
03-05: Backdoor.Win32.BluanWeb Remote Command Execution (0)
03-05: pfSense 2.5.2 Shell Upload (0)
03-05: Backdoor.Win32.RemoteNC.beta4 Remote Command Execution (0)
03-04: Polkit pkexec Local Privilege Escalation (0)
03-03: Printix Client 1.3.1106.0 Remote Code Execution (0)
03-03: Xerte 3.10.3 Directory Traversal (0)
03-03: Xerte 3.9 Remote Code Execution (0)
03-03: Car Driving School Management 1.0 SQL Injection (0)
03-03: Prowise Reflect 1.0.9 Remote Keystroke Injection (0)
03-03: Zyxel ZyWALL 2 Plus Cross Site Scripting (0)
03-03: http://suratpeo.go.th/boy.html (0)
03-02: http://www.krabi.go.th/kt.html (0)
03-02: Rufus 3.17.1846 DLL Hijacking (0)
03-02: Firefox MCallGetProperty Write Side Effects Use-After-Free (0)
03-02: Packet Storm New Exploits For February, 2022 (0)
03-02: [remote] Printix Client 1.3.1106.0 – Remote Code Execution (RCE) (0)
03-02: [webapps] Zyxel ZyWALL 2 Plus Internet Security Appliance – Cross-Site Scripting (XSS) (0)
03-02: [remote] Prowise Reflect v1.0.9 – Remote Keystroke Injection (0)
03-02: [webapps] Xerte 3.9 – Remote Code Execution (RCE) (Authenticated) (0)
03-02: [webapps] Xerte 3.10.3 – Directory Traversal (Authenticated) (0)
03-01: Cobian Reflector 0.9.93 RC1 Denial Of Service (0)
03-01: Cobian Backup 11 Gravity 11.2.0.582 Denial Of Service (0)
03-01: Cobian Backup Gravity 11.2.0.582 Unquoted Service Path (0)
03-01: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation (0)
03-01: Cipi Control Panel 3.1.15 Cross Site Scripting (0)
03-01: Casdoor 1.13.0 SQL Injection (0)
03-01: Hikvision IP Camera Unauthenticated Command Injection (0)
03-01: Axis IP Camera Shell Upload (0)
03-01: Win32k ConsoleControl Offset Confusion / Privilege Escalation (0)

February 2022 (254)

02-28: [remote] WAGO 750-8212 PFC200 G2 2ETH RS – Privilege Escalation (0)
02-28: [local] Cobian Backup Gravity 11.2.0.582 – 'CobianBackup11' Unquoted Service Path (0)
02-28: [local] Cobian Backup 11 Gravity 11.2.0.582 – 'Password' Denial of Service (PoC) (0)
02-28: [local] Cobian Reflector 0.9.93 RC1 – 'Password' Denial of Service (PoC) (0)
02-28: [webapps] Cipi Control Panel 3.1.15 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
02-28: [webapps] Casdoor 1.13.0 – SQL Injection (Unauthenticated) (0)
02-26: Dahua ToolBox 1.010.0000000.0 DLL Hijacking (0)
02-26: Technitium Installer 4.4 DLL Hijacking (0)
02-26: WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting (0)
02-26: Bank Management System 1.0 SQL Injection (0)
02-26: Microsoft Exchange Server Remote Code Execution (0)
02-25: Wondershare MirrorGo 2.0.11.346 Insecure File Permissions (0)
02-25: Simple Mobile Comparison Website 1.0 SQL Injection (0)
02-24: Backdoor.Win32.Acropolis.10 Insecure Permissions (0)
02-24: Adobe ColdFusion 11 Remote Code Execution (0)
02-24: aaPanel 6.8.21 Directory Traversal (0)
02-24: Backdoor.Win32.FTP.Ics Man-In-The-Middle (0)
02-24: WebHMI 4.1 Cross Site Scripting (0)
02-24: WebHMI 4.1.1 Remote Code Execution (0)
02-24: Backdoor.Win32.FTP.Ics Authentication Bypass / Code Execution (0)
02-24: Microweber CMS 1.2.10 Local File Inclusion (0)
02-24: Backdoor.Win32.FTP.Ics Remote Command Execution (0)
02-24: [local] Wondershare MirrorGo 2.0.11.346 – Insecure File Permissions (0)
02-23: Trojan.Win32.Cosmu.abix Insecure Permissions (0)
02-23: Air Cargo Management System 1.0 SQL Injection (0)
02-23: WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting (0)
02-23: Backdoor.Win32.Agent.baol Insecure Permissions (0)
02-23: Agirhnet 1.0 Cross Site Scripting (0)
02-23: Backdoor.Win32.Dsocks.10 Hardcoded Password (0)
02-23: ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification (0)
02-23: [webapps] Student Record System 1.0 – 'cid' SQLi (Authenticated) (0)
02-23: [webapps] aaPanel 6.8.21 – Directory Traversal (Authenticated) (0)
02-23: [webapps] Air Cargo Management System v1.0 – SQLi (0)
02-23: [remote] Adobe ColdFusion 11 – LDAP Java Object Deserialization Remode Code Execution (RCE) (0)
02-23: [webapps] Simple Real Estate Portal System 1.0 – 'id' SQLi (0)
02-22: Cab Management System 1.0 Remote Code Execution (0)
02-22: Cab Management System 1.0 SQL Injection (0)
02-22: Microsoft Gaming Services 2.52.13001.0 Unquoted Service Path (0)
02-22: HMA VPN 5.3 Unquoted Service Path (0)
02-22: Auto Spare Parts Management 1.0 SQL Injection (0)
02-22: Thinfinity VirtualUI 2.5.41.0 IFRAME Injection (0)
02-22: Thinfinity VirtualUI 2.5.26.2 Information Disclosure (0)
02-22: WordPress WP User Frontend 3.5.25 SQL Injection (0)
02-22: WordPress Perfect Survey 1.5.1 SQL Injection (0)
02-22: FileCloud 21.2 Cross Site Request Forgery (0)
02-22: Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion (0)
02-22: Microweber 1.2.11 Shell Upload (0)
02-22: Simple Real Estate Portal System 1.0 SQL Injection (0)
02-22: Cyclades Serial Console Server 3.3.0 Privilege Escalation (0)
02-22: Chrome RenderFrameHostImpl Use-After-Free (0)
02-22: https://www.dannok.go.th/kz.html (0)
02-21: [webapps] Thinfinity VirtualUI 2.5.26.2 – Information Disclosure (0)
02-21: [webapps] Cab Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
02-21: [webapps] Microweber 1.2.11 – Remote Code Execution (RCE) (Authenticated) (0)
02-21: [webapps] Cab Management System 1.0 – 'id' SQLi (Authenticated) (0)
02-21: [local] HMA VPN 5.3 – Unquoted Service Path (0)
02-21: [webapps] WordPress Plugin Perfect Survey – 1.5.1 – SQLi (Unauthenticated) (0)
02-21: [webapps] Thinfinity VirtualUI 2.5.41.0 – IFRAME Injection (0)
02-19: Wondershare UBackit 2.0.5 Unquoted Service Path (0)
02-19: Wondershare FamiSafe 1.0 Unquoted Service Path (0)
02-19: Wondershare MobileTrans 3.5.9 Unquoted Service Path (0)
02-19: Wondershare Dr.Fone 11.4.9 Unquoted Service Path (0)
02-19: Connectify Hotspot 2018 Unquoted Service Path (0)
02-19: Intel Management Engine Components 6.0.0.1189 Unquoted Service Path (0)
02-19: File Santizer For HP ProtectTools 5.0.1.3 Unquoted Service Path (0)
02-19: Bluetooth Application 5.4.277 Unquoted Service Path (0)
02-19: TOSHIBA DVD PLAYER Navi Support Service 1.00.0000 Unquoted Service Path (0)
02-19: Cosmetics And Beauty Product Online Store 1.0 Cross Site Scripting (0)
02-19: Cosmetics And Beauty Product Online Store 1.0 SQL Injection (0)
02-19: Hotel Druid 3.0.3 Remote Code Execution (0)
02-19: Fortinet Fortimail 7.0.1 Cross Site Scripting (0)
02-19: WordPress dzs-zoomsounds 6.60 Shell Upload (0)
02-19: WordPress MasterStudy LMS 2.7.5 Account Creation (0)
02-18: Telegram Android 8.4.4 Denial Of Service (0)
02-18: Backdoor.Win32.Zombam.b Buffer Overflow (0)
02-18: Backdoor.Win32.Zombam.b Information Disclosure (0)
02-18: Car Portal Template Cross Site Scripting (0)
02-18: Backdoor.Win32.Zombam.b Cross Site Scripting (0)
02-18: Backdoor.Win32.Prorat.lkt Weak Hardcoded Password (0)
02-18: Vicidial 2.14-783a SQL Injection (0)
02-18: Email-Worm.Win32.Lama Insecure Permissions (0)
02-18: MartFury Marketplace Cross Site Scripting (0)
02-18: Backdoor.Win32.Prosti.b Insecure Permissions (0)
02-18: Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder Insecure Permissions (0)
02-18: Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control (0)
02-18: [webapps] WordPress Plugin dzs-zoomsounds 6.60 – Remote Code Execution (RCE) (Unauthenticated) (0)
02-18: [webapps] WordPress Plugin MasterStudy LMS 2.7.5 – Unauthenticated Admin Account Creation (0)
02-18: [local] File Sanitizer for HP ProtectTools 5.0.1.3 – 'HPFSService' Unquoted Service Path (0)
02-18: [local] Connectify Hotspot 2018 'ConnectifyService' – Unquoted Service Path (0)
02-18: [webapps] Hotel Druid 3.0.3 – Remote Code Execution (RCE) (0)
02-18: [local] Wondershare Dr.Fone 11.4.9 – 'DFWSIDService' Unquoted Service Path (0)
02-18: [local] Intel(R) Management Engine Components 6.0.0.1189 – 'LMS' Unquoted Service Path (0)
02-18: [local] Bluetooth Application 5.4.277 – 'BlueSoleilCS' Unquoted Service Path (0)
02-18: [local] TOSHIBA DVD PLAYER Navi Support Service – 'TNaviSrv' Unquoted Service Path (0)
02-18: [local] Wondershare UBackit 2.0.5 – 'wsbackup' Unquoted Service Path (0)
02-18: [webapps] Fortinet Fortimail 7.0.1 – Reflected Cross-Site Scripting (XSS) (0)
02-18: [local] Wondershare MobileTrans 3.5.9 – 'ElevationService' Unquoted Service Path (0)
02-18: [local] Wondershare FamiSafe 1.0 – 'FSService' Unquoted Service Path (0)
02-17: WordPress Error Log Viewer 1.1.1 Arbitrary File Deletion (0)
02-17: Emerson PAC Machine Edition 9.80 Build 8695 Unquoted Service Path (0)
02-17: ServiceNow Orlando Username Enumeration (0)
02-17: Medical Store Management System 1.0 SQL Injection (0)
02-17: Simple Student Quarterly Result / Grade System 1.0 SQL Injection (0)
02-17: Google Play Protect 22.4.25 Detection Bypass (0)
02-17: Multi-Vendor Online Groceries Management System 1.0 SQL Injection (0)
02-17: Ignition Remote Code Execution (0)
02-17: TeamSpeak 3.5.6 Insecure File Permissions (0)
02-17: Network Video Recorder NVR304-16EP Cross Site Scripting (0)
02-17: Tiny File Manager 2.4.3 Shell Upload (0)
02-17: http://healthnmd.nmd.go.th/wh.html (0)
02-17: http://hwd.nmd.go.th/wh.html (0)
02-17: http://knowledge.nmd.go.th/wh.html (0)
02-17: http://mssd.nmd.go.th/wh.html (0)
02-17: http://navylady.nmd.go.th/wh.html (0)
02-17: http://phisweb.nmd.go.th/wh.html (0)
02-17: http://person.nmd.go.th/wh.html (0)
02-17: http://pmqa.nmd.go.th/wh.html (0)
02-17: http://strategy.nmd.go.th/wh.html (0)
02-17: http://srknurse.nmd.go.th/wh.html (0)
02-17: http://support.nmd.go.th/wh.html (0)
02-16: [webapps] WordPress Plugin Error Log Viewer 1.1.1 – Arbitrary File Clearing (Authenticated) (0)
02-16: [webapps] Network Video Recorder NVR304-16EP – Reflected Cross-Site Scripting (XSS) (Unauthenticated) (0)
02-16: [local] TeamSpeak 3.5.6 – Insecure File Permissions (0)
02-16: [remote] H3C SSL VPN – Username Enumeration (0)
02-16: [webapps] Simple Student Quarterly Result/Grade System 1.0 – SQLi Authentication Bypass (0)
02-16: [webapps] ServiceNow – Username Enumeration (0)
02-16: [webapps] Multi-Vendor Online Groceries Management System 1.0 – 'id' Blind SQL Injection (0)
02-16: [local] Emerson PAC Machine Edition 9.80 Build 8695 – 'TrapiServer' Unquoted Service Path (0)
02-15: WordPress International SMS For Contact Form 7 Integration 1.2 CSRF (0)
02-15: Slurp 1.10.2 Format String (0)
02-15: Simple Bakery Shop Management System 1.0 SQL Injection (0)
02-15: H3C SSL VPN Username Enumeration (0)
02-15: Nagios XI Autodiscovery Shell Upload (0)
02-15: Patch Now: Adobe Releases Emergency Fix For Exploited Commerce, Magenta Zero Day (0)
02-15: Patch Now: Adobe Releases Emergency Fix For Exploited Commerce, Magenta Zero Day (0)
02-14: https://phapae.go.th (0)
02-13: https://king9.nrct.go.th/0x48.htm (0)
02-12: Kyocera Command Center RX ECOSYS M2035dn Directory Traversal (0)
02-12: Accounting Journal Management System 1.0 SQL Injection (0)
02-12: Subrion CMS 4.2.1 Cross Site Request Forgery (0)
02-12: Nokia Transport Module Authentication Bypass (0)
02-12: SIEMENS-SINEMA Remote Connect 1.0 SP3 HF1 Open Redirection (0)
02-12: Apple Security Advisory 2022-02-10-1 (0)
02-12: Apple Security Advisory 2022-02-10-2 (0)
02-12: Apple Security Advisory 2022-02-10-3 (0)
02-11: Apple Patches Actively Exploited WebKit Zero Day (0)
02-11: WordPress 5.9 Cross Site Scripting (0)
02-11: Cain And Abel 4.9.56 Unquoted Service Path (0)
02-11: WordPress Jetpack 9.1 Cross Site Scripting (0)
02-11: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQL Injection / Code Execution (0)
02-11: WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection (0)
02-11: Hospital Management Startup 1.0 SQL Injection (0)
02-11: WordPress VeronaLabs WP Statistics 13.1.4 SQL Injection (0)
02-11: Home Owners Collection Management System 1.0 SQL Injection (0)
02-11: Home Owners Collection Management System 1.0 Account Takeover (0)
02-11: Home Owners Collection Management System 1.0 Shell Upload (0)
02-11: [webapps] Kyocera Command Center RX ECOSYS M2035dn – Directory Traversal File Disclosure (Unauthenticated) (0)
02-11: [webapps] Accounting Journal Management System 1.0 – 'id' SQLi (Authenticated) (0)
02-11: [webapps] Subrion CMS 4.2.1 – Cross Site Request Forgery (CSRF) (Add Amin) (0)
02-10: Backdoor.Win32.Frauder.jt Insecure Permissions (0)
02-10: Backdoor.Win32.XRat.k Remote Command Execution (0)
02-10: Exam Reviewer Management System 1.0 SQL Injection (0)
02-10: Exam Reviewer Management System 1.0 Shell Upload (0)
02-10: Backdoor.Win32.Prexot.a Man-In-The-Middle (0)
02-10: Backdoor.Win32.Wdoor.11 Remote Command Execution (0)
02-10: Atom CMS 2.0 SQL Injection (0)
02-10: Backdoor.Win32.Prexot.a Authentication Bypass (0)
02-10: Backdoor.Win32.Freddy.2001 Authentication Bypass / Command Execution (0)
02-10: Grandstream GXV31XX settimezone Unauthenticated Command Execution (0)
02-10: [webapps] WordPress Plugin Jetpack 9.1 – Cross Site Scripting (XSS) (0)
02-10: [webapps] WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 – SQL-Injection (Unauthenticated) (0)
02-10: [webapps] Home Owners Collection Management System 1.0 – 'id' Blind SQL Injection (0)
02-10: [webapps] Home Owners Collection Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
02-10: [webapps] Hospital Management Startup 1.0 – 'Multiple' SQLi (0)
02-10: [webapps] Home Owners Collection Management System 1.0 – Account Takeover (Unauthenticated) (0)
02-10: [local] Cain & Abel 4.9.56 – Unquoted Service Path (0)
02-10: [webapps] WordPress Plugin Contact Form Builder 1.6.1 – Cross-Site Scripting (XSS) (0)
02-09: FileBrowser 2.17.2 Code Execution / Cross Site Request Forgery (0)
02-09: WordPress Security Audit 1.0.0 Cross Site Scripting (0)
02-09: WordPress CP Blocks 1.0.14 Cross Site Scripting (0)
02-09: WordPress Contact Form Builder 1.6.1 Cross Site Scripting (0)
02-09: Hotel Reservation System 1.0 SQL Injection (0)
02-09: WordPress Simple Job Board 2.9.3 Local File Inclusion (0)
02-09: Wing FTP Server 4.3.8 Remote Code Execution (0)
02-09: PHP Everywhere 2.0.3 Remote Code Execution (0)
02-09: Strapi CMS 3.0.0-beta.17.4 Privilege Escalation (0)
02-09: QEMU Monitor HMP migrate Command Execution (0)
02-09: [webapps] AtomCMS v2.0 – SQLi (0)
02-09: [webapps] Exam Reviewer Management System 1.0 – Remote Code Execution (RCE) (Authenticated) (0)
02-09: [webapps] Exam Reviewer Management System 1.0 – ‘id’ SQL Injection (0)
02-08: Chrome storage::BlobBuilderFromStream Uninitializaed On-Stack Pointer (0)
02-08: Backdoor.Win32.Small.er Code Execution (0)
02-08: Hospital Management System 4.0 SQL Injection (0)
02-08: WordPress International SMS For Contact Form 7 Integration 1.2 XSS (0)
02-08: [webapps] Wordpress Plugin Simple Job Board 2.9.3 – Local File Inclusion (0)
02-08: [remote] Wing FTP Server 4.3.8 – Remote Code Execution (RCE) (Authenticated) (0)
02-08: [webapps] WordPress Plugin International Sms For Contact Form 7 Integration V1.2 – Cross Site Scripting (XSS) (0)
02-08: [webapps] Hospital Management System 4.0 – 'multiple' SQL Injection (0)
02-08: [webapps] FileBrowser 2.17.2 – Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE) (0)
02-08: [webapps] Hotel Reservation System 1.0 – SQLi (Unauthenticated) (0)
02-08: [webapps] Strapi CMS 3.0.0-beta.17.4 – Set Password (Unauthenticated) (Metasploit) (0)
02-05: WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting (0)
02-05: FLAME II MODEM USB Unquoted Service Path (0)
02-05: Servisnet Tessa Authentication Bypass (0)
02-05: Servisnet Tessa MQTT Credential Disclosure (0)
02-05: WBCE CMS 1.5.2 Remote Code Execution (0)
02-05: Servisnet Tessa Privilege Escalation (0)
02-05: WAGO 750-8xxx PLC Denial Of Service / User Enumeration (0)
02-05: Korenix Technology JetWave CSRF / Command Injection / Missing Authentication (0)
02-05: Voltage SecureMail Server Business Logic Bypass (0)
02-05: Shopmetrics Mystery Shopping Software Broken Access Control / XSS (0)
02-04: Feberr 12.7 Shell Upload (0)
02-04: Vivellio 1.2.1 User Account Enumeration (0)
02-04: [webapps] Servisnet Tessa – Add sysAdmin User (Unauthenticated) (Metasploit) (0)
02-04: [webapps] Servisnet Tessa – Privilege Escalation (Metasploit) (0)
02-04: [webapps] WordPress Plugin IP2Location Country Blocker 2.26.7 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
02-04: [local] FLAME II MODEM USB – Unquoted Service Path (0)
02-04: [webapps] WBCE CMS 1.5.2 – Remote Code Execution (RCE) (Authenticated) (0)
02-04: [webapps] Servisnet Tessa – MQTT Credentials Dump (Unauthenticated) (Metasploit) (0)
02-03: CONTPAQi AdminPAQ 14.0.0 Unquoted Service Path (0)
02-03: WordPress 404 To 301 2.0.2 SQL Injection (0)
02-03: WordPress Post Grid 2.1.1 Cross Site Scripting (0)
02-03: WordPress Product Slider For WooCommerce 1.13.21 Cross Site Scripting (0)
02-03: Chamilo LMS 1.11.14 Cross Site Scripting / Account Takeover (0)
02-03: WordPress Download Monitor WordPress 4.4.4 SQL Injection (0)
02-03: Backdoor.Win32.Wollf.m Weak Hardcoded Password (0)
02-03: WordPress Domain Check 1.0.16 Cross Site Scripting (0)
02-03: PHP Unit 4.8.28 Remote Code Execution (0)
02-03: WordPress Contact Form Check Tester 1.0.2 XSS / Access Control (0)
02-03: Mozilla Firefox 67 Array.pop JIT Type Confusion (0)
02-03: PHP Restaurants 1.0 SQL Injection (0)
02-03: Backdoor.Win32.Zxman Code Execution (0)
02-03: Moodle 3.11.4 SQL Injection (0)
02-03: Huawei DG8045 Router 1.0 Credential Disclosure (0)
02-03: Backdoor.Win32.Small.bu Remote Command Execution (0)
02-03: WordPress Learnpress 4.1.4.1 Arbitrary Image Renaming (0)
02-02: Cisco Small Business RV Series Authentication Bypass / Command Injection (0)
02-02: Packet Storm New Exploits For January, 2022 (0)
02-02: [webapps] Moodle 3.11.4 – SQL Injection (0)
02-02: [webapps] Wordpress Plugin 404 to 301 2.0.2 – SQL-Injection (Authenticated) (0)
02-02: [webapps] WordPress Plugin Domain Check 1.0.16 – Reflected Cross-Site Scripting (XSS) (Authenticated) (0)
02-02: [local] CONTPAQi(R) AdminPAQ 14.0.0 – Unquoted Service Path (0)
02-02: [local] Mozilla Firefox 67 – Array.pop JIT Type Confusion (0)
02-01: HackTool.Win32.Muzzer.a Buffer Overflow (0)
02-01: Backdoor.Win32.Tiny.c Code Execution (0)
02-01: Moxa TN-5900 Firmware Upgrade Checksum Validation (0)
02-01: Moxa TN-5900 Post Authentication Command Injection (0)
02-01: Apple Security Advisory 2022-01-26-1 (0)
02-01: Apple Security Advisory 2022-01-26-2 (0)
02-01: Apple Security Advisory 2022-01-26-3 (0)
02-01: Apple Security Advisory 2022-01-26-4 (0)
02-01: Apple Security Advisory 2022-01-26-5 (0)
02-01: Apple Security Advisory 2022-01-26-6 (0)
02-01: Apple Security Advisory 2022-01-26-7 (0)

January 2022 (216)

