__–::: Deepquest :::–__ » Archives

rss feed

Archives

November 2019 (166)

11-13: Linear eMerge E3 1.00-06 Directory Traversal (0)
11-13: Linear eMerge E3 1.00-06 Cross Site Scripting (0)
11-13: Linear eMerge E3 1.00-06 Arbitrary File Upload Remote Root Code Execution (0)
11-13: Linear eMerge E3 1.00-06 card_scan.php Command Injection (0)
11-13: Linear eMerge E3 1.00-06 card_scan_decoder.php Command Injection (0)
11-13: Computrols CBAS-Web 19.0.0 Cross Site Scripting (0)
11-13: Optergy BMS 2.0.3a Remote Root (0)
11-13: Optergy BMS 2.0.3a Account Reset / Username Disclosure (0)
11-13: Linear eMerge E3 1.00-06 Privilege Escalation (0)
11-13: FUDForum 3.0.9 Code Execution / Cross Site Scripting (0)
11-13: Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name (0)
11-13: Nortek Linear eMerge E3 Access Control Cross Site Request Forgery (0)
11-13: Optergy Proton/Enterprise BMS 2.0.3a Cross Site Request Forgery (0)
11-13: Computrols CBAS-Web 19.0.0 Username Enumeration (0)
11-13: Nortek Linear eMerge E3 Access Controller 1.00-06 SSH/FTP Remote Root (0)
11-13: Optergy Proton/Enterprise BMS 2.3.0a Open Redirect (0)
11-13: Optergy 2.3.0a Remote Root (0)
11-13: FlexAir Access Control 2.3.38 Command Injection (0)
11-13: FlexAir Access Control 2.3.38 Remote Root (0)
11-13: Linear eMerge E3 Access Controller Command Injection (0)
11-13: Prima Access Control 2.3.35 Script Upload Remote Code Execution (0)
11-13: Prima Access Control 2.3.35 Cross Site Scripting (0)
11-13: Xorg X11 Server Local Privilege Escalation (0)
11-13: Pulse Secure VPN Arbitrary Command Execution (0)
11-13: Bludit Directory Traversal Image File Upload (0)
11-12: GCafe 3.0 Unquoted Service Path (0)
11-12: Alps HID Monitor Service 8.1.0.10 Unquoted Service Path (0)
11-12: PunBB 1.4.4 Database Disclosure (0)
11-12: XML Notepad 2.8.0.4 XML External Entity Injection (0)
11-12: iOS IOUSBDeviceFamily 12.4.1 Heap Corruption Proof Of Concept (0)
11-12: iMessage NSSharedKeyDictionary Decode Incorrect Address Read (0)
11-12: Adobe Acrobat Reader DC For Windows Malformed JBIG2Globals Stream Uninitialized Pointer (0)
11-12: Adobe Acrobat Reader DC For Windows Malformed OTF Font Uninitialized Pointer (0)
11-12: Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure (0)
11-12: Eset Mobile Security 5.2.18.0 Lock Bypass (0)
11-12: [local] Wondershare Application Framework Service 2.4.3.231 – 'WsAppService' Unquote Service Path (0)
11-12: [webapps] eMerge E3 1.00-06 – Unauthenticated Directory Traversal (0)
11-12: [local] Acronis True Image OEM 19.0.5128 – 'afcdpsrv' Unquoted Service Path (0)
11-12: [webapps] Computrols CBAS-Web 19.0.0 – 'username' Reflected Cross-Site Scripting (0)
11-12: [webapps] Prima FlexAir Access Control 2.3.38 – Remote Code Execution (0)
11-12: [webapps] Adrenalin Core HCM 5.4.0 – 'prntDDLCntrlName' Reflected Cross-Site Scripting (0)
11-12: [webapps] Adrenalin Core HCM 5.4.0 – 'strAction' Reflected Cross-Site Scripting (0)
11-12: [webapps] CBAS-Web 19.0.0 – 'id' Boolean-based Blind SQL Injection (0)
11-12: [webapps] Joomla 3.9.13 – 'Host' Header Injection (0)
11-12: [webapps] eMerge E3 1.00-06 – Privilege Escalation (0)
11-12: [webapps] eMerge E3 1.00-06 – Remote Code Execution (0)
11-12: [webapps] CBAS-Web 19.0.0 – Username Enumeration (0)
11-12: [remote] CBAS-Web 19.0.0 – Information Disclosure (0)
11-12: [webapps] CBAS-Web 19.0.0 – Cross-Site Request Forgery (Add Super Admin) (0)
11-12: [remote] eMerge E3 Access Controller 4.6.07 – Remote Code Execution (Metasploit) (0)
11-12: [webapps] CBAS-Web 19.0.0 – Remote Code Execution (0)
11-12: [webapps] eMerge50P 5000P 4.6.07 – Remote Code Execution (0)
11-12: [remote] eMerge E3 Access Controller 4.6.07 – Remote Code Execution (0)
11-12: [webapps] eMerge E3 1.00-06 – Arbitrary File Upload (0)
11-12: [webapps] eMerge E3 1.00-06 – 'layout' Reflected Cross-Site Scripting (0)
11-12: [webapps] eMerge E3 1.00-06 – Cross-Site Request Forgery (0)
11-12: [webapps] Atlassian Confluence 6.15.1 – Directory Traversal (0)
11-11: [dos] iOS IOUSBDeviceFamily 12.4.1 – 'IOInterruptEventSource' Heap Corruption (PoC) (0)
11-11: [local] _GCafé 3.0 – 'gbClienService' Unquoted Service Path (0)
11-11: [dos] Adobe Acrobat Reader DC for Windows – Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table) (0)
11-11: [dos] Adobe Acrobat Reader DC for Windows – Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream (0)
11-11: [dos] iMessage – Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address (0)
11-11: [local] XML Notepad 2.8.0.4 – XML External Entity Injection (0)
11-11: [local] Alps HID Monitor Service 8.1.0.10 – 'ApHidMonitorService' Unquote Service Path (0)
11-09: Jenkins Build-Metrics 1.3 Cross Site Scripting (0)
11-09: SolarWinds Kiwi Syslog Server 8.3.52 Unquoted Service Path (0)
11-09: Adive Framework 2.0.7 Privilege Escalation (0)
11-09: Nextcloud 17 Cross Site Request Forgery (0)
11-09: Chrome Site Isolation Bypass / File Disclosure (0)
11-08: Adaware Web Companion 4.8.2078.3950 Unquoted Service Path (0)
11-08: WebKit NodeRareData::m_connectedFrameCount Integer Overflow / UXSS / Type Confusion (0)
11-08: Adobe ColdFusion RDS Authentication Bypass (0)
11-08: rConfig 3.9.2 Command Injection (0)
11-08: Android Janus APK Signature Bypass (0)
11-08: Net-SNMPd Write Access SNMP-EXTEND-MIB Arbitrary Code Execution (0)
11-08: http://nueaklong.go.th/kurd.html (0)
11-08: http://www.pattaya.chonburi.police.go.th/README.txt (0)
11-08: [webapps] Nextcloud 17 – Cross-Site Request Forgery (0)
11-08: [remote] rConfig – install Command Execution (Metasploit) (0)
11-08: [local] Android Janus – APK Signature Bypass (Metasploit) (0)
11-08: [webapps] Adive Framework 2.0.7 – Privilege Escalation (0)
11-08: [local] SolarWinds Kiwi Syslog Server 8.3.52 – 'Kiwi Syslog Server' Unquoted Service Path (0)
11-08: [webapps] Jenkins build-metrics plugin 1.3 – 'label' Cross-Site Scripting (0)
11-07: http://moonbon.rid.go.th (0)
11-07: http://lumchae-omp.rid.go.th (0)
11-07: Wacom WTabletService 6.6.7-3 Unquoted Service Path (0)
11-07: QNAP NetBak Replicator 4.5.6.0607 Unquoted Service Path (0)
11-07: Parallels Plesk Panel 9.5 Cross Site Scripting (0)
11-07: Smartwares HOME Easy 1.0.9 Authentication Bypass (0)
11-07: Smartwares HOME Easy 1.0.9 Database Backup Information Disclosure (0)
11-07: [local] Adaware Web Companion version 4.8.2078.3950 – 'WCAssistantService' Unquoted Service Path (0)
11-06: thejshen Globitek CMS 1.4 SQL Injection (0)
11-06: Blue Stacks App Player 2.4.44.62.57 Unquoted Service Path (0)
11-06: Network Inventory Advisor 5.0.26.0 Unquoted Service Path (0)
11-06: File Optimizer 14.00.2524 Denial Of Service (0)
11-06: rimbalinux AhadPOS 1.11 SQL Injection (0)
11-06: thrsrossi Millhouse-Project 1.414 Cross Site Scripting (0)
11-06: JSC Argument Object Reconstruction Type Confusion (0)
11-06: SD.NET RIM 4.7.3c SQL Injection (0)
11-06: WebKit JSObject::putInlineSlow / JSValue::putToPrimitive Universal XSS (0)
11-06: XNU Missing Locking Race Condition (0)
11-06: html5_snmp 1.11 Cross Site Scripting (0)
11-06: html5_snmp 1.11 SQL Injection (0)
11-06: [webapps] Smartwares HOME easy 1.0.9 – Database Backup Information Disclosure (0)
11-06: [webapps] Smartwares HOME easy 1.0.9 – Client-Side Authentication Bypass (0)
11-06: [local] QNAP NetBak Replicator 4.5.6.0607 – 'QVssService' Unquoted Service Path (0)
11-06: [local] Wacom WTabletService 6.6.7-3 – 'WTabletServicePro' Unquoted Service Path (0)
11-05: Microsoft Office365 Integrity Validation / Remote Code Execution (0)
11-05: Launch Manager 6.1.7600.16385 Unquoted Service Path (0)
11-05: Ayukov NFTP 1.71 Buffer Overflow (0)
11-05: Microsoft Office365 Protection Bypass / Remote Code Execution (0)
11-05: ilchCMS 2.1.23 Cross Site Scripting (0)
11-05: BlueKeep Attacks Have Arrived, Are Initially Underwhelming (0)
11-05: Apple macOS 10.15.1 Denial Of Service (0)
11-05: Apple Security Advisory 2019-11-01-1 (0)
11-05: [local] Blue Stacks App Player 2.4.44.62.57 – "BstHdLogRotatorSvc" Unquote Service Path (0)
11-05: [dos] macOS XNU – Missing Locking in checkdirs_callback() Enables Race with fchdir_common() (0)
11-05: [dos] WebKit – Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive (0)
11-05: [webapps] thrsrossi Millhouse-Project 1.414 – 'content' Persistent Cross-Site Scripting (0)
11-05: [webapps] thejshen Globitek CMS 1.4 – 'id' SQL Injection (0)
11-05: [local] Network Inventory Advisor 5.0.26.0 – 'niaservice' Unquoted Service Path (0)
11-05: [dos] JavaScriptCore – Type Confusion During Bailout when Reconstructing Arguments Objects (0)
11-05: [webapps] SD.NET RIM 4.7.3c – 'idtyp' SQL Injection (0)
11-05: [webapps] html5_snmp 1.11 – 'Router_ID' SQL Injection (0)
11-05: [dos] FileOptimizer 14.00.2524 – Denial of Service (PoC) (0)
11-05: [webapps] html5_snmp 1.11 – 'Remark' Persistent Cross-Site Scripting (0)
11-05: [webapps] rimbalinux AhadPOS 1.11 – 'alamatCustomer' SQL Injection (0)
11-04: http://thamyaicity.go.th (0)
11-04: [local] Micro Focus (HPE) Data Protector – SUID Privilege Escalation (Metasploit) (0)
11-04: [dos] Apple macOS 10.15.1 – Denial of Service (PoC) (0)
11-04: [local] Launch Manager 6.1.7600.16385 – 'DsiWMIService' Unquoted Service Path (0)
11-04: [remote] Ayukov NFTP client 1.71 – 'SYST' Buffer Overflow (0)
11-04: [local] OpenVPN Connect 3.0.0.272 – 'agent_ovpnconnect' Unquoted Service Path (0)
11-04: [local] Aida64 6.10.5200 – Buffer Overflow (SEH) (0)
11-02: Carel pCOWeb HVAC Modbus Interface Authentication Bypass (0)
11-02: Carel pCOWeb HVAC Insecure Credential Storage (0)
11-02: Scripteen Image Upload Shell Upload (0)
11-02: Mr Blog PHP Cross Site Scripting / SQL Injection (0)
11-02: TheJshen contentManagementSystem 1.04 SQL Injection (0)
11-02: OpenVPN Private Tunnel 2.8.4 Unquoted Service Path (0)
11-02: ownCloud 10.3.0 Stable Cross Site Request Forgery (0)
11-02: Apache Solr 8.2.0 Remote Code Execution (0)
11-02: eIDAS-Node 2.3 Authentication Bypass (0)
11-02: Packet Storm New Exploits For October, 2019 (0)
11-02: Micro Focus (HPE) Data Protector SUID Privilege Escalation (0)
11-02: On Halloween Night, Google Discloses Chrome Zero-Day Exploited In The Wild (0)
11-02: Apple Security Advisory 2019-10-29-7 (0)
11-02: Apple Security Advisory 2019-10-29-1 (0)
11-02: Apple Security Advisory 2019-10-29-5 (0)
11-02: Apple Security Advisory 2019-10-29-9 (0)
11-02: Apple Security Advisory 2019-10-29-6 (0)
11-02: Apple Security Advisory 2019-10-29-8 (0)
11-02: Apple Security Advisory 2019-10-29-4 (0)
11-02: Apple Security Advisory 2019-10-29-10 (0)
11-02: Apple Security Advisory 2019-10-29-2 (0)
11-02: Apple Security Advisory 2019-10-29-11 (0)
11-02: Apple Security Advisory 2019-10-29-3 (0)
11-01: MikroTik RouterOS 6.45.6 DNS Cache Poisoning (0)
11-01: WMV To AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow (0)
11-01: WordPress Google Review Slider 6.1 SQL Injection (0)
11-01: Nostromo 1.9.6 Directory Traversal / Remote Command Execution (0)
11-01: [remote] Nostromo – Directory Traversal Remote Command Execution (Metasploit) (0)
11-01: [webapps] ownCloud 10.3.0 stable – Cross-Site Request Forgery (0)
11-01: [local] OpenVPN Private Tunnel 2.8.4 – 'ovpnagent' Unquoted Service Path (0)
11-01: [webapps] TheJshen contentManagementSystem 1.04 – 'id' SQL Injection (0)
11-01: [webapps] Apache Solr 8.2.0 – Remote Code Execution (0)

October 2019 (342)