01-29: Fetch Softworks Fetch FTP Client 5.8 Denial Of Service (0)
01-28: WordPress Mortgage Calculators WP 1.52 Cross Site Scripting (0)
01-28: Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion (0)
01-28: PolicyKit-1 0.105-31 Privilege Escalation (0)
01-28: WordPress Modern Events Calendar 6.1 SQL Injection (0)
01-28: WordPress RegistrationMagic V 5.0.1.5 SQL Injection (0)
01-27: Apple Fixes 2 Zero-Day Security Bugs, One Exploited In the Wild (0)
01-27: Polkit pkexec CVE-2021-4034 Local Root (0)
01-27: Backdoor.Win32.WinShell.50 Weak Hardcoded Password (0)
01-27: Polkit pkexec CVE-2021-4034 Proof Of Concept (0)
01-27: Polkit pkexec CVE-2021-4034 Local Root (0)
01-27: Linux Kernel Slab Out-Of-Bounds Write (0)
01-27: Linux Kernel Slab Out-Of-Bounds Write (0)
01-27: [remote] Oracle WebLogic Server 14.1.1.0.0 – Local File Inclusion (0)
01-27: [webapps] WordPress Plugin Modern Events Calendar V 6.1 – SQL Injection (Unauthenticated) (0)
01-27: [webapps] WordPress Plugin RegistrationMagic V 5.0.1.5 – SQL Injection (Authenticated) (0)
01-27: [webapps] WordPress Plugin Mortgage Calculators WP 1.52 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
01-26: TYPO3 femanager 6.3.0 Cross Site Scripting (0)
01-26: H2 Database Console Remote Code Execution (0)
01-26: Online Project Time Management System 1.0 Cross Site Scripting (0)
01-26: Backdoor.Win32.Agent.uq Insecure Permissions (0)
01-26: Backdoor.Win32.FTP99 Authentication Bypass (0)
01-26: Backdoor.Win32.FTP99 Man-In-The-Middle (0)
01-26: PHPIPAM 1.4.4 SQL Injection (0)
01-26: WebACMS 2.1.0 Cross Site Scripting (0)
01-26: Backdoor.Win32.Hanuman.b Code Execution (0)
01-26: Backdoor.Win32.FTP.Lana.01.d Weak Hardcoded Password (0)
01-26: Online Project Time Management System 1.0 SQL Injection (0)
01-26: Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle (0)
01-26: Ametys CMS 4.4.1 Cross Site Scripting (0)
01-26: Backdoor.Win32.DRA.c Weak Hardcoded Password (0)
01-26: CosaNostra Builder Insecure Permissions (0)
01-26: Xerox Versalink Denial Of Service (0)
01-26: CosaNostra Builder WebPanel Insecure Cryptographic Storage (0)
01-26: FAUST iServer 9.0.018.018.4 Local File Inclusion (0)
01-26: uBidAuction 2.0.1 Cross Site Scripting (0)
01-26: CosaNostra Builder WebPanel Cross Site Request Forgery (0)
01-26: Ethercreative Logs 3.0.3 Path Traversal (0)
01-26: Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution (0)
01-25: XNU Kernel mach_msg Use-After-Free (0)
01-25: UniFi Network Application Unauthenticated Log4Shell Remote Code Execution (0)
01-25: [webapps] PHPIPAM 1.4.4 – SQLi (Authenticated) (0)
01-25: [webapps] Online Project Time Management System 1.0 – Multiple Stored Cross Site Scripting (XSS) (Authenticated) (0)
01-25: [webapps] Online Project Time Management System 1.0 – SQLi (Authenticated) (0)
01-24: [webapps] Landa Driving School Management System 2.0.1 – Arbitrary File Upload (0)
01-22: Online Project Time Management 1.0 SQL Injection (0)
01-22: Banco Guayaquil 8.0.0 Cross Site Scripting (0)
01-22: Backdoor.Win32.Wollf.16 Authentication Bypass (0)
01-22: Backdoor.Win32.Wollf.16 Hardcoded Credential (0)
01-21: VulturiBuilder Insecure Permissions (0)
01-21: CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage (0)
01-21: CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle (0)
01-21: Backdoor.Win32.Wisell Remote Command Execution (0)
01-21: Ransomware Builder Babuk Insecure Permissions (0)
01-21: VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution (0)
01-21: Grandstream GXV3175 Unauthenticated Command Execution (0)
01-20: WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting (0)
01-19: Nyron 1.0 SQL Injection (0)
01-19: Simple Chatbot Application 1.0 SQL Injection (0)
01-19: Simple Chatbot Application 1.0 Shell Upload (0)
01-19: Online Resort Management System 1.0 SQL Injection (0)
01-19: Landa Driving School Management System 2.0.1 Arbitrary File Upload (0)
01-19: Archeevo 5.0 Local File Inclusion (0)
01-19: [webapps] Affiliate Pro 1.7 – 'Multiple' Cross Site Scripting (XSS) (0)
01-19: [webapps] Rocket LMS 1.1 – Persistent Cross Site Scripting (XSS) (0)
01-19: [webapps] uDoctorAppointment v2.1.1 – 'Multiple' Cross Site Scripting (XSS) (0)
01-18: Worktime 10.20 Build 4967 DLL Hijacking (0)
01-18: Worktime 10.20 Build 4967 Unquoted Service Path (0)
01-18: HTTP Protocol Stack Denial Of Service / Remote Code Execution (0)
01-18: Cisco IP Phone Cleartext Password Storage (0)
01-18: Ab Stealer Web Panel Cross Site Scripting (0)
01-18: Win32.MarsStealer Web Panel Information Disclosure (0)
01-18: SB Admin Cross Site Request Forgery / SQL Injection (0)
01-18: Win32.MarsStealer Web Panel Cross Site Scripting (0)
01-18: Win32.MarsStealer Web Panel Unauthenticated Remote Data Deletion (0)
01-18: OpenBMCS 2.4 Cross Site Request Forgery (0)
01-18: Chaos Ransomware Builder 4 Insecure Permissions (0)
01-18: OpenBMCS 2.4 SQL Injection (0)
01-18: OpenBMCS 2.4 Remote Privilege Escalation (0)
01-18: AgentTesla Builder Web Panel Cross Site Scripting (0)
01-18: AgentTesla Builder Web Panel SQL Injection (0)
01-18: OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery (0)
01-18: OpenBMCS 2.4 Secret Disclosure (0)
01-18: [webapps] OpenBMCS 2.4 – Cross Site Request Forgery (CSRF) (0)
01-18: [webapps] Simple Chatbot Application 1.0 – 'message' Blind SQLi (0)
01-18: [webapps] Simple Chatbot Application 1.0 – Remote Code Execution (RCE) (0)
01-18: [webapps] OpenBMCS 2.4 – Information Disclosure (0)
01-18: [webapps] OpenBMCS 2.4 – Create Admin / Remote Privilege Escalation (0)
01-18: [webapps] OpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated) (0)
01-18: [webapps] OpenBMCS 2.4 – SQLi (Authenticated) (0)
01-18: [webapps] Online Resort Management System 1.0 – SQLi (Authenticated) (0)
01-18: [local] WorkTime 10.20 Build 4967 – Unquoted Service Path (0)
01-18: [remote] Archeevo 5.0 – Local File Inclusion (0)
01-14: Microsoft Windows EFSRPC Arbitrary File Upload / Privilege Escalation (0)
01-14: Chrome IPC::ChannelAssociatedGroupController Memory Corruption (0)
01-14: SonicWall SMA 100 Series Authenticated Command Injection (0)
01-14: Apple Security Advisory 2022-01-12-1 (0)
01-14: Apple ColorSync Out-Of-Bounds Read (0)
01-13: RLM 14.2 Cross Site Scripting (0)
01-13: Online Diagnostic Lab Management System 1.0 Missing Access Control (0)
01-13: Online Diagnostic Lab Management System 1.0 Cross Site Scripting (0)
01-13: Online Diagnostic Lab Management System 1.0 SQL Injection (0)
01-13: WordPress Frontend Uploader 1.3.2 Cross Site Scripting (0)
01-13: Libstagefright Heap Out-Of-Bounds Write (0)
01-13: Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure (0)
01-13: Log4Shell HTTP Header Injection (0)
01-13: Microsoft Starts 2022 With Big Bundle Fixes For 96 Security Bugs In Its Software (0)
01-13: [webapps] WordPress Core 5.8.2 – 'WP_Query' SQL Injection (0)
01-13: [webapps] Online Diagnostic Lab Management System 1.0 – Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Online Diagnostic Lab Management System 1.0 – Account Takeover (Unauthenticated) (0)
01-13: [webapps] SalonERP 3.0.1 – 'sql' SQL Injection (Authenticated) (0)
01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'room_list' Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'doctors' Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Hospitals Patient Records Management System 1.0 – 'room_types' Stored Cross Site Scripting (XSS) (0)
01-13: [webapps] Online Diagnostic Lab Management System 1.0 – SQL Injection (Unauthenticated) (0)
01-12: Microsoft Starts 2022 With Big Bundle Fixes For 96 Security Bugs In Its Software (0)
01-12: Microsoft Windows .Reg File Dialog Spoofing / Mitigation Bypass (0)
01-12: Microsoft Windows Defender / Detection Bypass (0)
01-12: Backdoor.Win32.Controlit.10 Code Execution (0)
01-12: [webapps] WordPress Plugin Frontend Uploader 1.3.2 – Stored Cross Site Scripting (XSS) (Unauthenticated) (0)
01-12: [local] Microsoft Windows Defender – Detections Bypass (0)
01-12: [local] Microsoft Windows .Reg File – Dialog Spoof / Mitigation Bypass (0)
01-11: CoreFTP Server Build 725 Directory Traversal (0)
01-11: VUPlayer 2.49 Buffer Overflow (0)
01-11: Online Railway Reservation System 1.0 Cross Site Scripting (0)
01-11: Online Railway Reservation System 1.0 Missing Access Control (0)
01-11: Online Railway Reservation System 1.0 Remote Code Execution (0)
01-11: Online Railway Reservation System 1.0 SQL Injection (0)
01-11: Online Resort Management System 1.0 SQL Injection (0)
01-11: Online Examination System Project 1.0 SQL Injection (0)
01-11: HTTP Commander 3.1.9 Cross Site Scripting (0)
01-11: WordPress Contact Form Entries Cross Site Scripting (0)
01-11: Open-AudIT Community 4.2.0 Cross Site Scripting (0)
01-11: Linux Garbage Collection Memory Corruption (0)
01-10: [local] VUPlayer 2.49 – '.wax' Local Buffer Overflow (DEP Bypass) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated) (0)
01-10: [webapps] HTTP Commander 3.1.9 – Stored Cross Site Scripting (XSS) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
01-10: [webapps] Online Railway Reservation System 1.0 – 'id' SQL Injection (Unauthenticated) (0)
01-08: Online Veterinary Appointment System 1.0 SQL Injection (0)
01-08: Chrome storage::BlobURLStoreImpl::Revoke Heap Use-After-Free (0)
01-08: Microsoft Windows SMB Direct Session Takeover (0)
01-08: Google Project Zero 0-Days Exploited In-The-Wild (0)
01-07: Backdoor.Win32.Jtram.a Insecure Credential Storage (0)
01-07: Backdoor.Win32.Dsklite.a Denial Of Service (0)
01-07: Simple Music Cloud Community System 1.0 SQL Injection (0)
01-07: Backdoor.Win32.Jtram.a Man-In-The-Middle (0)
01-07: Backdoor.Win32.SVC Buffer Overflow (0)
01-07: XNU inm_merge Heap Use-After-Free (0)
01-07: Backdoor.Win32.Dsklite.a Insecure Transit (0)
01-07: Backdoor.Win32.SubSeven.c Buffer Overflow (0)
01-07: Backdoor.Win32.SVC Directory Traversal (0)
01-07: [webapps] Online Veterinary Appointment System 1.0 – 'Multiple' SQL Injection (0)
01-06: Movie Rating System 1.0 Broken Access Control (0)
01-06: Movie Rating System 1.0 SQL Injection / Code Execution (0)
01-06: Nettmp NNT 5.1 SQL Injection (0)
01-06: Safari Montage 8.5 Cross Site Scripting (0)
01-06: RiteCMS 3.1.0 Arbitrary File Deletion (0)
01-06: RiteCMS 3.1.0 Arbitrary File Overwrite (0)
01-06: cWifi Hotspot Wireless CP Code Execution (0)
01-06: Virtual Airline Manager 2.6.2 SQL Injection (0)
01-06: AWebServer GhostBuilding 18 Denial Of Service (0)
01-06: Easy Cart Shopping Cart 2021 Cross Site Scripting (0)
01-06: Hospitals Patient Records Management System 1.0 SQL Injection (0)
01-06: Vodafone H-500-s 3.5.10 WiFi Password Disclosure (0)
01-06: Automox Agent 32 Local Privilege Escalation (0)
01-06: uDoctorAppointment 2.1.1 Cross Site Scripting (0)
01-06: WordPress AAWP 3.16 Cross Site Scripting (0)
01-06: Hospitals Patient Records Management System 1.0 Account TakeOver (0)
01-06: Online Admission System 1.0 Remote Code Execution (0)
01-06: openSIS Student Information System 8.0 SQL Injection (0)
01-06: Rocket LMS 1.1 Cross Site Scripting (0)
01-06: TermTalk Server 3.24.0.2 Arbitrary File Read (0)
01-06: Hostel Management System 2.1 Cross Site Scripting (0)
01-06: Affiliate Pro 1.7 Cross Site Scripting (0)
01-06: Gerapy 0.9.7 Remote Code Execution (0)
01-06: Dixell XWEB 500 Arbitrary File Write (0)
01-06: WordPress Catch Themes Demo Import Shell Upload (0)
01-05: Projeqtor 9.3.1 Cross Site Scripting (0)
01-05: [webapps] Virtual Airlines Manager 2.6.2 – 'multiple' SQL Injection (0)
01-05: [webapps] Movie Rating System 1.0 – SQLi to RCE (Unauthenticated) (0)
01-05: [webapps] Online Admission System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
01-05: [local] TRIGONE Remote System Monitor 3.61 – Unquoted Service Path (0)
01-05: [webapps] BeyondTrust Remote Support 6.0 – Reflected Cross-Site Scripting (XSS) (Unauthenticated) (0)
01-05: [webapps] Hospitals Patient Records Management System 1.0 – Account TakeOver (0)
01-05: [remote] AWebServer GhostBuilding 18 – Denial of Service (DoS) (0)
01-05: [webapps] Hospitals Patient Records Management System 1.0 – 'id' SQL Injection (Authenticated) (0)
01-05: [webapps] Nettmp NNT 5.1 – SQLi Authentication Bypass (0)
01-05: [webapps] Hostel Management System 2.1 – Cross Site Scripting (XSS) (0)
01-05: [webapps] Library System in PHP 1.0 – 'publisher name' Stored Cross-Site Scripting (XSS) (0)
01-05: [webapps] SAFARI Montage 8.5 – Reflected Cross Site Scripting (XSS) (0)
01-05: [webapps] WordPress Plugin The True Ranker 2.2.2 – Arbitrary File Read (Unauthenticated) (0)
01-05: [remote] ConnectWise Control 19.2.24707 – Username Enumeration (0)
01-05: [webapps] RiteCMS 3.1.0 – Remote Code Execution (RCE) (Authenticated) (0)
01-05: [webapps] RiteCMS 3.1.0 – Arbitrary File Deletion (Authenticated) (0)
01-05: [webapps] RiteCMS 3.1.0 – Arbitrary File Overwrite (Authenticated) (0)
01-05: [webapps] CMSimple 5.4 – Cross Site Scripting (XSS) (0)
01-05: [webapps] WordPress Plugin Contact Form Entries 1.1.6 – Cross Site Scripting (XSS) (Unauthenticated) (0)
01-05: [dos] Siemens S7 Layer 2 – Denial of Service (DoS) (0)
01-04: Computer And Mobile Repair Shop Management 1.0 SQL Injection (0)
01-04: TRIGONE Remote System Monitor 3.61 Unquoted Service Path (0)
01-04: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
01-04: Backdoor.Win32.Wollf.m Weak Hardcoded Password (0)
01-04: Backdoor.Win32.Wollf.m Authentication Bypass (0)
01-04: BeyondTrust Remote Support 6.0 Cross Site Scripting (0)
01-04: Backdoor.Win32.Fantador Insecure Password Storage (0)
01-04: Backdoor.Win32.Fantador Denial Of Service (0)
01-04: Backdoor.Win32.Skrat Insecure Password Storage (0)
01-04: Backdoor.Win32.SilentSpy.10 Authentication Bypass / Command Execution (0)
01-04: WordPress CRM Form Entries Cross Site Scripting (0)
01-04: Backdoor.Win32.SilentSpy.10 Authentication Race Condition (0)
01-04: Zoom Chat Message Processing Buffer Overflow (0)
01-04: Zoom MMR Server Information Leak (0)
01-02: Packet Storm New Exploits For December, 2021 (0)
01-02: Packet Storm New Exploits For 2021 (0)

December 2021 (169)

12-29: Microsoft Windows Explorer Preview Pane Security Bypass (0)
12-29: Backdoor.Win32.Visiotrol.10 Insecure Password Storage (0)
12-29: Backdoor.Win32.FTP.Simpel.12 Man-In-The-Middle (0)
12-29: Windows Explorer Preview Pane HTML File Link Spoofing (0)
12-29: Backdoor.Win32.FTP.Simpel.12 Insecure Crypto Implementation (0)
12-29: Terramaster F4-210 / F2-210 Remote Code Execution (0)
12-29: ManageEngine ServiceDesk Plus Remote Code Execution (0)
12-24: Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service (0)
12-22: WBCE CMS 1.5.1 Admin Password Reset (0)
12-22: phpKF CMS 3.00 Beta y6 Remote Code Execution (0)
12-22: Exponent CMS 2.6 Cross Site Scripting / Brute Force (0)
12-22: Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets (0)
12-21: Alfa Team Shell Tesla 4.1 Remote Code Execution (0)
12-21: Signup PHP Portal 2.1 Shell Upload (0)
12-21: Video Sharing Website 1.0 SQL Injection (0)
12-21: Bazaar Web PHP Social Listings Shell Upload (0)
12-21: WordPress Popular Posts 5.3.2 Remote Code Execution (0)
12-20: [webapps] Exponent CMS 2.6 – Multiple Vulnerabilities (0)
12-20: [webapps] phpKF CMS 3.00 Beta y6 – Remote Code Execution (RCE) (Unauthenticated) (0)
12-20: [webapps] WBCE CMS 1.5.1 – Admin Password Reset (0)
12-18: Backdoor.Win32.BNLite Buffer Overflow (0)
12-18: Backdoor.Win32.Mellpon.b Information Disclosure (0)
12-18: Android VM_MAYWRITE Access To Shared Zygote JIT Mapping (0)
12-18: Apple Security Advisory 2021-12-15-1 (0)
12-18: Apple Security Advisory 2021-12-15-2 (0)
12-18: Apple Security Advisory 2021-12-15-3 (0)
12-18: Apple Security Advisory 2021-12-15-4 (0)
12-18: Apple Security Advisory 2021-12-15-5 (0)
12-18: Apple Security Advisory 2021-12-15-6 (0)
12-18: Apple Security Advisory 2021-12-15-7 (0)
12-17: Child's Day Care Management System 1.0 SQL Injection (0)
12-17: Arunna 1.0.0 Cross Site Request Forgery (0)
12-17: Croogo 3.0.2 Cross Site Scripting (0)
12-17: Croogo 3.0.2 Shell Upload (0)
12-17: Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration (0)
12-17: Chrome blink::NativeIOFile::DoRead Heap Use-After-Free (0)
12-17: Chrome ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread Heap Use-After-Free (0)
12-17: Chrome NavigationPreloadRequest Site Isolation Bypass (0)
12-16: Log4j2 Log4Shell Regexes (0)
12-16: Log4j Payload Generator (0)
12-16: Oliver Library Server 5 Arbitrary File Download (0)
12-16: Simple Cold Storage Management System 1.0 SQL Injection (0)
12-16: OpenEMR 6.0.0 / 6.1.0-dev SQL Injection (0)
12-16: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection (0)
12-16: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection (0)
12-16: SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection (0)
12-16: L4sh Log4j Remote Code Execution (0)
12-16: Log4j Remote Code Execution Word Bypassing (0)
12-16: log4j-scan Extensive Scanner (0)
12-16: Actively Attacked Microsoft Zero Day Allows App Spoofing (0)
12-16: [webapps] Arunna 1.0.0 – 'Multiple' Cross-Site Request Forgery (CSRF) (0)
12-16: [webapps] Croogo 3.0.2 – Unrestricted File Upload (0)
12-16: [webapps] Croogo 3.0.2 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
12-16: [webapps] Cibele Thinfinity VirtualUI 2.5.41.0 – User Enumeration (0)
12-15: Apache Log4j2 2.14.1 Information Disclosure (0)
12-15: Booked Scheduler 2.7.5 Shell Upload (0)
12-15: AbanteCart Arbitrary File Upload / Cross Site Scripting (0)
12-15: Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery (0)
12-15: Ticket Booking 1.0 SQL Injection (0)
12-15: Apache Log4j2 2.14.1 Remote Code Execution (0)
12-15: Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting (0)
12-15: meterN 1.2.3 Remote Command Execution (0)
12-15: WordPress Typebot 1.4.3 Cross Site Scripting (0)
12-15: Laravel Valet 2.0.3 Privilege Escalation (0)
12-15: Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting (0)
12-15: [remote] Oliver Library Server v5 – Arbitrary File Download (0)
12-14: Backdoor.Win32.Mechbot.a Insecure Permissions (0)
12-14: Backdoor.IRC.Subhuman Unauthenticated Open Proxy (0)
12-14: Backdoor.Win32.Asylum.014 Insecure Password Storage (0)
12-14: Backdoor.Win32.Nucleroot.mf Buffer Overflow (0)
12-14: HD-Network Real-Time Monitoring System 2.0 Local File Inclusion (0)
12-14: Backdoor.Win32.Ncx.b Code Execution (0)
12-14: Backdoor.Win32.Ncx.b Buffer Overflow (0)
12-14: Backdoor.Win32.BackAttack.20 Code Execution (0)
12-14: Simple Forum-Discussion System 1.0 SQL Injection (0)
12-14: Backdoor.Win32.BackAttack.20 Authentication Bypass / Code Execution (0)
12-14: Backdoor.Win32.FTP.Matiteman Weak Hardcoded Password (0)
12-14: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
12-14: WebHMI 4.0 Remote Code Execution (0)
12-14: Backdoor.Win32.Ramus Code Execution (0)
12-14: Oracle Database Protection Mechanism Bypass (0)
12-14: Backdoor.Win32.Phase.11 Code Execution (0)
12-14: Oracle Database Weak NNE Integrity Key Derivation (0)
12-14: [local] Microsoft Internet Explorer / ActiveX Control – Security Bypass (0)
12-14: [webapps] WordPress Plugin Typebot 1.4.3 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
12-14: [remote] Apache Log4j 2 – Remote Code Execution (RCE) (0)
12-14: [local] Laravel Valet 2.0.3 – Local Privilege Escalation (macOS) (0)
12-14: [remote] Apache Log4j2 2.14.1 – Information Disclosure (0)
12-13: Log4j Zero Day Flaw: What You Need To Know And How To Protect Yourself (0)
12-13: [webapps] WebHMI 4.0 – Remote Code Execution (RCE) (Authenticated) (0)
12-13: [remote] HD-Network Real-time Monitoring System 2.0 – Local File Inclusion (LFI) (0)
12-11: Apache Log4j2 2.14.1 Remote Code Execution (0)
12-11: Polkit CVE-2021-3560 Research (0)
12-11: Free School Management Software 1.0 Shell Upload (0)
12-11: Free School Management Software 1.0 Cross Site Scripting (0)
12-11: OpenCATS 0.9.4 Remote Code Execution (0)
12-10: Raspberry Pi 5.10 Default Credentials (0)
12-10: Kabir Alhasan Student Management System 1.0 SQL Injection (0)
12-10: Employees Daily Task Management System 1.0 Cross Site Scripting (0)
12-10: Employees Daily Task Management System 1.0 SQL Injection (0)
12-10: Chikitsa Patient Management System 2.0.2 Backup Remote Code Execution (0)
12-10: Chikitsa Patient Management System 2.0.2 Plugin Remote Code Execution (0)
12-10: MTPutty 1.0.1.21 SSH Password Disclosure (0)
12-10: WordPress Catch Themes Demo Import 1.6.1 Shell Upload (0)
12-10: TestLink 1.19 Arbitrary File Download (0)
12-10: LimeSurvey 5.2.4 Remote Code Execution (0)
12-10: Microsoft Office Word MSHTML Remote Code Execution (0)
12-10: Grafana 8.3.0 Directory Traversal / Arbitrary File Read (0)
12-10: [webapps] OpenCATS 0.9.4 – Remote Code Execution (RCE) (0)
12-09: Docker runc Command Execution Proof Of Concept (0)
12-09: Reprise License Manager 14.2 User Enumeration (0)
12-09: Reprise License Manager 14.2 Unauthenticated Password Change (0)
12-09: Reprise License Manager 14.2 Session Hijacking (0)
12-09: Reprise License Manager 14.2 Buffer Overflow (0)
12-09: Reprise License Manager 14.2 Remote Binary Execution (0)
12-09: Grafana Arbitrary File Reading (0)
12-09: (0)
12-09: ETS5 Password Recovery Tool (0)
12-09: [webapps] Grafana 8.3.0 – Directory Traversal and Arbitrary File Read (0)
12-09: [webapps] Wordpress Plugin Catch Themes Demo Import 1.6.1 – Remote Code Execution (RCE) (Authenticated) (0)
12-09: [webapps] Student Management System 1.0 – SQLi Authentication Bypass (0)
12-09: [webapps] TestLink 1.19 – Arbitrary File Download (Unauthenticated) (0)
12-09: [webapps] Employees Daily Task Management System 1.0 – 'username' SQLi Authentication Bypass (0)
12-09: [webapps] Chikitsa Patient Management System 2.0.2 – 'backup' Remote Code Execution (RCE) (Authenticated) (0)
12-09: [webapps] Chikitsa Patient Management System 2.0.2 – Remote Code Execution (RCE) (Authenticated) (0)
12-07: Simple Online Men's Salon Management System 1.0 SQL Injection (0)
12-07: HCL Lotus Notes 12 Unquoted Service Path (0)
12-07: Microsoft Internet Explorer Active-X Control Security Bypass (0)
12-07: Croogo 3.0.2 Remote Code Execution (0)
12-07: Auerswald COMfortel 1400/2600/3600 IP 2.8F Authentication Bypass (0)
12-07: Auerswald COMpact 8.0B Privilege Escalation (0)
12-07: runc / libcontainer Bind Mount Sources Insecure Handling (0)
12-07: Auerswald COMpact 8.0B Arbitrary File Disclosure (0)
12-07: Auerswald COMpact 8.0B Backdoors (0)
12-06: [webapps] Croogo 3.0.2 – Remote Code Execution (Authenticated) (0)
12-06: [remote] Auerswald COMpact 8.0B – Multiple Backdoors (0)
12-06: [remote] Auerswald COMpact 8.0B – Arbitrary File Disclosure (0)
12-06: [remote] Auerswald COMfortel 2.8F – Authentication Bypass (0)
12-06: [remote] Auerswald COMpact 8.0B – Privilege Escalation (0)
12-06: [local] HCL Lotus Notes V12 – Unquoted Service Path (0)
12-04: DuckDuckGo 7.64.4 Address Bar Spoofing (0)
12-04: Trojan.Win32.Mucc.ivk Unquoted Service Path (0)
12-04: Online Pre-Owned / Used Car Showroom Management System 1.0 SQL Injection (0)
12-04: M-Files Web Denial Of Service (0)
12-04: Backdoor.Win32.Vernet.axt Insecure Permissions (0)
12-04: Backdoor.Win32.Bionet.10 Authentication Bypass / Code Execution (0)
12-04: Online Magazine Management System 1.0 SQL Injection (0)
12-04: WordPress DZS Zoomsounds 6.45 Arbitrary File Read (0)
12-04: Backdoor.Win32.WinShell.50 Hardcoded Password (0)
12-04: WordPress Slider By Soliloquy 2.6.2 Cross Site Scripting (0)
12-04: Ubuntu Overlayfs Local Privilege Escalation (0)
12-04: WordPress All-In-One Video Gallery 2.4.9 Local File Inclusion (0)
12-04: Backdoor.Win32.WinShell.50 Hardcoded Password (0)
12-04: OrbiTeam BSCW Server XSS / LFI / User Enumeration (0)
12-03: Android vold Unsafe Mounting (0)
12-03: [webapps] WordPress Plugin DZS Zoomsounds 6.45 – Arbitrary File Read (Unauthenticated) (0)
12-03: [webapps] WordPress Plugin All-in-One Video Gallery plugin 2.4.9 – Local File Inclusion (LFI) (0)
12-03: [webapps] Online Magazine Management System 1.0 – SQLi Authentication Bypass (0)
12-03: [webapps] WordPress Plugin Slider by Soliloquy 2.6.2 – 'title' Stored Cross Site Scripting (XSS) (Authenticated) (0)
12-03: [webapps] Online Pre-owned/Used Car Showroom Management System 1.0 – SQLi Authentication Bypass (0)
12-02: Online Enrollment Management System In PHP And PayPal 1.0 Cross Site Scripting (0)
12-02: Advanced Comment System 1.0 Remote Command Execution (0)
12-02: NSS Signature Validation Memory Corruption (0)
12-02: MilleGPG5 5.7.2 Luglio 2021 Privilege Escalation (0)
12-02: Packet Storm New Exploits For November, 2021 (0)
12-01: Laundry Booking Management System 1.0 Remote Code Execution (0)
12-01: [webapps] Advanced Comment System 1.0 – Remote Command Execution (RCE) (0)
12-01: [local] MilleGPG5 5.7.2 Luglio 2021 – Local Privilege Escalation (0)
12-01: [webapps] Online Enrollment Management System in PHP and PayPal 1.0 – 'U_NAME' Stored Cross-Site Scripting (0)