10-31: Ajenti 2.1.31 Remote Code Execution (0)
10-31: WMV To AVI MPEG DVD WMV Converter 4.6.1217 Denial Of Service (0)
10-31: Citrix StoreFront Server 7.15 XML Injection (0)
10-31: JavaScriptCore GetterSetter Type Confusion (0)
10-31: iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure (0)
10-31: Facebook Sues NSO Group Over WhatsApp Zero Day (0)
10-31: [local] WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Buffer OverFlow (SEH) (0)
10-31: [webapps] Wordpress Plugin Google Review Slider 6.1 – 'tid' SQL Injection (0)
10-31: [remote] MikroTik RouterOS 6.45.6 – DNS Cache Poisoning (0)
10-30: Intelligent Security System SecurOS Enterprise 10.2 Unquoted Service Path (0)
10-30: Win10 MailCarrier 2.51 Buffer Overflow (0)
10-30: rConfig 3.9.2 Remote Code Execution (0)
10-30: Microsoft Windows Server 2012 Group Policy Remote Code Execution (0)
10-30: Microsoft Windows Server 2012 Group Policy Security Feature Bypass (0)
10-30: WordPress 5.2.4 Cross Origin Resource Sharing (0)
10-30: Craft CMS Rate Limiting / Brute Force (0)
10-30: [dos] JavaScriptCore – GetterSetter Type Confusion During DFG Compilation (0)
10-30: [dos] WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Denial of Service (0)
10-30: [webapps] iSeeQ Hybrid DVR WH-H4 2.0.0.P – (get_jpeg) Stream Disclosure (0)
10-30: [webapps] Citrix StoreFront Server 7.15 – XML External Entity Injection (0)
10-30: [webapps] Ajenti 2.1.31 – Remote Code Exection (Metasploit) (0)
10-29: ham3d 1.1 Information Disclosure / Default Credentials (0)
10-29: ClonOs WEB UI 19.09 Improper Access Control (0)
10-29: Sahi Pro 8.x Cross Site Scripting (0)
10-29: CWP 0.9.8.885 Cross Site Scripting (0)
10-29: Part-DB 0.4 Authentication Bypass (0)
10-29: JumpStart 0.6.0.0 Unquoted Service Path (0)
10-29: Intelbras Router WRN150 1.0.18 Cross Site Request Forgery (0)
10-29: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 SQL Injection (0)
10-29: delpino73 Blue-Smiley-Organizer 1.32 SQL Injection (0)
10-29: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 Cross Site Scripting (0)
10-29: ChaosPro 2.0 Buffer Overflow (0)
10-29: Infosysta Jira 1.6.13_J8 Push Notification Authentication Bypass (0)
10-29: Infosysta Jira 1.6.13_J8 Project List Authentication Bypass (0)
10-29: Infosysta Jira 1.6.13_J8 User Name Disclosure (0)
10-29: WebKit HTMLFrameElementBase::isURLAllowed Universal Cross Site Scripting (0)
10-29: Microsoft Windows Insecure CSharedStream Object Privilege Escalation (0)
10-29: [remote] Win10 MailCarrier 2.51 – 'POP3 User' Remote Buffer Overflow (0)
10-29: [remote] Microsoft Windows Server 2012 – 'Group Policy' Security Feature Bypass (0)
10-29: [remote] Microsoft Windows Server 2012 – 'Group Policy' Remote Code Execution (0)
10-29: [webapps] Wordpress 5.2.4 – Cross-Origin Resource Sharing (0)
10-29: [local] Intelligent Security System SecurOS Enterprise 10.2 – 'SecurosCtrlService' Unquoted Service Path (0)
10-29: [webapps] rConfig 3.9.2 – Remote Code Execution (0)
10-28: [dos] WebKit – Universal XSS in HTMLFrameElementBase::isURLAllowed (0)
10-28: [local] ChaosPro 2.0 – Buffer Overflow (SEH) (0)
10-28: [webapps] delpino73 Blue-Smiley-Organizer 1.32 – 'datetime' SQL Injection (0)
10-28: [local] JumpStart 0.6.0.0 – 'jswpbapi' Unquoted Service Path (0)
10-28: [webapps] waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 – 'description' Cross-Site Scripting (0)
10-28: [webapps] waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 – 'start' SQL Injection (0)
10-28: [webapps] Part-DB 0.4 – Authentication Bypass (0)
10-28: [webapps] Intelbras Router WRN150 1.0.18 – Cross-Site Request Forgery (0)
10-25: PHP-FPM Remote Code Execution (0)
10-25: AUO SunVeillance Monitoring System 1.1.9e Incorrect Access Control (0)
10-25: AUO SunVeillance Monitoring System 1.1.9e SQL Injection (0)
10-25: [webapps] ClonOs WEB UI 19.09 – Improper Access Control (0)
10-24: Moxa EDR-810 Command Injection / Information Disclosure (0)
10-24: Rocket.Chat 2.1.0 Cross Site Scripting (0)
10-24: IObit Uninstaller 9.1.0.8 IObitUnSvr Unquoted Service Path (0)
10-24: WordPress Sliced Invoices 3.8.2 Cross Site Scripting (0)
10-24: WordPress Sliced Invoices 3.8.2 SQL Injection (0)
10-24: Linux Polkit pkexec Helper PTRACE_TRACEME Local Root (0)
10-24: Solaris xscreensaver Privilege Escalation (0)
10-24: Rusty Joomla Unauthenticated Remote Code Execution (0)
10-24: [webapps] AUO SunVeillance Monitoring System 1.1.9e – 'MailAdd' SQL Injection (0)
10-24: [webapps] AUO SunVeillance Monitoring System 1.1.9e – Incorrect Access Control (0)
10-24: [webapps] Wordpress Sliced Invoices 3.8.2 – 'post' SQL Injection (0)
10-24: [local] Linux Polkit – pkexec helper PTRACE_TRACEME local root (Metasploit) (0)
10-23: Xorg X11 Server SUID modulepath Privilege Escalation (0)
10-23: [webapps] Joomla! 3.4.6 – Remote Code Execution (Metasploit) (0)
10-23: [local] IObit Uninstaller 9.1.0.8 – 'IObitUnSvr' Unquoted Service Path (0)
10-23: [webapps] Rocket.Chat 2.1.0 – Cross-Site Scripting (0)
10-22: https://ic.nbtc.go.th/xampp/lang.tmp (0)
10-22: Total.js CMS 12 Widget JavaScript Code Injection (0)
10-22: [remote] Total.js CMS 12 – Widget JavaScript Code Injection (Metasploit) (0)
10-21: https://nonghuafancity.go.th/o.htm (0)
10-21: http://www.pamat.go.th/o.htm (0)
10-21: Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 Remote Code Execution (0)
10-21: [local] Solaris 11.4 – xscreensaver Privilege Escalation (0)
10-21: [dos] winrar 5.80 64bit – Denial of Service (0)
10-21: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow due to Malformed JP2 Stream (2) (0)
10-21: [local] Trend Micro Anti-Threat Toolkit 1.62.0.1218 – Remote Code Execution (0)
10-21: [local] winrar 5.80 – XML External Entity Injection (0)
10-20: Android Binder Use-After-Free (0)
10-20: WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF (0)
10-20: Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation (0)
10-20: Sangoma SBC 2.3.23-119-GA Authentication Bypass (0)
10-18: BlackMoon FTP Server 3.1.2.1731 BMFTP-RELEASE Unquoted Service Path (0)
10-18: Web Companion 5.1.1035.1047 WCAssistantService Unquoted Service Path (0)
10-18: WorkgroupMail 7.5.1 WorkgroupMail Unquoted Service Path (0)
10-18: WordPress FooGallery 1.8.12 Cross Site Scripting (0)
10-18: WordPress Soliloquy Lite 2.5.6 Cross Site Scripting (0)
10-18: VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass (0)
10-18: WordPress Popup Builder 3.49 Cross Site Scripting (0)
10-18: ThinVNC 1.0b1 Authentication Bypass (0)
10-18: VIM 8.1.2135 Use-After-Free (0)
10-18: Restaurant Management System 1.0 Shell Upload (0)
10-18: http://civec.vec.go.th/index.html (0)
10-18: http://dvec.vec.go.th/index.html (0)
10-18: http://gfmis.vec.go.th/index.html (0)
10-18: http://hr.vec.go.th/index.html (0)
10-18: http://iau.vec.go.th/index.html (0)
10-18: http://ipa.vec.go.th/index.html (0)
10-18: http://ivec.vec.go.th/index.html (0)
10-18: http://new.vec.go.th/index.html (0)
10-18: http://nited.vec.go.th/index.html (0)
10-18: http://pdo.vec.go.th/index.html (0)
10-18: http://psdg.vec.go.th/index.html (0)
10-18: http://sbd.vec.go.th/index.html (0)
10-18: http://techno.vec.go.th/index.html (0)
10-18: http://vecrspg.vec.go.th/index.html (0)
10-18: http://vecp.vec.go.th/index.html (0)
10-18: http://ver.vec.go.th/index.html (0)
10-18: http://www2.vec.go.th/index.html (0)
10-18: [webapps] Joomla! 3.4.6 – Remote Code Execution (0)
10-17: Zilab Remote Console Server 3.2.9 zrcs Unquoted Service Path (0)
10-17: Lavasoft 2.3.4.7 LavasoftTcpService Unquoted Service Path (0)
10-17: Whatsapp 2.19.216 Remote Code Execution (0)
10-17: X.Org X Server 1.20.4 Local Stack Overflow (0)
10-17: CyberArk Password Vault 10.6 Authentication Bypass (0)
10-17: Tomedo Server 1.7.3 Information Disclosure / Weak Cryptography (0)
10-17: Mikogo 5.2.2.150317 Mikogo-Service Unquoted Service Path (0)
10-17: WordPress Broken Link Checker 1.11.8 Cross Site Scripting (0)
10-17: Solaris 11.4 xscreensaver Privilege Escalation (0)
10-17: LiteManager 4.5.0 romservice Unquoted Service Path (0)
10-17: Accounts Accounting 7.02 Cross Site Scripting (0)
10-17: Adobe Acrobat Reader DC For Windows JP2 Stream Buffer Overflow (0)
10-17: [local] WorkgroupMail 7.5.1 – 'WorkgroupMail' Unquoted Service Path (0)
10-17: [webapps] Wordpress FooGallery 1.8.12 – Persistent Cross-Site Scripting (0)
10-17: [webapps] Wordpress Soliloquy Lite 2.5.6 – Persistent Cross-Site Scripting (0)
10-17: [local] Web Companion versions 5.1.1035.1047 – 'WCAssistantService' Unquoted Service Path (0)
10-17: [local] BlackMoon FTP Server 3.1.2.1731 – 'BMFTP-RELEASE' Unquoted Serive Path (0)
10-17: [webapps] Restaurant Management System 1.0 – Remote Code Execution (0)
10-17: [remote] ThinVNC 1.0b1 – Authentication Bypass (0)
10-17: [webapps] Wordpress Popup Builder 3.49 – Persistent Cross-Site Scripting (0)
10-16: https://numbering.nbtc.go.th/security/lang.tmp (0)
10-16: ActiveFax Server 6.92 Build 0316 ActiveFaxServiceNT Unquoted Service Path (0)
10-16: sudo 1.8.28 Security Bypass (0)
10-16: Bolt CMS 3.6.10 Cross Site Request Forgery (0)
10-16: http://wangyai.sec40.go.th (0)
10-16: http://web.namnaohospital.go.th (0)
10-16: [remote] Whatsapp 2.19.216 – Remote Code Execution (0)
10-16: [local] Mikogo 5.2.2.150317 – 'Mikogo-Service' Unquoted Serive Path (0)
10-16: [local] Solaris xscreensaver 11.4 – Privilege Escalation (0)
10-16: [local] LiteManager 4.5.0 – 'romservice' Unquoted Serive Path (0)
10-16: [local] Zilab Remote Console Server 3.2.9 – 'zrcs' Unquoted Service Path (0)
10-16: [local] X.Org X Server 1.20.4 – Local Stack Overflow (0)
10-16: [local] Lavasoft 2.3.4.7 – 'LavasoftTcpService' Unquoted Service Path (0)
10-16: [webapps] Accounts Accounting 7.02 – Persistent Cross-Site Scripting (0)
10-16: [webapps] CyberArk Password Vault 10.6 – Authentication Bypass (0)
10-15: Joomla SwPhotoGallery 1.5.26 SQL Injection (0)
10-15: Joomla Cactus 1.2.0 SQL Injection (0)
10-15: Joomla Mad4Joomla 1.1.x SQL Injection (0)
10-15: Joomla Google Maps 1.0.4 SQL Injection (0)
10-15: Joomla MisterEstate 1.5.26 SQL Injection (0)
10-15: Joomla MediaLibrary 1.5.26 SQL Injection (0)
10-15: Joomla Vemod News Mailer 1.0 SQL Injection (0)
10-15: Joomla Sumoku 3.9.8 SQL Injection (0)
10-15: Uplay 92.0.0.6280 Local Privilege Escalation (0)
10-15: SpotAuditor 5.3.1.0 Denial Of Service (0)
10-15: Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls (0)
10-15: ActiveFax Server 6.92 Build 0316 Denial Of Service (0)
10-15: Express Invoice 7.12 Cross Site Scripting (0)
10-15: Kirona-DRS 5.5.3.5 Information Disclosure (0)
10-15: ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution (0)
10-15: OpenProject 10.0.1 / 9.0.3 Cross Site Scripting (0)
10-15: Podman / Varlink Remote Code Execution (0)
10-15: [local] ActiveFax Server 6.92 Build 0316 – 'ActiveFaxServiceNT' Unquoted Service Path (0)
10-15: [remote] Podman & Varlink 1.5.1 – Remote Code Execution (0)
10-15: [local] sudo 1.2.27 – Security Bypass (0)
10-15: [webapps] Bolt CMS 3.6.10 – Cross-Site Request Forgery (0)
10-14: http://mproject.rid.go.th/mainwp/wp-snapshots/index.php (0)
10-14: http://rio15.rid.go.th/engineering/configuration.php (0)
10-14: http://telecom.rid.go.th/configuration.php (0)
10-14: http://hydrology.rid.go.th/hyd/README.txt (0)
10-14: Apple Security Advisory 2019-10-11-1 (0)
10-14: [webapps] Express Invoice 7.12 – 'Customer' Persistent Cross-Site Scripting (0)
10-14: [webapps] Kirona-DRS 5.5.3.5 – Information Disclosure (0)
10-14: [local] Uplay 92.0.0.6280 – Local Privilege Escalation (0)
10-14: [webapps] Ajenti 2.1.31 – Remote Code Execution (0)
10-14: [dos] ActiveFax Server 6.92 Build 0316 – 'POP3 Server' Denial of Service (0)
10-14: [dos] SpotAuditor 5.3.1.0 – Denial of Service (0)
10-12: http://srb1.go.th/c0d3.html (0)
10-12: MiniShare 1.4.1 CONNECT Remote Buffer Overflow (0)
10-12: WordPress Arforms 3.7.1 Directory Traversal (0)
10-12: Intelbras Router WRN150 1.0.18 Cross Site Scripting (0)
10-12: National Instruments Circuit Design Suite 14.0 Privilege Escalation (0)
10-12: Ajenti Remote Command Execution (0)
10-12: SugarCRM 9.0.1 Cross Site Scripting (0)
10-12: SugarCRM 9.0.1 SQL Injection (0)
10-12: SugarCRM 9.0.1 Broken Access Controls (0)
10-12: Visual Studio Code Remote Debugger Enabled (0)
10-12: SugarCRM 9.0.1 Path Traversal (0)
10-12: SugarCRM 9.0.1 PHP Code Injection (0)
10-12: SugarCRM 9.0.1 PHP Object Injection (0)
10-12: SugarCRM 9.0.1 Phar Deserialization (0)
10-12: Openfire 4.4.1 Cross Site Scripting (0)
10-12: http://live.cdd.go.th/love.txt (0)
10-11: TP-Link TL-WR1043ND 2 Authentication Bypass (0)
10-11: ASX To MP3 Converter 3.1.3.7 Stack Overflow (0)
10-11: SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery (0)
10-11: Microsoft Windows Kernel win32k.sys TTF Font Processing win32k!ulClearTypeFilter Pool Corruption (0)
10-11: Microsoft Windows Kernel nt!MiOffsetToProtos NULL Pointer Dereference (0)
10-11: Microsoft Windows Kernel CI!CipFixImageType Out-Of-Bounds Read (0)
10-11: Microsoft Windows Kernel nt!MiParseImageLoadConfig Out-Of-Bounds Read (0)
10-11: Microsoft Windows Kernel CI!HashKComputeFirstPageHash Out-Of-Bounds Read (0)
10-11: Microsoft Windows Kernel nt!MiRelocateImage Out-Of-Bounds Read (0)
10-11: [webapps] WordPress Arforms 3.7.1 – Directory Traversal (0)
10-11: [webapps] Intelbras Router WRN150 1.0.18 – Persistent Cross-Site Scripting (0)
10-11: [local] National Instruments Circuit Design Suite 14.0 – Local Privilege Escalation (0)
10-10: Ransomware Gang Uses iTunes Zero-Day (0)
10-10: DeviceViewer 3.12.0.1 Local Buffer Overflow (0)
10-10: Foscam Video Management System 1.1.6.6 Denial Of Service (0)
10-10: PBS Professional 19.2.3 Authentication Bypass (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File (0)
10-10: [webapps] SMA Solar Technology AG Sunny WebBox device – 1.6 – Cross-Site Request Forgery (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File (0)
10-10: [dos] Windows Kernel – Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File (0)
10-10: [dos] Windows Kernel – NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File (0)
10-10: [webapps] TP-Link TL-WR1043ND 2 – Authentication Bypass (0)
10-10: [dos] Windows Kernel – win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter (0)
10-10: [local] ASX to MP3 converter 3.1.3.7 – '.asx' Local Stack Overflow (Metasploit, DEP Bypass) (0)
10-09: http://www.chaophaka.go.th/activity/images/ (0)
10-09: http://www.huayyaijiw.go.th/activity/images/ (0)
10-09: http://kampang.go.th/activity/images/ (0)
10-09: http://www.wangthongnb.go.th/activity/images/ (0)
10-09: RENPHO 3.0.0 Information Disclosure (0)
10-09: Socomec DIRIS A-40 Password Disclosure (0)
10-09: WebKit FrameLoader::clear Same-Origin Policy Bypass (0)
10-09: File Sharing Wizard 1.5.0 POST SEH Overflow (0)
10-09: Apple Security Advisory 2019-10-07-1 (0)
10-09: Apple Security Advisory 2019-10-07-2 (0)
10-09: Apple Security Advisory 2019-10-07-3 (0)
10-09: Apple Security Advisory 2019-10-07-4 (0)
10-09: [dos] XNU – Remote Double-Free via Data Race in IPComp Input Path (0)
10-09: [local] DeviceViewer 3.12.0.1 – 'add user' Local Buffer Overflow (DEP Bypass) (0)
10-09: [dos] Foscam Video Management System 1.1.6.6 – 'UID' Denial of Service (PoC) (0)
10-08: Thailand Union Library Management 6.2 SQL Injection / XSS (0)
10-08: ASX To MP3 Converter 3.1.3.7 Local Stack Overflow (0)
10-08: CheckPoint Endpoint Security Client / ZoneAlarm Privilege Escalation (0)
10-08: Joomla 3.4.6 Remote Code Execution (0)
10-08: Logrotate 3.15.1 Privilege Escalation (0)
10-08: Subrion 4.2.1 Cross Site Scripting (0)
10-08: IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution (0)
10-08: IcedTeaWeb Validation Bypass / Directory Traversal / Code Execution (0)
10-08: Zabbix 4.2 Authentication Bypass (0)
10-08: Zabbix 4.4 Authentication Bypass (0)
10-08: freeFTP 1.0.8 Remote Buffer Overflow (0)
10-08: Tellion HN-2204AP Router Remote Configuration Disclosure (0)
10-08: vBulletin 5.5.4 SQL Injection (0)
10-08: vBulletin 5.5.4 Remote Code Execution (0)
10-08: XNU Data Race Remote Double-Free (0)
10-08: [webapps] Zabbix 4.4 – Authentication Bypass (0)
10-07: https://www.ditp.go.th (0)
10-07: [remote] freeFTP 1.0.8 – Remote Buffer Overflow (0)
10-07: [webapps] IBM Bigfix Platform 9.5.9.62 – Arbitrary File Upload (0)
10-07: [webapps] Subrion 4.2.1 – 'Email' Persistant Cross-Site Scripting (0)
10-07: [local] ASX to MP3 converter 3.1.3.7 – '.asx' Local Stack Overflow (DEP) (0)
10-07: [local] logrotten 3.15.1 – Privilege Escalation (0)
10-07: [webapps] Zabbix 4.2 – Authentication Bypass (0)
10-07: [webapps] Joomla 3.4.6 – 'configuration.php' Remote Code Execution (0)
10-07: [local] CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 – Privilege Escalation (0)
10-06: http://www.sisaketspecial.go.th/index.php (0)
10-06: ParantezTeknoloji Library Software 16.0519000 Open Redirection (0)
10-06: Devinim Library Software 19.0504000 Open Redirection (0)
10-06: File Sharing Wizard 1.5.0 DELETE SEH Buffer Overflow (0)
10-06: Microsoft Windows Silent Process Exit Persistence (0)
10-06: Signal Forced Call Acceptance (0)
10-06: GitLab Omnibus 12.2.1 Logrotate Privilege Escalation (0)
10-05: PHP 7.3 disable_functions Bypass (0)
10-05: LabCollector 5.423 SQL Injection (0)
10-05: Android Binder Driver Use-After-Free (0)
10-04: mintinstall 7.9.9 Code Execution (0)
10-04: Anchor CMS 0.12.3a Information Disclosure (0)
10-04: Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure (0)
10-04: Hisilicon Hi3518 HD Camera Remote Configuration Disclosure (0)
10-04: Researchers Say They Uncovered Uzbekistan Hacking Operations Due To Spectacularly Bad OPSEC (0)
10-04: [webapps] LabCollector 5.423 – SQL Injection (0)
10-03: ipwndfu Jailbreaking Tool (0)
10-03: Counter-Strike Global Offensive Code Execution / Denial Of Service (0)
10-03: Notepad++ Code Execution / Denial Of Service (0)
10-03: Detrix EDMS 1.2.3.1505 SQL Injection (0)
10-03: Tellion TE01-005H HomeHub Router Remote Configuration Disclosure (0)
10-03: vBulletin Zero Day KOs Comodo User Forums (0)
10-03: [webapps] PHP 7.0 < 7.3 – 'gc' Disable Functions Bypass (0)
10-03: [webapps] AnchorCMS < 0.12.3a – Information Disclosure (0)
10-03: [webapps] mintinstall 7.9.9 – Code Execution (0)
10-02: https://webdev.excise.go.th/007.html (0)
10-02: http://hrm.excise.go.th/007.html (0)
10-02: http://reo15.go.th/tmp/007.html (0)
10-02: https://qsds.go.th/monmai/007.html (0)
10-02: http://www.spm7.go.th/spm7/007.html (0)
10-02: Apple Security Advisory 2019-9-26-1 (0)
10-02: Apple Security Advisory 2019-9-26-2 (0)
10-02: Apple Security Advisory 2019-9-26-3 (0)
10-02: Apple Security Advisory 2019-9-26-4 (0)
10-02: Apple Security Advisory 2019-9-26-5 (0)
10-02: Apple Security Advisory 2019-9-26-6 (0)
10-02: Apple Security Advisory 2019-9-26-7 (0)
10-02: Apple Security Advisory 2019-9-26-9 (0)
10-02: Apple Security Advisory 2019-9-26-8 (0)
10-02: Apple Security Advisory 2019-9-27-1 (0)
10-02: Digitus DN-16048 Camera Remote Configuration Disclosure (0)
10-02: thesystem App 1.0 SQL Injection (0)
10-02: FOSCAM FI8608W Camera Remote Configuration Disclosure (0)
10-02: PHP 7.x disable_functions Bypass (0)
10-02: vBulletin 5.x Pre-Auth Remote Code Execution (0)
10-02: thesystem 1.0 Command Injection (0)
10-02: GFI Kerio Control 9.3.0 Cross Site Scripting (0)
10-02: Akaunting 1.3.17 Cross Site Scripting (0)
10-02: Duplicator Pro 1.3.14 Local Information Disclosure (0)
10-02: phpIPAM 1.4 SQL Injection (0)
10-02: thesystem 1.0 Cross Site Scripting (0)
10-02: GoAhead 2.5.0 Host Header Injection (0)
10-02: Realtek Managed Switch Controller (RTL83xx) Stack Overflow (0)
10-02: DameWare Remote Support 12.1.0.34 Buffer Overflow (0)
10-02: kic 2.4a Denial Of Service (0)
10-02: DotNetNuke Cross Site Scripting (0)
10-02: WebKit URI / Synchronous Page Loads Universal Cross Site Scripting (0)
10-02: WebKit WebCore::command Universal Cross Site Scripting (0)
10-02: WebKit WebCore::ReplacementFragment::ReplacementFragment User-Agent Shadow Root Leak (0)
10-02: WebKit Cached Pages Universal Cross Site Scripting (0)
10-02: DOUBLEPULSAR Payload Execution / Neutralization (0)
10-02: Rocket.Chat Cross Site Scripting (0)
10-02: Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation (0)
10-02: LG-ERICSSON LN202-003H HomeHub Router Remote Configuration Disclosure (0)
10-02: Packet Storm New Exploits For September, 2019 (0)
10-02: [remote] DOUBLEPULSAR – Payload Execution and Neutralization (Metasploit) (0)
10-02: [webapps] Detrix EDMS 1.2.3.1505 – SQL Injection (0)
10-01: https://buriram4.go.th//zx.htm (0)
10-01: http://odgo.buriram4.go.th/zx.htm (0)
10-01: http://eff.buriram4.go.th//zx.htm (0)
10-01: http://gda.buriram4.go.th//zx.htm (0)
10-01: http://gdabr4.buriram4.go.th//zx.htm (0)
10-01: http://primarydata.buriram4.go.th//zx.htm (0)
10-01: [dos] WebKit – Universal XSS Using Cached Pages (0)
10-01: [dos] kic 2.4a – Denial of Service (0)
10-01: [dos] WebKit – Universal XSS in WebCore::command (0)
10-01: [dos] WebKit – UXSS Using JavaScript: URI and Synchronous Page Loads (0)
10-01: [webapps] DotNetNuke < 9.4.0 – Cross-Site Scripting (0)
10-01: [local] DameWare Remote Support 12.1.0.34 – Buffer Overflow (SEH) (0)
10-01: [dos] WebKit – User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment (0)

September 2019 (250)

09-30: [remote] Cisco Small Business 220 Series – Multiple Vulnerabilities (0)
09-30: [webapps] thesystem 1.0 – Cross-Site Scripting (0)
09-30: [remote] GoAhead 2.5.0 – Host Header Injection (0)
09-30: [webapps] phpIPAM 1.4 – SQL Injection (0)
09-30: [webapps] TheSystem 1.0 – Command Injection (0)
09-30: [webapps] vBulletin 5.x – Remote Command Execution (Metasploit) (0)
09-28: https://www.sukhothai1.go.th/wS0.php (0)
09-28: http://www.banmaeka.go.th/007.html (0)
09-27: citecodecrashers Pic-A-Point 1.1 SQL Injection (0)
09-27: inoERP 4.15 SQL Injection (0)
09-27: all-in-one-seo-pack 3.2.7 Cross Site Scripting (0)
09-27: Duplicate-Post 3.2.3 Cross Site Scripting (0)
09-27: vBulletin 5.x 0-Day Pre-Auth Remote Command Execution (0)
09-27: eBrigade SQL Injection (0)
09-27: ACTi ACD-2100 Video Encoder Remote Command Execution (0)
09-27: ACTi ACM-5611 Video Camera Remote Command Execution (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting (0)
09-27: V-SOL GPON/EPON OLT Platform 2.03 Remote Privilege Escalation (0)
09-27: [webapps] WordPress Theme Zoner Real Estate – 4.1.1 Persistent Cross-Site Scripting (0)
09-27: [webapps] V-SOL GPON/EPON OLT Platform 2.03 – Remote Privilege Escalation (0)
09-27: [webapps] V-SOL GPON/EPON OLT Platform 2.03 – Cross-Site Request Forgery (0)
09-27: [webapps] V-SOL GPON/EPON OLT Platform 2.03 – Unauthenticated Configuration Download (0)
09-27: [webapps] thesystem App 1.0 – 'username' SQL Injection (0)
09-27: [webapps] thesystem App 1.0 – 'server_name' SQL Injection (0)
09-27: [webapps] thesystem App 1.0 – Persistent Cross-Site Scripting (0)
09-27: [webapps] InoERP 0.7.2 – Persistent Cross-Site Scripting (0)
09-27: [remote] Mobatek MobaXterm 12.1 – Buffer Overflow (SEH) (0)
09-26: Chamilo LMS 1.11.8 Shell Upload (0)
09-26: SpotIE Internet Explorer Password Recovery 2.9.5 Denial Of Service (0)
09-26: WP Server Log Viewer 1.0 Cross Site Scripting (0)
09-26: NPMJS gitlabhook 0.0.17 Remote Command Execution (0)
09-26: YzmCMS 5.3 Host Header Injection (0)
09-26: Chrome ~LevelDBIteratorImpl Use-After-Free (0)
09-26: Chrome IndexedDBConnection::Close Use-After-Free (0)
09-26: ACTi ACM-3100 Camera Remote Command Execution (0)
09-26: [webapps] Chamillo LMS 1.11.8 – Arbitrary File Upload (0)
09-26: [webapps] citecodecrashers Pic-A-Point 1.1 – 'Consignment' SQL Injection (0)
09-26: [webapps] inoERP 4.15 – 'download' SQL Injection (0)
09-26: [webapps] all-in-one-seo-pack 3.2.7 – Persistent Cross-Site Scripting (0)
09-26: [webapps] Duplicate-Post 3.2.3 – Persistent Cross-Site Scripting (0)
09-25: http://ses26.go.th (0)
09-25: DeviceViewer 3.12.0.1 Denial Of Service (0)
09-25: Easy File Sharing Web Server 7.2 SEH Buffer Overflow (0)
09-25: File Sharing Wizard 1.5.0 SEH Buffer Overflow (0)
09-25: pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection (0)
09-25: iMessage NSSharedKeyDictionary Decoding Out Of Bounds Read (0)
09-25: Microsoft SharePoint 2013 SP1 Cross Site Scripting (0)
09-25: ABRT sosreport Privilege Escalation (0)
09-25: vBulletin 5.x Pre-Auth Remote Code Execution (0)
09-25: [dos] SpotIE Internet Explorer Password Recovery 2.9.5 – 'Key' Denial of Service (0)
09-25: [webapps] Microsoft SharePoint 2013 SP1 – 'DestinationFolder' Persistant Cross-Site Scripting (0)
09-24: http://www.muang-bua.go.th/html/ (0)
09-24: Gila CMS Local File Inclusion (0)
09-24: HPE Intelligent Management Center Information Disclosure (0)
09-24: Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution (0)
09-24: BlueKeep RDP Remote Windows Kernel Use-After-Free (0)
09-24: How Google Changed The Secretive Market For The Most Dangerous Hacks In The World (0)
09-24: http://smss.chaiyaphum3.go.th/web62/susu.html (0)
09-24: http://www.ksn1.go.th/susu.html (0)
09-24: [dos] iMessage – Decoding NSSharedKeyDictionary Can Read Object Out of Bounds (0)
09-24: [webapps] Pfsense 2.3.4 / 2.4.4-p3 – Remote Code Injection (0)
09-24: [remote] File Sharing Wizard 1.5.0 – POST SEH Overflow (0)
09-24: [local] Easy File Sharing Web Server 7.2 – 'New User' Local SEH Overflow (0)
09-24: [dos] Microsoft Windows cryptoapi – SymCrypt Modular Inverse Algorithm Denial of Service (0)
09-24: [dos] DeviceViewer 3.12.0.1 – 'creating user' Denial of Service (0)
09-23: http://sec40.go.th/counter.txt (0)
09-23: [remote] Hisilicon HiIpcam V100R003 Remote ADSL – Credentials Disclosure (0)
09-22: Palo Alto Networks Cross Site Request Forgery (0)
09-22: Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload (0)
09-21: http://www.atsc.doae.go.th (0)
09-21: http://sirattana.sisaket.doae.go.th (0)
09-21: http://phusing.sisaket.doae.go.th (0)
09-21: http://huaithapthan.sisaket.doae.go.th (0)
09-21: http://sukhothai2.go.th/007.html (0)
09-21: DIGIT CENTRIS 4 ERP SQL Injection (0)
09-21: GOautodial 4.0 Cross Site Scripting (0)
09-21: LayerBB 1.1.3 Cross Site Request Forgery (0)
09-21: Hisilicon HiIpcam V100R003 Remote ADSL Credential Disclosure (0)
09-20: macOS 18.7.0 Kernel Local Privilege Escalation (0)
09-20: Western Digital My Book World II NAS 1.02.12 Hardcoded Credential (0)
09-20: [webapps] LayerBB < 1.1.4 – Cross-Site Request Forgery (0)
09-19: Oracle Mojarra JSF / Eclipse Mojarra JSF 2.2 / 2.3 Cross Site Scripting (0)
09-19: Hospital-Management 1.26 SQL Injection (0)
09-19: [webapps] GOautodial 4.0 – 'CreateEvent' Persistent Cross-Site Scripting (0)
09-19: [webapps] Western Digital My Book World II NAS 1.02.12 – Authentication Bypass / Command Execution (0)
09-18: http://www.elum.go.th/jp.htm (0)
09-18: http://amnatpao.go.th (0)
09-18: http://keelek-phatumrat.go.th (0)
09-18: V8 Map Migration Type Confusion (0)
09-18: Microsoft Windows Internet Settings Security Feature Bypass (0)
09-18: Google Chrome Password Disclosure (0)
09-18: [webapps] Hospital-Management 1.26 – 'fname' SQL Injection (0)
09-17: http://immchonburi.go.th/main (0)
09-17: https://www.kpp2.go.th/index.php (0)
09-17: http://ntwo.moph.go.th (0)
09-17: http://kpi.ntwo.moph.go.th (0)
09-17: http://pns.ntwo.moph.go.th (0)
09-17: http://healthws.ntwo.moph.go.th (0)
09-17: Ticket-Booking 1.4 Authentication Bypass (0)
09-17: College-Management-System 1.2 Authentication Bypass (0)
09-17: Webmin 1.920 Remote Code Execution (0)
09-17: AppXSvc 17763.1.amd64fre.rs5_release.180914-1434 Privilege Escalation (0)
09-17: docPrint Pro 8.0 SEH Buffer Overflow (0)
09-17: Inteno IOPSYS Gateway 3DES Key Extraction Improper Access (0)
09-17: LastPass Credential Leak From Previous Site (0)
09-16: [webapps] Symantec Advanced Secure Gateway (ASG) / ProxySG – Unrestricted File Upload (0)
09-16: [local] AppXSvc – Privilege Escalation (0)
09-16: [remote] Inteno IOPSYS Gateway – Improper Access Restrictions (0)
09-14: FTPShell Client 6.74 Buffer Overflow (0)
09-14: Folder Lock 7.7.9 Denial Of Service (0)
09-14: Dolibarr ERP-CRM 10.0.1 Cross Site Scripting (0)
09-14: phpMyAdmin 4.9.0.1 Cross Site Request Forgery (0)
09-14: Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting (0)
09-14: [webapps] College-Management-System 1.2 – Authentication Bypass (0)
09-14: [webapps] Ticket-Booking 1.4 – Authentication Bypass (0)
09-13: Opencart 2.3.0.2 Pre-Auth Remote Command Execution (0)
09-13: Generic Zip Slip Traversal (0)
09-13: LimeSurvey 3.17.13 Cross Site Scripting (0)
09-13: [webapps] LimeSurvey 3.17.13 – Cross-Site Scripting (0)
09-13: [webapps] phpMyAdmin 4.9.0.1 – Cross-Site Request Forgery (0)
09-13: [webapps] Dolibarr ERP-CRM 10.0.1 – 'User-Agent' Cross-Site Scripting (0)
09-13: [dos] Folder Lock 7.7.9 – Denial of Service (0)
09-12: http://smss.ksn1.go.th/susu.html (0)
09-12: http://amss.ksn1.go.th/susu.html (0)
09-12: WordPress Photo Gallery 1.5.34 SQL Injection (0)
09-12: WordPress Photo Gallery 1.5.34 Cross Site Scripting (0)
09-12: WordPress Checklist 1.1.5 Cross Site Scripting (0)
09-12: AVCON6 Systems Management Platform Remote Root (0)
09-12: WordPress SlickQuiz 1.3.7.1 Cross Site Scripting (0)
09-12: WordPress SlickQuiz 1.3.7.1 SQL Injection (0)
09-12: OpenEdx Ironwood.1 Cross Site Scripting (0)
09-12: eWON Flexy 13.0 Authentication Bypass (0)
09-12: Microsoft DirectWrite SplicePixel Invalid Read (0)
09-12: Microsoft DirectWrite sfac_GetSbitBitmap Out-Of-Bounds Read (0)
09-12: [dos] Microsoft DirectWrite – Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts (0)
09-12: [dos] Microsoft DirectWrite – Invalid Read in SplicePixel While Processing OTF Fonts (0)
09-11: http://dws.fpo.go.th/support.htm (0)
09-11: WordPress Ellipsis Human Presence Technology 2.0.8 Cross Site Scripting (0)
09-11: Windows File Enumeration Intel Gathering Tool 2.1 (0)
09-11: Control Web Panel 0.9.8.851 Privilege Escalation (0)
09-11: Enigma NMS 65.0.0 Cross Site Request Forgery (0)
09-11: Dolibarr ERP-CRM 10.0.1 SQL Injection (0)
09-11: Enigma NMS 65.0.0 OS Command Injection (0)
09-11: WordPress Sell Downloads 1.0.86 Cross Site Scripting (0)
09-11: Dolibarr ERP-CRM 10.0.1 SQL Injection (0)
09-11: Dolibarr ERP-CRM 10.0.1 SQL Injection (0)
09-11: Enigma NMS 65.0.0 SQL Injection (0)
09-11: Dabman And Imperial Web Radio Devices Undocumented Telnet Backdoor (0)
09-11: WordPress Qwiz Online Quizzes And Flashcards 3.36 Cross Site Scripting (0)
09-11: Cisco Content Security Virtual Appliance M380 IronPort Remote Cross Site Host Modification (0)
09-11: Tibco JasperSoft Path Traversal (0)
09-11: Core FTP LE Version 2.2 Build 1935 Buffer Overflow (0)
09-11: Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure (0)
09-11: [webapps] AVCON6 systems management platform – OGNL Remote Command Execution (0)
09-10: Researchers Expose Another Instance Of Chrome Patch Gapping (0)
09-10: Apple, Angry At Google, Hits Back At Hack Claims (0)
09-10: [local] Windows 10 – UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) (0)
09-10: [remote] October CMS – Upload Protection Bypass Code Execution (Metasploit) (0)
09-10: [remote] LibreNMS – Collectd Command Injection (Metasploit) (0)
09-10: [webapps] WordPress Plugin Photo Gallery 1.5.34 – Cross-Site Scripting (2) (0)
09-10: [webapps] WordPress Plugin Photo Gallery 1.5.34 – SQL Injection (0)
09-10: [webapps] WordPress Plugin Photo Gallery 1.5.34 – Cross-Site Scripting (0)
09-10: [local] Windows 10 – UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) (0)
09-09: Dabman & Imperial (i&d) – Multiple Vulnerabilities (0)
09-09: Dabman & Imperial (i&d) – Undocumented Telnet Backdoor (0)
09-09: [webapps] WordPress 5.2.3 – Cross-Site Host Modification (0)
09-09: [webapps] Dolibarr ERP-CRM 10.0.1 – 'elemid' SQL Injection (0)
09-08: October CMS Upload Protection Bypass Code Execution (0)
09-08: LibreNMS Collectd Command Injection (0)
09-07: WordPress Ecpay Logistics For WooCommerce 1.2.181030 Cross Site Scripting (0)
09-07: Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) And Registry (0)
09-07: Pulse Secure 8.1R15.1 / 8.2 / 8.3 / 9.0 SSL VPN Remote Code Execution (0)
09-07: FusionPBX 4.4.8 Remote Code Execution (0)
09-07: Microsoft Windows NTFS Privileged File Access Enumeration (0)
09-07: Facebook Messenger Denial Of Service (0)
09-07: WordPress 5.2.3 Remote Cross Site Host Modification (0)
09-07: Microsoft Windows 10 UAC Protection Bypass Via Windows Store (0)
09-06: Zero-Day Privilege Escalation Disclosed For Android (0)
09-06: Cisco Device Hardcoded Credentials / GNU glibc / BusyBox (0)
09-06: AwindInc SNMP Service Command Injection (0)
09-06: WordPress API Bearer Auth 20181229 Cross Site Scripting (0)
09-06: [remote] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Remote Code Execution (0)
09-05: FileThingie 2.5.7 Remote Shell Upload (0)
09-05: Totaljs CMS 12.0 Path Traversal (0)
09-05: Totaljs CMS 12.0 Insecure Admin Session Cookie (0)
09-05: WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting (0)
09-05: Totaljs CMS 12.0 Widget Creation Code Injection (0)
09-05: Totaljs CMS 12.0 Improper Access Control (0)
09-05: One Identity Defender 5.9.3 Insecure Cryptographic Storage (0)
09-05: WordPress Download Manager 2.9.93 Cross Site Scripting (0)
09-05: DASAN Zhone ZNID GPON 2426A EU Cross Site Scripting (0)
09-05: Cisco Content Security Management Virtual Appliance M600V IronPort Header Injection (0)
09-05: Cisco Email Security Virtual Appliance C300V IronPort Header Injection (0)
09-05: Cisco Email Security Virtual Appliance C380 IronPort Header Injection (0)
09-05: WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting (0)
09-05: [remote] AwindInc SNMP Service – Command Injection (Metasploit) (0)
09-04: http://haisokbr.go.th/zx.htm (0)
09-04: Cisco M1070 Content Security Management Appliance IronPort Header Injection (0)
09-04: Cisco C170 Email Security Appliance 10.0.3-003 IronPort Header Injection (0)
09-04: Cisco Email Security Virtual Appliance C100V IronPort Header Injection (0)
09-04: Cisco C690 Email Security Appliance 11.0.2-044 IronPort Header Injection (0)
09-04: Cisco Email Security Virtual Appliance C600V IronPort Header Injection (0)
09-04: Cisco Email Security Virtual Appliance C370 IronPort Header Injection (0)
09-04: Cisco IronPort C350 Header Injection (0)
09-04: Microsoft Outlook Web Access 14.3.224.2 Header Injection (0)
09-04: [webapps] DASAN Zhone ZNID GPON 2426A EU – Multiple Cross-Site Scripting (0)
09-04: [webapps] WordPress Plugin Download Manager 2.9.93 – Cross-Site Scripting (0)
09-03: Confluence Server Local File Disclosure (0)
09-03: Cisco (Titsco) Email Security Appliance (IronPort) C160 Header Injection (0)
09-03: Craft CMS 2.7.9 / 3.2.5 Information Disclosure (0)
09-03: ChaosPro 2.0 SEH Buffer Overflow (0)
09-03: ChaosPro 2.1 SEH Buffer Overflow (0)
09-03: ChaosPro 3.1 SEH Buffer Overflow (0)
09-03: Kaseya VSA Agent 9.5 Privilege Escalation (0)
09-03: Alkacon OpenCMS 10.5.x Local File Inclusion (0)
09-03: Alkacon OpenCMS 10.5.x Cross Site Scripting (0)
09-03: Opencart 3.x Cross Site Scripting (0)
09-03: Webmin 1.920 rpc.cgi Remote Root (0)
09-03: Wolters Kluwer TeamMate+ 3.1 Cross Site Request Forgery (0)
09-03: WordPress Event Tickets 4.10.7.1 CSV Injection (0)
09-03: IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read (0)
09-03: Alkacon OpenCMS 10.5.x Cross Site Scripting (0)
09-03: Microsoft Outlook Web Access Build 15.1.1591 Header Injection (0)
09-03: Cisco IronPort C150 Header Injection (0)
09-03: Cisco RV110W / RV130(W) / RV215W Remote Command Execution (0)
09-03: Cisco Data Center Network Manager Unauthenticated Remote Code Execution (0)
09-03: Cisco UCS Director Default scpuser Password (0)
09-03: ptrace Sudo Token Privilege Escalation (0)
09-03: ktsuss Suid Privilege Escalation (0)
09-03: Cisco UCS Director Unauthenticated Remote Code Execution (0)
09-03: Packet Storm New Exploits For August, 2019 (0)
09-03: http://www.dms.moph.go.th/dpk.txt (0)
09-03: [remote] Cisco UCS Director – default scpuser password (Metasploit) (0)
09-03: [local] ptrace – Sudo Token Privilege Escalation (Metasploit) (0)
09-03: [local] ktsuss 1.4 – suid Privilege Escalation (Metasploit) (0)
09-02: [local] Kaseya VSA agent 9.5 – Privilege Escalation (0)
09-02: [remote] Cisco Email Security Appliance (IronPort) C160 – 'Host' Header Injection (0)
09-02: [webapps] Alkacon OpenCMS 10.5.x – Local File inclusion (0)
09-02: [webapps] Opencart 3.x – Cross-Site Scripting (0)
09-02: [local] ChaosPro 2.0 – SEH Buffer Overflow (0)
09-02: [webapps] Alkacon OpenCMS 10.5.x – Cross-Site Scripting (2) (0)
09-02: [webapps] Alkacon OpenCMS 10.5.x – Cross-Site Scripting (0)
09-02: [remote] IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 – Arbitrary File Read (0)
09-02: [local] ChaosPro 3.1 – SEH Buffer Overflow (0)
09-02: [webapps] Wordpress Plugin Event Tickets 4.10.7.1 – CSV Injection (0)
09-02: [local] ChaosPro 2.1 – SEH Buffer Overflow (0)
09-01: Ping Identity Agentless Integration Kit Cross Site Scripting (0)

August 2019 (365)