November 2021 (251)

11-30: Nextar C472 POS DLL Hijacking (0)
11-30: Polkit Authentication Bypass / Local Privilege Escalation (0)
11-30: Apache HTTP Server 2.4.50 CVE-2021-42013 Exploitation (0)
11-30: Opencart 3.0.3.8 Session Injection (0)
11-30: Orangescrum 1.8.0 Cross Site Scripting (0)
11-30: Orangescrum 1.8.0 SQL Injection (0)
11-30: Orangescrum 1.8.0 Privilege Escalation (0)
11-30: [webapps] Laundry Booking Management System 1.0 – Remote Code Execution (RCE) (0)
11-29: [webapps] opencart 3.0.3.8 – Sessjion Injection (0)
11-29: [webapps] orangescrum 1.8.0 – 'Multiple' SQL Injection (Authenticated) (0)
11-29: [webapps] orangescrum 1.8.0 – 'Multiple' Cross-Site Scripting (XSS) (Authenticated) (0)
11-29: [webapps] orangescrum 1.8.0 – Privilege escalation (Authenticated) (0)
11-28: Gerdab.ir SQL Injection (0)
11-28: Bagisto 1.3.3 Client-Side Template Injection (0)
11-28: Backdoor.Win32.Coredoor.10.a Authentication Bypass / Code Execution (0)
11-28: Email-Worm.Win32.Deltad Insecure Permissions (0)
11-28: Backdoor.Win32.Coredoor.10.a Man-In-The-Middle (0)
11-28: D-Link DSL-3782 Pre-Authentication Remote Root (0)
11-28: ManageEngine ADSelfService Plus Authentication Bypass / Code Execution (0)
11-26: [webapps] Bagisto 1.3.3 – Client-Side Template Injection (0)
11-25: Serva 4.4.0 TFTP Remote Buffer Overflow (0)
11-25: CMSimple 5.4 Local File Inclusion / Remote Code Execution (0)
11-25: HTTPDebuggerPro 9.11 Unquoted Service Path (0)
11-25: Apple ColorSync CMMNDimLinear::Interpolate Uninitialized Memory (0)
11-24: Attackers Actively Target Windows Installer Zero-Day (0)
11-24: Samsung NPU (Neural Processing Unit) Memory Corruption (0)
11-24: GNU gdbserver 9.2 Remote Command Execution (0)
11-24: FLEX 1085 Web 1.6.0 HTML Injection (0)
11-24: Webrun 3.6.0.42 SQL Injection (0)
11-24: Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation (0)
11-24: WordPress WP Guppy 1.1 Information Disclosure (0)
11-24: [webapps] CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated) (0)
11-24: [local] HTTPDebuggerPro 9.11 – Unquoted Service Path (0)
11-23: PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection (0)
11-23: Backdoor.Win32.Acropolis.10 Insecure Permissions (0)
11-23: Backdoor.Win32.Curioso.zp Insecure Permissions (0)
11-23: Modbus Slave 7.3.1 Buffer Overflow (0)
11-23: Backdoor.Win32.Antilam.11 Code Execution (0)
11-23: Backdoor.Win32.Wollf.a Hardcoded Password (0)
11-23: Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass (0)
11-23: OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal (0)
11-23: Backdoor.Win32.Wollf.h Hardcoded Password (0)
11-23: Pinkie 2.15 Remote Buffer Overflow (0)
11-23: Wipro Holmes Orchestrator 20.4.1 File Disclosure (0)
11-23: Backdoor.Win32.Agent.ad Insecure Credential Storage (0)
11-23: Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection (0)
11-23: Backdoor.Win32.BNLite Buffer Overflow (0)
11-23: Backdoor.Win32.BlueAdept.02.a Buffer Overflow (0)
11-23: OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure (0)
11-23: Wipro Holmes Orchestrator 20.4.1 Report Disclosure (0)
11-23: [webapps] FLEX 1085 Web 1.6.0 – HTML Injection (0)
11-23: [webapps] Bus Pass Management System 1.0 – 'Search' SQL injection (0)
11-23: [webapps] Webrun 3.6.0.42 – 'P_0' SQL Injection (0)
11-23: [local] Linux Kernel 5.1.x – 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2) (0)
11-23: [webapps] Wordpress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure (0)
11-23: [remote] GNU gdbserver 9.2 – Remote Command Execution (RCE) (0)
11-22: [webapps] Aimeos Laravel ecommerce platform 2021.10 LTS – 'sort' SQL injection (0)
11-22: [dos] Modbus Slave 7.3.1 – Buffer Overflow (DoS) (0)
11-22: [dos] Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC) (0)
11-20: Apache Storm Nimbus 2.2.0 Command Execution (0)
11-19: FBI: FatPipe VPN Zero-Day Exploited By APT For 6 Months (0)
11-19: Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free (0)
11-18: Bludit 3.13.1 Cross Site Scripting (0)
11-18: Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting (0)
11-18: GitLab 13.10.2 Remote Code Execution (0)
11-18: LiquidFiles 3.5.13 Privilege Escalation (0)
11-18: WordPress Smart Product Review 1.0.4 Shell Upload (0)
11-18: SuiteCRM 7.11.18 Remote Code Execution (0)
11-17: Fuel CMS 1.4.13 SQL Injection (0)
11-17: Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection (0)
11-17: KONGA 0.14.9 Privilege Escalation (0)
11-17: WordPress Contact Form To Email 1.3.24 Cross Site Scripting (0)
11-17: Simple Subscription Website 1.0 SQL Injection (0)
11-17: Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download (0)
11-17: PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting (0)
11-17: WordPress WPSchoolPress 2.1.16 Cross Site Scripting (0)
11-17: CMDBuild 3.3.2 Cross Site Scripting (0)
11-17: Online Reviewer System 2.4.0 SQL Injection (0)
11-17: Online Learning System 2.0 Remote Code Execution (0)
11-17: Sitecore Experience Platform (XP) Remote Code Execution (0)
11-17: [webapps] Quick.CMS 6.7 – Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated) (0)
11-17: [webapps] Bludit 3.13.1 – 'username' Cross Site Scripting (XSS) (0)
11-16: WordPress WPSchoolPress 2.1.16 Cross Site Scripting (0)
11-16: [webapps] Online Learning System 2.0 – Remote Code Execution (RCE) (0)
11-16: [webapps] CMDBuild 3.3.2 – 'Multiple' Cross Site Scripting (XSS) (0)
11-15: [webapps] PHP Laravel 8.70.1 – Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF) (0)
11-15: [webapps] Fuel CMS 1.4.13 – 'col' Blind SQL Injection (Authenticated) (0)
11-15: [webapps] Simple Subscription Website 1.0 – SQLi Authentication Bypass (0)
11-15: [webapps] KONGA 0.14.9 – Privilege Escalation (0)
11-15: [webapps] WordPress Plugin Contact Form to Email 1.3.24 – Stored Cross Site Scripting (XSS) (Authenticated) (0)
11-15: [webapps] WordPress Plugin WPSchoolPress 2.1.16 – 'Multiple' Cross Site Scripting (XSS) (0)
11-13: Mumara Classic 2.93 SQL Injection (0)
11-13: Microsoft Windows MultiPoint Server 2011 SP1 Local Privilege Escalation (0)
11-13: WordPress WP Symposium Pro 2021.10 Cross Site Scripting (0)
11-13: Xlight FTP 3.9.3.1 Buffer Overflow (0)
11-13: WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting (0)
11-13: Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution (0)
11-13: Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution (0)
11-12: [webapps] Mumara Classic 2.93 – 'license' SQL Injection (Unauthenticated) (0)
11-12: [local] Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation (0)
11-12: [dos] Xlight FTP 3.9.3.1 – Buffer Overflow (PoC) (0)
11-12: [webapps] WordPress Plugin AccessPress Social Icons 1.8.2 – 'icon title' Stored Cross-Site Scripting (XSS) (0)
11-12: [webapps] WordPress Plugin WP Symposium Pro 2021.10 – 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS) (0)
11-11: Employee And Visitor Gate Pass Logging System 1.0 Cross Site Scripting (0)
11-11: Employee Daily Task Management System 1.0 Cross Site Scripting (0)
11-11: Dolibarr ERP / CRM 13.0.2 Cross Site Scripting (0)
11-11: Dolibarr ERP / CRM 13.0.2 Remote Code Execution (0)
11-11: Microsoft OMI Management Interface Authentication Bypass (0)
11-11: Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation (0)
11-11: FormaLMS 2.4.4 Authentication Bypass (0)
11-11: YeaLink SIP-TXXXP 53.84.0.15 Command Injection (0)
11-11: AbsoluteTelnet 11.24 Denial Of Service (0)
11-11: Apache HTTP Server 2.4.50 Remote Code Execution (0)
11-11: Microsoft Windows WSAQuerySocketSecurity AppContainer Privilege Escalation (0)
11-11: Massive Zero-Day Hole Found In Palo Alto Security Appliances (0)
11-11: Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation (0)
11-11: [webapps] FormaLMS 2.4.4 – Authentication Bypass (0)
11-11: [dos] AbsoluteTelnet 11.24 – 'Phone' Denial of Service (PoC) (0)
11-11: [dos] AbsoluteTelnet 11.24 – 'Username' Denial of Service (PoC) (0)
11-11: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (3) (0)
11-11: [webapps] YeaLink SIP-TXXXP 53.84.0.15 – 'cmd' Command Injection (Authenticated) (0)
11-10: Movable Type 7 r.5002 XMLRPC API Remote Command Injection (0)
11-10: Google Assistant Authentication Bypass (0)
11-10: Google Assistant Authentication Bypass (0)
11-10: [webapps] Employee and Visitor Gate Pass Logging System 1.0 – 'name' Stored Cross-Site Scripting (XSS) (0)
11-10: [webapps] Employee Daily Task Management System 1.0 – 'Name' Stored Cross-Site Scripting (XSS) (0)
11-09: Backdoor.Win32.VB.afu Insecure Permissions (0)
11-09: FusionPBX 4.5.29 Remote Code Execution (0)
11-09: Money Transfer Management System 1.0 SQL Injection (0)
11-09: Backdoor.Win32.VB.afu Insecure Transit (0)
11-09: WordPress Backup And Restore 1.0.3 Arbitrary File Deletion (0)
11-09: Backdoor.Win32.Pahador.aj Authentication Bypass / Code Execution (0)
11-09: Froxlor 0.10.29.1 SQL Injection (0)
11-09: Backdoor.Win32.Hupigon.nqr Unauthenticated Open Proxy (0)
11-09: zlog 1.2.15 Buffer Overflow (0)
11-09: HEUR.Backdoor.Win32.Denis.gen Denial Of Service (0)
11-09: Backdoor.Win32.Hupigon.bnbb Unquoted Service Path (0)
11-09: Kmaleon 1.1.0.205 SQL Injection (0)
11-09: Trojan.Win32.Servstar.poa Unquoted Service Path (0)
11-09: Simple Client Management System 1.0 Cross Site Scripting (0)
11-09: Trojan.Win32.SkynetRef.x Unauthenticated Open Proxy (0)
11-09: Trojan.Win32.SkynetRef.y Unauthenticated Open Proxy (0)
11-09: Email-Worm.Win32.Plexus.b Code Execution (0)
11-08: Email-Worm.Win32.Plexus.b Code Execution (0)
11-08: [webapps] FusionPBX 4.5.29 – Remote Code Execution (RCE) (Authenticated) (0)
11-08: [local] zlog 1.2.15 – Buffer Overflow (0)
11-08: [webapps] Simple Client Management System 1.0 – SQLi (Authentication Bypass) (0)
11-08: [webapps] WordPress Plugin Backup and Restore 1.0.3 – Arbitrary File Deletion (0)
11-08: [webapps] Froxlor 0.10.29.1 – SQL Injection (Authenticated) (0)
11-08: [webapps] Money Transfer Management System 1.0 – Authentication Bypass (0)
11-08: [webapps] Simple Client Management System 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
11-08: [webapps] Kmaleon 1.1.0.205 – 'tipocomb' SQL Injection (Authenticated) (0)
11-06: Khamenei.ir SQL Injection (0)
11-06: Backdoor.Win32.Optix.03.b Code Execution (0)
11-06: 10-Strike Network Inventory Explorer Pro 9.31 Unquoted Service Path (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution (0)
11-06: Payment Terminal 2.x / 3.x Cross Site Scripting (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass (0)
11-06: Backdoor.Win32.Ncx.b Buffer Overflow (0)
11-06: PHP Event Calendar Lite Edition SQL Injection (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control (0)
11-06: ImportExportTools NG 10.0.4 HTML Injection (0)
11-06: Backdoor.Win32.Ncx.b Code Execution (0)
11-06: IBM Sterling B2B Integrator Cross Site Scripting (0)
11-06: PHP Event Calendar Lite Edition Cross Site Scripting (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass (0)
11-06: Backdoor.Win32.Jokerdoor Buffer Overflow (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration (0)
11-06: HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy (0)
11-06: Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection (0)
11-05: Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection (0)
11-05: Opencart 3 Extension TMD Vendor System SQL Injection (0)
11-05: GitLab Unauthenticated Remote ExifTool Command Injection (0)
11-05: [webapps] Payment Terminal 3.1 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-05: [local] 10-Strike Network Inventory Explorer Pro 9.31 – 'srvInventoryWebServer' Unquoted Service Path (0)
11-04: GitLab Unauthenticated Remote ExifTool Command Injection (0)
11-04: Fuel CMS 1.4.1 Remote Code Execution (0)
11-04: Fuel CMS 1.4.1 Remote Code Execution (0)
11-04: [webapps] Opencart 3 Extension TMD Vendor System – Blind SQL Injection (0)
11-04: [webapps] Opencart 3 Extension TMD Vendor System – Blind SQL Injection (0)
11-03: YouTube Video Grabber 1.9.9.1 Buffer Overflow (0)
11-03: Kingdia CD Extractor 3.0.2 Buffer Overflow (0)
11-03: Codiad 2.8.4 Shell Upload (0)
11-03: WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution (0)
11-03: 10-Strike Network Inventory Explorer Pro 9.31 Buffer Overflow (0)
11-03: Employee Record Management System 1.2 SQL Injection (0)
11-03: Dynojet Power Core 2.3.0 Unquoted Service Path (0)
11-03: Ericsson Network Location MPS GMPC21 Remote Code Execution (0)
11-03: Ericsson Network Location MPS GMPC21 Privilege Escalation (0)
11-03: i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw (0)
11-03: [webapps] Eclipse Jetty 11.0.5 – Sensitive File Disclosure (0)
11-03: [webapps] Fuel CMS 1.4.1 – Remote Code Execution (3) (0)
11-03: [webapps] WordPress Plugin Hotel Listing 3 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] WordPress Plugin Popup Anything 2.0.3 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHPJabbers Simple CMS 5 – 'name' Persistent Cross-Site Scripting (XSS) (0)
11-03: [webapps] Ultimate POS 4.4 – 'name' Cross-Site Scripting (XSS) (0)
11-03: [webapps] OpenAM 13.0 – LDAP Injection (0)
11-03: [webapps] Vanguard 2.1 – 'Search' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Isshue Shopping Cart 3.5 – 'Title' Cross Site Scripting (XSS) (0)
11-03: [webapps] Mult-e-Cart Ultimate 2.4 – 'id' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – Persistent Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHP Melody 3.0 – 'vid' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Sonicwall SonicOS 6.5.4 – 'Common Name' Cross-Site Scripting (XSS) (0)
11-03: [local] RDP Manager 4.9.9.3 – Denial-of-Service (PoC) (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' SQL Injection (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
11-03: [webapps] Ultimate POS 4.4 – 'name' Cross-Site Scripting (XSS) (0)
11-03: [webapps] OpenAM 13.0 – LDAP Injection (0)
11-03: [webapps] Vanguard 2.1 – 'Search' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Isshue Shopping Cart 3.5 – 'Title' Cross Site Scripting (XSS) (0)
11-03: [webapps] Mult-e-Cart Ultimate 2.4 – 'id' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – Persistent Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHP Melody 3.0 – 'vid' SQL Injection (0)
11-03: [webapps] PHP Melody 3.0 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] Sonicwall SonicOS 6.5.4 – 'Common Name' Cross-Site Scripting (XSS) (0)
11-03: [local] RDP Manager 4.9.9.3 – Denial-of-Service (PoC) (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' SQL Injection (0)
11-03: [webapps] Simplephpscripts Simple CMS 2.1 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
11-03: [webapps] Fuel CMS 1.4.1 – Remote Code Execution (3) (0)
11-03: [webapps] WordPress Plugin Hotel Listing 3 – 'Multiple' Cross-Site Scripting (XSS) (0)
11-03: [webapps] PHPJabbers Simple CMS 5 – 'name' Persistent Cross-Site Scripting (XSS) (0)
11-02: i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw (0)
11-02: Trojan.Win32.Pasta.mca Insecure Permissions (0)
11-02: PHPJabbers Simple CMS 5 Cross Site Scripting (0)
11-02: WordPress Hotel Listing 3.x Cross Site Scripting (0)
11-02: My Movie Collection Sinatra App Movie Cross Site Scripting (0)
11-02: My Movie Collection Sinatra App Login Cross Site Scripting (0)
11-02: Trojan.Win32.Phires.zm Insecure Permissions (0)
11-02: Trojan.Win32.Delf.bna Information Disclosure (0)
11-02: Backdoor.Win32.Agent.sah Heap Corruption (0)
11-02: Packet Storm New Exploits For October, 2021 (0)
11-02: [webapps] Employee Record Management System 1.2 – 'empid' SQL injection (Unauthenticated) (0)
11-02: [local] Dynojet Power Core 2.3.0 – Unquoted Service Path (0)
11-02: [webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (4) (0)
11-02: [webapps] i3 International Annexxus Cameras Ax-n 5.2.0 – Application Logic Flaw (0)
11-02: [local] 10-Strike Network Inventory Explorer Pro 9.31 – Buffer Overflow (SEH) (0)
11-02: [local] YouTube Video Grabber 1.9.9.1 – Buffer Overflow (SEH) (0)
11-02: [local] Kingdia CD Extractor 3.0.2 – Buffer Overflow (SEH) (0)
11-02: [webapps] Ericsson Network Location MPS GMPC21 – Privilege Escalation (Metasploit) (0)
11-02: [webapps] Ericsson Network Location MPS GMPC21 – Remote Code Execution (RCE) (Metasploit) (0)
11-02: [webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (4) (0)
11-02: [webapps] i3 International Annexxus Cameras Ax-n 5.2.0 – Application Logic Flaw (0)
11-02: [local] 10-Strike Network Inventory Explorer Pro 9.31 – Buffer Overflow (SEH) (0)
11-02: [local] YouTube Video Grabber 1.9.9.1 – Buffer Overflow (SEH) (0)
11-02: [local] Kingdia CD Extractor 3.0.2 – Buffer Overflow (SEH) (0)
11-02: [webapps] Ericsson Network Location MPS GMPC21 – Remote Code Execution (RCE) (Metasploit) (0)
11-02: [webapps] Ericsson Network Location MPS GMPC21 – Privilege Escalation (Metasploit) (0)
11-02: [local] Dynojet Power Core 2.3.0 – Unquoted Service Path (0)
11-02: [webapps] Employee Record Management System 1.2 – 'empid' SQL injection (Unauthenticated) (0)
11-01: Packet Storm New Exploits For October, 2021 (0)

October 2021 (382)