08-31: http://oard3.doa.go.th/t.txt (0)
08-31: https://www.pro.moph.go.th/abcd.txt (0)
08-31: QEMU Denial Of Service (0)
08-31: GGPowerShell / Windows PowerShell Remote Command Execution (0)
08-31: Asus Precision TouchPad 11.0.0.25 Denial Of Service / Privilege Escalation (0)
08-31: SQL Server Password Changer 1.90 Denial Of Service (0)
08-31: Easy MP3 Downloader 4.7.8.8 Denial Of Service (0)
08-31: YouPHPTube 7.4 Remote Code Execution (0)
08-31: WordPress WooCommerce Product Feed 2.2.18 Cross Site Scripting (0)
08-31: VX Search Enterprise 10.4.16 Denial Of Service (0)
08-31: Canon PRINT 2.5.5 URI Injection (0)
08-31: Sentrifugo 3.2 File Upload Restriction Bypass (0)
08-31: Sentrifugo 3.2 Cross Site Scripting (0)
08-31: DomainMod 4.13 Cross Site Scripting (0)
08-31: Zyxel NWA/NAP/WAC Hardcoded Credentials (0)
08-31: Zyxel USG/UAG/ATP/VPN/NXC External DNS Requests (0)
08-30: http://www.thamchalong.go.th/index.php (0)
08-30: http://www.moungjedton.go.th/news_files_att/[a1435651102]. (0)
08-30: Google Finds Malicious Sites Pushing iOS Exploits For Years (0)
08-30: Outlook Password Recovery 2.10 Denial Of Service (0)
08-30: Joomla Easy GuestBook 1.0 SQL Injection (0)
08-30: Joomla JomEstate 4.1 SQL Injection (0)
08-30: Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection (0)
08-30: Webkit JSC JIT ArgumentsEliminationPhase::transform Uninitialized Variable Access (0)
08-30: Jobberbase 2.0 subscribe SQL Injection (0)
08-30: PilusCart 1.4.1 Local File Disclosure (0)
08-30: [dos] Easy MP3 Downloader 4.7.8.8 – 'Unlock Code' Denial of Service (0)
08-30: [dos] SQL Server Password Changer 1.90 – Denial of Service (0)
08-30: [dos] VX Search Enterprise 10.4.16 – 'User-Agent' Denial of Service (0)
08-30: [webapps] WordPress Plugin WooCommerce Product Feed 2.2.18 – Cross-Site Scripting (0)
08-30: [local] Canon PRINT 2.5.5 – Information Disclosure (0)
08-30: [webapps] YouPHPTube 7.4 – Remote Code Execution (0)
08-30: [webapps] DomainMod 4.13 – Cross-Site Scripting (0)
08-30: [webapps] Sentrifugo 3.2 – Persistent Cross-Site Scripting (0)
08-30: [dos] Asus Precision TouchPad 11.0.0.25 – Denial of Service (0)
08-30: [webapps] Sentrifugo 3.2 – File Upload Restriction Bypass (0)
08-29: http://do9.hss.moph.go.th/images/_input_7_.jpg (0)
08-29: [dos] Webkit JSC: JIT – Uninitialized Variable Access in ArgumentsEliminationPhase::transform (0)
08-29: [webapps] Jobberbase 2.0 – 'subscribe' SQL Injection (0)
08-29: [webapps] PilusCart 1.4.1 – Local File Disclosure (0)
08-28: Tableau XML Injection (0)
08-28: Pulse Secure SSL VPN File Disclosure NSE (0)
08-28: [dos] Outlook Password Recovery 2.10 – Denial of Service (0)
08-28: [webapps] Jobberbase 2.0 CMS – 'jobs-in' SQL Injection (0)
08-28: [webapps] SQLiteManager 1.2.0 / 1.2.4 – Blind SQL Injection (0)
08-27: Apple Security Advisory 2019-8-26-1 (0)
08-27: Apple Security Advisory 2019-8-26-2 (0)
08-27: Apple Security Advisory 2019-8-26-3 (0)
08-27: LSoft ListServ Cross Site Scripting (0)
08-27: Realtek Managed Switch Controller RTL83xx Stack Overflow (0)
08-27: ProGrade/Lierda Grill Temperature 1.00_50006 Hardcoded Credentials (0)
08-27: WordPress UserPro 4.9.32 Cross Site Scripting (0)
08-27: Joomla AlphaContent 3. SQL Injection (0)
08-27: Joomla FireBoard 1.1.3 SQL Injection (0)
08-27: Joomla OrgChart 1.0.0 Cross Site Scripting / SQL Injection (0)
08-27: Joomla EstateAgent 3.x SQL Injection (0)
08-27: openITCOCKPIT 3.6.1-2 Cross Site Request Forgery (0)
08-27: Plexo Torresoft Alex Torres Software 2.0 Cross Site Scripting / SQL Injection (0)
08-27: CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Scripting (0)
08-27: CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Request Forgery (0)
08-27: Django CRM 0.2.1 Cross Site Request Forgery (0)
08-27: Webmin 1.890 expired Remote Root (0)
08-27: [webapps] Tableau – XML External Entity (0)
08-26: [local] Exim 4.87 / 4.91 – Local Privilege Escalation (Metasploit) (0)
08-26: [webapps] WordPress Plugin UserPro 4.9.32 – Cross-Site Scripting (0)
08-26: [webapps] WordPress Plugin Import Export WordPress Users 1.3.1 – CSV Injection (0)
08-26: [webapps] openITCOCKPIT 3.6.1-2 – Cross-Site Request Forgery (0)
08-26: [webapps] LSoft ListServ < 16.5-2018a – Cross-Site Scripting (0)
08-25: http://www.panghinfon.go.th/m-1.html (0)
08-25: Nimble Streamer 3.x Directory Traversal (0)
08-25: Webmin 1.920 password_change.cgi Backdoor (0)
08-25: Exim 4.91 Local Privilege Escalation (0)
08-24: http://khaophoem.go.th/m-1.html (0)
08-24: Valve Says Turning Away Researcher Was A Mistake (0)
08-24: Snapforce CRM 8.3.0 Cross Site Scripting (0)
08-24: Wikindx 5.8.2 SQL Injection (0)
08-24: Endian Firewall 3.3.0 Cross Site Scripting (0)
08-24: Microsoft Windows SET_REPARSE_POINT_EX Mount Point Security Feature Bypass (0)
08-23: http://www.djop.go.th/asifa.html (0)
08-23: Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure (0)
08-23: Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure (0)
08-23: KBPublisher 6.0.2.1 SQL Injection (0)
08-23: [webapps] Nimble Streamer 3.0.2-2 < 3.5.4-9 – Directory Traversal (0)
08-22: http://secondary33.go.th/m-1.gif (0)
08-22: http://webapp.udoncity.go.th/tmp/uwu.html (0)
08-22: Researcher Publishes Second Steam Zero Day (0)
08-21: Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass (0)
08-21: WordPress Add Mime Types 2.2.1 Cross Site Request Forgery (0)
08-21: CentOS Control Web Panel (CWP) 0.9.8.848 User Enumeration (0)
08-21: CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop (0)
08-21: CentOS Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change (0)
08-21: Webmin 1.920 Remote Root (0)
08-21: LibreOffice Macro Python Code Execution (0)
08-21: http://foodcontact.dss.go.th/index.html (0)
08-21: [webapps] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Arbitrary File Disclosure (metasploit) (0)
08-20: RAR Password Recovery 1.80 Denial Of Service (0)
08-20: Kimai 2 Cross Site Scripting (0)
08-20: Neo Billing 3.5 Cross Site Scripting (0)
08-20: YouPHPTube 7.2 SQL Injection (0)
08-20: FortiOS 5.6.7 / 6.0.4 Credential Disclosure (0)
08-20: FortiOS 5.6.7 / 6.0.4 Credential Disclosure (0)
08-20: http://www.bangphlab.go.th/activity/images/ (0)
08-20: http://chaimongkon.go.th/activity/images/ (0)
08-20: http://www.nongdang.go.th/activity/images/ (0)
08-20: http://www.klongkham.go.th/activity/images/ (0)
08-20: http://www.nonkoon.go.th/activity/images/ (0)
08-20: http://www.mekdum.go.th/activity/images/ (0)
08-20: http://www.wangdan.go.th/activity/images/ (0)
08-20: http://www.buayai.go.th/activity/images/ (0)
08-20: http://tessabansaohai.go.th/activity/images/ (0)
08-20: http://www.tambonbanpra.go.th/activity/images/ (0)
08-20: http://www.tapsadet.go.th/activity/images/ (0)
08-20: http://www.banphet.go.th/activity/images/ (0)
08-20: http://banglen.go.th/activity/images/ (0)
08-20: http://lupka.go.th/activity/images/ (0)
08-20: http://koratsao.go.th/activity/images/ (0)
08-20: http://www.dongkeng.go.th/activity/images/ (0)
08-20: http://www.muangdon.go.th/activity/images/ (0)
08-20: http://www.phontongsida.go.th/activity/images/ (0)
08-20: http://www.tachangcity.go.th/activity/images/ (0)
08-20: http://bds.dip.go.th/Moro-cco.txt (0)
08-20: [webapps] WordPress Add Mime Types Plugin 2.2.1 – Cross-Site Request Forgery (0)
08-19: Webmin Remote Comman Execution (0)
08-19: [webapps] YouPHPTube 7.2 – 'userCreate.json.php' SQL Injection (0)
08-19: [webapps] Webmin 1.920 – Remote Code Execution (0)
08-19: [dos] RAR Password Recovery 1.80 – 'User Name and Registration Code' Denial of Service (0)
08-19: [webapps] Neo Billing 3.5 – Persistent Cross-Site Scripting (0)
08-19: [webapps] FortiOS 5.6.3 – 5.6.7 / FortiOS 6.0.0 – 6.0.4 – Credentials Disclosure (0)
08-19: [webapps] FortiOS 5.6.3 – 5.6.7 / FortiOS 6.0.0 – 6.0.4 – Credentials Disclosure (Metasploit) (0)
08-19: [webapps] Kimai 2 – Persistent Cross-Site Scripting (0)
08-18: http://doph.pao-roiet.go.th/m-1.html (0)
08-18: http://car.pao-roiet.go.th/m-1.html (0)
08-18: http://dof.pao-roiet.go.th/m-1.html (0)
08-18: http://ch.pao-roiet.go.th/m-1.html (0)
08-18: http://kongkit.pao-roiet.go.th/m-1.html (0)
08-18: http://e-doc.pao-roiet.go.th/m-1.html (0)
08-18: http://edu101.pao-roiet.go.th/m-1.html (0)
08-18: http://e-records.pao-roiet.go.th/m-1.html (0)
08-18: http://e-procurement.pao-roiet.go.th/m-1.html (0)
08-18: http://hr.pao-roiet.go.th/m-1.html (0)
08-18: http://elect.pao-roiet.go.th/m-1.html (0)
08-18: http://ress.pao-roiet.go.th/m-1.html (0)
08-18: http://ss101.pao-roiet.go.th/m-1.html (0)
08-18: http://rk101.pao-roiet.go.th/m-1.html (0)
08-18: http://plan.pao-roiet.go.th/m-1.html (0)
08-18: http://rsc.pao-roiet.go.th/m-1.html (0)
08-18: http://kpk.pao-roiet.go.th/m-1.html (0)
08-18: http://library101.pao-roiet.go.th/m-1.html (0)
08-18: http://repj.pao-roiet.go.th/m-1.html (0)
08-18: http://qol.pao-roiet.go.th/m-1.html (0)
08-17: EyesOfNetwork 5.1 Remote Command Execution (0)
08-17: Integria IMS 5.0.86 Arbitrary File Upload (0)
08-17: Web Wiz Forums 12.01 SQL Injection (0)
08-17: Joomla JS Jobs 1.2.6 Arbitrary File Delete (0)
08-17: GetGo Download Manager 6.2.2.3300 Denial Of Service (0)
08-17: GNU patch Command Injection / Directory Traversal (0)
08-17: Open-Xchange OX Guard Cross Site Scripting / Signature Validation (0)
08-17: Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting (0)
08-16: WordPress Download Manager 2.5 Cross Site Request Forgery (0)
08-16: ABC2MTEX 1.6.1 Stack Overflow (0)
08-16: ManageEngine opManager 12.3.150 Remote Code Execution (0)
08-16: Tesla Agent Remote Code Execution (0)
08-16: Adobe Acrobat CoolType (AFDKO) Type 1 Font Memory Corruption (0)
08-16: Adobe Acrobat CoolType (AFDKO) Type 1 Font Uninitialized Memory Issue (0)
08-16: Microsoft Font Subsetting DLL MergeFontPackage Dangling Pointer (0)
08-16: Microsoft Font Subsetting DLL GetGlyphId Out-Of-Bounds Read (0)
08-16: Microsoft Font Subsetting DLL MergeFormat12Cmap / MakeFormat12MergedGlyphList Double-Free (0)
08-16: Microsoft Font Subsetting DLL FixSbitSubTables Heap Corruption (0)
08-16: Microsoft Font Subsetting DLL ReadTableIntoStructure Heap Corruption (0)
08-16: Microsoft Font Subsetting DLL ReadAllocFormat12CharGlyphMapList Heap Corruption (0)
08-16: Microsoft Font Subsetting DLL WriteTableFromStructure Out-Of-Bounds Read (0)
08-16: Microsoft Font Subsetting DLL MakeFormat12MergedGlyphList Heap Corruption (0)
08-16: Microsoft Font Subsetting DLL FixSbitSubTableFormat1 Out-Of-Bounds Read (0)
08-16: Adobe Acrobat Reader DC For Windows JP2 Stream Out-Of-Bounds Read (0)
08-16: Adobe Acrobat Reader DC For Windows JP2 Stream Use-After-Free (0)
08-16: Adobe Acrobat Reader DC For Windows Malformed PDF Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows Malformed Font Stream Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows Malformed Font Stream Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows CoolType.dll Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows Malformed TTF Font Memory Corruption (0)
08-16: Adobe Acrobat Reader DC For Windows JP2 Stream Buffer Overflow (0)
08-16: Adobe Acrobat Reader DC For Windows Uninitialized Pointer free() (0)
08-16: Adobe Acrobat Reader DC For Windows JP2 Stream Double-Free (0)
08-16: Apple Security Advisory 2019-8-13-1 (0)
08-16: Apple Security Advisory 2019-8-13-2 (0)
08-16: Apple Security Advisory 2019-8-13-3 (0)
08-16: Apple Security Advisory 2019-8-13-4 (0)
08-16: Apple Security Advisory 2019-08-13-5 (0)
08-16: [webapps] Integria IMS 5.0.86 – Arbitrary File Upload (0)
08-16: [webapps] Joomla! component com_jsjobs 1.2.6 – Arbitrary File Deletion (0)
08-16: [webapps] EyesOfNetwork 5.1 – Authenticated Remote Command Execution (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap-Based Out-of-Bounds read in GetGlyphIdx (0)
08-15: [dos] Microsoft Font Subsetting – DLL Returning a Dangling Pointer via MergeFontPackage (0)
08-15: [dos] Adobe Acrobat CoolType (AFDKO) – Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts (0)
08-15: [dos] Adobe Acrobat CoolType (AFDKO) – Memory Corruption in the Handling of Type 1 Font load/store Operators (0)
08-15: [dos] NSKeyedUnarchiver – Info Leak in Decoding SGBigUTF8String (0)
08-15: [local] Microsoft Windows Text Services Framework MSCTF – Multiple Vulnerabilities (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Double Free due to Malformed JP2 Stream (0)
08-15: [dos] Microsoft Font Subsetting – DLL Double Free in MergeFormat12Cmap / MakeFormat12MergedGlyphList (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap Corruption in FixSbitSubTables (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow due to Malformed JP2 Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Memory Corruption due to Malformed TTF Font (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow in CoolType.dll (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Static Buffer Overflow due to Malformed Font Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow due to Malformed Font Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Use-After-Free due to Malformed JP2 Stream (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Buffer Overflow While Processing Malformed PDF (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1 (0)
08-15: [dos] Adobe Acrobat Reader DC for Windows – Heap-Based Out-of-Bounds read due to Malformed JP2 Stream (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap Corruption in MakeFormat12MergedGlyphList (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap Corruption in ReadTableIntoStructure (0)
08-15: [dos] Microsoft Font Subsetting – DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList (0)
08-14: Microsoft Patches 18 Year Old Windows Zero Day (0)
08-14: User Agent String Switcher Service – XSS Vulnerabilities (0)
08-14: [remote] Agent Tesla Botnet – Arbitrary Code Execution (Metasploit) (0)
08-14: [webapps] ManageEngine opManager 12.3.150 – Authenticated Code Execution (0)
08-14: [dos] ABC2MTEX 1.6.1 – Command Line Stack Overflow (0)
08-14: [local] Microsoft Windows 10 AppXSvc Deployment Service – Arbitrary File Deletion (0)
08-14: [webapps] TortoiseSVN 1.12.1 – Remote Code Execution (0)
08-14: [webapps] D-Link DIR-600M – Authentication Bypass (Metasploit) (0)
08-14: [webapps] WordPress Plugin Download Manager 2.5 – Cross-Site Request Forgery (0)
08-14: [dos] Windows PowerShell – Unsanitized Filename Command Execution (0)
08-14: [webapps] Joomla! Component JS Jobs (com_jsjobs) 1.2.5 – 'customfields.php' SQL Injection (0)
08-14: [webapps] SugarCRM Enterprise 9.0.0 – Cross-Site Scripting (0)
08-13: Ghidra (Linux) 9.0.4 Arbitrary Code Execution (0)
08-13: Joomla JS Jobs 1.2.5 SQL Injection (0)
08-13: Cisco Adaptive Security Appliance Path Traversal (0)
08-13: UNA 10.0.0 RC1 Cross Site Scripting (0)
08-13: Joomla JS Support Ticket 1.1.6 Arbitrary File Deletion (0)
08-13: Webmin 1.920 Remote Code Execution (0)
08-13: ManageEngine OpManager 12.4x Remote Command Execution (0)
08-13: VxWorks 6.8 Integer Underflow (0)
08-13: ManageEngine OpManager 12.4x Privilege Escalation / Remote Command Execution (0)
08-13: BSI Advance Hotel Booking System 2.0 Cross Site Scripting (0)
08-13: Joomla JS Support Ticket 1.1.6 SQL Injection (0)
08-13: ManageEngine Application Manager 14.2 Privilege Escalation / Remote Command Execution (0)
08-13: WebKit Universal Cross Site Scripting (0)
08-13: Steam Windows Client Local Privilege Escalation (0)
08-13: Agent Tesla Botnet Arbitrary Code Execution (0)
08-13: AZORult Botnet SQL Injection (0)
08-13: TortoiseSVN 1.12.1 Remote Code Execution (0)
08-13: msctf Text Services Framework Design Flaws (0)
08-13: NSKeyedUnarchiver SGBigUTF8String Decoding Information Leak (0)
08-13: http://pr.kan2.go.th/0x.html (0)
08-13: http://kan2.go.th/0x.html (0)
08-13: TortoiseSVN v1.12.1 – Remote Code Execution Vulnerability (0)
08-13: [remote] Azorult Botnet – SQL Injection (0)
08-13: [remote] Agent Tesla Botnet – Arbitrary Code Execution (0)
08-12: Master Data Online 2.0 Cross Site Scripting (0)
08-12: Mitel 6869i Voip Deskphone 4.2.2032 Command Injection (0)
08-12: osTicket 1.12 File Upload Cross Site Scripting (0)
08-12: osTicket 1.12 Formula Injection (0)
08-12: osTicket 1.12 Cross Site Scripting (0)
08-12: [dos] VxWorks 6.8 – TCP Urgent Pointer = 0 Integer Underflow (0)
08-12: [webapps] BSI Advance Hotel Booking System 2.0 – 'booking_details.php Persistent Cross-Site Scripting (0)
08-12: [webapps] Joomla! Component JS Jobs (com_jsjobs) 1.2.5 – 'cities.php' SQL Injection (0)
08-12: [webapps] Cisco Adaptive Security Appliance – Path Traversal (Metasploit) (0)
08-12: [webapps] UNA 10.0.0 RC1 – 'polyglot.php' Persistent Cross-Site Scripting (0)
08-12: [local] Ghidra (Linux) 9.0.4 – .gar Arbitrary Code Execution (0)
08-12: [remote] Webmin 1.920 – Unauthenticated Remote Code Execution (Metasploit) (0)
08-12: [remote] ManageEngine OpManager 12.4x – Unauthenticated Remote Command Execution (Metasploit) (0)
08-12: [remote] ManageEngine OpManager 12.4x – Privilege Escalation / Remote Command Execution (Metasploit) (0)
08-12: [remote] ManageEngine Application Manager 14.2 – Privilege Escalation / Remote Command Execution (Metasploit) (0)
08-12: [webapps] osTicket 1.12 – Formula Injection (0)
08-12: [webapps] osTicket 1.12 – Persistent Cross-Site Scripting (0)
08-12: [webapps] Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 – 'ticket.php' Arbitrary File Deletion (0)
08-12: [webapps] osTicket 1.12 – Persistent Cross-Site Scripting via File Upload (0)
08-12: [webapps] Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 – 'ticketreply.php' SQL Injection (0)
08-10: D-Link DIR-600M Wireless N 150 Home Router Access Bypass (0)
08-10: http://www.chamai.go.th/activity/images/ (0)
08-10: http://www.bukrasang.go.th/activity/images/ (0)
08-10: http://www.bualai.go.th/activity/images/ (0)
08-10: http://www.benjakhon.go.th/activity/images/ (0)
08-10: http://www.bantam.go.th/activity/images/ (0)
08-10: http://www.joho.go.th/activity/images/ (0)
08-10: http://www.khlongse.go.th/activity/images/ (0)
08-10: http://www.kokthai.go.th/activity/images/ (0)
08-10: http://www.konchim.go.th/activity/images/ (0)
08-10: http://www.khanongpra.go.th/activity/images/ (0)
08-10: http://www.ladboakhow.go.th/activity/images/ (0)
08-10: http://www.kudwai.go.th/activity/images/ (0)
08-10: http://www.nongtakhai.go.th/activity/images/ (0)
08-10: http://www.nongbuatakiat.go.th/activity/images/ (0)
08-10: http://www.nongkhamsao.go.th/activity/images/ (0)
08-09: MapProxy 1.11.0 Cross Site Scripting (0)
08-09: Linux show_numa_stats() Use-After-Free (0)
08-09: Open-School 3.0 / Community Edition 2.3 Cross Site Scripting (0)
08-09: Aptana Jaxer 1.0.3.4547 Local File Inclusion (0)
08-09: Baldr Botnet Panel Shell Upload (0)
08-09: Joomla JS Support Ticket 1.1.5 SQL Injection (0)
08-09: Joomla JS Support Ticket 1.1.5 Arbitrary File Download (0)
08-09: Adive Framework 2.0.7 Cross Site Request Forgery (0)
08-08: WordPress JoomSport 3.3 SQL Injection (0)
08-08: Opencart 3.0.3.2 Insecure OCMod Generation Pre-Authentication Remote Code Execution (0)
08-08: Fortinet FortiRecorder 2.7.3 Hardcoded Password (0)
08-08: Daily Expense Manager 1.0 Cross Site Request Forgery (0)
08-08: http://www.songkhla.m-society.go.th (0)
08-08: iOS Messaging Tools (0)
08-08: http://pvnweb.dpt.go.th (0)
08-08: http://khokroengrom.go.th/activity/images/ (0)
08-08: http://muangkao.go.th/activity/images/ (0)
08-08: http://klongkhern.go.th/activity/images/ (0)
08-08: http://tbhuaimek.go.th/activity/images/ (0)
08-08: http://www.takeinram.go.th/activity/images/ (0)
08-08: http://www.khukhad.go.th/activity/images/ (0)
08-08: http://www.buakho.go.th/activity/images/ (0)
08-08: http://www.bankaosao.go.th/activity/images/ (0)
08-08: http://www.huakhao.go.th/activity/images/ (0)
08-08: http://www.janaud.go.th/activity/images/ (0)
08-08: http://www.nongyakhao.go.th/activity/images/ (0)
08-08: http://www.paknamtarua.go.th/activity/images/ (0)
08-08: http://khoklam.go.th/activity/images/ (0)
08-08: http://www.chawangcity.go.th/activity/images/ (0)
08-08: http://sumsao.go.th/activity/images/ (0)
08-08: http://songkon.go.th/activity/images/ (0)
08-08: http://noonsung-muni.go.th/activity/images/ (0)
08-08: http://sratakien.go.th/activity/images/ (0)
08-08: [webapps] Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 – SQL Injection (0)
08-08: [webapps] Adive Framework 2.0.7 – Cross-Site Request Forgery (0)
08-08: [webapps] Open-School 3.0 / Community Edition 2.3 – Cross-Site Scripting (0)
08-08: [webapps] Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 – Arbitrary File Download (0)
08-08: [remote] Baldr Botnet Panel – Arbitrary Code Execution (Metasploit) (0)
08-08: [webapps] Aptana Jaxer 1.0.3.4547 – Local File inclusion (0)
08-08: [webapps] Daily Expense Manager 1.0 – Cross-Site Request Forgery (Delete Income) (0)
08-07: Chrome blink::PresentationAvailabilityState::UpdateAvailability Heap Use-After-Free (0)
08-07: http://www.dnp.go.th/lungset.htm (0)
08-07: [dos] Google Chrome 74.0.3729.0 / 76.0.3789.0 – Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability (0)
08-07: [webapps] WordPress Plugin JoomSport 3.3 – SQL Injection (0)
08-06: http://cco.mof.go.th (0)
08-06: ATutor 2.2.4 Backup Remote Command Execution (0)
08-06: Opencart 2.3.0.2 Insecure OCMod Generation Remote Command Execution (0)
08-06: ATutor 2.2.4 Arbitrary File Upload / Command Execution (0)
08-06: KDE 4/5 KDesktopFile Command Injection (0)
08-06: iMessage URL Deserializing Heap Overflow (0)
08-06: CentOS Control Web Panel 0.9.8.836 Remote Command Execution (0)
08-06: CentOS Control Web Panel 0.9.8.840 User Enumeration (0)
08-06: CentOS Control Web Panel 0.9.8.846 Cross Site Scripting (0)
08-06: Active PHP Bookmarks 1.3 SQL Injection (0)
08-06: ARMBot Botnet Arbitrary Code Execution (0)
08-06: http://www.pamok.go.th/activity/images/ (0)
08-06: http://www.tiwang.go.th/activity/images/ (0)
08-06: http://www.sokkam.go.th/activity/images/ (0)
08-05: [remote] Apache Tika 1.15 – 1.17 – Header Command Injection (Metasploit) (0)
08-05: [dos] macOS iMessage – Heap Overflow when Deserializing (0)
08-03: Rest Cafe And Restaurant Website CMS SQL Injection (0)
08-03: Sar2HTML 3.2.1 Remote Command Execution (0)
08-03: 1CRM On-Premise Software 8.5.7 Cross Site Scripting (0)
08-03: Microsoft Windows PowerShell Command Execution (0)
08-03: Apache Tika 1.17 Header Command Injection (0)
08-03: http://www.dongluang.go.th/dongluang/file_editor/db.txt (0)
08-03: http://www.obtbanjarn.go.th/obtbanjarn/file_editor/db.txt (0)
08-03: http://chiangkhwan.go.th/chiangkhwan/file_editor/db.txt (0)
08-02: WebIncorp ERP SQL Injection (0)
08-02: Cisco Catalyst 3850 Series Device Manager 3.6.10E Cross Site Request Forgery (0)
08-02: Ultimate Loan Manager 2.0 Cross Site Scripting (0)
08-02: Packet Storm New Exploits For July, 2019 (0)
08-02: [webapps] 1CRM On-Premise Software 8.5.7 – Persistent Cross-Site Scripting (0)
08-02: [webapps] Rest – Cafe and Restaurant Website CMS – 'slug' SQL Injection (0)
08-02: [webapps] Sar2HTML 3.2.1 – Remote Command Execution (0)
08-01: D-Link 6600-AP XSS / DoS / Information Disclosure (0)
08-01: Oracle Hyperion Planning 11.1.2.3 XML Injection (0)
08-01: [webapps] WebIncorp ERP – SQL injection (0)
08-01: [webapps] Ultimate Loan Manager 2.0 – Cross-Site Scripting (0)

July 2019 (240)

07-31: JSC BytecodeGenerator::emitEqualityOpImpl Data Mishandling (0)
07-31: JSC YarrJIT initParenContextFreeList Byte Overwrite (0)
07-31: Amcrest Cameras 2.520.AC00.18.R Unauthenticated Audio Streaming (0)
07-31: WordPress WP Fastest Cache 0.8.9.5 Directory Traversal (0)
07-31: iMessage NSKeyedUnarchiver Deserialization (0)
07-31: iMessage NSArray Deserialization (0)
07-31: iMessage NSKnownKeysDictionary1 Memory Corruption (0)
07-31: [webapps] Oracle Hyperion Planning 11.1.2.3 – XML External Entity (0)
07-30: WordPress Real Estate Theme 2.8.9 Cross Site Scripting (0)
07-30: GigToDo 1.3 Cross Site Scripting (0)
07-30: NSKeyedUnarchiver ObjC Object Use-After-Free (0)
07-30: WordPress Simple Membership 3.8.4 Cross Site Request Forgery (0)
07-30: Redis Unauthenticated Code Execution (0)
07-30: http://www.krabuang.go.th/index.php (0)
07-30: http://www.takook.go.th/index.php (0)
07-30: http://www.arpon.go.th/index.php (0)
07-30: http://www.soengsanglocal.go.th/index.php (0)
07-30: http://www.srinarong.go.th/index.php (0)
07-30: http://www.kra-om.go.th/index.php (0)
07-30: http://www.nanuan.go.th/index.php (0)
07-30: http://www.nongbualocal.go.th/index.php (0)
07-30: http://www.krahard.go.th/index.php (0)
07-30: http://www.sakot.go.th/index.php (0)
07-30: http://www.promtep.go.th/index.php (0)
07-30: [remote] Redis 4.x / 5.x – Unauthenticated Code Execution (Metasploit) (0)
07-30: [dos] iMessage – NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects (0)
07-30: [dos] iMessage – Memory Corruption when Decoding NSKnownKeysDictionary1 (0)
07-30: [dos] macOS / iOS NSKeyedUnarchiver – Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances (0)
07-30: [webapps] Amcrest Cameras 2.520.AC00.18.R – Unauthenticated Audio Streaming (0)
07-29: [webapps] GigToDo 1.3 – Cross-Site Scripting (0)
07-29: [webapps] WordPress Plugin Simple Membership < 3.8.5 – Cross-Site Request Forgery (0)
07-29: [webapps] WordPress Theme Real Estate 2.8.9 – Cross-Site Scripting (0)
07-28: Ovidentia 8.4.3 SQL Injection (0)
07-28: Ovidentia 8.4.3 Cross Site Scripting (0)
07-28: Trend Micro Deep Discovery Inspector Percent Encoding IDS Bypass (0)
07-28: Yahei-PHP Prober 0.4.7 HTML Injection (0)
07-28: Zurmo 3.2.6 Reflected Cross Site Scripting (0)
07-28: Zurmo 3.2.6 Code Evaluation (0)
07-28: WebKit Synchronous Page Load Universal Cross Site Scripting (0)
07-28: iMessage DigitalTouch Out-Of-Bounds Read (0)
07-28: Microsoft Windows 7 Build 7601 (x86) Local Privilege Escalation (0)
07-28: Moodle Filepicker 3.5.2 Server-Side Request Forgery (0)
07-28: pdfresurrect 0.15 Buffer Overflow (0)
07-28: Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution (0)
07-28: Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution (0)
07-28: Ahsay Backup 7.x / 8.x XML Injection (0)
07-28: Zurmo 3.2.6 Out Of Band Code Evaluation (0)
07-28: Zurmo 3.2.6 Open Redirection (0)
07-28: Zurmo 3.2.6 Persistent Cross Site Scripting (0)
07-28: Zurmo 3.2.6 Iframe Injection (0)
07-28: WordPress Database Backup Remote Command Execution (0)
07-28: Schneider Electric Pelco Endura NET55XX Encoder (0)
07-28: http://nonthaburi.rid.go.th (0)
07-28: Apple Security Advisory 2019-7-23-1 (0)
07-28: Apple Security Advisory 2019-7-23-2 (0)
07-28: Apple Security Advisory 2019-7-23-3 (0)
07-27: WordPress Hybrid Composer 1.4.6 Unauthenticated Access (0)
07-26: Comtrend AR-5310 Restricted Shell Escape (0)
07-26: Docker Container Escape (0)
07-26: BACnet Stack 0.8.6 Denial Of Service (0)
07-26: Novismart CMS SQL Injection (0)
07-26: Axway SecureTransport 5 XML Injection (0)
07-26: Apple Security Advisory 2019-7-22-5 (0)
07-26: Apple Security Advisory 2019-7-22-1 (0)
07-26: Apple Security Advisory 2019-7-22-3 (0)
07-26: Apple Security Advisory 2019-7-22-2 (0)
07-26: [local] Microsoft Windows 7 build 7601 (x86) – Local Privilege Escalation (0)
07-25: http://www.vec.go.th/Relaz.html (0)
07-25: [dos] WebKit – Universal Cross-Site Scripting due to Synchronous Page Loads (0)
07-25: [webapps] Ovidentia 8.4.3 – SQL Injection (0)
07-25: [webapps] Ovidentia 8.4.3 – Cross-Site Scripting (0)
07-24: https://www.nrct.go.th/Relaz.html (0)
07-24: [remote] Trend Micro Deep Discovery Inspector IDS – Security Bypass (0)
07-24: [webapps] WordPress Plugin Hybrid Composer 1.4.6 – Improper Access Restrictions (0)
07-24: [webapps] Cisco Wireless Controller 3.6.10E – Cross-Site Request Forgery (0)
07-24: [webapps] NoviSmart CMS – SQL injection (0)
07-22: [local] Comtrend-AR-5310 – Restricted Shell Escape (0)
07-22: [dos] BACnet Stack 0.8.6 – Denial of Service (0)
07-20: Web Ofisi Firma Rehberi 1 SQL Injection (0)
07-20: Web Ofisi Rent A Car 3 SQL Injection (0)
07-20: Web Ofisi Firma 13 SQL Injection (0)
07-20: REDCap Cross Site Scripting (0)
07-20: Web Ofisi Platinum E-Ticaret 5 SQL Injection (0)
07-20: Web Ofisi Emlak 2 SQL Injection (0)
07-20: Web Ofisi Emlak 3 SQL Injection (0)
07-20: Web Ofisi E-Ticaret 3 SQL Injection (0)
07-20: fuelCMS 1.4.1 Remote Code Execution (0)
07-20: MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow (0)
07-20: Microsoft Windows Task Scheduler Local Privilege Escalation (0)
07-19: WordPress OneSignal 1.17.5 Cross Site Scripting (0)
07-19: Microsoft Windows RPCSS Activation Kernel Security Callback Privilege Escalation (0)
07-19: [webapps] Web Ofisi Firma 13 – 'oz' SQL Injection (0)
07-19: [webapps] Web Ofisi E-Ticaret 3 – 'a' SQL Injection (0)
07-19: [webapps] fuelCMS 1.4.1 – Remote Code Execution (0)
07-19: [remote] MAPLE Computer WBT SNMP Administrator 2.0.195.15 – Remote Buffer Overflow (EggHunter) (0)
07-18: WinMPG iPod Convert 3.0 Denial Of Service (0)
07-18: MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow (0)
07-18: Oracle Siebel CRM 19.0 Cross Site Scripting (0)
07-18: [local] Microsoft Windows 10 1903/1809 – RPCSS Activation Kernel Security Callback Privilege Escalation (0)
07-17: R 3.4.4 (Windows 10 x64) Buffer Overflow (0)
07-17: DameWare Remote Support 12.0.0.509 Buffer Overflow (0)
07-17: CentOS Control Web Panel 0.9.8.836 Privilege Escalation (0)
07-17: CentOS Control Web Panel 0.9.8.836 Authentication Bypass (0)
07-17: CentOS Control Web Panel 0.9.8.838 User Enumeration (0)
07-17: Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity Injection (0)
07-17: Linux PTRACE_TRACEME Broken Permission / Object Lifetime Handling (0)
07-17: Microsoft Windows NtUserSetWindowFNID Win32k User Callback (0)
07-17: FANUC Robotics Virtual Robot Controller 8.23 Buffer Overflow (0)
07-17: FANUC Robotics Virtual Robot Controller 8.23 Path Traversal (0)
07-17: [webapps] Oracle Siebel CRM 19.0 – Persistent Cross-Site Scripting (0)
07-17: [dos] WinMPG iPod Convert 3.0 – 'Register' Denial of Service (0)
07-17: [remote] MAPLE Computer WBT SNMP Administrator 2.0.195.15 – Remote Buffer Overflow (0)
07-16: Cisco Small Business Switch Information Leakage / Open Redirect (0)
07-16: PCMan FTP Server 2 ALLO Buffer Overflow (0)
07-16: FlightPath Local File Inclusion (0)
07-16: Microsoft Windows RDP BlueKeep Denial Of Service (0)
07-16: Android VideoPlayer ihevcd_parse_pps Out-Of-Bounds Write (0)
07-16: Netgear WiFi Router JWNR2010v5 / R6080 Authentication Bypass (0)
07-16: Streamripper 2.6 Buffer Overflow (0)
07-16: Citrix SD-WAN Appliance 10.2.2 Authentication Bypass / Remote Command Execution (0)
07-16: Microsoft Windows HTTP To SMB NTLM Reflection Privilege Escalation (0)
07-16: PHP Laravel Framework Token Unserialize Remote Command Execution (0)
07-16: AppXSvc Hard Link Privilege Escalation (0)
07-16: [local] R 3.4.4 (Windows 10 x64) – Buffer Overflow SEH (DEP/ASLR Bypass) (0)
07-15: [webapps] FlightPath < 4.8.2 / < 5.0-rc2 – Local File Inclusion (0)
07-15: [dos] Microsoft Windows Remote Desktop – 'BlueKeep' Denial of Service (Metasploit) (0)
07-15: [dos] Android 7 – 9 VideoPlayer – 'ihevcd_parse_pps' Out-of-Bounds Write (0)
07-15: [webapps] CISCO Small Business 200 / 300 / 500 Switches – Multiple Vulnerabilities (0)
07-15: [webapps] NETGEAR WiFi Router JWNR2010v5 / R6080 – Authentication Bypass (0)
07-15: [local] Streamripper 2.6 – 'Song Pattern' Buffer Overflow (0)
07-13: Microsoft DirectWrite / AFDKO OpenType NULL Pointer Dereference (0)
07-13: Microsoft DirectWrite / AFDKO OpenType Post Table Bugs (0)
07-13: Microsoft DirectWrite / AFDKO OpenType Out-Of-Bounds Read (0)
07-13: Microsoft DirectWrite / AFDKO OpenType Out-Of-Bounds Read / Write (0)
07-13: Microsoft DirectWrite / AFDKO OpenType Stack Corruption (0)
07-13: Microsoft Font Subsetting DLL ComputeFormat4CmapData Heap Corruption (0)
07-13: Jenkins Dependency Graph View 0.13 Cross Site Scripting (0)
07-13: SNMPc Enterprise Edition 9 / 10 Mapping Filename Buffer Overflow (0)
07-13: Sitecore 9.0 Rev 171002 Cross Site Scripting (0)
07-13: Xymon useradm Command Execution (0)
07-13: http://www.dft.go.th/Relaz.html (0)
07-12: [remote] Xymon 4.3.25 – useradm Command Execution (Metasploit) (0)
07-12: [dos] Microsoft Font Subsetting – DLL Heap Corruption in ComputeFormat4CmapData (0)
07-12: [webapps] Tenda D301 v2 Modem Router – Persistent Cross-Site Scripting (0)
07-12: [webapps] Citrix SD-WAN Appliance 10.2.2 – Authentication Bypass / Remote Command Execution (0)
07-12: [webapps] Jenkins Dependency Graph View Plugin 0.13 – Persistent Cross-Site Scripting (0)
07-12: [webapps] Sahi Pro 8.0.0 – Remote Command Execution (0)
07-12: [webapps] MyT Project Management 1.5.1 – User[username] Persistent Cross-Site Scripting (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Stack Underflow (0)
07-11: Microsoft DirectWrite / AFDKO OpenType readFDSelect Buffer Overflow (0)
07-11: Microsoft DirectWrite / AFDKO OpenType blendArray Stack Corruption (0)
07-11: Microsoft DirectWrite / AFDKO readTTCDirectory Integer Overflow (0)
07-11: Microsoft DirectWrite / AFDKO OpenType readStrings Buffer Overflow (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Stack Corruption Due To Out-Of-Bounds cubeStackDepth (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Stack Corruption Due To Negative cubeStackDepth (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Stack Corruption Due To Negative nAxes (0)
07-11: Microsoft DirectWrite / AFDKO do_set_weight_vector_cube Buffer Overflow (0)
07-11: Microsoft DirectWrite / AFDKO Uninitialized Memory Use (0)
07-11: PowerPanel Business Edition 3.4.0 Cross Site Request Forgery (0)
07-11: Microsoft DirectWrite / AFDKO OpenType Out-Of-Bounds Read / Write (0)
07-11: Microsoft DirectWrite / AFDKO OpenType readCharset Buffer Overflow (0)
07-11: phpFK lite-version Cross Site Scripting (0)
07-11: Microsoft DirectWrite / AFDKO OpenType readEncoding Buffer Overflow (0)
07-11: [local] SNMPc Enterprise Edition 9/10 – Mapping Filename Buffer Overflow (0)
07-11: [webapps] Sitecore 9.0 rev 171002 – Persistent Cross-Site Scripting (0)
07-10: Firefox 67.0.4 Denial Of Service (0)
07-10: Karenderia CMS 5.3 Cross Site Scripting (0)
07-10: Microsoft Font Subsetting DLL MergeFonts Out Of Bounds Read (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Use of Uninitialized Memory While Freeing Resources in var_loadavar (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling Due to Negative nAxes (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth (0)
07-10: [dos] Microsoft DirectWrite / AFDKO – Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth (0)
07-10: [dos] Mozilla Spidermonkey – Unboxed Objects Uninitialized Memory Access (0)
07-10: [dos] Microsoft Windows – Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts (0)
07-09: TP-Link TL-WR940N / TL-WR941ND Cross Site Request Forgery (0)
07-09: WordPress Like Button 1.6.0 Authentication Bypass (0)
07-09: Cisco Data Center Network Manager 11.1(1) Remote Code Execution (0)
07-09: Sony BRAVIA Smart TV Denial Of Service (0)
07-09: [dos] Firefox 67.0.4 – Denial of Service (0)
07-08: Mobatek MobaXterm v11.1 – Code Execution Vulnerability (0)
07-08: Discuz!ML v3.x – Code Injection Vulnerability (0)
07-08: Karenderia CMS 5.1 Local File Inclusion (0)
07-08: Microsoft Exchange 2003 base64-MIME Remote Code Execution (0)
07-08: Karenderia CMS 5.3 SQL Injection (0)
07-08: Huawei HG530 Cross Site Request Forgery (0)
07-08: [webapps] WordPress Plugin Like Button 1.6.0 – Authentication Bypass (0)
07-08: [webapps] Karenderia Multiple Restaurant System 5.3 – SQL Injection (0)
07-05: [webapps] Karenderia Multiple Restaurant System 5.3 – Local File Inclusion (0)
07-05: [remote] Microsoft Exchange 2003 – base64-MIME Remote Code Execution (0)
07-04: iPhone iMessage Malformed Message Bricking (0)
07-04: PHPwind v9.1.0 – Multiple Cross Site Scripting Vulnerabilities (0)
07-04: Symantec DLP 15.5 MP1 Cross Site Scripting (0)
07-04: Hawtio 2.5.0 Server Side Request Forgery (0)
07-04: BKS EBK Ethernet-Buskoppler Pro Shell Upload (0)
07-03: Centreon 19.04 Remote Code Execution (0)
07-03: Serv-U FTP Server prepareinstallation Privilege Escalation (0)
07-03: Apache Tomcat CGIServlet enableCmdLineArguments Remote Code Execution (0)
07-03: [local] Serv-U FTP Server – prepareinstallation Privilege Escalation (Metasploit) (0)
07-03: [webapps] Symantec DLP 15.5 MP1 – Cross-Site Scripting (0)
07-02: Linux Mint 19.1 yelp Command Injection (0)
07-02: FaceSentry Access Control System 6.4.8 Remote Root (0)
07-02: CyberPanel 1.8.4 Cross Site Request Forgery (0)
07-02: FaceSentry Access Control System 6.4.8 Remote SSH Root Access (0)
07-02: FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting (0)
07-02: SquirrelMail 1.4.22 Cross Site Scripting (0)
07-02: FaceSentry Access Control System 6.4.8 Authentication Credential Disclosure (0)
07-02: REDDOXX Appliance Information Disclosure (0)
07-02: FaceSentry Access Control System 6.4.8 Cleartext Password Storage (0)
07-02: Packet Storm New Exploits For June, 2019 (0)
07-02: [webapps] Centreon 19.04 – Remote Code Execution (0)
07-02: [local] Mac OS X TimeMachine – 'tmdiagnose' Command Injection Privilege Escalation (Metasploit) (0)
07-01: Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation (0)
07-01: [webapps] WorkSuite PRM 2.4 – 'password' SQL Injection (0)
07-01: [webapps] Varient 1.6.1 – SQL Injection (0)
07-01: [webapps] CiuisCRM 1.6 – 'eventType' SQL Injection (0)
07-01: [webapps] PowerPanel Business Edition – Cross-Site Scripting (0)
07-01: [shellcode] Linux/ARM64 – execve("/bin/sh", NULL, NULL) Shellcode (40 Bytes) (0)
07-01: [webapps] ZoneMinder 1.32.3 – Cross-Site Scripting (0)
07-01: [shellcode] Linux/ARM64 – Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes) (0)
07-01: [webapps] SAP Crystal Reports – Information Disclosure (0)
07-01: [shellcode] Linux/ARM64 – Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) (0)
07-01: [webapps] Sahi pro 8.x – Directory Traversal (0)
07-01: [shellcode] Linux/ARM64 – Egghunter (PWN!PWN!) + execve("/bin/sh", NULL, NULL) + mprotect() Shellcode (88 Bytes) (0)
07-01: [shellcode] Linux/ARM64 – mmap() + read() stager + execve("/bin/sh", NULL, NULL) Shellcode (60 Bytes) (0)
07-01: [shellcode] Linux/x86 – execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes) (0)
07-01: [remote] FaceSentry Access Control System 6.4.8 – Remote SSH Root (0)
07-01: [webapps] FaceSentry Access Control System 6.4.8 – Remote Root Exploit (0)
07-01: [webapps] FaceSentry Access Control System 6.4.8 – Cross-Site Request Forgery (0)
07-01: [webapps] FaceSentry Access Control System 6.4.8 – Remote Command Injection (0)
07-01: [webapps] CyberPanel 1.8.4 – Cross-Site Request Forgery (0)
07-01: [shellcode] Linux/ARM64 – Read /etc/passwd Shellcode (120 Bytes) (0)
07-01: [shellcode] Linux/ARM64 – Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes) (0)
07-01: [shellcode] Linux/ARM64 – Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes) (0)
07-01: [remote] Linux Mint 18.3-19.1 – 'yelp' Command Injection (Metasploit) (0)
07-01: [shellcode] Linux/ARM64 – execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (48 Bytes) (0)
07-01: [shellcode] Linux/ARM64 – Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (8 Bytes) (0)