10-30: Umbraco 8.14.1 Server-Side Request Forgery (0)
10-30: Mini-XML 3.2 Heap Overflow (0)
10-30: Android NFC Type Confusion (0)
10-30: Movable Type 7 r.5002 XMLRPC API Remote Command Injection (0)
10-30: WordPress NextScripts: Social Networks Auto-Poster 4.3.20 XSS (0)
10-30: WebCTRL OEM 6.5 Cross Site Scripting (0)
10-30: Google Fixes Two High Severity Zero Day Flaws In Chrome (0)
10-29: WebCTRL OEM 6.5 Cross Site Scripting (0)
10-29: Trojan.Win32.Akl.bc Insecure Permissions (0)
10-29: Backdoor.Win32.Delf.arjo Unquoted Service Path (0)
10-29: Backdoor.Win32.Hupigon.acio Unquoted Service Path (0)
10-29: WordPress Supsystic Contact Form 1.7.18 Cross Site Scripting (0)
10-29: Backdoor.Win32.Hupigon.acio Unauthenticated Open Proxy (0)
10-29: Backdoor.Win32.Hupigon.afjk Directory Traversal (0)
10-29: Backdoor.Win32.Hupigon.afjk Man-In-The-Middle (0)
10-29: Backdoor.Win32.Hupigon.afjk Authentication Bypass / Code Execution (0)
10-29: Hostel Management System 2.1 Cross Site Request Forgery / Cross Site Scripting (0)
10-29: Backdoor.Win32.Mazben.es Unauthenticated Open Proxy (0)
10-29: HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy (0)
10-29: Backdoor.Win32.Antilam.14.o Remote Command Execution (0)
10-29: Virus.Win32.Ipamor.c Unauthenticated Reboot (0)
10-29: Microsoft OMI Management Interface Authentication Bypass (0)
10-29: Backdoor.Win32.Prorat.ntz Man-In-The-Middle (0)
10-29: Backdoor.Win32.Prorat.ntz Weak Hardcoded Password (0)
10-29: Sophos UTM WebAdmin SID Command Injection (0)
10-29: Apple Security Advisory 2021-10-26-4 (0)
10-29: Apple Security Advisory 2021-10-26-5 (0)
10-29: Apple Security Advisory 2021-10-26-6 (0)
10-29: Apple Security Advisory 2021-10-26-7 (0)
10-29: Apple Security Advisory 2021-10-26-8 (0)
10-29: Apple Security Advisory 2021-10-26-9 (0)
10-29: Apple Security Advisory 2021-10-26-10 (0)
10-29: Apple Security Advisory 2021-10-26-11 (0)
10-29: [webapps] Movable Type 7 r.5002 – XMLRPC API OS Command Injection (Metasploit) (0)
10-29: [local] Mini-XML 3.2 – Heap Overflow (0)
10-29: [webapps] Movable Type 7 r.5002 – XMLRPC API OS Command Injection (Metasploit) (0)
10-29: [webapps] WebCTRL OEM 6.5 – 'locale' Reflected Cross-Site Scripting (XSS) (0)
10-29: [webapps] Umbraco v8.14.1 – 'baseUrl' SSRF (0)
10-29: [webapps] Umbraco v8.14.1 – 'baseUrl' SSRF (0)
10-28: Sophos UTM WebAdmin SID Command Injection (0)
10-28: Apple Security Advisory 2021-10-26-1 (0)
10-28: Apple Security Advisory 2021-10-26-2 (0)
10-28: Apple Security Advisory 2021-10-26-3 (0)
10-28: [webapps] PHPGurukul Hostel Management System 2.1 – Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) (0)
10-28: [webapps] WordPress Plugin Supsystic Contact Form 1.7.18 – 'label' Stored Cross-Site Scripting (XSS) (0)
10-28: [webapps] PHPGurukul Hostel Management System 2.1 – Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) (0)
10-28: [webapps] WordPress Plugin Supsystic Contact Form 1.7.18 – 'label' Stored Cross-Site Scripting (XSS) (0)
10-27: RDP Manager 4.9.9.3 Denial Of Service (0)
10-27: Simplephpscripts Simple CMS 2.1 Cross Site Scripting (0)
10-27: Simplephpscripts Simple CMS 2.1 Cross Site Scripting (0)
10-27: Simplephpscripts Simple CMS 2.1 SQL Injection (0)
10-27: WordPress Filterable Portfolio Gallery 1.0 Cross Site Scripting (0)
10-27: Sonicwall SonicOS 6.5.4 Cross Site Scripting (0)
10-27: Mult-e-Cart Ultimate 2.4 SQL Injection (0)
10-27: BMW Online Cross Site Scripting (0)
10-27: SPA Cart CMS 2021 SQL Injection (0)
10-27: PHP Melody 3.0 Cross Site Scripting (0)
10-27: PHP Melody 3.0 SQL Injection (0)
10-27: PHP Melody 3.0 Cross Site Scripting (0)
10-27: PHP Melody 3.0 Cross Site Scripting (0)
10-27: Isshue Shopping Cart 3.5 Cross Site Scripting (0)
10-27: Vanguard 2.1 Cross Site Scripting (0)
10-27: Linux SELinux PTRACE_TRACEME Handler Use-After-Free (0)
10-27: Ultimate POS 4.4 Cross Site Scripting (0)
10-27: Ultimate POS 4.4 Cross Site Scripting (0)
10-26: Engineers Online Portal 1.0 Shell Upload (0)
10-26: Apache HTTP Server 2.4.50 Remote Code Execution (0)
10-26: Hikvision Web Server Build 210702 Command Injection (0)
10-26: WordPress TaxoPress 3.0.7.1 Cross Site Scripting (0)
10-26: Build Smart ERP 21.0817 SQL Injection (0)
10-26: Netgear Genie 2.4.64 Unquoted Service Path (0)
10-26: Balbooa Joomla Forms Builder 2.0.6 SQL Injection (0)
10-26: OpenClinic GA 5.194.18 Privilege Escalation (0)
10-26: Online Event Booking And Reservation System 1.0 Cross Site Scripting (0)
10-26: Engineers Online Portal 1.0 Cross Site Scripting (0)
10-26: Engineers Online Portal 1.0 SQL Injection (0)
10-26: GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal (0)
10-26: FreeSWITCH 1.10.6 SIP Digest Leak (0)
10-26: phpMyAdmin 4.8.1 Remote Code Execution (0)
10-26: FreeSWITCH 1.10.6 SIP Flooding Denial Of Service (0)
10-26: Online Student Admission System 1.0 SQL Injection / Shell Upload (0)
10-26: WordPress Media-Tags 3.2.0.2 Cross Site Scripting (0)
10-26: Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution (0)
10-26: FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication (0)
10-26: WordPress Ninja Tables 4.1.7 Cross Site Scripting (0)
10-26: WordPress 4.9.6 Arbitrary File Deletion (0)
10-26: Gestionale Open 11.00.00 Privilege Escalation (0)
10-26: FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication (0)
10-26: FreeSWITCH 1.10.6 SRTP Packet Denial Of Service (0)
10-26: FreeSWITCH 1.10.6 SRTP Packet Denial Of Service (0)
10-26: [webapps] WordPress Plugin Filterable Portfolio Gallery 1.0 – 'title' Stored Cross-Site Scripting (XSS) (0)
10-26: [webapps] WordPress Plugin Filterable Portfolio Gallery 1.0 – 'title' Stored Cross-Site Scripting (XSS) (0)
10-25: [local] OpenClinic GA 5.194.18 – Local Privilege Escalation (0)
10-25: [webapps] Balbooa Joomla Forms Builder 2.0.6 – SQL Injection (Unauthenticated) (0)
10-25: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (2) (0)
10-25: [webapps] Build Smart ERP 21.0817 – 'eidValue' SQL Injection (Unauthenticated) (0)
10-25: [local] Netgear Genie 2.4.64 – Unquoted Service Path (0)
10-25: [webapps] Engineers Online Portal 1.0 – File Upload Remote Code Execution (RCE) (0)
10-25: [webapps] Hikvision Web Server Build 210702 – Command Injection (0)
10-25: [local] Gestionale Open 11.00.00 – Local Privilege Escalation (0)
10-25: [webapps] WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] Online Event Booking and Reservation System 1.0 – 'reason' Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] phpMyAdmin 4.8.1 – Remote Code Execution (RCE) (0)
10-25: [webapps] Wordpress 4.9.6 – Arbitrary File Deletion (Authenticated) (2) (0)
10-25: [webapps] WordPress Plugin Ninja Tables 4.1.7 – Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] WordPress Plugin Media-Tags 3.2.0.2 – Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'id' SQL Injection (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Authentication Bypass (0)
10-25: [webapps] WordPress Plugin Ninja Tables 4.1.7 – Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
10-25: [local] Netgear Genie 2.4.64 – Unquoted Service Path (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'id' SQL Injection (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Authentication Bypass (0)
10-25: [webapps] Engineers Online Portal 1.0 – 'multiple' Stored Cross-Site Scripting (XSS) (0)
10-25: [local] Gestionale Open 11.00.00 – Local Privilege Escalation (0)
10-25: [webapps] Online Event Booking and Reservation System 1.0 – 'reason' Stored Cross-Site Scripting (XSS) (0)
10-25: [webapps] Balbooa Joomla Forms Builder 2.0.6 – SQL Injection (Unauthenticated) (0)
10-25: [local] OpenClinic GA 5.194.18 – Local Privilege Escalation (0)
10-25: [webapps] Build Smart ERP 21.0817 – 'eidValue' SQL Injection (Unauthenticated) (0)
10-25: [webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (2) (0)
10-25: [webapps] Engineers Online Portal 1.0 – File Upload Remote Code Execution (RCE) (0)
10-25: [webapps] Hikvision Web Server Build 210702 – Command Injection (0)
10-23: Jetty 9.4.37.v20210219 Information Disclosure (0)
10-23: Clinic Management System 1.0 Code Execution / SQL Injection (0)
10-23: Online Course Registration 1.0 SQL Injection (0)
10-23: Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation (0)
10-22: Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation (0)
10-22: Easy Chat Server 3.1 Directory Traversal (0)
10-22: NIMax 5.3.1f0 Denial Of Service (0)
10-22: Small CRM 3.0 Cross Site Scripting (0)
10-22: [webapps] Clinic Management System 1.0 – SQL injection to Remote Code Execution (0)
10-22: [webapps] Jetty 9.4.37.v20210219 – Information Disclosure (0)
10-22: [webapps] Online Course Registration 1.0 – Blind Boolean-Based SQL Injection (Authenticated) (0)
10-22: [webapps] Online Course Registration 1.0 – Blind Boolean-Based SQL Injection (Authenticated) (0)
10-22: [webapps] Clinic Management System 1.0 – SQL injection to Remote Code Execution (0)
10-22: [webapps] Jetty 9.4.37.v20210219 – Information Disclosure (0)
10-21: Small CRM 3.0 Cross Site Scripting (0)
10-21: Macro Expert 4.7 Unquoted Service Path (0)
10-21: SonicWall SMA 10.2.1.0-17sv Password Reset (0)
10-21: Apple Security Advisory 2021-10-11-1 (0)
10-21: [webapps] Easy Chat Server 3.1 – Directory Traversal and Arbitrary File Read (0)
10-21: [dos] NIMax 5.3.1f0 – 'VISA Alias' Denial of Service (PoC) (0)
10-21: [webapps] Small CRM 3.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
10-21: [dos] NIMax 5.3.1 – 'Remote VISA System' Denial of Service (PoC) (0)
10-21: [webapps] Small CRM 3.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
10-21: [dos] NIMax 5.3.1 – 'Remote VISA System' Denial of Service (PoC) (0)
10-21: [dos] NIMax 5.3.1f0 – 'VISA Alias' Denial of Service (PoC) (0)
10-20: http://keelek-phatumrat.go.th (0)
10-20: SonicWall SMA 10.2.1.0-17sv Password Reset (0)
10-20: http://old.ddc.moph.go.th/data/br4in(36).gif (0)
10-20: http://www.khunpadpeng.go.th/editor/ (0)
10-20: http://www.srapanglan.go.th/editor/ (0)
10-20: http://www.banrome.go.th/editor/ (0)
10-20: http://www.wangwa.go.th/editor/ (0)
10-20: http://www.thajaosanook.go.th/editor/ (0)
10-20: http://nangbuach.go.th/editor/ (0)
10-20: http://www.khaodin.go.th/editor/ (0)
10-20: Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation (0)
10-20: Online Motorcycle (Bike) Rental System 1.0 SQL Injection (0)
10-20: WordPress Enfold Theme 4.8.3 Cross Site Scripting (0)
10-20: [webapps] Dolibarr ERP-CRM 14.0.2 – Stored Cross-Site Scripting (XSS) / Privilege Escalation (0)
10-20: [local] Macro Expert 4.7 – Unquoted Service Path (0)
10-20: [webapps] SonicWall SMA 10.2.1.0-17sv – Password Reset (0)
10-20: [webapps] Dolibarr ERP-CRM 14.0.2 – Stored Cross-Site Scripting (XSS) / Privilege Escalation (0)
10-20: [local] Macro Expert 4.7 – Unquoted Service Path (0)
10-20: [webapps] SonicWall SMA 10.2.1.0-17sv – Password Reset (0)
10-19: WordPress Enfold Theme 4.8.3 Cross Site Scripting (0)
10-19: Support Board 3.3.4 Cross Site Scripting (0)
10-19: Trojan-Spy.Win32.Ardamax.ocx Insecure Permissions (0)
10-19: Worm.Win32.Fasong.c Unquoted Service Path (0)
10-19: Company's Recruitment Management System 1.0 Cross Site Scripting (0)
10-19: Company's Recruitment Management System 1.0 Cross Site Request Forgery (0)
10-19: Trojan-Proxy.Win32.Ranky.dh Unauthenticated Open Proxy (0)
10-19: Plastic SCM 10.0.16.5622 Insecure Direct Object Reference (0)
10-19: Worm.Win32.Runfer.bpo Unquoted Service Path (0)
10-19: WordPress Duplicator 1.3.26 Arbitrary File Read (0)
10-19: Trojan-Proxy.Win32.Ranky.z Unauthenticated Open Proxy (0)
10-19: Engineers Online Portal 1.0 SQL Injection (0)
10-19: Virus.Win32.Ipamor.c Unauthenticated Remote System Reboot (0)
10-19: Mitsubishi Electric / INEA SmartRTU Cross Site Scripting (0)
10-19: Mitsubishi Electric / INEA SmartRTU Source Code Disclosure (0)
10-19: Backdoor.Win32.LanFiltrator.11.b Code Execution (0)
10-19: Backdoor.Win32.LanaFTP.k Heap Corruption (0)
10-19: [webapps] myfactory FMS 7.1-911 – 'Multiple' Reflected Cross-Site Scripting (XSS) (0)
10-19: [webapps] WordPress Theme Enfold 4.8.3 – Reflected Cross-Site Scripting (XSS) (0)
10-19: [webapps] Online Motorcycle (Bike) Rental System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
10-19: [webapps] Online Motorcycle (Bike) Rental System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
10-19: [webapps] myfactory FMS 7.1-911 – 'Multiple' Reflected Cross-Site Scripting (XSS) (0)
10-19: [webapps] WordPress Theme Enfold 4.8.3 – Reflected Cross-Site Scripting (XSS) (0)
10-18: Backdoor.Win32.LanaFTP.k Heap Corruption (0)
10-18: Plastic SCM 10.0.16.5622 Improper Access Control (0)
10-18: [webapps] Company's Recruitment Management System 1.0 – 'Add New user' Cross-Site Request Forgery (CSRF) (0)
10-18: [webapps] Plastic SCM 10.0.16.5622 – WebAdmin Server Access (0)
10-18: [webapps] Support Board 3.3.4 – 'Message' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Company's Recruitment Management System 1.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Reflected Cross-Site Scripting (XSS) (0)
10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Source Code Disclosure (0)
10-18: [webapps] Wordpress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (0)
10-18: [webapps] Company's Recruitment Management System 1.0. – 'title' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Company's Recruitment Management System 1.0 – 'description' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Source Code Disclosure (0)
10-18: [webapps] Company's Recruitment Management System 1.0. – 'title' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Wordpress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (0)
10-18: [webapps] Support Board 3.3.4 – 'Message' Stored Cross-Site Scripting (XSS) (0)
10-18: [webapps] Mitsubishi Electric & INEA SmartRTU – Reflected Cross-Site Scripting (XSS) (0)
10-16: i-Panel Administration System 2.0 Cross Site Scripting (0)
10-15: i-Panel Administration System 2.0 Cross Site Scripting (0)
10-15: SolarWinds Kiwi CatTools 3.11.8 Unquoted Service Path (0)
10-15: TextPattern CMS 4.8.7 Shell Upload (0)
10-15: IFSC Code Finder Project 1.0 SQL Injection (0)
10-15: Yellowfin Cross Site Scripting / Insecure Direct Object Reference (0)
10-15: WebKit PointerCaptureController::processPendingPointerCapture Heap Use-After-Free (0)
10-15: WebKit EventHandler::keyEvent Heap Use-After-Free (0)
10-15: WebKit DOMWindow::open Heap Use-After-Free (0)
10-15: [webapps] i-Panel Administration System 2.0 – Reflected Cross-site Scripting (XSS) (0)
10-15: [webapps] i-Panel Administration System 2.0 – Reflected Cross-site Scripting (XSS) (0)
10-14: WebKit DOMWindow::open Heap Use-After-Free (0)
10-14: Pharmacy Point Of Sale System 1.0 Cross Site Request Forgery (0)
10-14: Simple Issue Tracker System 1.0 SQL Injection (0)
10-14: Student Quarterly Grading System 1.0 Cross Site Scripting (0)
10-14: Lifestyle Store 1.0 Cross Site Scripting (0)
10-14: Logitech Media Server 8.2.0 Cross Site Scripting (0)
10-14: Simple Payroll System 1.0 SQL Injection (0)
10-14: Alchemy CMS 6.0.0 Arbitrary File Upload (0)
10-14: Keycloak 12.0.1 Server-Side Request Forgery (0)
10-14: Apache HTTP Server 2.4.50 Path Traversal / Code Execution (0)
10-14: Sonicwall SonicOS 7.0 Host Header Injection (0)
10-14: myfactory.FMS 7.1-911 Cross Site Scripting (0)
10-14: [local] SolarWinds Kiwi CatTools 3.11.8 – Unquoted Service Path (0)
10-14: [webapps] TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated) (0)
10-14: [webapps] TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated) (0)
10-14: [local] SolarWinds Kiwi CatTools 3.11.8 – Unquoted Service Path (0)
10-13: myfactory.FMS 7.1-911 Cross Site Scripting (0)
10-13: Moodle Authenticated Spelling Binary Remote Code Execution (0)
10-13: Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution (0)
10-13: Moodle SpellChecker Path Authenticated Remote Command Execution (0)
10-13: Moodle Admin Shell Upload (0)
10-13: Zero-Day Hunters Seek Laws To Prevent Vendors Suing Them For Helping Out And Doing Their Jobs (0)
10-13: [webapps] Sonicwall SonicOS 7.0 – Host Header Injection (0)
10-13: [webapps] Logitech Media Server 8.2.0 – 'Title' Cross-Site Scripting (XSS) (0)
10-13: [webapps] Student Quarterly Grading System 1.0 – 'grade' Stored Cross-Site Scripting (XSS) (0)
10-13: [webapps] Simple Issue Tracker System 1.0 – SQLi Authentication Bypass (0)
10-13: [webapps] Online Learning System 2.0 – 'Multiple' SQLi Authentication Bypass (0)
10-13: [remote] Cypress Solutions CTM-200 2.7.1 – Root Remote OS Command Injection (0)
10-13: [webapps] Pharmacy Point of Sale System 1.0 – 'Add New User' Cross-Site Request Forgery (CSRF) (0)
10-13: [webapps] Apache HTTP Server 2.4.50 – Path Traversal & Remote Code Execution (RCE) (0)
10-13: [remote] Cypress Solutions CTM-200/CTM-ONE – Hard-coded Credentials Remote Root (Telnet/SSH) (0)
10-13: [webapps] Keycloak 12.0.1 – 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) (0)
10-13: [webapps] Company's Recruitment Management System 1.0 – 'Multiple' SQL Injection (Unauthenticated) (0)
10-13: [webapps] Simple Payroll System 1.0 – SQLi Authentication Bypass (0)
10-12: Moodle Admin Shell Upload (0)
10-12: Aviatrix Controller 6.x Path Traversal / Code Execution (0)
10-12: Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root (0)
10-12: Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection (0)
10-11: Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection (0)
10-11: https://www.spr.go.th/er.php (0)
10-09: Loan Management System 1.0 SQL Injection (0)
10-09: Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation (0)
10-09: django-unicorn 0.35.3 Cross Site Scripting (0)
10-09: Online Traffic Offense Management System 1.0 Privilege Escalation (0)
10-09: Maian-Cart 3.8 Remote Code Execution (0)
10-09: WordPress Pie Register 3.7.1.4 Privilege Escalation (0)
10-09: Simple Online College Entrance Exam System 1.0 Account Takeover (0)
10-09: IFSC Code Finder Project 1.0 SQL Injection (0)
10-09: Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation (0)
10-09: Online Enrollment Management System 1.0 SQL Injection (0)
10-09: Online Employees Work From Home Attendance System 1.0 SQL Injection (0)
10-09: Cmder Console Emulator 1.3.18 Denial Of Service (0)
10-09: Simple Online College Entrance Exam System 1.0 SQL Injection (0)
10-08: Cmder Console Emulator 1.3.18 Denial Of Service (0)
10-08: https://www.samtambon.go.th/silence.html (0)
10-08: http://www.phichit.go.th/wh.html (0)
10-08: Google SLO-Generator 2.0.0 Code Execution (0)
10-08: Online DJ Booking Management System 1.0 Cross Site Scripting (0)
10-08: Simple Online College Entrance Exam System 1.0 SQL Injection (0)
10-08: Online Traffic Offense Management System 1.0 Shell Upload (0)
10-08: Online Traffic Offense Management System 1.0 Cross Site Scripting (0)
10-08: Online Traffic Offense Management System 1.0 SQL Injection (0)
10-08: Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation (0)
10-08: VMware vCenter Server Analytics (CEIP) Service File Upload (0)
10-08: [webapps] Online Employees Work From Home Attendance System 1.0 – SQLi Authentication Bypass (0)
10-08: [webapps] Online Enrollment Management System 1.0 – Authentication Bypass (0)
10-08: [webapps] Simple Online College Entrance Exam System 1.0 – Account Takeover (0)
10-08: [webapps] Simple Online College Entrance Exam System 1.0 – Unauthenticated Admin Creation (0)
10-08: [webapps] WordPress Plugin Pie Register 3.7.1.4 – Admin Privilege Escalation (Unauthenticated) (0)
10-08: [webapps] django-unicorn 0.35.3 – Stored Cross-Site Scripting (XSS) (0)
10-08: [webapps] Maian-Cart 3.8 – Remote Code Execution (RCE) (Unauthenticated) (0)
10-08: [webapps] IFSC Code Finder Project 1.0 – SQL injection (Unauthenticated) (0)
10-08: [webapps] Online Traffic Offense Management System 1.0 – Privilage escalation (Unauthenticated) (0)
10-08: [webapps] Simple Online College Entrance Exam System 1.0 – 'Multiple' SQL injection (0)
10-07: VMware vCenter Server Analytics (CEIP) Service File Upload (0)
10-07: Odine Solutions GateKeeper 1.0 SQL Injection (0)
10-07: G Data EndpointProtection Enterprise 17.08.2021 Privilege Escalation (0)
10-07: Talariax sendQuick Alertplus 4.3 SQL Injection (0)
10-07: Apache HTTP Server 2.4.49 Path Traversal (0)
10-07: Microsoft Office OneNote 2007 Remote Code Execution (0)
10-07: WordPress BulletProof Security 5.1 Information Disclosure (0)
10-07: Online-Food-Ordering-Web-App SQL Injection (0)
10-07: Dahua Authentication Bypass (0)
10-07: High Infinity Technology HiKam S6 1.3.26 Spoofing / Broken Authentication (0)
10-07: [webapps] Simple Online College Entrance Exam System 1.0 – SQLi Authentication Bypass (0)
10-07: [webapps] Online Traffic Offense Management System 1.0 – Multiple RCE (Unauthenticated) (0)
10-07: [webapps] Online Traffic Offense Management System 1.0 – Multiple XSS (Unauthenticated) (0)
10-07: [webapps] Online Traffic Offense Management System 1.0 – Multiple SQL Injection (Unauthenticated) (0)
10-07: [webapps] Online DJ Booking Management System 1.0 – 'Multiple' Blind Cross-Site Scripting (0)
10-07: [local] Google SLO-Generator 2.0.0 – Code Execution (0)
10-06: High Infinity Technology HiKam S6 1.3.26 Spoofing / Broken Authentication (0)
10-06: Virus.Win32.Renamer.a Insecure Permissions (0)
10-06: Backdoor.Win32.LolBot.gen Insecure Permissions (0)
10-06: Backdoor.Win32.Yoddos.an Unquoted Service Path (0)
10-06: HEUR.Trojan.Win32.Generic Unquoted Service Path (0)
10-06: Student Quarterly Grading System 1.0 SQL Injection (0)
10-06: Backdoor.Win32.Bifrose.ahyg Insecure Permissions (0)
10-06: Try My Recipe SQL Injection (0)
10-06: Backdoor.Win32.Hupigon.gy Unauthenticated Open Proxy (0)
10-06: Atlassian Confluence Server 7.5.1 Arbitrary File Read (0)
10-06: Trojan-PSW.Win32.PdPinch.gen Denial Of Service (0)
10-06: WordPress TheCartPress 1.5.3.6 Privilege Escalation (0)
10-06: WordPress MStore API 2.0.6 Shell Upload (0)
10-06: Atlassian Jira Server/Data Center 8.4.0 File Read (0)
10-06: HackTool.Win32.Agent.gi Buffer Overflow (0)
10-06: Backdoor.Win32.Prorat.lkt Hardcoded Password (0)
10-06: Tapatalk Plugins PHP Object Injection (0)
10-06: Backdoor.Win32.Prorat.lkt Man-In-The-Middle (0)
10-06: https://wanghinlad.go.th/license.txt (0)
10-06: https://www.sichomphu.go.th (0)
10-06: https://phuwiangsub.go.th (0)
10-06: Apache Fixes Actively Exploited Zero-Day Vulnerability, Patch Now (0)
10-06: [webapps] Apache HTTP Server 2.4.49 – Path Traversal (0)
10-06: [webapps] Wordpress Plugin BulletProof Security 5.1 – Sensitive Information Disclosure (0)
10-06: [webapps] Odine Solutions GateKeeper 1.0 – 'trafficCycle' SQL Injection (0)
10-06: [webapps] Atlassian Jira Server/Data Center 8.16.0 – Arbitrary File Read (0)
10-05: Backdoor.Win32.Prorat.lkt Man-In-The-Middle (0)
10-05: Payara Micro Community 5.2021.6 Directory Traversal (0)
10-05: Lodging Reservation Management System 1.0 SQL Injection (0)
10-05: College Management System 1.0 Arbitrary File Upload (0)
10-05: Pet Shop Management System 1.0 Privilege Escalation / Shell Upload (0)
10-05: Open Game Panel Remote Code Execution (0)
10-05: Vehicle Service Management System 1.0 SQL Injection (0)
10-05: Vehicle Service Managment System 1.0 Shell Upload (0)
10-05: Young Entrepreneur E-Negosyo System 1.0 SQL Injection (0)
10-05: Young Entrepreneur E-Negosyo System 1.0 Cross Site Scripting (0)
10-05: Lifestyle Store 1.0 Cross Site Scripting (0)
10-05: Gatekeeper Bypass Proof Of Concept (0)
10-05: College Management System 1.0 SQL Injection (0)
10-05: College Management System 1.0 Cross Site Scripting (0)
10-05: College Management System 1.0 Insecure Direct Object Reference (0)
10-05: Local Offices Contact Directory Site SQL Injection (0)
10-05: Company's Recruitment Management System SQL Injection (0)
10-05: Company’s Recruitment Management System SQL Injection (0)
10-05: [webapps] Wordpress Plugin MStore API 2.0.6 – Arbitrary File Upload (0)
10-05: [webapps] Wordpress Plugin TheCartPress 1.5.3.6 – Privilege Escalation (Unauthenticated) (0)
10-05: [webapps] Atlassian Confluence 7.12.2 – Pre-Authorization Arbitrary File Read (0)
10-05: [webapps] Student Quarterly Grading System 1.0 – SQLi Authentication Bypass (0)
10-04: [webapps] Young Entrepreneur E-Negosyo System 1.0 – SQL Injection Authentication Bypass (0)
10-04: [webapps] Open Game Panel – Remote Code Execution (RCE) (Authenticated) (0)
10-04: [webapps] Lodging Reservation Management System 1.0 – SQL Injection / Authentication Bypass (0)
10-04: [webapps] Payara Micro Community 5.2021.6 – Directory Traversal (0)
10-03: http://www.sidalocal.go.th/nad.htm (0)
10-02: CMSimple_XH 1.7.4 Remote Command Execution (0)
10-02: Vehicle Service Management System 1.0 Shell Upload (0)
10-02: Exam Form Submission System 1.0 SQL Injection (0)
10-02: Drupal MiniorangeSAML 8.x-2.22 Privilege Escalation (0)
10-02: Phpwcms 1.9.30 Cross Site Scripting (0)
10-02: Blood Bank System 1.0 SQL Injection (0)
10-02: WhatsUpGold 21.0.3 Cross Site Scripting (0)
10-02: Packet Storm New Exploits For September, 2021 (0)
10-01: Packet Storm New Exploits For September, 2021 (0)
10-01: Azure Active Directory Brute Forcer (0)
10-01: Pharmacy Point Of Sale System 1.0 SQL Injection (0)
10-01: WordPress JS Jobs Manager 1.1.7 Authorization Bypass (0)
10-01: Cmsimple 5.4 Remote Code Execution (0)
10-01: PlaceOS 1.2109.1 Open Redirection (0)
10-01: [webapps] CMSimple_XH 1.7.4 – Remote Code Execution (RCE) (Authenticated) (0)
10-01: [webapps] WhatsUpGold 21.0.3 – Stored Cross-Site Scripting (XSS) (0)
10-01: [webapps] Vehicle Service Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
10-01: [webapps] Phpwcms 1.9.30 – File Upload to XSS (0)
10-01: [webapps] Blood Bank System 1.0 – SQL Injection / Authentication Bypass (0)
10-01: [webapps] Exam Form Submission System 1.0 – SQL Injection Authentication Bypass (0)
10-01: [webapps] Dairy Farm Shop Management System 1.0 – SQL Injection Authentication Bypass (0)
10-01: [webapps] Drupal Module MiniorangeSAML 8.x-2.22 – Privilege escalation via XML Signature Wrapping (0)

September 2021 (321)