June 2019 (215)

06-29: LibreNMS 1.46 addhost Remote Code Execution (0)
06-29: Google Chrome AudioWorkletGlobalScope::Process Use-After-Free (0)
06-29: Google Chrome JS Execution Use-After-Free (0)
06-29: Windows Escalate UAC Protection Bypass Via SilentCleanup (0)
06-28: [webapps] LibreNMS 1.46 – 'addhost' Remote Code Execution (0)
06-28: [shellcode] Linux/x86 – Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) (0)
06-28: [shellcode] Windows/x86 – Start iexplore.exe (http://192.168.10.10/) Shellcode (191 Bytes) (0)
06-27: D-Link Administrative Password Disclosure (0)
06-27: [shellcode] Linux/x86 – ASCII AND, SUB, PUSH, POPAD Encoder Shellcode (0)
06-27: [shellcode] Windows/x86 – bitsadmin Download and Execute (http://192.168.10.10/evil.exe "c:evil.exe") Shellcode (210 Bytes) (0)
06-26: Spidermonkey IonMonkey Incorrect Prediction (0)
06-26: SuperDoctor5 NRPE Remote Code Execution (0)
06-26: SAPIDO RB-1732 Remote Command Execution (0)
06-26: WordPress iLive 1.0.4 Cross Site Scripting (0)
06-26: WordPress Live Chat Unlimited 2.8.3 Cross Site Scripting (0)
06-26: Fortinet FCM-MB40 Cross Site Request Forgery / Remote Command Execution (0)
06-26: BlogEngine.NET 3.3.6 / 3.3.7 path Directory Traversal (0)
06-26: Nagios XI Magpie_debug.php Root Remote Code Execution (0)
06-26: [remote] Nagios XI 5.5.6 – Magpie_debug.php Root Remote Code Execution (Metasploit) (0)
06-26: [dos] Mozilla Spidermonkey – IonMonkey 'Array.prototype.pop' Type Confusion (0)
06-25: Sony PlayStation Vita (PS Vita) – Trinity: PSP Emulator Escape (0)
06-25: ABB IDAL FTP Server Buffer Overflow (0)
06-25: EA Origin Remote Code Execution (0)
06-25: ABB IDAL FTP Server Path Traversal (0)
06-25: ABB IDAL FTP Server Uncontrolled Format String (0)
06-25: ABB HMI Missing Signature Verification (0)
06-25: ABB IDAL HTTP Server Authentication Bypass (0)
06-25: AZADMIN CMS Of HIDEA 1.0 SQL Injection (0)
06-25: GSearch 1.0.1.0 Denial Of Service (0)
06-25: GrandNode 4.40 Path Traversal / File Download (0)
06-25: dotProject 2.1.9 SQL Injection (0)
06-25: SeedDMS out.UsrMgr.php Cross Site Scripting (0)
06-25: SeedDMS Remote Command Execution (0)
06-25: SeedDMS out.GroupMgr.php Cross Site Scripting (0)
06-25: FortiCam FCM-MB40 Code Execution / Privilege Escalation (0)
06-25: ABB IDAL HTTP Server Stack-Based Buffer Overflow (0)
06-25: ABB IDAL HTTP Server Uncontrolled Format String (0)
06-25: Microsoft Windows CmpAddRemoveContainerToCLFSLog Arbitrary File / Directory Creation (0)
06-25: Microsoft Windows Font Cache Service Insecure Sections (0)
06-25: Apple Security Advisory 2019-6-20-1 (0)
06-25: [remote] SAPIDO RB-1732 – Remote Command Execution (0)
06-25: [remote] SuperDoctor5 – 'NRPE' Remote Code Execution (0)
06-25: [webapps] WordPress Plugin Live Chat Unlimited 2.8.3 – Cross-Site Scripting (0)
06-25: [webapps] WordPress Plugin iLive 1.0.4 – Cross-Site Scripting (0)
06-25: [webapps] BlogEngine.NET 3.3.6/3.3.7 – 'path' Directory Traversal (0)
06-25: [webapps] AZADMIN CMS 1.0 – SQL Injection (0)
06-25: [webapps] Fortinet FCM-MB40 – Cross-Site Request Forgery / Remote Command Execution (0)
06-25: [papers] Buffer Overflows, C Programming, NSA GHIDRA and More (0)
06-24: [dos] Microsoft Windows Font Cache Service – Insecure Sections Privilege Escalation (0)
06-24: [dos] Microsoft Windows – 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation (0)
06-24: [webapps] dotProject 2.1.9 – SQL Injection (0)
06-24: [webapps] GrandNode 4.40 – Path Traversal / Arbitrary File Download (0)
06-24: [dos] GSearch 1.0.1.0 – Denial of Service (PoC) (0)
06-24: [shellcode] Linux/x86_64 – Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode (0)
06-24: [webapps] SeedDMS < 5.1.11 – 'out.UsrMgr.php' Cross-Site Scripting (0)
06-24: [webapps] SeedDMS < 5.1.11 – 'out.GroupMgr.php' Cross-Site Scripting (0)
06-24: [webapps] SeedDMS versions < 5.1.11 – Remote Command Execution (0)
06-23: http://kasetwisai.go.th/ks.html (0)
06-23: http://www.dongmuang.go.th/robots.txt (0)
06-21: Koha Library Software 18.1106000 Open Redirection (0)
06-21: Tuneclone 2.20 SEH Buffer Overflow (0)
06-21: Linux Race Condition Use-After-Free (0)
06-21: BlogEngine.NET 3.3.6 / 3.3.7 XML Injection (0)
06-21: WebERP 4.15 SQL Injection (0)
06-21: [papers] Sony PlayStation Vita (PS Vita) – Trinity: PSP Emulator Escape (0)
06-21: [remote] EA Origin < 10.5.38 – Remote Code Execution (0)
06-21: [papers] Threat Hunting – Hunter or Hunted (0)
06-20: BlogEngine.NET 3.3.6 / 3.3.7 dirPath Directory Traversal / Remote Code Execution (0)
06-20: BlogEngine.NET 3.3.6 / 3.3.7 Theme Cookie Directory Traversal / Remote Code Execution (0)
06-20: Cisco Prime Infrastructure Runrshell Privilege Escalation (0)
06-20: Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal (0)
06-20: [local] Cisco Prime Infrastructure – Runrshell Privilege Escalation (Metasploit) (0)
06-20: [remote] Cisco Prime Infrastructure Health Monitor – TarArchive Directory Traversal (Metasploit) (0)
06-20: [dos] Linux – Use-After-Free via race Between modify_ldt() and #BR Exception (0)
06-20: [webapps] BlogEngine.NET 3.3.6/3.3.7 – XML External Entity Injection (0)
06-20: [webapps] WebERP 4.15 – SQL injection (0)
06-20: [local] Tuneclone 2.20 – Local SEH Buffer Overflow (0)
06-19: Serv-U FTP Server 15.1.6 Privilege Escalation (0)
06-19: Sahi Pro 7.x / 8.x Directory Traversal (0)
06-19: Sahi Pro 8.x SQL Injection (0)
06-19: Sahi Pro 8.x Cross Site Scripting (0)
06-19: BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution (0)
06-19: [webapps] BlogEngine.NET 3.3.6/3.3.7 – 'theme Cookie' Directory Traversal / Remote Code Execution (0)
06-19: [webapps] BlogEngine.NET 3.3.6/3.3.7 – 'dirPath' Directory Traversal / Remote Code Execution (0)
06-18: Clever Dog Smart Camera DOG-2W / DOG-2W-V4 File Disclosure / Backdoor (0)
06-18: RedwoodHQ 2.5.5 Authentication Bypass (0)
06-18: Microsoft Windows UAC Protection Bypass (0)
06-18: Spring Security OAuth 2.3 Open Redirection (0)
06-18: Microsoft Word (2016) Deceptive File Reference (0)
06-18: HC10 HC.Server Service 10.14 Remote Invalid Pointer Write (0)
06-18: AROX School-ERP Pro Unauthenticated Remote Code Execution (0)
06-18: Netperf 2.6.0 Buffer Overflow (0)
06-18: Exim 4.91 Local Privilege Escalation (0)
06-18: [local] Serv-U FTP Server < 15.1.7 – Local Privilege Escalation (0)
06-18: [shellcode] Linux/x86_64 – execve(/bin/sh) Shellcode (22 bytes) (0)
06-18: [webapps] Sahi pro 8.x – Cross-Site Scripting (0)
06-18: [webapps] Sahi pro 8.x – SQL Injection (0)
06-18: [webapps] Sahi pro 7.x/8.x – Directory Traversal (0)
06-17: [local] Exim 4.87 – 4.91 – Local Privilege Escalation (0)
06-17: [dos] HC10 HC.Server Service 10.14 – Remote Invalid Pointer Write (0)
06-17: [shellcode] Linux/x86 – Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes) (0)
06-17: [webapps] CleverDog Smart Camera DOG-2W / DOG-2W-V4 – Multiple Vulnerabilities (0)
06-17: [webapps] RedwoodHQ 2.5.5 – Authentication Bypass (0)
06-17: [dos] Netperf 2.6.0 – Stack-Based Buffer Overflow (0)
06-17: [local] Microsoft Windows – UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) (0)
06-17: [dos] Thunderbird ESR < 60.7.XXX – 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow (0)
06-17: [dos] Thunderbird ESR < 60.7.XXX – 'parser_get_next_char' Heap-Based Buffer Overflow (0)
06-17: [dos] Thunderbird ESR < 60.7.XXX – 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow (0)
06-17: [dos] Thunderbird ESR < 60.7.XXX – Type Confusion (0)
06-17: [webapps] Spring Security OAuth – Open Redirector (0)
06-17: [remote] AROX School-ERP Pro – Unauthenticated Remote Command Execution (Metasploit) (0)
06-16: http://www.bayaolocal.go.th (0)
06-16: http://www.paeng.go.th (0)
06-16: http://www.kamkoksoong.go.th (0)
06-15: Tzumi Electronics Klic Lock Authentication Bypass (0)
06-15: Aida64 6.00.5100 SEH Buffer Overflow (0)
06-15: CentOS 7.6 ptrace_scope Privlege Escalation (0)
06-15: Thunderbird libical Heap Overflow (0)
06-15: Thunderbird libical icalparser.c Heap Overflow (0)
06-15: Thunderbird libical Stack Buffer Overflow (0)
06-15: Thunderbird libical Type Confusion (0)
06-15: Java Card Proof Of Concepts (0)
06-14: Sitecore 8.x Deserialization Remote Code Execution (0)
06-14: Pronestor Health Monitoring Privilege Escalation (0)
06-14: APCUPSD Information Leak (0)
06-14: WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials (0)
06-14: [local] Aida64 6.00.5100 – 'Log to CSV File' Local SEH Buffer Overflow (0)
06-14: [papers] Active Directory Enumeration with PowerShell (0)
06-14: [local] CentOS 7.6 – 'ptrace_scope' Privilege Escalation (0)
06-13: Webmin 1.910 Remote Command Execution (0)
06-13: ProShow 9.0.3797 Privilege Escalation (0)
06-13: WordPress Insert Or Embed Articulate Content 4.2997 Remote Code Execution (0)
06-13: phpMyAdmin 4.8 Cross Site Request Forgery (0)
06-13: Liferay Portal 7.1 CE GA4 Cross Site Scripting (0)
06-13: FusionPBX 4.4.3 Remote Command Execution (0)
06-13: Telus Actiontec T2200H WiFi Credential Disclosure (0)
06-13: Telus Actiontec WEB6000Q Privilege Escalation (0)
06-13: Telus Actiontec WEB6000Q Denial Of Service (0)
06-13: Telus Actiontec T2200H Serial Number Information Disclosure (0)
06-13: SymCrypt Infinite Loop (0)
06-13: Telus Actiontec WEB6000Q Serial Number Information Disclosure (0)
06-13: Telus Actiontec T2200H Local Privilege Escalation (0)
06-13: [local] Pronestor Health Monitoring < 8.1.11.0 – Privilege Escalation (0)
06-13: [webapps] Sitecore 8.x – Deserialization Remote Code Execution (0)
06-12: [papers] LDAP Swiss Army Knife (0)
06-12: [webapps] FusionPBX 4.4.3 – Remote Command Execution (0)
06-11: Amcrest IPM-721S Credential Disclosure / Privilege Escalation (0)
06-11: Blipcare Clear Text Communication / Memory Corruption (0)
06-11: Dlink DCS-1130 Command Injection / CSRF / Stack Overflow (0)
06-11: Securifi Almond 2015 Buffer Overflow / Command Injection / XSS / CSRF (0)
06-11: Starry Router Camera PIN Brute-Force / CORS Incorrect (0)
06-11: Veralite / Veraedge Router XSS / Command Injection / CSRF / Traversal (0)
06-11: Shekar Endoscope Weak Default Settings / Memory Corruption (0)
06-11: UliCMS 2019.1 Cross Site Scripting (0)
06-11: Ubuntu 18.04 lxd Privilege Escalation (0)
06-11: Wampserver 3.1.8 Cross Site Request Forgery (0)
06-11: [remote] Webmin 1.910 – 'Package Updates' Remote Command Execution (Metasploit) (0)
06-11: [webapps] Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API – Cross-Site Scripting (0)
06-11: [webapps] phpMyAdmin 4.8 – Cross-Site Request Forgery (0)
06-11: [webapps] WordPress Plugin Insert or Embed Articulate Content into WordPress – Remote Code Execution (0)
06-11: [local] ProShow 9.0.3797 – Local Privilege Escalation (0)
06-10: [shellcode] Linux/x86_64 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes) (0)
06-10: [webapps] UliCMS 2019.1 'Spitting Lama' – Persistent Cross-Site Scripting (0)
06-10: [local] Ubuntu 18.04 – 'lxd' Privilege Escalation (0)
06-08: Microsoft Windows AppX Deployment Service Local Privilege Escalation (0)
06-07: Zimbra XML Injection / Server-Side Request Forgery (0)
06-07: WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload (0)
06-07: Supra Smart Cloud TV Remote File Inclusion (0)
06-07: [local] Microsoft Windows – AppX Deployment Service Local Privilege Escalation (3) (0)
06-07: [shellcode] Linux/x86_64 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) (0)
06-06: http://www.srasaming.go.th//../data/mah(5).gif (0)
06-06: [webapps] Supra Smart Cloud TV – 'openLiveURL()' Remote File Inclusion (0)
06-05: Rapid7 Windows InsightIDR Agent 2.6.3.14 Local Privilege Escalation (0)
06-05: TestLink 1.9.19 Server-Side Request Forgery (0)
06-05: Dell KACE System Management Appliance (SMA) XSS / SQL Injection (0)
06-05: AUO Solar Data Recorder Incorrect Access Control (0)
06-05: dotCMS 5.1.1 Open Redirection / Cross Site Scripting (0)
06-05: NUUO NVRMini 2 3.9.1 Stack Overflow (0)
06-05: Cisco RV130W 1.0.3.44 Remote Stack Overflow (0)
06-05: DVD X Player 5.5 Pro Local Buffer Overflow (0)
06-05: IceWarp 10.4.4 Local File Inclusion (0)
06-05: Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting (0)
06-05: Google Chrome WasmMemoryObject::Grow Use-After-Free (0)
06-05: LibreNMS addhost Command Injection (0)
06-05: IBM Websphere Application Server Remote Code Execution (0)
06-05: [remote] Exim 4.87 < 4.91 – (Local / Remote) Command Execution (0)
06-05: [dos] Google Chrome 73.0.3683.103 – 'WasmMemoryObject::Grow' Use-After-Free (0)
06-05: [webapps] Zimbra < 8.8.11 – XML External Entity Injection / Server-Side Request Forgery (0)
06-05: [remote] LibreNMS – addhost Command Injection (Metasploit) (0)
06-05: [remote] IBM Websphere Application Server – Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit) (0)
06-04: [local] Vim < 8.1.1365 / Neovim < 0.3.6 – Arbitrary Code Execution (0)
06-04: [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 – 'SiteLookup.do' Cross-Site Scripting (0)
06-04: [remote] Cisco RV130W 1.0.3.44 – Remote Stack Overflow (0)
06-04: [remote] NUUO NVRMini 2 3.9.1 – 'sscanf' Stack Overflow (0)
06-04: [webapps] IceWarp 10.4.4 – Local File Inclusion (0)
06-04: [local] DVD X Player 5.5 Pro – Local Buffer Overflow (SEH) (0)
06-03: http://member.ses26.go.th (0)
06-03: http://www.mhkpeo.ses26.go.th (0)
06-03: Safari Webkit Proxy Object Type Confusion (0)
06-03: [webapps] WordPress Plugin Form Maker 1.13.3 – SQL Injection (0)
06-03: [webapps] AUO Solar Data Recorder < 1.3.0 – Incorrect Access Control (0)
06-03: [webapps] KACE System Management Appliance (SMA) < 9.0.270 – Multiple Vulnerabilities (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #107 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #106 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #104 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #105 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #102 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #103 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #100 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #101 (0)
06-02: Packet Storm New Exploits For May, 2019 (0)
06-01: Microsoft Windows Remote Desktop BlueKeep Denial Of Service (0)
06-01: ZyXEL P-660HN-T1 V2 Missing Authentication / Password Disclosure (0)
06-01: Shopware 5.5.6 Cross Site Scripting (0)
06-01: Apple Security Advisory 2019-5-30-1 (0)

May 2019 (352)

05-31: Serv-U FTP Server 15.1.6.25 Local Privilege Escalation (0)
05-31: [papers] Analysis of CVE-2019-0708 (BlueKeep) (0)
05-30: pfSense 2.4.4-p3 Cross Site Scripting (0)
05-30: WordPress Nya-Comment-DoFollow 1.0 Open Redirection (0)
05-30: WordPress WPAds 1.0 Open Redirection (0)
05-30: Free SMTP Server 2.5 Denial Of Service (0)
05-30: Microsoft Windows AppX Deployment Service Local Privilege Escalation (0)
05-30: Qualcomm Android Kernel Use-After-Free (0)
05-30: Siemens LOGO! 8 Hard-Coded Cryptographic Key (0)
05-30: Siemens LOGO! 8 Missing Authentication (0)
05-30: Siemens LOGO! 8 Recoverable Password Format (0)
05-30: [papers] A Debugging Primer with CVE-2019-0708 (0)
05-29: Apple Security Advisory 2019-5-28-2 (0)
05-29: Apple Security Advisory 2019-5-28-1 (0)
05-29: Fast AVI MPEG Joiner 1.2.0812 License Name Denial Of Service (0)
05-29: Cyberoam General Authentication Client 2.1.2.7 Server Address Denial Of Service (0)
05-29: Microsoft Internet Explorer Windows 10 1809 17763.316 Memory Corruption (0)
05-29: CMS Made Simple 2.2.10 Cross Site Scripting (0)
05-29: Cyberoam SSLVPN Client 1.3.1.30 Connect To Server / HTTP Proxy Denial Of Service (0)
05-29: Oracle Application Testing Suite WebLogic Server Administration Console War Deployment (0)
05-29: Cyberoam Transparent Authentication Suite 2.1.2.5 NetBIOS Name / FQDN DoS (0)
05-29: WordPress lqcPlugin-regiePublicites 1.0 Open Redirection (0)
05-29: WordPress 4DMayi 4.6 Open Redirection (0)
05-29: WordPress DingTalk LTS 4.6 Open Redirection (0)
05-29: WordPress LaneMotorSport Responsive 1.8.4 Open Redirection (0)
05-29: Joomla Attachments 3.x File Upload (0)
05-29: MacOS X 10.14.5 Gatekeeper Bypass (0)
05-29: Deltek Maconomy 2.2.5 Local File Inclusion (0)
05-29: Kanboard 1.2.7 Cross Site Scripting (0)
05-29: Typora 0.9.9.24.6 Directory Traversal (0)
05-29: Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak (0)
05-29: EquityPandit 1.0 Password Disclosure (0)
05-29: Petraware pTransformer ADC SQL Injection (0)
05-29: Phraseanet DAM Cross Site Scripting (0)
05-29: VFront 0.99.5 Reflective Cross Site Scripting (0)
05-29: VFront 0.99.5 Persistent Cross Site Scripting (0)
05-29: [remote] Oracle Application Testing Suite – WebLogic Server Administration Console War Deployment (Metasploit) (0)
05-29: [dos] Spidermonkey – IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation (0)
05-29: [dos] Spidermonkey – IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script (0)
05-29: [dos] Qualcomm Android – Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL (0)
05-29: [webapps] pfSense 2.4.4-p3 (ACME Package 0.59_14) – Persistent Cross-Site Scripting (0)
05-29: [dos] Free SMTP Server 2.5 – Denial of Service (PoC) (0)
05-28: [webapps] Phraseanet < 4.0.7 – Cross-Site Scripting (0)
05-28: [remote] Petraware pTransformer ADC < 2.1.7.22827 – Login Bypass (0)
05-28: [local] EquityPandit 1.0 – Password Disclosure (0)
05-27: [remote] Typora 0.9.9.24.6 – Directory Traversal (0)
05-27: [webapps] Deltek Maconomy 2.2.5 – Local File Inclusion (0)
05-27: [dos] Pidgin 2.13.0 – Denial of Service (PoC) (0)
05-25: Microsoft Windows Installer Race Condition (0)
05-24: Brocade Network Advisor 14.4.1 Unauthenticated Remote Code Execution (0)
05-24: WordPress Ad-Manager 1.1.2 Open Redirection (0)
05-24: WordPress Aliyun 5.2 Open Redirection (0)
05-24: WordPress Dankov Planer 1.1.2 Open Redirection (0)
05-24: WordPress Chrome-Extensions 1.0 Open Redirection (0)
05-24: Terminal Services Manager 3.2.1 Denial Of Service (0)
05-24: WordPress jilijilibegin LTS 4.6 Open Redirection (0)
05-24: WordPress Ninger 4.6 Open Redirection (0)
05-24: WordPress Jingke 1.0 Open Redirection (0)
05-24: WordPress Antena_Ri Institute 2.0 Open Redirection (0)
05-24: WordPress PHPL 1.0 Open Redirection (0)
05-24: WordPress Howsci 1.8 Open Redirection (0)
05-24: WordPress Divi-Child 1.0 Open Redirection (0)
05-24: WordPress Xunjin 4.6 Open Redirection (0)
05-24: WordPress Tigin 1.0.5 Open Redirection (0)
05-24: NetAware 1.20 Add Block / Share Name Denial Of Service (0)
05-24: Angry Polar Bear 2: Microsoft Windows Error Reporting Local Privilege Escalation (0)
05-24: Internet Explorer JavaScript Privilege Escalation (0)
05-24: Interspire Email Marketer 6.20 Remote Code Execution (0)
05-24: Microsoft Windows Win32k Privilege Escalation (0)
05-24: Nagios XI 5.6.1 SQL Injection (0)
05-24: Anviz M3 RFID Missing Access Controls (0)
05-24: Opencart 3.0.3.2 extension/feed/google_base Denial Of Service (0)
05-24: Quest KACE Systems Management Appliance 9.0 Cross Site Scripting (0)
05-24: [dos] Fast AVI MPEG Joiner – 'License Name' Denial of Service (PoC) (0)
05-24: [remote] Microsoft Internet Explorer Windows 10 1809 17763.316 – Scripting Engine Memory Corruption (0)
05-24: [dos] Cyberoam General Authentication Client 2.1.2.7 – 'Server Address' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam Transparent Authentication Suite 2.1.2.5 – 'NetBIOS Name' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam Transparent Authentication Suite 2.1.2.5 – 'Fully Qualified Domain Name' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam SSLVPN Client 1.3.1.30 – 'Connect To Server' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam SSLVPN Client 1.3.1.30 – 'HTTP Proxy' Denial of Service (PoC) (0)
05-24: [webapps] Opencart 3.0.3.2 – 'extension/feed/google_base' Denial of Service PoC (0)
05-24: [local] Axessh 4.2 – 'Log file name' Local Stack-based Buffer Overflow (0)
05-23: WordPress Inkblot Theme 4.9.10 Cross Site Request Forgery (0)
05-23: WordPress Memphis Documents Library 3.9.19 Cross Site Request Forgery (0)
05-23: Microsoft Windows Task Scheduler .job Import Arbitrary DACL Write (0)
05-23: Blue Prism Robotic Process Automation (RPA) Privilege Escalation (0)
05-23: [papers] Web Application Firewall Bypass Methods (0)
05-23: [local] Microsoft Windows 10 (17763.379) – Install DLL (0)
05-23: [remote] Shopware – createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit) (0)
05-23: [dos] Visual Voicemail for iPhone – IMAP NAMESPACE Processing Use-After-Free (0)
05-23: [local] Apple Mac OS X – Feedback Assistant Race Condition (Metasploit) (0)
05-23: [dos] Terminal Services Manager 3.2.1 – Denial of Service (0)
05-23: [local] Microsoft Windows 10 1809 – 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation (0)
05-23: [dos] NetAware 1.20 – 'Share Name' Denial of Service (PoC) (0)
05-23: [webapps] Nagios XI 5.6.1 – SQL injection (0)
05-23: [shellcode] Linux/x64 – Execve(/bin/sh) Shellcode (23 bytes) (0)
05-23: [dos] NetAware 1.20 – 'Add Block' Denial of Service (PoC) (0)
05-23: [papers] Penetration Testing Steps And Tools (0)
05-22: http://www.skp.moe.go.th (0)
05-22: Slims CMS Akasia 8.3.1 SQL Injection (0)
05-22: PHP PHP_INI_SYSTEM Ineffective Controls (0)
05-22: JavaScriptCore LICM Uninitialized Stack Variable (0)
05-22: Microsoft Windows CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration (0)
05-22: XNU stf_ioctl Bad Cast (0)
05-22: Darktrace Enterpise Immune System 3.0.9 / 3.0.10 Cross Site Request Forgery (0)
05-22: Visual Voicemail For iPhone IMAP NAMESPACE Use-After-Free (0)
05-22: XNU Stale Pointer Use-After-Free (0)
05-22: Shopware createInstanceFromNamedArguments PHP Object Instantiation (0)
05-22: Mac OS X Feedback Assistant Race Condition (0)
05-22: FreeBSD rtld execl() Privilege Escalation (0)
05-22: [local] Microsoft Internet Explorer 11 – Sandbox Escape (0)
05-22: [local] Microsoft Windows (x84) – Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation (0)
05-22: [local] Microsoft Windows (x84/x64) – 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation (0)
05-22: [webapps] Horde Webmail 5.2.22 – Multiple Vulnerabilities (0)
05-22: [dos] TapinRadio 2.11.6 – 'Uername' Denial of Service (PoC) (0)
05-22: [dos] BlueStacks 4.80.0.1060 – Denial of Service (PoC) (0)
05-22: [webapps] Zoho ManageEngine ServiceDesk Plus < 10.5 – Improper Access Restrictions (0)
05-22: [dos] TapinRadio 2.11.6 – 'Address' Denial of Service (PoC) (0)
05-22: [dos] RarmaRadio 2.72.3 – 'Username' Denial of Service (PoC) (0)
05-22: [dos] RarmaRadio 2.72.3 – 'Server' Denial of Service (PoC) (0)
05-22: [webapps] Carel pCOWeb < B1.2.1 – Cross-Site Scripting (0)
05-22: [webapps] Carel pCOWeb < B1.2.1 – Credentials Disclosure (0)
05-22: [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 – Cross-Site Scripting (0)
05-22: [webapps] AUO Solar Data Recorder < 1.3.0 – 'addr' Cross-Site Scripting (0)
05-21: GAT-Ship Web Module 1.30 Information Disclosure (0)
05-21: Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution (0)
05-21: Freelance Cockpit CRM 3.3.1 SQL Injection (0)
05-21: Cisco Expressway Gateway 11.5.1 Directory Traversal (0)
05-21: Huawei eSpace 1.1.11.103 DLL Hijacking (0)
05-21: Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow (0)
05-21: Huawei eSpace 1.1.11.103 Meeting Image File Format Handling Buffer Overflow (0)
05-21: Huawei eSpace 1.1.11.103 Meeting Heap Overflow (0)
05-21: Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation (0)
05-21: phpKF 1.10 XSS / CSRF / SQL Injection (0)
05-21: Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 XNU – Wild-read due to bad cast in stf_ioctl (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 JavaScriptCore – AIR Optimization Incorrectly Removes Assignment to Register (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 JavaScriptCore – Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized (0)
05-21: [webapps] Brocade Network Advisor 14.4.1 – Unauthenticated Remote Code Execution (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler – 'HasIndexedProperty' Use-After-Free (0)
05-21: [webapps] Oracle CTI Web Service – 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection (0)
05-21: [webapps] WordPress Plugin WPGraphQL 0.2.3 – Multiple Vulnerabilities (0)
05-21: [webapps] Moodle Jmol Filter 6.1 – Directory Traversal / Cross-Site Scripting (0)
05-20: http://hanjoth.go.th (0)
05-20: http://hintang.go.th (0)
05-20: http://khnlocal.go.th (0)
05-20: http://ppnr.go.th (0)
05-20: http://suanmon.go.th (0)
05-20: [dos] Huawei eSpace Meeting 1.1.11.103 – 'cenwpoll.dll' SEH Buffer Overflow (Unicode) (0)
05-20: [local] Solaris 7/8/9 (SPARC) – 'dtprintinfo' Local Privilege Escalation (2) (0)
05-20: [remote] GetSimpleCMS – Unauthenticated Remote Code Execution (Metasploit) (0)
05-20: [local] Huawei eSpace 1.1.11.103 – DLL Hijacking (0)
05-20: [dos] Huawei eSpace 1.1.11.103 – Image File Format Handling Buffer Overflow (0)
05-20: [local] Solaris 7/8/9 (SPARC) – 'dtprintinfo' Local Privilege Escalation (1) (0)
05-20: [local] Solaris 10 1/13 (Intel) – 'dtprintinfo' Local Privilege Escalation (0)
05-20: [dos] BulletProof FTP Server 2019.0.0.50 – 'Storage-Path' Denial of Service (PoC) (0)
05-20: [dos] AbsoluteTelnet 10.16 – 'License name' Denial of Service (PoC) (0)
05-20: [dos] BulletProof FTP Server 2019.0.0.50 – 'DNS Address' Denial of Service (PoC) (0)
05-20: [dos] PCL Converter 2.7 – Denial of Service (PoC) (0)
05-20: [dos] docPrint Pro 8.0 – Denial of Service (PoC) (0)
05-20: [shellcode] Linux x86_64 – Delete File Shellcode (28 bytes) (0)
05-20: [dos] Encrypt PDF 2.3 – Denial of Service (PoC) (0)
05-20: [dos] Huawei eSpace 1.1.11.103 – 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow (0)
05-20: [webapps] eLabFTW 1.8.5 – Arbitrary File Upload / Remote Code Execution (0)
05-17: VMware Workstation DLL Hijacking (0)
05-17: WeChat 7.0.4 Denial Of Service (0)
05-17: JetAudio jetCast Server 2.0 Buffer Overflow (0)
05-17: ZOC Terminal 7.23.4 Denial Of Service (0)
05-17: Axessh 4.2 Denial Of Service (0)
05-17: SEL AcSELerator Architect 2.2.24 Denial Of Service (0)
05-17: GetSimpleCMS 3.3.15 Remote Code Execution (0)
05-17: [webapps] Interspire Email Marketer 6.20 – 'surveys_submit.php' Remote Code Execution (0)
05-17: [dos] CEWE Photo Importer 6.4.3 – '.jpg' Denial of Service (PoC) (0)
05-17: [dos] CEWE Photoshow 6.4.3 – 'Password' Denial of Service (PoC) (0)
05-17: [local] Iperius Backup 6.1.0 – Privilege Escalation (0)
05-17: [dos] Sandboxie 5.30 – 'Programs Alerts' Denial of Service (PoC) (0)
05-16: Tomabo MP4 Converter 3.25.22 Denial Of Service (0)
05-16: CommSy 8.6.5 SQL Injection (0)
05-16: DeepSound 1.0.4 SQL Injection (0)
05-16: Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery (0)
05-16: Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting (0)
05-16: RSA NetWitness Authorization Bypass (0)
05-16: https://dmf.go.th/sana.htm (0)
05-16: [webapps] DeepSound 1.0.4 – SQL Injection (0)
05-16: [local] VMware Workstation 15.1.0 – DLL Hijacking (0)
05-16: [dos] SEL AcSELerator Architect 2.2.24 – CPU Exhaustion Denial of Service (0)
05-16: [dos] Axessh 4.2 – 'Log file name' Denial of Service (PoC) (0)
05-16: [dos] ZOC Terminal v7.23.4 – 'Shell' Denial of Service (PoC) (0)
05-16: [dos] ZOC Terminal v7.23.4 – 'Private key file' Denial of Service (PoC) (0)
05-16: [dos] ZOC Terminal 7.23.4 – 'Script' Denial of Service (PoC) (0)
05-16: [local] JetAudio jetCast Server 2.0 – 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow (0)
05-16: [dos] WeChat for Android 7.0.4 – 'vcodec2_hls_filter' Denial of Service (0)
05-15: Selfie Studio 2.17 Denial Of Service (0)
05-15: Telenor.com.pk SMS 2-Factor Bypass (0)
05-15: TwistedBrush Pro Studio 24.06 Denial Of Service (0)
05-15: PasteShr 1.6 SQL Injection (0)
05-15: PHP-Fusion 9.03.00 Remote Code Execution (0)
05-15: Schneider Electric U.Motion Builder 1.3.4 Command Injection (0)
05-15: [webapps] Legrand BTicino Driver Manager F454 1.0.51 – Cross-Site Request Forgery / Cross-Site Scripting (0)
05-15: [webapps] CommSy 8.6.5 – SQL injection (0)
05-15: [dos] Tomabo MP4 Converter 3.25.22 – Denial of Service (PoC) (0)
05-14: Apple Security Advisory 2019-5-13-1 (0)
05-14: Apple Security Advisory 2019-5-13-2 (0)
05-14: Apple Security Advisory 2019-5-13-3 (0)
05-14: Apple Security Advisory 2019-5-13-4 (0)
05-14: Apple Security Advisory 2019-5-13-6 (0)
05-14: Apple Security Advisory 2019-5-13-5 (0)
05-14: OpenCMS 10.5.4 Cross Site Scripting (0)
05-14: OpenCMS 10.5.4 CSV Injection (0)
05-14: WolfCMS 0.8.3.1 Cross Site Scripting (0)
05-14: CCSP 7.2.5 API XML Injection / Server-Side Request Forgery (0)
05-14: SpotMSN 2.4.6 Denial Of Service (0)
05-14: DNSS Domain Name Search Software 2.1.8 Denial Of Service (0)
05-14: WordPress Form Maker 1.13.3 SQL Injection (0)
05-14: Firefly CMS 1.0 Remote Command Execution (0)
05-14: XOOPS CMS 2.5.9 SQL Injection (0)
05-14: SalesERP 8.1 SQL Injection (0)
05-14: SOCA Access Control System 180612 Information Disclosure (0)
05-14: SOCA Access Control System 180612 Cross Site Scripting (0)
05-14: SOCA Access Control System 180612 SQL Injection (0)
05-14: SOCA Access Control System 180612 Cross Site Request Forgery (0)
05-14: Go Cryptography Libraries Cleartext Message Spoofing (0)
05-14: System Down: A systemd-journald Exploit (0)
05-14: [webapps] Schneider Electric U.Motion Builder 1.3.4 – 'track_import_export.php object_id' Unauthenticated Command Injection (0)
05-14: [webapps] PasteShr 1.6 – Multiple SQL Injection (0)
05-14: [remote] PHP-Fusion 9.03.00 – 'Edit Profile' Remote Code Execution (Metasploit) (0)
05-14: [webapps] Sales ERP 8.1 – Multiple SQL Injection (0)
05-14: [dos] TwistedBrush Pro Studio 24.06 – '.srp' Denial of Service (PoC) (0)
05-14: [dos] TwistedBrush Pro Studio 24.06 – 'Script Recorder' Denial of Service (PoC) (0)
05-14: [dos] TwistedBrush Pro Studio 24.06 – 'Resize Image' Denial of Service (PoC) (0)
05-14: [webapps] D-Link DWL-2600AP – Multiple OS Command Injection (0)
05-14: [dos] Selfie Studio 2.17 – 'Resize Image' Denial of Service (PoC) (0)
05-13: [webapps] SOCA Access Control System 180612 – SQL Injection (0)
05-13: [shellcode] Linux/x86 – /sbin/iptables -F Shellcode (43 bytes) (0)
05-13: [webapps] OpenProject 5.0.0 – 8.3.1 – SQL Injection (0)
05-13: [dos] Google Chrome V8 – Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write (0)
05-13: [webapps] XOOPS 2.5.9 – SQL Injection (0)
05-13: [webapps] SOCA Access Control System 180612 – Cross-Site Request Forgery (Add Admin) (0)
05-13: [webapps] SOCA Access Control System 180612 – Information Disclosure (0)
05-13: [dos] DNSS 2.1.8 – Denial of Service (PoC) (0)
05-13: [dos] SpotMSN 2.4.6 – Denial of Service (PoC) (0)
05-11: Lotus Domino 8.5.3 EXAMINE Stack Buffer Overflow (0)
05-11: Lyric Maker 2.0.1.0 Denial Of Service (0)
05-11: Lyric Video Creator 2.1 Denial Of Service (0)
05-11: jetAudio 8.1.7.20702 Basic Denial Of Service (0)
05-11: Zoho ManageEngine ADSelfService Plus 5.7 Cross Site Scripting (0)
05-11: dotCMS 5.1.1 HTML Injection (0)
05-11: NetNumber Titan ENUM/DNS/NP 7.9.1 Bypass / Traversal (0)
05-11: RICOH SP 4510DN Printer HTML Injection (0)
05-11: RICOH SP 4520DN Printer HTML Injection (0)
05-11: Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure (0)
05-11: SpotIM 2.2 Denial Of Service (0)
05-11: Symphony Project sfDoctrinesfPropel 1.x Database Password Disclosure (0)
05-11: TheHive Project Cortex 2.1.3 Server Side Request Forgery (0)
05-11: Convert Video jetAudio 8.1.7 Denial Of Service (0)
05-11: jetCast Server 2.0 Denial Of Service (0)
05-11: SpotPaltalk 1.1.5 Denial Of Service (0)
05-11: ASPRunner.NET 10.1 Denial Of Service (0)
05-11: PHPRunner 10.1 Denial Of Service (0)
05-11: CyberArk Enterprise Password Vault 10.7 XML External Entity Injection (0)
05-11: Chrome V8 Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Failed Check (0)
05-11: OpenProject 8.3.1 SQL Injection (0)
05-10: [webapps] CyberArk Enterprise Password Vault 10.7 – XML External Entity Injection (0)
05-10: [webapps] RICOH SP 4510DN Printer – HTML Injection (0)
05-10: [webapps] dotCMS 5.1.1 – HTML Injection (0)
05-10: [dos] PHPRunner 10.1 – Denial of Service (PoC) (0)
05-10: [dos] SpotPaltalk 1.1.5 – Denial of Service (PoC) (0)
05-10: [dos] ASPRunner.NET 10.1 – Denial of Service (PoC) (0)
05-10: [webapps] TheHive Project Cortex < 1.15.2 – Server-Side Request Forgery (0)
05-10: [dos] SpotIM 2.2 – Denial of Service (PoC) (0)
05-10: [webapps] RICOH SP 4520DN Printer – HTML Injection (0)
05-10: [dos] jetCast Server 2.0 – Denial of Service (PoC) (0)
05-09: D-Link DWL-2600AP Save Configuration Command Injection (0)
05-09: D-Link DWL-2600AP Upgrade Firmware Command Injection (0)
05-09: Chrome 72.0.3626.119 FileReader Use-After-Free (0)
05-09: [dos] Convert Video jetAudio 8.1.7 – Denial of Service (PoC) (0)
05-09: [webapps] Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build – Cross-Site Scripting (0)
05-09: [dos] Lyric Maker 2.0.1.0 – Denial of Service (PoC) (0)
05-09: [dos] Lyric Video Creator 2.1 – '.mp3' Denial of Service (PoC) (0)
05-08: PostgreSQL COPY FROM PROGRAM Command Execution (0)
05-08: [webapps] NetNumber Titan ENUM/DNS/NP 7.9.1 – Path Traversal / Authorization Bypass (0)
05-08: [dos] jetAudio 8.1.7.20702 Basic – 'Enter URL' Denial of Service (PoC) (0)
05-08: [remote] Lotus Domino 8.5.3 – 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE) (0)
05-08: [shellcode] Linux/x86 – execve /bin/sh Shellcode (20 bytes) (0)
05-08: [local] MiniFtp – 'parseconf_load_setting' Buffer Overflow (0)
05-07: http://phuket.nfe.go.th/kathu/web1/file_editor/db.txt (0)
05-07: http://pattani.nfe.go.th/web1/file_editor/db.txt (0)
05-07: D-Link DWL-2600AP Authenticated OS Command Injection (0)
05-07: Xitami Web Server 2.5 Remote Buffer Overflow (0)
05-07: iOS 12.1.3 cfprefsd Memory Corruption (0)
05-07: NSClient++ 0.5.2.35 Privilege Escalation (0)
05-07: LG Supersign EZ CMS Remote Code Execution (0)
05-07: PHPads 2.0 SQL Injection (0)
05-07: Prinect Archive System 2015 Release 2.6 Cross Site Scripting (0)
05-07: ReadyAPI 2.5.0 / 2.6.0 Remote Code Execution (0)
05-07: [local] Admin Express 1.2.5.485 – 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow (0)
05-07: [webapps] Prinect Archive System 2015 Release 2.6 – Cross-Site Scripting (0)
05-07: [dos] Easy Chat Server 3.1 – 'message' Denial of Service (PoC) (0)
05-06: [webapps] ReadyAPI 2.5.0 / 2.6.0 – Remote Code Execution (0)
05-06: [remote] LG Supersign EZ CMS – Remote Code Execution (Metasploit) (0)
05-06: [dos] iOS 12.1.3 – 'cfprefsd' Memory Corruption (0)
05-06: [local] NSClient++ 0.5.2.35 – Privilege Escalation (0)
05-06: [shellcode] Linux/x86 – shred file Shellcode (72 bytes) (0)
05-06: [shellcode] Linux/x86 – Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) (0)
05-06: [webapps] microASP (Portal+) CMS – 'pagina.phtml?explode_tree' SQL Injection (0)
05-06: [webapps] PHPads 2.0 – 'click.php3?bannerID' SQL Injection (0)
05-06: [remote] Xitami Web Server 2.5 – Remote Buffer Overflow (SEH + Egghunter) (0)
05-05: Blue Angel Software Suite Command Execution (0)
05-05: Instagram Auto Follow SQL Injection (0)
05-05: SolarWinds DameWare Mini Remote Control 10.0 Denial Of Service (0)
05-05: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection (0)
05-05: Zotonic 0.46 mod_admin Cross Site Scripting (0)
05-05: Wordpress Social Warfare Remote Code Execution (0)
05-03: MailCarrier 2.51 HELP Remote Buffer Overflow (0)
05-03: Sentrifugo Human Resource Management System 3.2 File Disclosure (0)
05-03: OpenSkos Simple Knowledge Organization System 2.0 File Disclosure (0)
05-03: CentOS Web Panel Domain Field Cross Site Scripting (0)
05-03: Johnny You Are Fired (0)
05-03: Winamp 5.12 Playlist (.pls) Buffer Overflow (0)
05-03: Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution (0)
05-03: Packet Storm New Exploits For April, 2019 (0)
05-03: Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution (0)
05-03: [webapps] Wordpress Plugin Social Warfare < 3.5.3 – Remote Code Execution (0)
05-03: [dos] SolarWinds DameWare Mini Remote Control 10.0 – Denial of Service (0)
05-03: [remote] Blue Angel Software Suite – Command Execution (0)
05-03: [shellcode] Linux/x86 – Openssl Encrypt Files With aes256cbc Shellcode (185 bytes) (0)
05-03: [remote] Windows PowerShell ISE – Remote Code Execution (0)
05-03: [webapps] Zotonic < 0.47.0 mod_admin – Cross-Site Scripting (0)
05-03: [shellcode] Linux/x86 – Reverse Shell Shellcode (91 Bytes) + Python Wrapper (0)
05-03: [webapps] Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow – Remote Command Injection (0)
05-03: [webapps] Instagram Auto Follow – Authentication Bypass (0)
05-02: [remote] Ruby On Rails – DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit) (0)
05-01: http://lpa.nfe.go.th/mj.htm (0)
05-01: Joomla JiFile 2.3.1 Arbitrary File Download (0)
05-01: Agent Tesla Botnet Information Disclosure (0)
05-01: Pimcore Unserialize Remote Code Execution (0)
05-01: APT Package Manager Persistence (0)
05-01: AIS Logistics ESEL-Server SQL Injection / Code Execution (0)
05-01: Linux Missing Lockdown (0)
05-01: Revive Adserver Deserialization / Open Redirect (0)
05-01: Freefloat FTP Server 1.0 SIZE Buffer Overflow (0)
05-01: Freefloat FTP Server 1.0 STOR Buffer Overflow (0)
05-01: Netgear DGN2200 / DGND3700 Admin Password Disclosure (0)
05-01: Veeam ONE Reporter 9.5.0.3201 Cross Site Request Forgery (0)
05-01: Veeam ONE Reporter 9.5.0.3201 Cross Site Scripting (0)
05-01: Domoticz 4.10577 Unauthenticated Remote Command Execution (0)
05-01: Intelbras IWR 3000N Denial Of Service (0)
05-01: Intelbras IWR 3000N 1.5.0 Cross Site Request Forgery (0)
05-01: HumHub 1.3.12 Cross Site Scripting (0)
05-01: Spring Cloud Config 2.1.x Path Traversal (0)
05-01: Yum Package Manager Persistence (0)
05-01: [webapps] CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) – Domain Field (Add DNS Zone) Cross-Site Scripting (0)