09-30: PlaceOS 1.2109.1 Open Redirection (0)
09-30: Covid Vaccination Scheduler System 1.0 SQL Injection / Cross Site Scripting (0)
09-30: OpenSIS 8.0 Cross Site Scripting (0)
09-30: WordPress Select All Categories And Taxonomies 1.3.1 Cross Site Scripting (0)
09-30: WordPress Redirect 404 To Parent 1.3.0 Cross Site Scripting (0)
09-30: Storage Unit Rental Management System 1.0 Shell Upload (0)
09-30: Google Extensible Service Proxy Header Forgery (0)
09-30: Mitrastar GPT-2541GNAC-N1 Privilege Escalation (0)
09-30: Pet Shop Management System 1.0 Shell Upload (0)
09-30: [webapps] Pharmacy Point of Sale System 1.0 – 'Multiple' SQL Injection (SQLi) (0)
09-30: [webapps] Cmsimple 5.4 – Remote Code Execution (RCE) (Authenticated) (0)
09-30: [webapps] Cyber Cafe Management System Project (CCMS) 1.0 – SQL Injection Authentication Bypass (0)
09-30: [webapps] Wordpress Plugin JS Jobs Manager 1.1.7 – Unauthenticated Plugin Install/Activation (0)
09-29: Pet Shop Management System 1.0 Shell Upload (0)
09-29: WordPress TranslatePress 2.0.8 Cross Site Scripting (0)
09-29: WordPress Contact Form 1.7.14 Cross Site Scripting (0)
09-29: WordPress Popup 1.10.4 Cross Site Scripting (0)
09-29: Apache James Server 2.3.2 Remote Command Execution (0)
09-29: WordPress Ultimate Maps 1.2.4 Cross Site Scripting (0)
09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Cross Site Request Forgery (0)
09-29: FatPipe Networks WARP 10.2.2 Authorization Bypass (0)
09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Configuration Disclosure (0)
09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Backdoor Account (0)
09-29: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation (0)
09-29: [webapps] Pet Shop Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-29: [remote] Mitrastar GPT-2541GNAC-N1 – Privilege escalation (0)
09-29: [webapps] WordPress Plugin Redirect 404 to Parent 1.3.0 – Reflected Cross-Site Scripting (XSS) (0)
09-29: [webapps] WordPress Plugin Select All Categories and Taxonomies 1.3.1 – Reflected Cross-Site Scripting (XSS) (0)
09-29: [webapps] OpenSIS 8.0 – 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS) (0)
09-29: [webapps] Storage Unit Rental Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-28: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation (0)
09-28: iOS 15.0 Gamed Information Disclosure (0)
09-28: iOS 15.0 nehelper Enumeration (0)
09-28: iOS 15.0 Nehelper Wifi Info Entitlement Check Bypass (0)
09-28: [remote] Apache James Server 2.3.2 – Remote Command Execution (RCE) (Authenticated) (2) (0)
09-28: [webapps] WordPress Plugin Popup 1.10.4 – Reflected Cross-Site Scripting (XSS) (0)
09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – 'Add Admin' Cross-Site Request Forgery (CSRF) (0)
09-28: [webapps] WordPress Plugin Ultimate Maps 1.2.4 – Reflected Cross-Site Scripting (XSS) (0)
09-28: [webapps] WordPress Plugin Contact Form 1.7.14 – Reflected Cross-Site Scripting (XSS) (0)
09-28: [webapps] WordPress Plugin TranslatePress 2.0.8 – Stored Cross-Site Scripting (XSS) (Authenticated) (0)
09-28: (0)
09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – Remote Privilege Escalation (0)
09-28: [webapps] FatPipe Networks WARP 10.2.2 – Authorization Bypass (0)
09-28: [webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – Config Download (Unauthenticated) (0)
09-27: Simple Attendance System 1.0 Authentication Bypass (0)
09-27: [local] Cyberfox Web Browser 52.9.1 – Denial-of-Service (PoC) (0)
09-27: [remote] Cisco small business RV130W 1.0.3.44 – Inject Counterfeit Routers (0)
09-27: [webapps] Library System 1.0 – 'student_id' SQL injection (Authenticated) (0)
09-27: [local] Ether_MP3_CD_Burner 1.3.8 – Buffer Overflow (SEH) (0)
09-27: [webapps] WordPress Plugin Wappointment 2.2.4 – Stored Cross-Site Scripting (XSS) (0)
09-25: https://www.ombudsman.go.th/krd.html (0)
09-25: SmarterTools SmarterTrack 7922 Information Disclosure (0)
09-25: OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service (0)
09-25: OpenVPN Monitor 1.1.3 Command Injection (0)
09-25: OpenVPN Monitor 1.1.3 Cross Site Request Forgery (0)
09-25: Apple Security Advisory 2021-09-23-1 (0)
09-25: Apple Security Advisory 2021-09-23-2 (0)
09-24: OpenVPN Monitor 1.1.3 Cross Site Request Forgery (0)
09-24: Apple Patches 3 More Zero-Days Under Active Attack (0)
09-24: 100M IoT Devices Exposed By Zero-Day Bug (0)
09-24: http://pymr.go.th/er.php (0)
09-24: Gurock Testrail 7.2.0.3014 Improper Access Control (0)
09-24: Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution (0)
09-24: WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery (0)
09-24: WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting (0)
09-24: Redragon Gaming Mouse Denial Of Service (0)
09-24: Police Crime Record Management Project 1.0 SQL Injection (0)
09-24: Pharmacy Point Of Sale System 1.0 SQL Injection (0)
09-24: WordPress 3DPrint Lite 1.9.1.4 Shell Upload (0)
09-24: [webapps] Pharmacy Point of Sale System 1.0 – SQLi Authentication BYpass (0)
09-24: [webapps] SmarterTools SmarterTrack 7922 – 'Multiple' Information Disclosure (0)
09-23: WordPress 3DPrint Lite 1.9.1.4 Shell Upload (0)
09-23: Cloudron 6.2 Cross Site Scripting (0)
09-23: Simple Attendance System 1.0 SQL Injection (0)
09-23: TotalAV 5.15.69 Unquoted Service Path (0)
09-23: Filerun 2021.03.26 Remote Code Execution (0)
09-23: Sentry 8.2.0 Remote Code Execution (0)
09-23: South Gate Inn Online Reservation System 1.0 Shell Upload / SQL Injection (0)
09-23: Online Reviewer System 1.0 Shell Upload (0)
09-23: e107 CMS 2.3.0 Shell Upload (0)
09-23: E-Negosyo System 1.0 SQL Injection (0)
09-23: E-Negosyo System 1.0 Shell Upload (0)
09-23: OpenCats 0.9.4-2 XML Injection (0)
09-23: Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race (0)
09-23: [webapps] Police Crime Record Management Project 1.0 – Time Based SQLi (0)
09-23: [webapps] WordPress Plugin Fitness Calculators 1.9.5 – Cross-Site Request Forgery (CSRF) (0)
09-23: [webapps] WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 – Reflected Cross-Site Scripting (XSS) (0)
09-23: [webapps] Backdrop CMS 1.20.0 – 'Multiple' Cross-Site Request Forgery (CSRF) (0)
09-23: [webapps] Wordpress Plugin 3DPrint Lite 1.9.1.4 – Arbitrary File Upload (0)
09-23: [dos] Redragon Gaming Mouse – 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) (0)
09-23: [webapps] Gurock Testrail 7.2.0.3014 – 'files.md5' Improper Access Control (0)
09-23: [webapps] Budget and Expense Tracker System 1.0 – Arbitrary File Upload (0)
09-22: Apple Security Advisory 2021-09-20-1 (0)
09-22: Apple Security Advisory 2021-09-20-2 (0)
09-22: Apple Security Advisory 2021-09-20-3 (0)
09-22: Apple Security Advisory 2021-09-20-4 (0)
09-22: Apple Security Advisory 2021-09-20-5 (0)
09-22: Apple Security Advisory 2021-09-20-6 (0)
09-22: Apple Security Advisory 2021-09-20-7 (0)
09-22: Apple Security Advisory 2021-09-20-8 (0)
09-22: Apple Security Advisory 2021-09-20-9 (0)
09-22: Apple Security Advisory 2021-09-20-10 (0)
09-22: Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race (0)
09-22: Yenkee Hornet Gaming Mouse Denial Of Service (0)
09-22: Church Management System 1.0 SQL Injection / Code Execution (0)
09-22: Trojan.Win32.Agent.xaamkd Insecure Permissions (0)
09-22: Budgets And Expense Tracker System 1.0 Shell Upload (0)
09-22: WebsiteBaker 2.13.0 Remote Code Execution (0)
09-22: Backdoor.Win32.Hupigon.asqx Unauthenticated Open Proxy (0)
09-22: Backdoor.Win32.Minilash.10.b Denial Of Service (0)
09-22: OpenCats 0.9.4 XML Injection (0)
09-22: ManageEngine OpManager SumPDU Java Deserialization (0)
09-22: [webapps] Filerun 2021.03.26 – Remote Code Execution (RCE) (Authenticated) (0)
09-22: [webapps] Simple Attendance System 1.0 – Unauthenticated Blind SQLi (0)
09-21: ManageEngine OpManager SumPDU Java Deserialization (0)
09-21: Maxpatrol 8 / Xspider Denial Of Service (0)
09-21: WordPress 5.7 Media Library XML Injection (0)
09-21: Church Management System 1.0 Shell Upload (0)
09-21: Online Food Ordering System 2.0 Shell Upload (0)
09-21: Budget And Expense Tracker System 1.0 SQL Injection (0)
09-21: Church Management System 1.0 SQL Injection (0)
09-21: T-Soft E-Commerce 4 Cross Site Request Forgery (0)
09-21: Microsoft Windows MSHTML Overview (0)
09-21: Apple Security Advisory 2021-09-13-1 (0)
09-21: Apple Security Advisory 2021-09-13-2 (0)
09-21: Apple Security Advisory 2021-09-13-3 (0)
09-21: Apple Security Advisory 2021-09-13-4 (0)
09-21: Apple Security Advisory 2021-09-13-5 (0)
09-21: [dos] Yenkee Hornet Gaming Mouse – 'GM312Fltr.sys' Denial-Of-Service (PoC) (0)
09-21: [webapps] WebsiteBaker 2.13.0 – Remote Code Execution (RCE) (Authenticated) (0)
09-21: [webapps] Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-20: Microsoft Windows MSHTML Overview (0)
09-20: http://chaleang.go.th/er.php (0)
09-20: [webapps] Budget and Expense Tracker System 1.0 – Authenticated Bypass (0)
09-20: [webapps] Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-20: [webapps] Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-20: [webapps] WordPress 5.7 – 'Media Library' XML External Entity Injection (XXE) (Authenticated) (0)
09-20: [webapps] Church Management System 1.0 – 'search' SQL Injection (Unauthenticated) (0)
09-20: [webapps] T-Soft E-Commerce 4 – change 'admin credentials' Cross-Site Request Forgery (CSRF) (0)
09-18: Simple Attendance System 1.0 SQL Injection (0)
09-18: Cloudron 6.2 Cross Site Scripting (0)
09-18: Library Management System 1.0 SQL Injection (0)
09-18: WordPress WooCommerce Booster 5.4.3 Authentication Bypass (0)
09-18: Geutebruck instantrec Remote Command Execution (0)
09-17: Geutebruck instantrec Remote Command Execution (0)
09-17: Impress CMS 1.4.2 Remote Code Execution (0)
09-17: Microsoft Windows cmd.exe Stack Buffer Overflow (0)
09-17: Git git-lfs Remote Code Execution (0)
09-17: Azure Zero Day Flaws Highlight Lurking Supply Chain Risk (0)
09-17: [webapps] Simple Attendance System 1.0 – Authenticated bypass (0)
09-17: [webapps] Library Management System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
09-17: [webapps] WordPress Plugin WooCommerce Booster Plugin 5.4.3 – Authentication Bypass (0)
09-16: Git git-lfs Remote Code Execution (0)
09-16: Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload (0)
09-16: Evolution CMS 3.1.6 Remote Code Execution (0)
09-16: AHSS-PHP 1.0 Cross Site Scripting / SQL Injection (0)
09-16: Support Board 3.3.3 SQL Injection (0)
09-16: elFinder Archive Command Injection (0)
09-16: [webapps] ImpressCMS 1.4.2 – Remote Code Execution (RCE) (Authenticated) (0)
09-15: elFinder Archive Command Injection (0)
09-15: http://kpp.nfe.go.th/kurd.html (0)
09-15: Men Salon Management System 1.0 Cross Site Scripting / SQL Injection (0)
09-15: WordPress Download From Files 1.48 Shell Upload (0)
09-15: Apartment Visitor Management System 1.0 Shell Upload / SQL Injection (0)
09-15: Active WebCam 11.5 Unquoted Service Path (0)
09-15: Purchase Order Management System 1.0 Shell Upload (0)
09-15: Facebook ParlAI 1.0.0 Code Execution / Deserialization (0)
09-15: Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload (0)
09-15: Ulfius Web Framework Remote Memory Corruption (0)
09-15: DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting (0)
09-15: Pair Of Google Chrome Zero Day Bugs Actively Exploited (0)
09-15: [webapps] AlphaWeb XE – File Upload Remote Code Execution (RCE) (Authenticated) (0)
09-15: [webapps] Seowon 130-SLC router – 'queriesCnt' Remote Code Execution (Unauthenticated) (0)
09-15: [webapps] Evolution CMS 3.1.6 – Remote Code Execution (RCE) (Authenticated) (0)
09-15: [webapps] Support Board 3.3.3 – 'Multiple' SQL Injection (Unauthenticated) (0)
09-14: DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting (0)
09-14: [webapps] Purchase Order Management System 1.0 – Remote File Upload (0)
09-13: [webapps] Men Salon Management System 1.0 – Multiple Vulnerabilities (0)
09-13: [local] Active WebCam 11.5 – Unquoted Service Path (0)
09-13: [webapps] Apartment Visitor Management System (AVMS) 1.0 – SQLi to RCE (0)
09-13: [local] Facebook ParlAI 1.0.0 – Deserialization of Untrusted Data in parlai (0)
09-13: [webapps] ECOA Building Automation System – Weak Default Credentials (0)
09-13: [webapps] ECOA Building Automation System – Path Traversal Arbitrary File Upload (0)
09-13: [webapps] Wordpress Plugin Download From Files 1.48 – Arbitrary File Upload (0)
09-13: [webapps] ECOA Building Automation System – Arbitrary File Deletion (0)
09-13: [webapps] ECOA Building Automation System – Local File Disclosure (0)
09-13: [local] ECOA Building Automation System – Missing Encryption Of Sensitive Information (0)
09-13: [webapps] ECOA Building Automation System – Remote Privilege Escalation (0)
09-13: (0)
09-13: [remote] ECOA Building Automation System – Hard-coded Credentials SSH Access (0)
09-13: [webapps] ECOA Building Automation System – Cookie Poisoning Authentication Bypass (0)
09-13: [webapps] ECOA Building Automation System – Configuration Download Information Disclosure (0)
09-13: [webapps] ECOA Building Automation System – Directory Traversal Content Disclosure (0)
09-13: [webapps] ECOA Building Automation System – 'multiple' Cross-Site Request Forgery (CSRF) (0)
09-10: POMS-PHP 1.0 SQL Injection (0)
09-10: (0)
09-10: HEUR.Trojan.Win32.Generic Insecure Permissions (0)
09-10: ECOA Building Automation System Weak Default Credentials (0)
09-10: ECOA Building Automation System Path Traversal / Arbitrary File Upload (0)
09-10: ECOA Building Automation System Directory Traversal (0)
09-10: Backdoor.Win32.VB.awm Authentication Bypass / Information Disclosure (0)
09-10: ECOA Building Automation System Cross Site Request Forgery (0)
09-10: ECOA Building Automation System Cookie Poisoning / Authentication Bypass (0)
09-10: ECOA Building Automation System Configuration Download Information Disclosure (0)
09-10: Backdoor.Win32.Wollf.h Code Execution (0)
09-10: ECOA Building Automation System Hardcoded SSH Credentials (0)
09-10: ECOA Building Automation System Missing Encryption (0)
09-10: ECOA Building Automation System Remote Privilege Escalation (0)
09-10: ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference (0)
09-10: ECOA Building Automation System Local File Disclosure (0)
09-10: Backdoor.Win32.WinterLove.i Hardcoded Credential (0)
09-10: ECOA Building Automation System Arbitrary File Deletion (0)
09-10: Internet Explorer JIT Optimization Memory Corruption (0)
09-10: Atlassian Confluence WebWork OGNL Injection (0)
09-10: https://spm-sk.go.th (0)
09-09: https://www.nkpthospital.go.th/readme.html (0)
09-09: WordPress TablePress 1.14 CSV Injection (0)
09-09: Rencode Denial Of Service (0)
09-09: Ionic Identity Vault 4.7 Android Biometric Authentication Bypass (0)
09-09: [webapps] Bus Pass Management System 1.0 – 'adminname' Stored Cross-Site Scripting (XSS) (0)
09-08: Ionic Identity Vault 4.7 Android Biometric Authentication Bypass (0)
09-08: Bus Pass Management System 1.0 Cross Site Scripting (0)
09-08: Argus Surveillance DVR 4.0 Unquoted Service Path (0)
09-08: FlatCore CMS 2.0.7 Remote Code Execution (0)
09-08: Antminer Monitor 0.5.0 Authentication Bypass (0)
09-08: Online Learning System 2 SQL Injection (0)
09-08: Bus Pass Management System 1.0 Insecure Direct Object Reference (0)
09-08: Backdoor.Win32.Nyara.aq Insecure Permissions (0)
09-08: Patient Appointment Scheduler System 1.0 Shell Upload (0)
09-08: Patient Appointment Scheduler System 1.0 Cross Site Scripting (0)
09-08: Backdoor.Win32.Small.gs Code Execution (0)
09-08: SmartFTP Client 10.0.2909.0 Denial Of Service (0)
09-08: WordPress WP Sitemap Page 1.6.4 Cross Site Scripting (0)
09-08: Backdoor.Win32.Small.vjt Code Execution (0)
09-08: WordPress Survey And Poll 1.5.7.3 SQL Injection (0)
09-08: https://osd101.ldd.go.th/lindex.php (0)
09-08: [webapps] WordPress Plugin TablePress 1.14 – CSV Injection (0)
09-07: http://www.inlandfisheries.go.th/lindex.php (0)
09-07: Backdoor.Win32.Small.vjt Code Execution (0)
09-07: [webapps] WordPress Plugin WP Sitemap Page 1.6.4 – Stored Cross-Site Scripting (XSS) (0)
09-06: http://www.pattaya.chonburi.police.go.th/README.txt (0)
09-06: [webapps] Antminer Monitor 0.5.0 – Authentication Bypass (0)
09-06: [dos] SmartFTP Client 10.0.2909.0 – 'Multiple' Denial of Service (0)
09-06: [webapps] Patient Appointment Scheduler System 1.0 – Persistent/Stored XSS (0)
09-06: [webapps] Patient Appointment Scheduler System 1.0 – Unauthenticated File Upload & Remote Code Execution (RCE) (0)
09-06: [webapps] Bus Pass Management System 1.0 – 'viewid' Insecure direct object references (IDOR) (0)
09-06: [webapps] FlatCore CMS 2.0.7 – Remote Code Execution (RCE) (Authenticated) (0)
09-06: [webapps] OpenEMR 6.0.0 – 'noteid' Insecure Direct Object Reference (IDOR) (0)
09-06: [local] Argus Surveillance DVR 4.0 – Unquoted Service Path (0)
09-04: Windows Defender Application Guard Denial Of Service (0)
09-04: jforum 2.7.0 Cross Site Scripting (0)
09-04: Remote Mouse 4.002 Unquoted Service Path (0)
09-04: OpenSIS 8.0 Directory Traversal (0)
09-04: Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal (0)
09-03: Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal (0)
09-03: WordPress Duplicate Page 4.4.1 Cross Site Scripting (0)
09-03: WPanel 4.3.1 Remote Code Execution (0)
09-03: Backdoor.Win32.MoonPie.40 Authentication Bypass / Code Execution (0)
09-03: OpenSIS Community 8.0 SQL Injection (0)
09-03: Compro Technology IP Camera Denial Of Service (0)
09-03: Backdoor.Win32.MoonPie.40 Man-In-The-Middle (0)
09-03: Compro Technology IP Camera RTSP Stream Disclosure (0)
09-03: Compro Technology IP Camera Credential Disclosure (0)
09-03: Dolibarr ERP/CRM 14.0.1 Privilege Escalation (0)
09-03: Backdoor.Win32.MoonPie.40 Remote Command Execution (0)
09-03: Compro Technology IP Camera Stream Disclosure (0)
09-03: Compro Technology IP Camera Screenshot Disclosure (0)
09-03: CyberArk Credential Provider Race Condition / Authorization Bypass (0)
09-03: Geutebruck Remote Command Execution (0)
09-03: [webapps] OpenSIS 8.0 'modname' – Directory/Path Traversal (0)
09-03: [local] Remote Mouse 4.002 – Unquoted Service Path (0)
09-02: Geutebruck Remote Command Execution (0)
09-02: Telegram Desktop 2.9.2 Denial Of Service (0)
09-02: COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection (0)
09-02: HiveNightmare AKA SeriousSAM (0)
09-02: WordPress GetPaid 2.4.6 HTML Injection (0)
09-02: Fabasoft Cloud Website Cross Site Scripting (0)
09-02: Traffic Offense Management System 1.0 SQL Injection / Remote Code Execution (0)
09-02: OpenEMR 6.0.0 Insecure Direct Object Reference (0)
09-02: Confluence Server 7.12.4 OGNL Injection Remote Code Execution (0)
09-02: Moxa Command Injection / Cross Site Scripting / Vulnerable Software (0)
09-02: Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation (0)
09-02: Packet Storm New Exploits For August, 2021 (0)
09-02: [webapps] WPanel 4.3.1 – Remote Code Execution (RCE) (Authenticated) (0)
09-02: [webapps] Compro Technology IP Camera – ' index_MJpeg.cgi' Stream Disclosure (0)
09-02: [webapps] Compro Technology IP Camera – 'Multiple' Credential Disclosure (0)
09-02: [webapps] Compro Technology IP Camera – RTSP stream disclosure (Unauthenticated) (0)
09-02: [webapps] OpenSIS Community 8.0 – 'cp_id_miss_attn' SQL Injection (0)
09-02: [webapps] Compro Technology IP Camera – 'killps.cgi' Denial-of-Service (DoS) (0)
09-02: [webapps] Compro Technology IP Camera – ' mjpegStreamer.cgi' Screenshot Disclosure (0)
09-02: [webapps] Dolibarr ERP/CRM 14.0.1 – Privilege Escalation (0)
09-01: Packet Storm New Exploits For August, 2021 (0)
09-01: MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation (0)
09-01: Strapi 3.0.0-beta.17.7 Remote Code Execution (0)
09-01: HEUR.Trojan.Win32.Delf.gen Insecure Permissions (0)
09-01: Bus Pass Management System 1.0 SQL Injection (0)
09-01: Backdoor.Win32.DarkKomet.aspl Insecure Permissions (0)
09-01: Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy (0)
09-01: Strapi CMS 3.0.0-beta.17.4 Remote Code Execution (0)
09-01: Backdoor.Win32.Antilam.11 Code Execution (0)
09-01: Ship Ferry Ticket Reservation System 1.0 SQL Injection (0)
09-01: Backdoor.Win32.Hupigon.abe Unauthenticated Open Proxy (0)
09-01: Projectsend r1295 Cross Site Scripting (0)
09-01: Strapi 3.0.0-beta Authentication Bypass (0)
09-01: Backdoor.Win32.Delf.um Authentication Bypass / Code Execution (0)
09-01: Online Leave Management System 1.0 SQL Injection (0)
09-01: Umbraco CMS 8.9.1 Traversal / Arbitrary File Write (0)
09-01: Backdoor.Win32.Delf.wr Authentication Bypass / Code Execution (0)
09-01: Backdoor.Win32.Delf.wr Man-In-The-Middle (0)
09-01: WordPress ProfilePress 3.1.3 Privilege Escalation (0)
09-01: Git LFS Clone Command Execution (0)
09-01: Backdoor.Win32.BO2K.11.d Buffer Overflow (0)
09-01: Backdoor.Win32.Hupigon.aejq Authentication Bypass / Code Execution (0)
09-01: Backdoor.Win32.Hupigon.aejq Man-In-The-Middle (0)
09-01: Backdoor.Win32.Hupigon.aejq Traversal (0)
09-01: BSCW Server XML Injection (0)
09-01: BSCW Server Remote Code Execution (0)
09-01: [dos] Telegram Desktop 2.9.2 – Denial of Service (PoC) (0)
09-01: [webapps] WordPress Plugin Payments Plugin | GetPaid 2.4.6 – HTML Injection (0)
09-01: [webapps] Traffic Offense Management System 1.0 – SQLi to Remote Code Execution (RCE) (Unauthenticated) (0)
09-01: [webapps] Confluence Server 7.12.4 – 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated) (0)

August 2021 (180)