April 2019 (334)

04-30: http://photharamhosp.go.th/sm2//images/db.txt (0)
04-30: http://nongkhamsuphan.go.th/images/db.txt (0)
04-30: [remote] Freefloat FTP Server 1.0 – 'SIZE' Remote Buffer Overflow (0)
04-30: [papers] [Turkish] Tunelleme Teknikleri ile Firewall Atlatmak (0)
04-30: [webapps] Hyvikk Fleet Manager – Shell Upload (0)
04-30: [webapps] Agent Tesla Botnet – Information Disclosure (0)
04-30: [remote] Freefloat FTP Server 1.0 – 'STOR' Remote Buffer Overflow (0)
04-30: [webapps] Netgear DGN2200 / DGND3700 – Admin Password Disclosure (0)
04-30: [remote] Moodle 3.6.3 – 'Install Plugin' Remote Command Execution (Metasploit) (0)
04-30: [webapps] Joomla! Component JiFile 2.3.1 – Arbitrary File Download (0)
04-30: [webapps] Domoticz 4.10577 – Unauthenticated Remote Command Execution (0)
04-30: [webapps] HumHub 1.3.12 – Cross-Site Scripting (0)
04-30: [webapps] Spring Cloud Config 2.1.x – Path Traversal (Metasploit) (0)
04-30: [webapps] Joomla! Component ARI Quiz 3.7.4 – SQL Injection (0)
04-30: [webapps] Intelbras IWR 3000N 1.5.0 – Cross-Site Request Forgery (0)
04-30: [webapps] Veeam ONE Reporter 9.5.0.3201 – Persistent Cross-site Scripting (Add/Edit Widget) (0)
04-30: [webapps] Intelbras IWR 3000N – Denial of Service (Remote Reboot) (0)
04-30: [webapps] Veeam ONE Reporter 9.5.0.3201 – Multiple Cross-Site Request Forgery (0)
04-30: [webapps] Veeam ONE Reporter 9.5.0.3201 – Persistent Cross-Site Scripting (0)
04-29: SGI IRIX 6.4.x Run-Time Linker Arbitrary File Creation (0)
04-28: NSauditor 3.1.2.0 Community Denial Of Service (0)
04-28: NSauditor 3.1.2.0 Name Denial Of Service (0)
04-28: Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting (0)
04-28: Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection (0)
04-28: Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change (0)
04-28: Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution (0)
04-28: Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting (0)
04-28: Sierra Wireless AirLink ES450 SNMPD Hard-Coded Credentials (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Cross Site Request Forgery (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Information Disclosure (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment (0)
04-28: Joomla ARI Quiz 3.7.4 SQL Injection (0)
04-28: Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Information Exposure (0)
04-27: osTicket 1.11 Cross Site Scripting / Local File Inclusion (0)
04-27: Lavavo CD Ripper 4.20 Buffer Overflow (0)
04-27: systemd DynamicUser SetUID Binary Creation (0)
04-26: Chrome NewFixedDoubleArray Integer Overflow (0)
04-26: HeidiSQL Portable 10.1.0.5464 Denial Of Service (0)
04-26: Backup Key Recovery 2.2.4 Denial Of Service (0)
04-26: JioFi 4G M2S 1.0.2 Cross Site Scripting (0)
04-26: JioFi 4G M2S 1.0.2 Denial Of Service (0)
04-26: [dos] systemd – DynamicUser can Create setuid Binaries when Assisted by Another Process (0)
04-26: [webapps] Apache Pluto 3.0.0 / 3.0.1 – Persistent Cross-Site Scripting (0)
04-26: [dos] NSauditor 3.1.2.0 – 'Name' Denial of Service (PoC) (0)
04-26: [dos] NSauditor 3.1.2.0 – 'Community' Denial of Service (PoC) (0)
04-25: ManageEngine Applications Manager 14.0 SQL Injection / Command Injection (0)
04-25: Linux Overflow Via FUSE (0)
04-25: 74CMS 5.0.1 Cross Site Request Forgery (0)
04-25: Linux Siemens R3964 Line Discipline Missing Lock (0)
04-25: Sony Smart TV Information Disclosure / File Read (0)
04-25: VirtualBox COM RPC Interface Code Injection / Privilege Escalation (0)
04-25: RARLAB WinRAR ACE Format Input Validation Remote Code Execution (0)
04-25: https://envocc.ddc.moph.go.th//xampp/lang.tmp (0)
04-25: [local] RARLAB WinRAR 5.61 – ACE Format Input Validation Remote Code Execution (Metasploit) (0)
04-25: [local] Lavavo CD Ripper 4.20 – 'License Activation Name' Buffer Overflow (SEH) (0)
04-25: [dos] AnMing MP3 CD Burner 2.0 – Denial of Service (PoC) (0)
04-25: [webapps] osTicket 1.11 – Cross-Site Scripting / Local File Inclusion (0)
04-25: [dos] JioFi 4G M2S 1.0.2 – Denial of Service (0)
04-25: [webapps] JioFi 4G M2S 1.0.2 – 'mask' Cross-Site Scripting (0)
04-25: [dos] Backup Key Recovery 2.2.4 – Denial of Service (PoC) (0)
04-25: [dos] HeidiSQL 10.1.0.5464 – Denial of Service (PoC) (0)
04-24: Ross Video DashBoard 8.5.1 Insecure Permissions (0)
04-24: [shellcode] Linux/x86 – Rabbit Shellcode Crypter (200 bytes) (0)
04-24: [remote] Google Chrome 72.0.3626.121 / 74.0.3725.0 – 'NewFixedDoubleArray' Integer Overflow (0)
04-24: [local] VirtualBox 6.0.4 r128413 – COM RPC Interface Code Injection Host Privilege Escalation (0)
04-23: Ease Audio Converter 5.30 Denial Of Service (0)
04-23: Google Chrome 73.0.3683.103 V8 JavaScript Engine Denial Of Service (0)
04-23: WordPress Contact Form Builder 1.0.67 CSRF / LFI (0)
04-23: [dos] Linux – 'page->_refcount' Overflow via FUSE (0)
04-23: [dos] Linux – Missing Locking in Siemens R3964 Line Discipline Race Condition (0)
04-23: [dos] systemd – Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit (0)
04-23: [local] Ross Video DashBoard 8.5.1 – Insecure Permissions (0)
04-22: http://harisk.nah.go.th/zz.htm (0)
04-22: http://educationarmy3.nah.go.th/zz.htm (0)
04-22: http://www.sknhospital.go.th/zz.htm (0)
04-22: http://www.ramsurin.go.th/zz.htm (0)
04-22: http://ceramic.dss.go.th/vz.txt (0)
04-22: http://project.dss.go.th/vz.txt (0)
04-22: http://foodcontact.dss.go.th/vz.txt (0)
04-22: http://bas.dss.go.th/vz.txt (0)
04-22: http://rspg.dss.go.th/vz.txt (0)
04-22: http://km.dss.go.th/vz.txt (0)
04-22: http://otop.dss.go.th/vz.txt (0)
04-22: http://glass.dss.go.th/vz.txt (0)
04-22: http://rubber.dss.go.th/vz.txt (0)
04-22: ChurchCRM Software 3.3.2 Database Disclosure (0)
04-22: OpenDocMan Document Management System 1.3.5 Database Disclosure (0)
04-22: RingsDB Software 1.0.0 Database Disclosure (0)
04-22: Zikula Core CMS 2.0.13 Database Disclosure (0)
04-22: LabF nfsAxe 3.7 Ping Client Buffer Overflow (0)
04-22: [remote] ManageEngine Applications Manager 14.0 – Authentication Bypass / Remote Command Execution (Metasploit) (0)
04-22: [webapps] 74CMS 5.0.1 – Cross-Site Request Forgery (Add New Admin User) (0)
04-22: [local] LabF nfsAxe 3.7 Ping Client – 'Host IP' Buffer Overflow (Direct Ret) (0)
04-22: [shellcode] Linux/ARM – Password-Protected Reverse TCP Shellcode (100 bytes) (0)
04-22: [webapps] WordPress Plugin Contact Form Builder 1.0.67 – Cross-Site Request Forgery / Local File Inclusion (0)
04-22: [dos] Google Chrome 73.0.3683.103 V8 JavaScript Engine – Out-of-Memory in Invalid Table Size Denial of Service (PoC) (0)
04-22: [dos] Ease Audio Converter 5.30 – '.mp4' Denial of Service (PoC) (0)
04-22: [webapps] Msvod 10 – Cross-Site Request Forgery (Change User Information) (0)
04-22: [dos] QNAP myQNAPcloud Connect 1.3.4.0317 – 'Username/Password' Denial of Service (0)
04-21: QNAP myQNAPcloud Connect 1.3.4.0317 Username/Password Denial Of Service (0)
04-21: Oracle Business Intelligence And XML Publisher XML Injection (0)
04-21: Oracle Business Intelligence Directory Traversal (0)
04-20: http://bantham.go.th/vz.txt (0)
04-20: Evernote 7.9 Path Traversal / Code Execution (0)
04-20: ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution (0)
04-20: Netwide Assembler (NASM) 2.14rc15 Null Pointer Dereference (0)
04-20: Atlassian Confluence Widget Connector Macro Velocity Template Injection (0)
04-20: SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation (0)
04-19: LibreOffice Macro Code Execution (0)
04-19: [remote] Atlassian Confluence Widget Connector Macro – Velocity Template Injection (Metasploit) (0)
04-19: [local] SystemTap 1.3 – MODPROBE_OPTIONS Privilege Escalation (Metasploit) (0)
04-19: [webapps] Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 – XML External Entity Injection (0)
04-19: [webapps] Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 – Directory Traversal (0)
04-18: Windows Zero Day Emerges In Active Exploits (0)
04-18: UltraVNC Viewer 1.2.2.4 Denial Of Service (0)
04-18: UltraVNC Launcher 1.2.2.4 Denial Of Service (0)
04-18: Seo Panel Newsletter 1.2.0 Cross Site Scripting (0)
04-18: RemoteMouse 3.008 Arbitrary Remote Command Execution (0)
04-18: PCHelpWare 2 1.0.0.5 SC Denial Of Service (0)
04-18: AdminExpress 1.2.5 Denial Of Service (0)
04-18: PCHelpWare 2 1.0.0.5 Group Denial Of Service (0)
04-18: Zyxel ZyWall Cross Site Scripting (0)
04-18: Zoho ManageEngine ADManager Plus 6.6 Privilege Escalation (0)
04-18: Joomla 3.9.4 Arbitrary File Deletion / Directory Traversal (0)
04-18: MailCarrier 2.51 RETR Buffer Overflow (0)
04-18: Microsoft Windows CSRSS SxSSrv Cached Manifest Privilege Escalation (0)
04-18: Microsoft Windows LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation (0)
04-18: Microsoft Windows LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation (0)
04-18: Microsoft Windows LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation (0)
04-18: Microsoft Windows LUAFV NtSetCachedSigningLevel Device Guard Bypass (0)
04-18: Microsoft Windows LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation (0)
04-18: Microsoft Windows LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition (0)
04-18: 2 Plan Team 1.0.4 Cross Site Scripting (0)
04-18: WordPress Download Manager 2.9.93 Cross Site Scripting (0)
04-18: ASUS HG100 Denial Of Service (0)
04-18: DHCP Server 2.5.2 Denial Of Service (0)
04-18: OAMbuster Multi-Threaded CVE-2018-2879 Scanner (0)
04-18: Oracle Java Runtime Environment sc_FindExtrema4 Heap Corruption (0)
04-18: Oracle Java Runtime Environment GlyphIterator::setCurrGlyphID Heap Corruption (0)
04-18: [local] LibreOffice < 6.0.7 / 6.1.3 – Macro Code Execution (Metasploit) (0)
04-18: [dos] Netwide Assembler (NASM) 2.14rc15 – NULL Pointer Dereference (PoC) (0)
04-18: [remote] ManageEngine Applications Manager 11.0 < 14.0 – SQL Injection / Remote Code Execution (Metasploit) (0)
04-18: [local] Evernote 7.9 – Code Execution via Path Traversal (0)
04-17: https://sueksa.go.th (0)
04-17: http://www2.fda.moph.go.th/fdaonline/board/wallpaper/swan.txt (0)
04-17: [dos] Oracle Java Runtime Environment – Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID (0)
04-17: [dos] DHCP Server 2.5.2 – Denial of Service (PoC) (0)
04-17: [dos] ASUS HG100 – Denial of Service (0)
04-17: [dos] Oracle Java Runtime Environment – Heap Corruption During TTF font Rendering in sc_FindExtrema4 (0)
04-17: [remote] MailCarrier 2.51 – POP3 'RETR' SEH Buffer Overflow (0)
04-16: Jobberbase CMS 2.0 SQL Injection (0)
04-16: MailCarrier 2.51 RCPT TO Buffer Overflow (0)
04-16: MailCarrier 2.51 USER Buffer Overflow (0)
04-16: MailCarrier 2.51 LIST Buffer Overflow (0)
04-16: MailCarrier 2.51 TOP Buffer Overflow (0)
04-16: Cisco RV130W Routers Management Interface Remote Command Execution (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation (0)
04-16: [webapps] Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 – Login Page Cross-Site Scripting (0)
04-16: [local] Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) – Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV NtSetCachedSigningLevel Device Guard Bypass (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 / 1709 – CSRSS SxSSrv Cached Manifest Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation (0)
04-16: [webapps] Joomla Core 1.5.0 – 3.9.4 – Directory Traversal / Authenticated Arbitrary File Deletion (0)
04-16: [dos] AdminExpress 1.2.5 – 'Folder Path' Denial of Service (PoC) (0)
04-16: [dos] PCHelpWare V2 1.0.0.5 – 'SC' Denial of Service (PoC) (0)
04-16: [dos] PCHelpWare V2 1.0.0.5 – 'Group' Denial of Service (PoC) (0)
04-15: [dos] UltraVNC Launcher 1.2.2.4 – 'Path' Denial of Service (PoC) (0)
04-15: [webapps] DirectAdmin 1.561 – Multiple Vulnerabilities (0)
04-15: [remote] Cisco RV130W Routers – Management Interface Remote Command Execution (Metasploit) (0)
04-15: [shellcode] Linux/x86 – Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes) (0)
04-15: [dos] UltraVNC Viewer 1.2.2.4 – 'VNC Server' Denial of Service (PoC) (0)
04-15: [remote] MailCarrier 2.51 – POP3 'TOP' SEH Buffer Overflow (0)
04-15: [remote] MailCarrier 2.51 – POP3 'LIST' SEH Buffer Overflow (0)
04-15: [remote] MailCarrier 2.51 – POP3 'USER' Buffer Overflow (0)
04-15: [remote] CuteNews 2.1.2 – 'avatar' Remote Code Execution (Metasploit) (0)
04-15: [remote] RemoteMouse 3.008 – Arbitrary Remote Command Execution (0)
04-15: [shellcode] Linux/x86 – MMX-PUNPCKLBW Encoder Shellcode (61 bytes) (0)
04-15: [remote] MailCarrier 2.51 – 'RCPT TO' Buffer Overflow (0)
04-14: http://www.onep.go.th/by.htm (0)
04-13: Internet Explorer Zero-Day Lets Hackers Steal Files From Windows PCs (0)
04-13: CyberArk EPM 10.2.1.603 Security Restrictions Bypass (0)
04-13: ATutor file_manager Remote Code Execution (0)
04-13: DirectAdmin 1.561 Cross Site Scripting (0)
04-12: Microsoft Internet Explorer 11 XML Injection (0)
04-12: Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF (0)
04-12: Microsoft Windows Contact File Format Arbitary Code Execution (0)
04-12: [webapps] ATutor < 2.2.4 – 'file_manager' Remote Code Execution (Metasploit) (0)
04-12: [shellcode] Linux/x86 – Add User to Passwd File Shellcode (149 bytes) (0)
04