08-31: BSCW Server Remote Code Execution (0)
08-31: [webapps] WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated) (0)
08-31: [webapps] Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated) (0)
08-30: [webapps] Projectsend r1295 – 'name' Stored XSS (0)
08-30: [webapps] Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated) (0)
08-30: [webapps] Strapi 3.0.0-beta – Set Password (Unauthenticated) (0)
08-30: [local] MySQL User-Defined (Linux) x32 / x86_64 – 'sys_exec' Local Privilege Escalation (2) (0)
08-30: [webapps] Usermin 1.820 – Remote Code Execution (RCE) (Authenticated) (0)
08-30: [webapps] Bus Pass Management System 1.0 – 'viewid' SQL Injection (0)
08-30: [webapps] Strapi CMS 3.0.0-beta.17.4 – Remote Code Execution (RCE) (Unauthenticated) (0)
08-30: [webapps] ZesleCP 3.1.9 – Remote Code Execution (RCE) (Authenticated) (0)
08-27: ProcessMaker 3.5.4 Local File Inclusion (0)
08-27: [webapps] CyberPanel 2.1 – Remote Code Execution (RCE) (Authenticated) (0)
08-26: ProcessMaker 3.5.4 Local File Inclusion (0)
08-26: WordPress Mail Masta 1.0 Local File Inclusion (0)
08-26: HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site Scripting (0)
08-26: Online Leave Management System 1.0 Shell Upload (0)
08-26: [webapps] ProcessMaker 3.5.4 – Local File inclusion (0)
08-25: Online Leave Management System 1.0 Shell Upload (0)
08-25: [webapps] Online Leave Management System 1.0 – Arbitrary File Upload to Shell (Unauthenticated) (0)
08-25: [webapps] HP OfficeJet 4630/7110 MYM1FN2025AR/2117A – Stored Cross-Site Scripting (XSS) (0)
08-25: [webapps] WordPress Plugin Mail Masta 1.0 – Local File Inclusion (2) (0)
08-24: Simple Phone Book/Directory 1.0 SQL Injection (0)
08-24: RaspAP 2.6.6 Remote Code Execution (0)
08-24: Shoutcast Server 2.6.0.753 Crash (0)
08-24: Online Traffic Offense Management System 1.0 Remote Code Execution (0)
08-24: https://thailandcoralbleaching.dmcr.go.th/index.html (0)
08-24: https://itcenter.dmcr.go.th/index.html (0)
08-24: http://form.dmcr.go.th/index.html (0)
08-23: Online Traffic Offense Management System 1.0 Remote Code Execution (0)
08-23: [webapps] RaspAP 2.6.6 – Remote Code Execution (RCE) (Authenticated) (0)
08-23: [webapps] Simple Phone book/directory 1.0 – 'Username' SQL Injection (Unauthenticated) (0)
08-23: [webapps] Online Traffic Offense Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
08-21: https://www.ccit.go.th/azu.php (0)
08-21: Laundry Booking Management System 1.0 Cross Site Scripting (0)
08-21: Laundry Booking Management System 1.0 SQL Injection (0)
08-21: NetModule Router Software Password Handling / Session Fixation (0)
08-21: Online Traffic Offense Management System 1.0 SQL Injection (0)
08-21: Microsoft Exchange ProxyShell Remote Code Execution (0)
08-20: Microsoft Exchange ProxyShell Remote Code Execution (0)
08-20: Charity Management System CMS 1.0 Code Execution / XSS / SQL Injection (0)
08-20: WebKit WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy Heap Use-After-Free (0)
08-20: JavaScriptCore Crash Proof Of Concept (0)
08-20: WebKit Element::dispatchMouseEvent Heap Use-After-Free (0)
08-20: Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials (0)
08-20: [webapps] Laundry Booking Management System 1.0 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
08-20: [webapps] Laundry Booking Management System 1.0 – 'Multiple' SQL Injection (0)
08-20: [webapps] Online Traffic Offense Management System 1.0 – 'id' SQL Injection (Authenticated) (0)
08-19: Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials (0)
08-19: Fortinet Slams Rapid7 For Disclosing Vulnerability (0)
08-19: COVID-19 Testing Management System 1.0 SQL Injection (0)
08-19: Hospital Management System Cross Site Scripting (0)
08-19: Crime Records Management System 1.0 SQL Injection (0)
08-19: Crossfire Server 1.0 Buffer Overflow (0)
08-19: Simple Image Gallery 1.0 Shell Upload (0)
08-19: [webapps] Charity Management System CMS 1.0 – Multiple Vulnerabilities (0)
08-18: Simple Image Gallery 1.0 Shell Upload (0)
08-18: http://mueang.chanthaburi.doae.go.th (0)
08-18: SonicWall NetExtender 10.2.0.300 Unquoted Service Path (0)
08-18: Cyberoam NetGenie Cross Site Scripting (0)
08-18: GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution (0)
08-18: Lucee Administrator imgProcess.cfm Arbitrary File Write (0)
08-18: [remote] crossfire-server 1.9.0 – 'SetUp()' Remote Buffer Overflow (0)
08-18: [webapps] Simple Image Gallery 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
08-18: [webapps] COVID19 Testing Management System 1.0 – 'Multiple' SQL Injections (0)
08-18: [webapps] Crime records Management System 1.0 – 'Multiple' SQL Injection (Authenticated) (0)
08-17: Lucee Administrator imgProcess.cfm Arbitrary File Write (0)
08-17: Tiny Java Web Server 1.115 Cross Site Scripting (0)
08-17: Firebase PHP-JWT Algorithm Confusion (0)
08-17: CentOS Web Panel 0.9.8.1081 Cross Site Scripting (0)
08-17: NetGear D1500 1.0.0.21_1.0.1PE Cross Site Scripting (0)
08-17: COMMAX Biometric Access Control System 1.0.0 Cross Site Scripting (0)
08-17: Chrome JS WasmJs::InstallConditionalFeatures Object Corruption (0)
08-17: Simple Water Refilling Station Management System 1.0 SQL Injection (0)
08-17: Simple Water Refilling Station Management System 1.0 Shell Upload (0)
08-17: COMMAX Biometric Access Control System 1.0.0 Authentication Bypass (0)
08-17: TastyIgniter 3.0.7 Cross Site Scripting (0)
08-17: COMMAX Smart Home IoT Control System CDP-1020n SQL Injection (0)
08-17: COMMAX WebViewer ActiveX Control 2.1.4.5 Buffer Overflow (0)
08-17: COMMAX UMS Client ActiveX Control 1.7.0.2 Buffer Overflow (0)
08-17: COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credential Disclosure (0)
08-17: COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS (0)
08-17: COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure (0)
08-17: [webapps] GeoVision Geowebserver 5.3.3 – LFI / XSS / HHI / RCE (0)
08-17: [local] SonicWall NetExtender 10.2.0.300 – Unquoted Service Path (0)
08-16: COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure (0)
08-16: [webapps] COMMAX CVD-Axx DVR 5.1.4 – Weak Default Credentials Stream Disclosure (0)
08-16: [webapps] COMMAX Smart Home Ruvie CCTV Bridge DVR Service – RTSP Credentials Disclosure (0)
08-16: [webapps] COMMAX Smart Home IoT Control System CDP-1020n – SQL Injection Authentication Bypass (0)
08-16: [webapps] COMMAX Biometric Access Control System 1.0.0 – Authentication Bypass (0)
08-16: [webapps] Simple Water Refilling Station Management System 1.0 – Authentication Bypass (0)
08-16: [webapps] Simple Water Refilling Station Management System 1.0 – Remote Code Execution (RCE) through File Upload (0)
08-16: [webapps] CentOS Web Panel 0.9.8.1081 – Stored Cross-Site Scripting (XSS) (0)
08-16: [webapps] COMMAX Smart Home Ruvie CCTV Bridge DVR Service – Config Write / DoS (Unauthenticated) (0)
08-16: [webapps] NetGear D1500 V1.0.0.21_1.0.1PE – 'Wireless Repeater' Stored Cross-Site Scripting (XSS) (0)
08-14: RATES SYSTEM 1.0 SQL Injection (0)
08-14: Police Crime Record Management System 1.0 SQL Injection (0)
08-14: Police Crime Record Management System 1.0 Cross Site Scripting (0)
08-14: Easy-Mock 1.6.0 Remote Code Execution (0)
08-14: Chikitsa 2.0.0 Cross Site Scripting (0)
08-14: Care2x Open Source Hospital Information Management 2.7 Alpha XSS (0)
08-14: 4images 1.8 SQL Injection (0)
08-14: Simple Image Gallery System 1.0 SQL Injection (0)
08-14: HackTool.Win32.HKit Remote Command Execution (0)
08-14: PluXML 5.8.7 Cross Site Scripting (0)
08-13: http://www.sesalpglpn.go.th/index.html (0)
08-13: PluXML 5.8.7 Cross Site Scripting (0)
08-13: Xiaomi 10.2.4.g Information Disclosure (0)
08-13: COVID19 Testing Management System 1.0 SQL Injection (0)
08-13: RATES SYSTEM 1.0 SQL Injection (0)
08-13: Atlassian Crowd pdkinstall Remote Code Execution (0)
08-13: Lexmark Driver Privilege Escalation (0)
08-13: [webapps] Simple Image Gallery System 1.0 – 'id' SQL Injection (0)
08-13: [webapps] easy-mock 1.6.0 – Remote Code Execution (RCE) (Authenticated) (0)
08-13: [webapps] 4images 1.8 – 'limitnumber' SQL Injection (Authenticated) (0)
08-12: Lexmark Driver Privilege Escalation (0)
08-12: Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy (0)
08-12: Backdoor.Win32.IRCBot.gen Hardcoded Credential (0)
08-12: HackTool.Win32.Hidd.b Buffer Overflow (0)
08-12: Canon TR150 Driver 3.71.2.10 Privilege Escalation (0)
08-12: http://www.pri1.go.th/yo.php (0)
08-12: [webapps] RATES SYSTEM 1.0 – 'Multiple' SQL Injections (0)
08-12: [webapps] Altova MobileTogether Server 7.3 – XML External Entity Injection (XXE) (0)
08-12: [webapps] COVID19 Testing Management System 1.0 – 'searchdata' SQL Injection (0)
08-11: Canon TR150 Driver 3.71.2.10 Privilege Escalation (0)
08-11: http://english.dip.go.th/ma.txt (0)
08-11: Cockpit CMS 0.11.1 NoSQL Injection (0)
08-11: WordPress LifterLMS 4.21.1 Insecure Direct Object Reference (0)
08-11: IPCop 2.1.9 Remote Code Execution (0)
08-11: Facebook For Android Friend Acceptance (0)
08-11: WordPress Picture Gallery 1.4.2 Cross Site Scripting (0)
08-11: Simple Library Management System 1.0 SQL Injection (0)
08-11: MobileTogether Server 7.3 XML Injection (0)
08-10: MobileTogether Server 7.3 XML Injection (0)
08-10: OneNav Beta 0.9.12 Cross Site Scripting (0)
08-10: Microsoft Windows Malicious Software Removal Tool Privilege Escalation (0)
08-10: [webapps] Cockpit CMS 0.11.1 – 'Username Enumeration & Password Reset' NoSQL Injection (0)
08-10: [local] Amica Prodigy 1.7 – Privilege Escalation (0)
08-10: [webapps] IPCop 2.1.9 – Remote Code Execution (RCE) (Authenticated) (0)
08-09: Microsoft Windows Malicious Software Removal Tool Privilege Escalation (0)
08-09: https://udn1.go.th/yo.php (0)
08-07: http://www.nongtongpattana.go.th (0)
08-07: Amica Prodigy 1.7 Privilege Escalation (0)
08-07: Constructor.Win32.SS.11.c Unauthenticated Open Proxy (0)
08-07: Trojan-Dropper.Win32.Small.fp Unauthenticated Open Proxy (0)
08-07: Backdoor.Win32.Zdemon.10 Remote Command Execution (0)
08-07: Backdoor.Win32.Zdemon.126 Remote Command Execution (0)
08-07: Backdoor.Win32.Zaratustra Remote File Write / Code Execution (0)
08-06: Backdoor.Win32.Zaratustra Remote File Write / Code Execution (0)
08-06: CMSuno 1.7 Cross Site Scripting (0)
08-06: Moodle 3.9 Remote Code Execution (0)
08-06: GFI Mail Archiver 15.1 Arbitrary File Upload (0)
08-05: GFI Mail Archiver 15.1 Arbitrary File Upload (0)
08-05: Apache OfBiz 17.12.01 Remote Command Execution (0)
08-05: WordPress WP Customize Login 1.1 Cross Site Scripting (0)
08-05: Riak Insecure Default Configuration / Remote Command Execution (0)
08-05: Client Management System 1.1 Cross Site Scripting (0)
08-05: qdPM 9.2 Information Disclosure (0)
08-05: [webapps] GFI Mail Archiver 15.1 – Telerik UI Component Arbitrary File Upload (Unauthenticated) (0)
08-05: [webapps] CMSuno 1.7 – 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated) (0)
08-05: [webapps] Moodle 3.9 – Remote Code Execution (RCE) (Authenticated) (0)
08-04: http://www.kuangrod.go.th (0)
08-04: qdPM 9.2 Information Disclosure (0)
08-04: Hotel Management System 1.0 Cross Site Scripting / Shell Upload (0)
08-04: [webapps] ApacheOfBiz 17.12.01 – Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments (0)
08-04: [webapps] qdPM 9.2 – DB Connection String and Password Exposure (Unauthenticated) (0)
08-04: [webapps] qdPM 9.1 – Remote Code Execution (RCE) (Authenticated) (0)
08-04: [webapps] WordPress Plugin WP Customize Login 1.1 – 'Change Logo Title' Stored Cross-Site Scripting (XSS) (0)
08-04: [webapps] Client Management System 1.1 – 'cname' Stored Cross-site scripting (XSS) (0)
08-03: https://rayonghospital.go.th/pwn.htm (0)
08-03: Hotel Management System 1.0 Cross Site Scripting / Shell Upload (0)
08-03: Men Salon Management System 1.0 SQL Injection (0)
08-03: Neo4j 3.4.18 Remote Code Execution (0)
08-03: Online Hotel Reservation System 1.0 Cross Site Scripting (0)
08-03: Packet Storm New Exploits For July, 2021 (0)
08-03: [webapps] Hotel Management System 1.0 – Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE) (0)
08-02: Packet Storm New Exploits For July, 2021 (0)
08-02: [webapps] Online Hotel Reservation System 1.0 – 'Multiple' Cross-site scripting (XSS) (0)
08-02: [remote] Neo4j 3.4.18 – RMI based Remote Code Execution (RCE) (0)
08-02: [webapps] Men Salon Management System 1.0 – SQL Injection Authentication Bypass (0)

July 2021 (311)

07-31: ObjectPlanet Opinio 7.13 / 7.14 XML Injection (0)
07-31: ObjectPlanet Opinio 7.13 Expression Language Injection (0)
07-31: ObjectPlanet Opinio 7.13 Shell Upload (0)
07-31: Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery (0)
07-31: Pi-Hole Remove Commands Linux Privilege Escalation (0)
07-31: http://korat7.go.th/hi.htm (0)
07-30: Pi-Hole Remove Commands Linux Privilege Escalation (0)
07-30: IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration (0)
07-30: Care2x Integrated Hospital Info System 2.7 SQL Injection (0)
07-30: CloverDX 5.9.0 Code Execution / Cross Site Request Forgery (0)
07-30: ObjectPlanet Opinio 7.12 Cross Site Scripting (0)
07-30: Denver IP Camera SHO-110 Snapshot Disclosure (0)
07-30: Longjing Technology BEMS API 1.21 Remote Arbitrary File Download (0)
07-30: Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection (0)
07-30: Microsoft Exchange AD Schema Misconfiguration Privilege Escalation (0)
07-29: Microsoft Exchange AD Schema Misconfiguration Privilege Escalation (0)
07-29: http://secondary33.go.th/vuln.gif (0)
07-29: TripSpark VEO Transportation SQL Injection (0)
07-29: eGain Chat 15.5.5 Cross Site Scripting (0)
07-29: Denver Smart Wifi Camera SHC-150 Remote Code Execution (0)
07-29: Event Registration System With QR Code 1.0 Shell Upload (0)
07-29: Backdoor.Win32.WinShell.40 Code Execution (0)
07-29: Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers (0)
07-29: [webapps] Oracle Fatwire 6.3 – Multiple Vulnerabilities (0)
07-29: [webapps] CloverDX 5.9.0 – Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) (0)
07-29: [webapps] Care2x Integrated Hospital Info System 2.7 – 'Multiple' SQL Injection (0)
07-29: [webapps] IntelliChoice eFORCE Software Suite 2.5.9 – Username Enumeration (0)
07-29: [webapps] Longjing Technology BEMS API 1.21 – Remote Arbitrary File Download (0)
07-29: [webapps] Denver IP Camera SHO-110 – Unauthenticated Snapshot (0)
07-28: Backdoor.Win32.WinShell.40 Code Execution (0)
07-28: WordPress Social Warfare 3.5.2 Remote Code Execution (0)
07-28: PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection (0)
07-28: https://kangplu.go.th/krz.html (0)
07-28: https://bantan.go.th/krz.html (0)
07-28: https://samrong.go.th/krz.html (0)
07-28: https://khamtalayso.go.th/krz.html (0)
07-28: https://nonyor.go.th/krz.html (0)
07-28: https://naimeung.go.th/krz.html (0)
07-28: [webapps] TripSpark VEO Transportation – Blind SQL Injection (0)
07-28: [remote] Denver Smart Wifi Camera SHC-150 – 'Telnet' Remote Code Execution (RCE) (0)
07-28: [webapps] Event Registration System with QR Code 1.0 – Authentication Bypass & RCE (0)
07-27: PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection (0)
07-27: Zabbix 5.x SQL Injection / Cross Site Scripting (0)
07-27: Elasticsearch ECE 7.13.3 Database Disclosure (0)
07-27: Backdoor.Win32.Hupigon.aaur Unauthenticated Open Proxy (0)
07-27: Backdoor.Win32.Mazben.me Unauthenticated Open Proxy (0)
07-27: Leawo Prof. Media 11.0.0.1 Denial Of Service (0)
07-27: Backdoor.Win32.Agent.cu Authentication Bypass (0)
07-27: XOS Shop 1.0.9 Arbitrary File Deletion (0)
07-27: Backdoor.Win32.Agent.cu Man-In-The-Middle (0)
07-27: Backdoor.Win32.Agent.cu Code Execution (0)
07-27: Backdoor.Win32.PsyRat.b Denial Of Service (0)
07-27: NoteBurner 2.35 Denial Of Service (0)
07-27: Backdoor.Win32.PsyRat.b Code Execution (0)
07-27: WordPress Modern Events Calendar Remote Code Execution (0)
07-27: Backdoor.Win32.Bifrose.acci Buffer Overflow (0)
07-27: Backdoor.Win32.Nbdd.bgz Buffer Overflow (0)
07-27: WordPress SP Project And Document Remote Code Execution (0)
07-27: [webapps] PHP 7.3.15-3 – 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection (0)
07-27: [webapps] Customer Relationship Management System (CRM) 1.0 – Sql Injection Authentication Bypass (0)
07-26: [webapps] XOS Shop 1.0.9 – 'Multiple' Arbitrary File Deletion (Authenticated) (0)
07-26: [webapps] NoteBurner 2.35 – Denial Of Service (DoS) (PoC) (0)
07-26: [dos] Leawo Prof. Media 11.0.0.1 – Denial of Service (DoS) (PoC) (0)
07-26: [webapps] Elasticsearch ECE 7.13.3 – Anonymous Database Dump (0)
07-24: WordPress Simple Post 1.1 Cross Site Scripting (0)
07-24: Microsoft SharePoint Server 2019 Remote Code Execution (0)
07-24: ElasticSearch 7.13.3 Memory Disclosure (0)
07-23: Apple Security Advisory 2021-07-21-1 (0)
07-23: Apple Security Advisory 2021-07-21-2 (0)
07-23: Apple Security Advisory 2021-07-21-3 (0)
07-23: Apple Security Advisory 2021-07-21-4 (0)
07-23: Apple Security Advisory 2021-07-21-5 (0)
07-23: Apple Security Advisory 2021-07-21-6 (0)
07-23: Apple Security Advisory 2021-07-21-7 (0)
07-23: ElasticSearch 7.13.3 Memory Disclosure (0)
07-23: [webapps] ElasticSearch 7.13.3 – Memory disclosure (0)
07-23: [webapps] WordPress Plugin Simple Post 1.1 – 'Text field' Stored Cross-Site Scripting (XSS) (0)
07-22: NSO Will No Longer Talk To The Press About Damning Reports (0)
07-22: Vehicle Parking Management System 1.0 Cross Site Scripting (0)
07-22: Vehicle Parking Management System 1.0 SQL Injection (0)
07-22: Online Shopping Portal 3.1 SQL Injection (0)
07-22: News Portal Project 3.1 SQL Injection (0)
07-22: CSZ CMS 1.2.9 Arbitrary File Deletion (0)
07-22: Ampache 4.4.2 Cross Site Scripting (0)
07-22: Sequoia: A Deep Root In Linux's Filesystem Layer (0)
07-22: WordPress Backup Guard Authenticated Remote Code Execution (0)
07-22: Sage X3 Administration Service Authentication Bypass / Command Execution (0)
07-21: WordPress KN Fix Your Title 1.0.1 Cross Site Scripting (0)
07-21: Webmin 1.973 Cross Site Request Forgery (0)
07-21: Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation (0)
07-21: Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization (0)
07-21: KevinLAB BEMS 1.0 Undocumented Backdoor Account (0)
07-21: KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass (0)
07-21: KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure (0)
07-21: Apple Under Pressure Over iPhone Security After NSO Spyware Claims (0)
07-21: [webapps] CSZ CMS 1.2.9 – 'Multiple' Arbitrary File Deletion (0)
07-21: [webapps] KevinLAB BEMS 1.0 – File Path Traversal Information Disclosure (Authenticated) (0)
07-21: [webapps] KevinLAB BEMS 1.0 – Unauthenticated SQL Injection / Authentication Bypass (0)
07-21: [remote] KevinLAB BEMS 1.0 – Undocumented Backdoor Account (0)
07-20: http://www.takesa1.go.th (0)
07-20: Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation (0)
07-20: PEEL Shopping 9.3.0 SQL Injection (0)
07-20: HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy (0)
07-20: HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy (0)
07-20: Backdoor.Win32.IRCBot.gen Weak Hardcoded Password (0)
07-20: HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions (0)
07-20: WordPress LearnPress SQL Injection (0)
07-20: WordPress LearnPress Privilege Escalation (0)
07-20: HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions (0)
07-20: Backdoor.Win32.Agent.bjev Insecure Permissions (0)
07-20: Dolibarr ERP/CRM 10.0.6 Login Brute Forcer (0)
07-20: Trojan-Spy.Win32.SpyEyes.abdb Insecure Permissions (0)
07-20: Trojan-Spy.Win32.SpyEyes.hqd Insecure Permissions (0)
07-20: WordPress Mimetic Books 0.2.13 Cross Site Scripting (0)
07-20: Backdoor.Win32.IRCBot.gen Remote Command Execution (0)
07-20: [webapps] WordPress Plugin KN Fix Your Title 1.0.1 – 'Separator' Stored Cross-Site Scripting (XSS) (0)
07-19: [webapps] PEEL Shopping 9.3.0 – 'id' Time-based SQL Injection (0)
07-19: [webapps] Dolibarr ERP/CRM 10.0.6 – Login Brute Force (0)
07-19: [webapps] WordPress Plugin Mimetic Books 0.2.13 – 'Default Publisher ID field' Stored Cross-Site Scripting (XSS) (0)
07-19: [webapps] WordPress Plugin LearnPress 3.2.6.7 – 'current_items' SQL Injection (Authenticated) (0)
07-19: [webapps] WordPress Plugin LearnPress 3.2.6.8 – Privilege Escalation (0)
07-17: VMware ThinApp DLL Hijacking (0)
07-17: Aruba Instant (IAP) Remote Code Execution (0)
07-17: Seagate BlackArmor NAS sg2000-2000.1331 Command Injection (0)
07-17: Aruba Instant 8.7.1.0 Arbitrary File Modification (0)
07-17: ForgeRock Access Manager/OpenAM 14.6.3 Remote Code Execution (0)
07-17: Argus Surveillance DVR 4.0 Weak Password Encryption (0)
07-17: OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting (0)
07-17: Linux Kernel Netfilter Heap Out-Of-Bounds Write (0)
07-16: Linux Kernel Netfilter Heap Out-Of-Bounds Write (0)
07-16: https://www.forest.go.th/by.html (0)
07-16: Safari Zero-Day Used In LinkedIn Campaign (0)
07-16: osCommerce 2.3.4.1 Remote Code Execution (0)
07-16: WordPress Popular Posts 5.3.2 Shell Upload (0)
07-16: Tor Half-Closed Connection Stream Confusion (0)
07-16: [remote] Aruba Instant 8.7.1.0 – Arbitrary File Modification (0)
07-16: [webapps] ForgeRock Access Manager/OpenAM 14.6.3 – Remote Code Execution (RCE) (Unauthenticated) (0)
07-16: [local] Argus Surveillance DVR 4.0 – Weak Password Encryption (0)
07-16: [webapps] Seagate BlackArmor NAS sg2000-2000.1331 – Command Injection (0)
07-15: iOS Zero-Day Let SolarWinds Hackers Compromise iPhones (0)
07-15: Google Details Recent Malware Campaigns Amid Uptick In Zero-Day Attacks (0)
07-15: https://e-service.loei2.go.th/report/resource/krz.txt (0)
07-15: http://nakhonphanom.rid.go.th/wp-includes_/krz.txt (0)
07-15: http://rio14data.rid.go.th/data_rio14/finance/krz.txt (0)
07-15: http://yasothon.rid.go.th/wp-content/krz.txt (0)
07-15: http://krabi.rid.go.th/kbi/wp-content/krz.txt (0)
07-15: http://pasakjolasid.rid.go.th/krz.txt (0)
07-15: http://songkhla.rid.go.th/wp-content//krz.txt (0)
07-15: http://phakhai.rid.go.th/2021/sites/krz.txt (0)
07-15: http://rio11.rid.go.th/images/krz.txt (0)
07-15: http://kangkrachan.rid.go.th/images/krz.txt (0)
07-15: http://maelao.rid.go.th/krz.txt (0)
07-15: http://narathiwat.rid.go.th/17/tmp/krz.txt (0)
07-15: http://rio2.rid.go.th/krz.txt (0)
07-15: http://nongwai.rid.go.th/nw/tmp/krz.txt (0)
07-15: http://surin.rid.go.th/images/krz.txt (0)
07-15: Tor Half-Closed Connection Stream Confusion (0)
07-15: https://www.jvkorat.go.th/pi.html (0)
07-15: Webmin 1.973 Cross Site Request Forgery (0)
07-15: WordPress Current Book 1.0.1 Cross Site Scripting (0)
07-15: Microsoft Hyper-V vmswitch.sys Proof Of Concept (0)
07-15: Realtek RTKVHD64.sys Out-Of-Bounds Access (0)
07-15: Windows TCP/IP Denial Of Service (0)
07-15: XNU Network Stack Kernel Heap Overflow (0)
07-15: Microsoft Windows CreateProcessWithLogon Write Restricted Service Privilege Escalation (0)
07-15: Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution (0)
07-15: [webapps] osCommerce 2.3.4.1 – Remote Code Execution (2) (0)
07-15: [webapps] WordPress Plugin Popular Posts 5.3.2 – Remote Code Execution (RCE) (Authenticated) (0)
07-14: Apache Tomcat 9.0.0M1 Open Redirect (0)
07-14: Apache Tomcat 9.0.0.M1 Cross Site Scripting (0)
07-14: HEUR.Backdoor.Win32.Agent.gen Insecure Permissions (0)
07-14: Backdoor.IRC.Ataka.a Insecure Permissions (0)
07-14: Trojan-Proxy.Win32.Ranky.gen Unauthenticated Open Proxy (0)
07-14: Backdoor.Win32.NerTe.a Authentication Bypass / Code Execution (0)
07-14: Pandora FMS 7.54 Cross Site Scripting (0)
07-14: Backdoor.Win32.NerTe.a Unauthenticated Remote Command Execution (0)
07-14: Trojan.Win32.RASFlooder.b Hardcoded Password (0)
07-14: Backdoor.Win32.Surila.j Man-In-The-Middle / Port Bounce (0)
07-14: Backdoor.Win32.Surila.j Authentication Bypass (0)
07-14: OpenEMR 5.0.1.3 Shell Upload (0)
07-14: VirTool.Win32.Afix Buffer Overflow / Code Execution (0)
07-14: WordPress WPFront Notification Bar 1.9.1.04012 Cross Site Scripting (0)
07-14: Garbage Collection Management System 1.0 Shell Upload / SQL Injection (0)
07-14: Backdoor.Win32.Surila.j Denial Of Service (0)
07-14: Invoice System 1.0 Cross Site Scripting (0)
07-14: VirTool.Win32.Afix Buffer Overflow / Code Execution (0)
07-14: ForgeRock / OpenAM Jato Java Deserialization (0)
07-14: VMware vCenter Server Virtual SAN Health Check Remote Code Execution (0)
07-14: SolarWinds Issues Hotfix For Zero-Day Flaw Under Active Attack (0)
07-14: [webapps] WordPress Plugin Current Book 1.0.1 – 'Book Title and Author field' Stored Cross-Site Scripting (XSS) (0)
07-14: [webapps] Webmin 1.973 – Cross-Site Request Forgery (CSRF) (0)
07-13: [webapps] Garbage Collection Management System 1.0 – SQL Injection + Arbitrary File Upload (0)
07-13: [webapps] OpenEMR 5.0.1.3 – 'manage_site_files' Remote Code Execution (Authenticated) (2) (0)
07-13: [webapps] Invoice System 1.0 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
07-13: [webapps] Apache Tomcat 9.0.0.M1 – Open Redirect (0)
07-13: [webapps] WordPress Plugin WPFront Notification Bar 1.9.1.04012 – Stored Cross-Site Scripting (XSS) (0)
07-13: [webapps] Apache Tomcat 9.0.0.M1 – Cross-Site Scripting (XSS) (0)
07-10: Zoo Management System 1.0 Cross Site Scripting (0)
07-10: Church Management System 1.0 Shell Upload / SQL Injection (0)
07-10: Polkit D-Bus Authentication Bypass (0)
07-09: WordPress SP Project And Document Manager 4.21 Shell Upload (0)
07-09: Employee Record Management System 1.2 Cross Site Scripting (0)
07-09: Online Covid Vaccination Scheduler System 1.0 Shell Upload (0)
07-09: MpEngine ASProtect Embedded Runtime DLL Memory Corruption (0)
07-09: Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload (0)
07-09: [webapps] Zoo Management System 1.0 – 'Multiple' Stored Cross-Site-Scripting (XSS) (0)
07-09: [webapps] Church Management System 1.0 – SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE (0)
07-08: Online Covid Vaccination Scheduler System 1.0 SQL Injection (0)
07-08: Docker Dashboard Remote Command Execution (0)
07-08: Rocket.Chat 3.12.1 NoSQL Injection / Code Execution (0)
07-08: WordPress Plainview Activity Monitor 20161228 Remote Code Execution (0)
07-08: Okta Access Gateway 2020.5.5 Authenticated Remote Root (0)
07-08: [webapps] Wordpress Plugin SP Project & Document Manager 4.21 – Remote Code Execution (RCE) (Authenticated) (0)
07-08: [webapps] Wyomind Help Desk 1.3.6 – Remote Code Execution (RCE) (0)
07-08: [webapps] Employee Record Management System 1.2 – Stored Cross-Site Scripting (XSS) (0)
07-08: [webapps] Online Covid Vaccination Scheduler System 1.0 – Arbitrary File Upload to Remote Code Execution (Unauthenticated) (0)
07-08: [webapps] Exam Hall Management System 1.0 – Unrestricted File Upload + RCE (Unauthenticated) (0)
07-07: Visual Tools DVR VX16 4.2.28 Privilege Escalation (0)
07-07: Netgear DGN2200v1 Remote Command Execution (0)
07-07: Black Box Kvm Extender 3.4.31307 Local File Inclusion (0)
07-07: Backdoor.Win32.NerTe.781 Authentication Bypass / Code Execution (0)
07-07: Visual Tools DVR VX16 4.2.28.0 Command Injection (0)
07-07: perfexcrm 1.10 Cross Site Scripting (0)
07-07: Pallets Werkzeug 0.15.4 Path Traversal (0)
07-07: WordPress Anti-Malware Security And Bruteforce Firewall 4.20.59 Directory Traversal (0)
07-07: Phone Shop Sales Managements System 1.0 Shell Upload (0)
07-07: Phone Shop Sales Managements System 1.0 SQL Injection (0)
07-07: Billing System Project 1.0 Shell Upload (0)
07-07: Exam Hall Management System 1.0 Shell Upload (0)
07-07: NSClient++ 0.5.2.35 Privilege Escalation (0)
07-07: [webapps] WordPress Plugin Plainview Activity Monitor 20161228 – Remote Code Execution (RCE) (Authenticated) (2) (0)
07-07: [webapps] Online Covid Vaccination Scheduler System 1.0 – 'username' time-based blind SQL Injection (0)
07-07: [webapps] Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated) (2) (0)
07-06: https://saranitet.police.go.th/robots.txt (0)
07-06: http://www.lampangcity.go.th/robots.txt (0)
07-06: Backdoor.Win32.NerTe.781 Code Execution (0)
07-06: Trojan-Spy.Win32.Xspyout.a Unauthenticated Open Proxy (0)
07-06: Online Birth Certificate System 1.1 Cross Site Scripting (0)
07-06: Trojan-Proxy.Win32.Ranky.ag Unauthenticated Open Proxy (0)
07-06: Backdoor.Win32.Hupigon.aiss Unauthenticated Open Proxy (0)
07-06: Church Management System 1.0 SQL Injection (0)
07-06: Church Management System 1.0 Cross Site Scripting (0)
07-06: Church Management System 1.0 Shell Upload (0)
07-06: Backdoor.Win32.Hupigon.gsy Unauthenticated Open Proxy (0)
07-06: Trojan.Win32.VB.bcng Insecure Permissions (0)
07-06: Trojan-Dropper.Win32.Agent.wxl Insecure Permissions (0)
07-06: HEUR.Trojan.Win32.Generic Insecure Permissions (0)
07-06: Online Voting System 1.0 SQL Injection / Remote Code Execution (0)
07-06: Trojan.Win32.Inject.adwas Insecure Permissions (0)
07-06: Backdoor.Win32.Zombam.l Buffer Overflow (0)
07-06: Backdoor.Win32.Zombam.l Code Execution (0)
07-06: OpenEMR 5.0.1.7 Path Traversal (0)
07-06: Backdoor.Win32.WinShell.40 Authentication Bypass / Command Execution (0)
07-06: WordPress WP Learn Manager 1.1.2 Cross Site Scripting (0)
07-06: Virus.Win32.Shodi.e Insecure Transit (0)
07-06: WordPress Backup Guard 1.5.8 Shell Upload (0)
07-06: Virus.Win32.Shodi.e Remote Command Execution (0)
07-06: Simple Client Management System 1.0 SQL Injection / Shell Upload (0)
07-06: Virus.Win32.Shodi.e Heap Corruption (0)
07-06: Ricon Industrial Cellular Router S9922XL Remote Command Execution (0)
07-06: [webapps] Phone Shop Sales Managements System 1.0 – 'Multiple' Arbitrary File Upload to Remote Code Execution (0)
07-06: [webapps] WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 – Directory Traversal (0)
07-06: [webapps] perfexcrm 1.10 – 'State' Stored Cross-site scripting (XSS) (0)
07-06: [webapps] Visual Tools DVR VX16 4.2.28.0 – OS Command Injection (Unauthenticated) (0)
07-06: [webapps] Phone Shop Sales Managements System 1.0 – Authentication Bypass (SQLi) (0)
07-06: [webapps] Visual Tools DVR VX16 4.2.28 – Local Privilege Escalation (0)
07-06: [webapps] Exam Hall Management System 1.0 – Unrestricted File Upload (Unauthenticated) (0)
07-06: [webapps] Pallets Werkzeug 0.15.4 – Path Traversal (0)
07-06: [webapps] Billing System Project 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
07-06: [webapps] Netgear DGN2200v1 – Remote Command Execution (RCE) (Unauthenticated) (0)
07-06: [webapps] Black Box Kvm Extender 3.4.31307 – Local File Inclusion (0)
07-05: [webapps] OpenEMR 5.0.1.7 – 'fileName' Path Traversal (Authenticated) (2) (0)
07-05: [webapps] WordPress Plugin WP Learn Manager 1.1.2 – Stored Cross-Site Scripting (XSS) (0)
07-05: [webapps] TextPattern CMS 4.9.0-dev – Remote Command Execution (RCE) (Authenticated) (0)
07-05: [webapps] Ricon Industrial Cellular Router S9922XL – Remote Command Execution (RCE) (0)
07-05: [webapps] Online Voting System 1.0 – SQLi (Authentication Bypass) + Remote Code Execution (RCE) (0)
07-05: [webapps] Online Birth Certificate System 1.1 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
07-05: [webapps] Simple Client Management System 1.0 – Remote Code Execution (RCE) (0)
07-05: [webapps] Wordpress Plugin Backup Guard 1.5.8 – Remote Code Execution (Authenticated) (0)
07-05: [webapps] Church Management System 1.0 – 'password' SQL Injection (Authentication Bypass) (0)
07-05: [webapps] Church Management System 1.0 – Unrestricted File Upload to Remote Code Execution (Authenticated) (0)
07-05: [webapps] Church Management System 1.0 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
07-03: AKCP sensorProbe SPX476 Cross Site Scripting (0)
07-03: b2evolution 7.2.2 Cross Site Request Forgery (0)
07-03: WordPress Modern Events Calendar 5.16.2 Information Disclosure (0)
07-03: WordPress Modern Events Calendar 5.16.2 Shell Upload (0)
07-03: Scratch Desktop 3.17 Code Execution / Cross Site Scripting (0)
07-03: Microsoft PrintNightmare Proof Of Concept (0)
07-03: Garbage Collection Management System 1.0 SQL Injection (0)
07-03: PrintNightmare Windows Spooler Service Remote Code Execution (0)
07-02: Vianeos OctoPUS 5 SQL Injection (0)
07-02: Online Voting System 1.0 SQL Injection (0)
07-02: Online Voting System 1.0 Remote Code Execution (0)
07-02: WinWaste.NET 1.0.6183.16475 Local Privilege Escalation (0)
07-02: WordPress XCloner 4.2.12 Remote Code Execution (0)
07-02: Docker Container Escape (0)
07-02: Packet Storm New Exploits For June, 2021 (0)
07-02: [local] WinWaste.NET 1.0.6183.16475 – Privilege Escalation due Incorrect Access Control (0)
07-02: [webapps] b2evolution 7.2.2 – 'edit account details' Cross-Site Request Forgery (CSRF) (0)
07-02: [webapps] AKCP sensorProbe SPX476 – 'Multiple' Cross-Site Scripting (XSS) (0)
07-02: [webapps] Wordpress Plugin Modern Events Calendar 5.16.2 – Remote Code Execution (Authenticated) (0)
07-02: [webapps] Scratch Desktop 3.17 – Cross-Site Scripting/Remote Code Execution (XSS/RCE) (0)
07-01: phpAbook 0.9i SQL Injection (0)
07-01: Doctors Patients Management System 1.0 SQL Injection (0)
07-01: Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation (0)
07-01: Apache Superset 1.1.0 Account Enumeration (0)
07-01: KVM nested_svm_vmrun Double Fetch (0)
07-01: [webapps] Vianeos OctoPUS 5 – 'login_user' SQLi (0)
07-01: [webapps] Online Voting System 1.0 – Remote Code Execution (Authenticated) (0)
07-01: [webapps] Online Voting System 1.0 – Authentication Bypass (SQLi) (0)
07-01: [webapps] Wordpress Plugin XCloner 4.2.12 – Remote Code Execution (Authenticated) (0)

June 2021 (371)

06-30: ES File Explorer 4.1.9.7.4 Arbitrary File Read (0)
06-30: [webapps] Doctors Patients Management System 1.0 – SQL Injection (Authentication Bypass) (0)
06-30: [webapps] Apache Superset 1.1.0 – Time-Based Account Enumeration (0)
06-30: [webapps] Simple Traffic Offense System 1.0 – Stored Cross Site Scripting (XSS) (0)
06-30: [webapps] phpAbook 0.9i – SQL Injection (0)
06-29: Atlassian Jira Server/Data Center 8.16.0 Cross Site Scripting (0)
06-29: Email-Worm.Win32.Trance.a Insecure Permissions (0)
06-29: Android Data Exfiltration (0)
06-29: SAS Environment Manager 2.5 Cross Site Scripting (0)
06-29: Personnel Record Management System 1.0 SQL Injection (0)
06-29: Trojan-Dropper.Win32.Scrop.dyi Insecure Permissions (0)
06-29: Netgear WNAP320 2.0.3 Remote Code Execution (0)
06-29: Personnel Record Management System 1.0 Authentication Bypass / XSS (0)
06-29: WordPress YOP Polls 6.2.7 Cross Site Scripting (0)
06-29: Constructor.Win32.Bifrose.asc Buffer Overflow / Heap Corruption (0)
06-29: WordPress wpDiscuz 7.0.4 Shell Upload (0)
06-29: [remote] ES File Explorer 4.1.9.7.4 – Arbitrary File Read (0)
06-28: Android 2.0 FreeCIV Arbitrary Code Execution (0)
06-28: [webapps] Netgear WNAP320 2.0.3 – 'macAddress' Remote Code Execution (RCE) (Unauthenticated) (0)
06-28: [webapps] SAS Environment Manager 2.5 – 'name' Stored Cross-Site Scripting (XSS) (0)
06-28: [webapps] Atlassian Jira Server/Data Center 8.16.0 – Reflected Cross-Site Scripting (XSS) (0)
06-28: [webapps] WordPress Plugin YOP Polls 6.2.7 – Stored Cross Site Scripting (XSS) (0)
06-26: VMware vCenter 6.5 / 6.7 / 7.0 Remote Code Execution (0)
06-26: Backdoor.Win32.ReverseTrojan.200 Authentication Bypass (0)
06-26: Trojan.Win32.SecondThought.ak Insecure Permissions (0)
06-26: Adobe ColdFusion 8 Remote Command Execution (0)
06-26: Trojan.Win32.Banpak.kh Insecure Permissions (0)
06-26: Huawei DG8045 Authentication Bypass (0)
06-26: TP-Link TL-WR841N Command Injection (0)
06-26: Trojan-Dropper.Win32.Juntador.a Weak Hardcoded Password (0)
06-26: Trojan-Dropper.Win32.Krepper.a Remote Command Execution (0)
06-26: rConfig Shell Upload (0)
06-26: Simple Client Management System 1.0 SQL Injection (0)
06-26: Online Pet Shop We App 1.0 SQL Injection / Shell Upload (0)
06-26: Seeddms 5.1.10 Remote Command Execution (0)
06-26: Lightweight Facebook-Styled Blog Remote Code Execution (0)
06-26: SAPSprint 7.60 Unquoted Service Path (0)
06-25: https://www.afrims.go.th/o.txt (0)
06-25: rConfig Shell Upload (0)
06-25: [webapps] Lightweight facebook-styled blog 1.3 – Remote Code Execution (RCE) (Authenticated) (Metasploit) (0)
06-25: [webapps] Simple Client Management System 1.0 – 'uemail' SQL Injection (Unauthenticated) (0)
06-25: [webapps] Seeddms 5.1.10 – Remote Command Execution (RCE) (Authenticated) (0)
06-25: [local] SAPSprint 7.60 – 'SAPSprint' Unquoted Service Path (0)
06-24: [webapps] Huawei dg8045 – Authentication Bypass (0)
06-24: [webapps] TP-Link TL-WR841N – Command Injection (0)
06-24: [webapps] Adobe ColdFusion 8 – Remote Command Execution (RCE) (0)
06-24: [webapps] VMware vCenter Server RCE 6.5 / 6.7 / 7.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
06-23: Backdoor.Win32.Hupigon.aaio Buffer Overflow (0)
06-23: Simple CRM 3.0 Cross Site Scripting (0)
06-23: Simple CRM 3.0 Cross Site Request Forgery (0)
06-23: Lexmark Printer Software G2 Installation Package 1.8.0.0 Unquoted Service Path (0)
06-23: Wise Care 365 5.6.7.568 Unquoted Service Path (0)
06-23: Websvn 2.6.0 Remote Code Execution (0)
06-23: Dlink DSL2750U Command Injection (0)
06-23: Solaris SunSSH 11.0 Remote Root (0)
06-23: Fedora / Gnome fscaps Issue (0)
06-23: Customer Relationship Management System 1.0 Remote Code Execution (0)
06-23: Phone Shop Sales Managements System 1.0 Insecure Direct Object Reference (0)
06-23: Responsive Tourism Website 3.1 Remote Code Execution (0)
06-23: ASUS DisplayWidget Software 3.4.0.036 Unquoted Service Path (0)
06-23: Remote Mouse GUI 3.008 Privilege Escalation (0)
06-23: WordPress Admin Columns Cross Site Scripting (0)
06-23: Online Library Management System 1.0 SQL Injection (0)
06-23: Online Library Management System 1.0 Shell Upload (0)
06-23: Simple CRM 3.0 SQL Injection (0)
06-23: Microsoft Windows Filtering Platform Token Access Check Privilege Escalation (0)
06-23: WordPress Poll, Survey, Questionnaire And Voting System 1.5.2 SQL Injection (0)
06-23: WordPress WP Google Maps 8.1.11 Cross Site Scripting (0)
06-23: Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload (0)
06-23: F5 BIG-IQ VE 8.0.0-2923215 Remote Root (0)
06-23: Cisco Modeling Labs 2.1.1-b19 Remote Command Execution (0)
06-23: HPE RDA-CAS 1.23.826 Denial Of Service (0)
06-23: http://new.ayutthaya2.go.th/_.php (0)
06-23: Lexmark Printers Open To Arbitrary Code Execution Zero Day (0)
06-23: WordPress Admin Columns Cross Site Scripting (0)
06-23: Lexmark Printers Open To Arbitrary Code Execution Zero Day (0)
06-23: [webapps] Simple CRM 3.0 – 'email' SQL injection (Authentication Bypass) (0)
06-23: [webapps] Online Library Management System 1.0 – Arbitrary File Upload Remote Code Execution (Unauthenticated) (0)
06-23: [webapps] Online Library Management System 1.0 – 'Search' SQL Injection (0)
06-23: [webapps] WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 – 'date_answers' Blind SQL Injection (0)
06-23: [webapps] WordPress Plugin WP Google Maps 8.1.11 – Stored Cross-Site Scripting (XSS) (0)
06-22: http://lpg1.go.th/hi.htm (0)
06-22: [local] ASUS DisplayWidget Software 3.4.0.036 – 'ASUSDisplayWidgetService' Unquoted Service Path (0)
06-21: http://bankhon.go.th/pun10.html (0)
06-21: http://changkerng.go.th/pun10.html (0)
06-21: http://pakai.go.th/pun10.html (0)
06-21: http://chaivaree.go.th/pun10.html (0)
06-21: http://maelaluang.go.th/pun10.html (0)
06-21: http://yangkham.go.th/pun10.html (0)
06-21: http://maehoa.go.th/pun10.html (0)
06-21: http://changpeuk.go.th/pun10.html (0)
06-21: http://khunyuam.go.th/pun10.html (0)
06-21: http://phe.go.th/pun10.html (0)
06-21: http://panna.go.th/pun10.html (0)
06-21: http://maesuad.go.th/pun10.html (0)
06-21: http://wiangkarn.go.th/pun10.html (0)
06-21: http://phonglocal.go.th/pun10.html (0)
06-21: http://changpuek.go.th/pun10.html (0)
06-21: http://nasaklampang.go.th/pun10.html (0)
06-21: http://phocaipiboon.go.th/pun10.html (0)
06-21: http://dongichan.go.th/pun10.html (0)
06-21: http://nasum.go.th/pun10.html (0)
06-21: [local] iFunbox 4.2 – 'Apple Mobile Device Service' Unquoted Service Path (0)
06-21: [local] Wise Care 365 5.6.7.568 – 'WiseBootAssistant' Unquoted Service Path (0)
06-21: [remote] Solaris SunSSH 11.0 x86 – libpam Remote Root (3) (0)
06-21: [webapps] OpenEMR 5.0.1.7 – 'fileName' Path Traversal (Authenticated) (0)
06-18: DiskPulse 13.6.14 Unquoted Service Path (0)
06-18: Disk Sorter Server 13.6.12 Unquoted Service Path (0)
06-18: Teachers Record Management System 1.0 Cross Site Scripting (0)
06-18: Teachers Record Management System 1.0 SQL Injection (0)
06-18: CKEditor 3 Server-Side Request Forgery (0)
06-18: Cotonti Siena 0.9.19 Cross Site Scripting (0)
06-18: Disk Savvy 13.6.14 Unquoted Service Path (0)
06-18: Sync Breeze 13.6.18 Sync Breeze 13.6.18 Unquoted Service Path (0)
06-18: OpenEMR 5.0.1.3 Authentication Bypass (0)
06-18: Email-Worm.Win32.Kipis.a Code Execution (0)
06-18: Online Shopping Portal 3.1 Shell Upload (0)
06-18: Workspace ONE Intelligent Hub 20.3.8.0 Unquoted Service Path (0)
06-18: Trojan.Win32.Alien.erf Denial Of Service (0)
06-18: Zoho ManageEngine ServiceDesk Plus 9.4 User Enumeration (0)
06-18: VX Search 13.5.28 Unquoted Service Path (0)
06-18: VeryFitPro 3.2.8 Insecure Transit (0)
06-18: Samsung NPU npu_session_format Out-Of-Bounds Write (0)
06-18: Unified Office Total Connect Now 1.0 SQL Injection (0)
06-18: Trojan.Win32.Alien.erf Buffer Overflow (0)
06-18: Dup Scout 13.5.28 Unquoted Service Path (0)
06-18: Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution (0)
06-18: Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution (0)
06-18: Windows Kerberos AppContainer Enterprise Authentication Capability Bypass (0)
06-18: Windows Kerberos AppContainer Enterprise Authentication Capability Bypass (0)
06-18: http://dnprg15.dnp.go.th (0)
06-18: [webapps] Node.JS – 'node-serialize' Remote Code Execution (3) (0)
06-18: [remote] Dlink DSL2750U – 'Reboot' Command Injection (0)
06-18: [webapps] ICE Hrm 29.0.0.OS – 'xml upload' Stored Cross-Site Scripting (XSS) (0)
06-18: [webapps] ICE Hrm 29.0.0.OS – 'Account Takeover' Cross-Site Request Forgery (CSRF) (0)
06-18: [webapps] ICE Hrm 29.0.0.OS – 'Account Takeover' Cross-Site Scripting and Session Fixation (0)
06-17: http://www.bantako.go.th (0)
06-17: [webapps] Online Shopping Portal 3.1 – Remote Code Execution (Unauthenticated) (0)
06-17: [webapps] Zoho ManageEngine ServiceDesk Plus MSP 9.4 – User Enumeration (0)
06-17: [local] VX Search 13.5.28 – 'Multiple' Unquoted Service Path (0)
06-17: [local] Dup Scout 13.5.28 – 'Multiple' Unquoted Service Path (0)
06-17: [local] Sync Breeze 13.6.18 – 'Multiple' Unquoted Service Path (0)
06-17: [local] Disk Savvy 13.6.14 – 'Multiple' Unquoted Service Path (0)
06-17: [local] Workspace ONE Intelligent Hub 20.3.8.0 – 'VMware Hub Health Monitoring Service' Unquoted Service Path (0)
06-17: [webapps] Unified Office Total Connect Now 1.0 – 'data' SQL Injection (0)
06-16: SysGauge 7.9.18 Unquoted Service Path (0)
06-16: SAP Solution Manager 7.2 (ST 720) Open Redirection (0)
06-16: Sami HTTP Server 2.0 Denial Of Service (0)
06-16: Brother BRAgent 1.38 Unquoted Service Path (0)
06-16: Online Library Management System 2.0 Cross Site Request Forgery (0)
06-16: Polkit 0.105-26 0.117-2 Privilege Escalation (0)
06-16: XML External Entity Via MP3 File Upload On WordPress (0)
06-16: Brother BRPrint Auditor 3.0.7 Unquoted Service Path (0)
06-16: HashiCorp Nomad Remote Command Execution (0)
06-16: IPFire 2.25 Remote Code Execution (0)
06-16: Client Management System 1.1 Cross Site Scripting (0)
06-16: Client Management System 1.1 SQL Injection (0)
06-16: SAP Netweaver JAVA 7.50 Missing Authorization (0)
06-16: http://www.banyanglocal.go.th (0)
06-16: http://www.nongchaisri.go.th (0)
06-16: [local] Disk Sorter Server 13.6.12 – 'Disk Sorter Server' Unquoted Service Path (0)
06-16: [local] DiskPulse 13.6.14 – 'Multiple' Unquoted Service Path (0)
06-15: SAP Netweaver JAVA 7.50 Missing Authorization (0)
06-15: Spy Emergency 25.0.650 Unquoted Service Path (0)
06-15: PCMan FTP Server 2.0.7 Denial Of Service (0)
06-15: Notex The Best Notes 6.4 Denial Of Service (0)
06-15: Post-it 5.0.1 Denial Of Service (0)
06-15: Secure Notepad Private Notes 3.0.3 Denial Of Service (0)
06-15: Backdoor.Win32.VB.pld Insecure Transit (0)
06-15: WibuKey Runtime 6.51 Unquoted Service Path (0)
06-15: KnFTP Server 1.0.0 Denial Of Service (0)
06-15: OpenEMR 5.0.1.3 Shell Upload (0)
06-15: COVID-19 Testing Management System 1.0 Cross Site Scripting (0)
06-15: Backdoor.Win32.Pazus.18 Authentication Bypass / Code Execution (0)
06-15: Accela Civic Platform 21.1 Cross Site Scripting / Open Redirection (0)
06-15: Accela Civic Platform 21.1 Insecure Direct Object Reference (0)
06-15: GLPI 9.4.5 Remote Code Execution (0)
06-15: Backdoor.Win32.Zombam.gen Information Disclosure (0)
06-15: Stock Management System 1.0 SQL Injection (0)
06-15: Small CRM 3.0 SQL Injection (0)
06-15: TextPattern CMS 4.8.7 Remote Command Execution (0)
06-15: Backdoor.Win32.VB.pld Code Execution (0)
06-15: ChromeOS arc-obb-mounter Missing Path Restriction (0)
06-15: https://www.nk.go.th/galau.html (0)
06-15: [local] Brother BRAgent 1.38 – 'WBA_Agent_Client' Unquoted Service Path (0)
06-15: [webapps] Client Management System 1.1 – 'Search' SQL Injection (0)
06-15: [webapps] Client Management System 1.1 – 'username' Stored Cross-Site Scripting (XSS) (0)
06-15: [local] SysGauge 7.9.18 – ' SysGauge Server' Unquoted Service Path (0)
06-15: [local] Brother BRPrint Auditor – 'Multiple' Unquoted Service Path (0)
06-14: ChromeOS arc-obb-mounter Missing Path Restriction (0)
06-14: [webapps] Accela Civic Platform 21.1 – 'successURL' Cross-Site-Scripting (XSS) (0)
06-14: [dos] Post-it 5.0.1 – Denial of Service (PoC) (0)
06-14: [dos] Notex the best notes 6.4 – Denial of Service (PoC) (0)
06-14: [webapps] Accela Civic Platform 21.1 – 'contactSeqNumber' Insecure Direct Object References (IDOR) (0)
06-14: [webapps] GLPI 9.4.5 – Remote Code Execution (RCE) (0)
06-14: [dos] Secure Notepad Private Notes 3.0.3 – Denial of Service (PoC) (0)
06-14: [local] WibuKey Runtime 6.51 – 'WkSvW32.exe' Unquoted Service Path (0)
06-14: [webapps] OpenEMR 5.0.1.3 – 'manage_site_files' Remote Code Execution (Authenticated) (0)
06-14: [webapps] TextPattern CMS 4.8.7 – Remote Command Execution (Authenticated) (0)
06-14: [local] Spy Emergency 25.0.650 – 'Multiple' Unquoted Service Path (0)
06-14: [webapps] Stock Management System 1.0 – 'user_id' Blind SQL injection (Authenticated) (0)
06-14: [webapps] Small CRM 3.0 – 'Authentication Bypass' SQL Injection (0)
06-14: [webapps] COVID19 Testing Management System 1.0 – 'State' Stored Cross-Site-Scripting (XSS) (0)
06-12: Solar-Log 500 2.8.2 Incorrect Access Control (0)
06-12: Solar-Log 500 2.8.2 Password Disclosure (0)
06-12: Ability FTP Server 2.34 Denial Of Service (0)
06-12: Microsoft SharePoint Server 16.0.10372.20060 Server-Side Request Forgery (0)
06-12: Cerberus FTP Web Service 11 Cross Site Scripting (0)
06-12: Zenario CMS 8.8.52729 SQL Injection (0)
06-12: WoWonder Social Network Platform 3.1 Authentication Bypass (0)
06-12: Backdoor.Win32.Zombam.gen Cross Site Scripting (0)
06-12: Backdoor.Win32.Zombam.gen Code Execution (0)
06-12: OpenEMR 5.0.0 Remote Shell Upload (0)
06-12: Grocery Crud 1.6.4 SQL Injection (0)
06-12: WordPress Database Backups 1.2.2.6 Cross Site Request Forgery (0)
06-12: Backdoor.Win32.Zombam.gen Buffer Overflow (0)
06-12: Accela Civic Platorm 21.1 Cross Site Scripting (0)
06-12: NetSetManPro 4.7.2 Privilege Escalation (0)
06-11: NetSetManPro 4.7.2 Privilege Escalation (0)
06-11: http://www.pakchongcity.go.th/ind.html (0)
06-11: [webapps] OpenEMR 5.0.0 – Remote Code Execution (Authenticated) (0)
06-11: [webapps] Microsoft SharePoint Server 16.0.10372.20060 – 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF) (0)
06-11: [webapps] Cerberus FTP Web Service 11 – 'svg' Stored Cross-Site Scripting (XSS) (0)
06-11: [webapps] Accela Civic Platform 21.1 – 'servProvCode' Cross-Site-Scripting (XSS) (0)
06-10: n+otes 1.6.2 Denial Of Service (0)
06-10: Sticky Notes Widget 3.0.6 Denial Of Service (0)
06-10: EasyFTP Server 1.7.0.11 Denial Of Service (0)
06-10: memono Notepad 4.2 Denial Of Service (0)
06-10: TextPattern CMS 4.8.7 Cross Site Scripting (0)
06-10: Student Result Management System 1.0 SQL Injection (0)
06-10: GravCMS 1.10.7 Arbitrary YAML Write / Update (0)
06-10: NSClient++ 0.5.2.35 Remote Code Execution (0)
06-10: [dos] n+otes 1.6.2 – Denial of Service (PoC) (0)
06-10: [dos] Sticky Notes Widget Version 3.0.6 – Denial of Service (PoC) (0)
06-10: [local] memono Notepad Version 4.2 – Denial of Service (PoC) (0)
06-10: [webapps] Student Result Management System 1.0 – 'class' SQL Injection (0)
06-10: [webapps] TextPattern CMS 4.8.7 – Stored Cross-Site Scripting (XSS) (0)
06-09: Backdoor.Win32.Wuca.nz Insecure Permissions (0)
06-09: Intelbras Router RF 301K Cross Site Request Forgery (0)
06-09: OpenCart 3.0.3.7 Cross Site Request Forgery (0)
06-09: Backdoor.Win32.XRat.d Code Execution (0)
06-09: FreeFloat FTP Server 1.0 Denial Of Service (0)
06-09: WordPress Visitors-App 0.3 Cross Site Scripting (0)
06-09: Internet Explorer jscript9.dll Memory Corruption (0)
06-09: [webapps] WordPress Plugin visitors-app 0.3 – 'user-agent' Stored Cross-Site Scripting (XSS) (0)
06-09: [webapps] OpenCart 3.0.3.7 – 'Change Password' Cross-Site Request Forgery (CSRF) (0)
06-09: [webapps] OpenCart 3.0.3.6 – 'subject' Stored Cross-Site Scripting (0)
06-09: [webapps] Intelbras Router RF 301K – 'DNS Hijacking' Cross-Site Request Forgery (CSRF) (0)
06-08: Trojan-Dropper.Win32.Googite.a Unauthenticated Open Proxy (0)
06-08: NBMonitor 1.6.8 Denial Of Service (0)
06-08: Nsauditor 3.2.3 Denial Of Service (0)
06-08: Backup Key Recovery 2.2.7 Denial Of Service (0)
06-08: SAMI FTP Server 2.0.2 Denial Of Service (0)
06-08: WordPress wpDiscuz 7.0.4 Remote Code Execution (0)
06-08: COVID-19 Testing Management System 1.0 SQL Injection (0)
06-08: Trojan-Dropper.Win32.Googite.a Unauthenticated Open Proxy (0)
06-08: [webapps] WordPress Plugin wpDiscuz 7.0.4 – Remote Code Execution (Unauthenticated) (0)
06-08: [dos] Nsauditor 3.2.3 – Denial of Service (PoC) (0)
06-08: [local] Backup Key Recovery 2.2.7 – Denial of Service (PoC) (0)
06-08: [dos] NBMonitor 1.6.8 – Denial of Service (PoC) (0)
06-07: WordPress Smart Slider-3 3.5.0.8 Cross Site Scripting (0)
06-07: WordPress wpDiscuz 7.0.4 Shell Upload (0)
06-07: Backdoor.Win32.Neakse.bit Insecure Permissions (0)
06-07: Grav CMS 1.7.10 Server-Side Template Injection (0)
06-07: Sticky Notes And Color Widgets 1.4.2 Denial Of Service (0)
06-07: Backdoor.Win32.Wollf.12 Code Execution (0)
06-07: OptiLink ONT1GEW GPON 2.1.11_X101 Remote Code Execution (0)
06-07: IcoFX 2.6 Buffer Overflow (0)
06-07: Rocket.Chat 3.12.1 NoSQL Injection / Code Execution (0)
06-07: [webapps] Wordpress Plugin wpDiscuz 7.0.4 – Arbitrary File Upload (Unauthenticated) (0)
06-07: [webapps] Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated) (0)
06-07: [webapps] Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated) (0)
06-07: [local] IcoFX 2.6 – '.ico' Buffer Overflow SEH + DEP Bypass using JOP (0)
06-07: [webapps] WordPress Plugin Smart Slider-3 3.5.0.8 – 'name' Stored Cross-Site Scripting (XSS) (0)
06-07: [webapps] OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 – Remote Code Execution (Authenticated) (0)
06-07: [dos] Sticky Notes & Color Widgets 1.4.2 – Denial of Service (PoC) (0)
06-05: FileCOPA FTP Server 1.01 Denial Of Service (0)
06-05: HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration (0)
06-05: HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover (0)
06-05: HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover (0)
06-04: Notepad Notes 2.6.7 Denial Of Service (0)
06-04: Blacknote 2.2.1 Denial Of Service (0)
06-04: BasicNote 1.1.9 Denial Of Service (0)
06-04: PHP 8.1.0-dev User-Agentt Remote Code Execution (0)
06-04: CHIYU IoT Telnet Authentication Bypass (0)
06-04: CHIYU IoT Denial Of Service (0)
06-04: FUDForum 3.1.0 Cross Site Scripting (0)
06-04: 4Images 1.8 Cross Site Scripting (0)
06-04: Gitlab 13.9.3 Remote Code Execution (0)
06-04: Gstreamer Matroska Demuxing Use-After-Free (0)
06-04: VMware ESXi OpenSLP Heap Overflow (0)
06-04: Cisco SD-WAN vManage 19.2.2 Remote Root (0)
06-04: Exim base64d Buffer Overflow (0)
06-04: Microsoft RDP Remote Code Execution (0)
06-04: Color Notes 1.4 Denial Of Service (0)
06-04: Macaron Notes Great Notebook 5.5 Denial Of Service (0)
06-04: My Notes Safe 5.3 Denial Of Service (0)
06-04: Inkpad Notepad And To Do List 4.3.61 Denial Of Service (0)
06-04: Monstra CMS 3.0.4 Remote Code Execution (0)
06-04: Gitlab 13.10.2 Remote Code Execution (0)
06-04: Backdoor.Win32.Androm.df Code Execution (0)
06-04: QT TIFF Processing Heap Overflow (0)
06-04: Chrome Legacy ipc::Message Passed Via Shared Memory (0)
06-04: SuiteCRM Log File Remote Code Execution (0)
06-04: Cisco HyperFlex HX Data Platform Command Execution (0)
06-04: [dos] My Notes Safe 5.3 – Denial of Service (PoC) (0)
06-04: [dos] Macaron Notes great notebook 5.5 – Denial of Service (PoC) (0)
06-04: [dos] Color Notes 1.4 – Denial of Service (PoC) (0)
06-04: [dos] Inkpad Notepad & To do list 4.3.61 – Denial of Service (PoC) (0)
06-04: [webapps] Gitlab 13.10.2 – Remote Code Execution (Authenticated) (0)
06-04: [webapps] Monstra CMS 3.0.4 – Remote Code Execution (Authenticated) (0)
06-03: Microsoft RDP Remote Code Execution (0)
06-03: GetSimple CMS 3.3.4 Information Disclosure (0)
06-03: Apache Airflow 1.10.10 Remote Code Execution (0)
06-03: Intel Audio Service 01.00.1080.0 Unquoted Service Path (0)
06-03: Products.PluggableAuthService 2.6.0 Open Redirect (0)
06-03: Backdoor.Win32.Delf.acz Buffer Overflow (0)
06-03: Seo Panel 4.8.0 Cross Site Scripting (0)
06-03: Thecus N4800Eco Command Injection (0)
06-03: Cacti 1.2.12 SQL Injection / Remote Command Execution (0)
06-03: [webapps] FUDForum 3.1.0 – 'author' Reflected XSS (0)
06-03: [dos] Blacknote 2.2.1 – Denial of Service (PoC) (0)
06-03: [dos] Notepad notes 2.6.7 – Denial of Service (PoC) (0)
06-03: [dos] ColorNote 4.1.9 – Denial of Service (PoC) (0)
06-03: [webapps] CHIYU IoT Devices – Denial of Service (DoS) (0)
06-03: [dos] BasicNote 1.1.9 – Denial of Service (PoC) (0)
06-03: [webapps] Seo Panel 4.8.0 – 'from_time' Reflected XSS (0)
06-03: [remote] CHIYU IoT Devices – 'Telnet' Authentication Bypass (0)
06-03: [webapps] FUDForum 3.1.0 – 'srch' Reflected XSS (0)
06-03: [webapps] PHP 8.1.0-dev – 'User-Agentt' Remote Code Execution (0)
06-02: Cacti 1.2.12 SQL Injection / Remote Command Execution (0)
06-02: Postbird 0.8.4 XSS / LFI / Insecure Data Storage (0)
06-02: Packet Storm New Exploits For May, 2021 (0)
06-02: Veyon 4.4.1 Unquoted Service Path (0)
06-02: DupTerminator 1.4.5639.37199 Denial Of Service (0)
06-02: Backdoor.Win32.Wisell Code Execution (0)
06-02: LogonTracer 1.2.0 Remote Code Execution (0)
06-02: WordPress WP Prayer 1.6.1 Cross Site Scripting (0)
06-02: CHIYU TCP/IP Converter CRLF Injection (0)
06-02: CHIYU IoT Cross Site Scripting (0)
06-02: Atlassian Jira 8.15.0 Username Enumeration (0)
06-02: Backdoor.Win32.NetSpy.10 Heap Corruption (0)
06-02: Ubee EVW327 Cross Site Request Forgery (0)
06-02: ProjeQtOr Project Management 9.1.4 Shell Upload (0)
06-02: Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication (0)
06-02: http://www.chiangmaiarea1.go.th/pwn.txt (0)
06-02: [webapps] Seo Panel 4.8.0 – 'search_name' Reflected XSS (0)
06-02: [webapps] Products.PluggableAuthService 2.6.0 – Open Redirect (0)
06-02: [local] Intel(R) Audio Service x64 01.00.1080.0 – 'IntelAudioService' Unquoted Service Path (0)
06-02: [webapps] Thecus N4800Eco Nas Server Control Panel – Comand Injection (0)
06-02: [webapps] GetSimple CMS 3.3.4 – Information Disclosure (0)
06-02: [webapps] Apache Airflow 1.10.10 – 'Example Dag' Remote Code Execution (0)
06-01: Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication (0)
06-01: Trojan.Win32.Scar.dulk Insecure Permissions (0)
06-01: Backdoor.Win32.NerTe.772 Authentication Bypass / Code Execution (0)
06-01: Backdoor.Win32.NerTe.772 Code Execution (0)
06-01: Backdoor.Win32.Netbus.12 Information Disclosure (0)
06-01: Backdoor.Win32.NetControl2.293 Code Execution (0)
06-01: Backdoor.Win32.Whirlpool.a Buffer Overflow (0)
06-01: PHP 8.1.0-dev Backdoor Remote Command Execution (0)
06-01: Ubuntu OverlayFS Local Privilege Escalation (0)
06-01: Backdoor.Win32.WinShell.a Code Execution (0)
06-01: IPS Community Suite 4.5.4.2 PHP Code Injection (0)
06-01: http://watluanglocal.go.th (0)
06-01: [webapps] ProjeQtOr Project Management 9.1.4 – Remote Code Execution (0)
06-01: [webapps] CHIYU TCP/IP Converter devices – CRLF injection (0)
06-01: [webapps] CHIYU IoT devices – 'Multiple' Cross-Site Scripting (XSS) (0)
06-01: [webapps] WordPress Plugin WP Prayer version 1.6.1 – 'prayer_messages' Stored Cross-Site Scripting (XSS) (Authenticated) (0)
06-01: [webapps] Ubee EVW327 – 'Enable Remote Access' Cross-Site Request Forgery (CSRF) (0)
06-01: [dos] DupTerminator 1.4.5639.37199 – Denial of Service (PoC) (0)
06-01: [webapps] LogonTracer 1.2.0 – Remote Code Execution (Unauthenticated) (0)

May 2021 (332)

05-31: IPS Community Suite 4.5.4.2 PHP Code Injection (0)
05-29: Selenium 3.141.59 Remote Code Execution (0)
05-29: WordPress LifterLMS 4.21.0 Cross Site Scripting (0)
05-29: PHPFusion 9.03.50 Remote Code Execution (0)
05-29: Trixbox 2.8.0.4 Path Traversal (0)
05-29: Trixbox 2.8.0.4 Remote Code Execution (0)
05-28: Trixbox 2.8.0.4 Remote Code Execution (0)
05-28: Postbird 0.8.4 Cross Site Scripting / Local File Inclusion (0)
05-28: QT PNG ICC Processing Out-Of-Bounds Read (0)
05-28: Pandora FMS 6.0SP3 Cross Site Scripting (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account (0)
05-28: http://nongwalocal.go.th/pun10.html (0)
05-28: http://sanhai.go.th/pun10.html (0)
05-28: http://sobkhong.go.th/pun10.html (0)
05-28: http://maiya.go.th/pun10.html (0)
05-28: http://doitao.go.th/pun10.html (0)
05-28: http://maesamlab.go.th/pun10.html (0)
05-28: http://faikaewnan.go.th/pun10.html (0)
05-28: http://hongsaeng.go.th/pun10.html (0)
05-28: http://dutai.go.th/pun10.html (0)
05-28: [webapps] Selenium 3.141.59 – Remote Code Execution (Firefox/geckodriver) (0)
05-28: [webapps] Trixbox 2.8.0.4 – 'lang' Path Traversal (0)
05-28: [webapps] Trixbox 2.8.0.4 – 'lang' Remote Code Execution (Unauthenticated) (0)
05-28: [webapps] PHPFusion 9.03.50 – Remote Code Execution (0)
05-28: [webapps] WordPress Plugin LifterLMS 4.21.0 – Stored Cross-Site Scripting (XSS) (0)
05-27: https://www.doa.go.th/th/luv.htm (0)
05-27: CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account (0)
05-27: RarmaRadio 2.72.8 Denial Of Service (0)
05-27: Codiad 2.8.4 Shell Upload (0)
05-27: ProFTPd 1.3.5 Remote Command Execution (0)
05-27: Nagios XI / Fusion Privilege Escalation / Cross Site Scripting / Code Execution (0)
05-27: Pluck CMS 4.7.13 Remote Shell Upload (0)
05-27: i-doit 1.15.2 Cross Site Scripting (0)
05-27: nginx 1.20.0 DNS Resolver Off-By-One Heap Write (0)
05-27: Apple Security Advisory 2021-05-25-4 (0)
05-27: Apple Security Advisory 2021-05-25-3 (0)
05-27: Apple Security Advisory 2021-05-25-8 (0)
05-27: Apple Security Advisory 2021-05-25-1 (0)
05-27: Apple Security Advisory 2021-05-25-5 (0)
05-27: Apple Security Advisory 2021-05-25-7 (0)
05-27: Apple Security Advisory 2021-05-25-2 (0)
05-27: Apple Security Advisory 2021-05-25-6 (0)
05-27: nginx 1.20.0 DNS Resolver Off-By-One Heap Write (0)
05-27: [webapps] Postbird 0.8.4 – Javascript Injection (0)
05-26: Gadget Works Online Ordering System 1.0 Cross Site Scripting (0)
05-26: WordPress Cookie Law Bar 1.2.1 Cross Site Scripting (0)
05-26: QT TIFF Processing Out-Of-Bounds Read (0)
05-26: [webapps] Pluck CMS 4.7.13 – File Upload Remote Code Execution (Authenticated) (0)
05-26: [webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (3) (0)
05-26: [remote] ProFTPd 1.3.5 – 'mod_copy' Remote Command Execution (2) (0)
05-26: [dos] RarmaRadio 2.72.8 – Denial of Service (PoC) (0)
05-25: QT TIFF Processing Out-Of-Bounds Read (0)
05-25: Backdoor.Win32.Singu.a Buffer Overflow (0)
05-25: Backdoor.Win32.SkyDance.216 Buffer Overflow (0)
05-25: DiskBoss Service 12.2.18 Unquoted Service Path (0)
05-25: ePowerSvc 6.0.3008.0 Unquoted Service Path (0)
05-25: D-Link DWR-710 Missing Validation (0)
05-25: WordPress ReDi Restaurant Reservation 21.0307 Cross Site Scripting (0)
05-25: Backdoor.Win32.Spirit.12.b Insecure Permissions (0)
05-25: Backdoor.Win32.Upload.a Denial Of Service (0)
05-25: iDailyDiary 4.30 Denial Of Service (0)
05-25: Shopizer 2.16.0 Cross Site Scripting (0)
05-25: PHP 8.1.0-dev Backdoor Remote Command Injection (0)
05-25: Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal (0)
05-25: Backdoor.Win32.Spion4 Insecure Transit (0)
05-25: Codiad 2.8.4 Remote Code Execution (0)
05-25: Backdoor.Win32.Tonerok.d Code Execution (0)
05-25: http://nueaklong.go.th (0)
05-25: [webapps] Gadget Works Online Ordering System 1.0 – 'Category' Persistent Cross-Site Scripting (XSS) (0)
05-25: [webapps] WordPress Plugin Cookie Law Bar 1.2.1 – 'clb_bar_msg' Stored Cross-Site Scripting (XSS) (0)
05-24: Backdoor.Win32.Tonerok.d Code Execution (0)
05-24: [local] DiskBoss Service 12.2.18 – 'diskbsa.exe' Unquoted Service Path (0)
05-24: [dos] iDailyDiary 4.30 – Denial of Service (PoC) (0)
05-24: [webapps] Schlix CMS 2.2.6-6 – Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated) (0)
05-23: http://kshos.go.th/readme.html (0)
05-23: http://wihanhosp.go.th/readme.html (0)
05-22: Mozilla Firefox 88.0.1 File Extension Execution (0)
05-22: Microsoft Exchange ProxyLogon Collector (0)
05-22: libX11 Insufficient Length Check / Injection (0)
05-22: WordPress WP Statistics 13.0.7 SQL Injection (0)
05-22: DELL dbutil_2_3.sys 2.3 Arbitrary Write / Privilege Escalation (0)
05-21: DELL dbutil_2_3.sys 2.3 Arbitrary Write / Privilege Escalation (0)
05-21: ASUS HID Access Service 1.0.94.0 Unquoted Service Path (0)
05-21: Microsoft HTTP Protocol Stack Remote Code Execution (0)
05-21: Acer Backup Manager Module 3.0.0.99 Unquoted Service Path (0)
05-21: Acer Updater Service 1.2.3500.0 Unquoted Service Path (0)
05-21: Spotweb-Develop 1.4.9 Cross Site Scripting (0)
05-21: Spotweb-Develop 1.4.9 Cross Site Scripting (0)
05-21: [webapps] Microsoft Exchange 2019 – Unauthenticated Email Download (Metasploit) (0)
05-21: [local] DELL dbutil_2_3.sys 2.3 – Arbitrary Write to Local Privilege Escalation (LPE) (0)
05-21: [webapps] Spotweb 1.4.9 – DOM Based Cross-Site Scripting (XSS) (0)
05-21: [local] Mozilla Firefox 88.0.1 – File Extension Execution of Arbitrary Code (0)
05-20: 4 Vulnerabilities Under Attack Give Hackers Full Control Of Android Devices (0)
05-20: WordPress Stop Spammers 2021.8 Cross Site Scripting (0)
05-20: COVID19 Testing Management System 1.0 SQL Injection (0)
05-20: COVID19 Testing Management System 1.0 Cross Site Scripting (0)
05-20: WebSSH For iOS 14.16.10 Denial Of Service (0)
05-20: Visual Studio Code 1.47.1 Denial Of Service (0)
05-20: In4Suit ERP 3.2.74.1370 SQL Injection (0)
05-20: ManageEngine ADSelfService Plus 6.1 CSV Injection (0)
05-20: Backdoor.Win32.Psychward.c Code Execution (0)
05-20: Backdoor.Win32.Psychward.ds Weak Hardcoded Password (0)
05-20: Backdoor.Win32.RMFdoor.c Authentication Bypass / Code Execution (0)
05-20: [local] Acer Updater Service 1.2.3500.0 – 'UpdaterService.exe' Unquoted Service Path (0)
05-20: [local] Backup Manager Module 3.0.0.99 – 'IScheduleSvc.exe' Unquoted Service Path (0)
05-20: [local] ASUS HID Access Service 1.0.94.0 – 'AsHidSrv.exe' Unquoted Service Path (0)
05-19: Backdoor.Win32.RMFdoor.c Authentication Bypass / Code Execution (0)
05-19: Backdoor.Win32.DarkMoon.a Weak Hardcoded Password (0)
05-19: Backdoor.Win32.DarkMoon.a Insecure Transit (0)
05-19: EgavilanMedia PHPCRUD 1.0 SQL Injection (0)
05-19: Microsoft Exchange 2019 Unauthenticated Email Download (0)
05-19: Backdoor.Win32.Delf.aez Code Execution (0)
05-19: NetMotion Mobility Server MvcUtil Java Deserialization (0)
05-19: NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery (0)
05-19: Microsoft ACL Shortcomings (0)
05-19: rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution (0)
05-19: rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution (0)
05-19: [webapps] ManageEngine ADSelfService Plus 6.1 – CSV Injection (0)
05-19: [webapps] In4Suit ERP 3.2.74.1370 – 'txtLoginId' SQL injection (0)
05-19: [dos] WebSSH for iOS 14.16.10 – 'mashREPL' Denial of Service (PoC) (0)
05-19: [local] Visual Studio Code 1.47.1 – Denial of Service (PoC) (0)
05-19: [webapps] WordPress Plugin Stop Spammers 2021.8 – 'log' Reflected Cross-site Scripting (XSS) (0)
05-18: Customer Relationship Management System 1.0 Cross Site Scripting (0)
05-18: Backdoor.Win32.Delf.abb Insecure Transit (0)
05-18: Simple Chatbot Application 1.0 Cross Site Scripting (0)
05-18: Backdoor.Win32.Agent.cy Hardcoded Credentials (0)
05-18: Microsoft Internet Explorer 8 SetMouseCapture Use-After-Free (0)
05-18: Backdoor.Win32.Agent.cy Insecure Transit (0)
05-18: Backdoor.Win32.Agent.cy Denial Of Service / Null Pointer (0)
05-18: Billing Management System 2.0 SQL Injection (0)
05-18: Printable Staff ID Card Creator System 1.0 Shell Upload / SQL Injection (0)
05-18: Subrion CMS 4.2.1 Shell Upload (0)
05-18: Backdoor.Win32.Agent.lyw Buffer Overflow (0)
05-18: Backdoor.Win32.Danton.43 Code Execution / Hardcoded Credentials (0)
05-18: Dental Clinic Appointment Reservation System 1.0 Cross Site Scripting (0)
05-18: Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery (0)
05-18: Backdoor.Win32.Danton.43 Man-In-The-Middle (0)
05-18: Backdoor.Win32.Agent.oda Buffer Overflow (0)
05-18: Advanced Guestbook 2.4.4 Cross Site Scripting (0)
05-18: Backdoor.Win32.Antilam.14.d Code Execution (0)
05-18: IPFire 2.25 Remote Code Execution (0)
05-18: Dell DBUtil_2_3.sys IOCTL Memory Read / Write (0)
05-18: Microsoft Windows TokenMagic Privilege Escalation (0)
05-18: [webapps] Microsoft Exchange 2019 – Unauthenticated Email Download (0)
05-18: [webapps] EgavilanMedia PHPCRUD 1.0 – 'First Name' SQL Injection (0)
05-17: http://nongplasawai.go.th/pun10.html (0)
05-17: http://makhueajae.go.th/pun10.html (0)
05-17: http://paphai.go.th/pun10.html (0)
05-17: http://padad.go.th/pun10.html (0)
05-17: http://mokjumpae.go.th/pun10.html (0)
05-17: http://songkwae.go.th/pun10.html (0)
05-17: http://pongyeang.go.th/pun10.html (0)
05-17: http://thawangthong.go.th/pun10.html (0)
05-17: http://soongnern.go.th/pun10.html (0)
05-17: http://thakhamlocal.go.th/pun10.html (0)
05-17: http://thaduea.go.th/pun10.html (0)
05-17: http://bantanlocal.go.th/pun10.html (0)
05-17: http://tontong.go.th/pun10.html (0)
05-17: http://banmanglocal.go.th/pun10.html (0)
05-17: http://donpao.go.th/pun10.html (0)
05-17: http://tungpheesao.go.th/pun10.html (0)
05-17: http://wiangnuepai.go.th/pun10.html (0)
05-17: http://kudlad.go.th/pun10.html (0)
05-17: http://hangdonghod.go.th/pun10.html (0)
05-17: http://paisali.go.th/pun10.html (0)
05-17: [webapps] Dental Clinic Appointment Reservation System 1.0 – Cross Site Request Forgery (Add Admin) (0)
05-17: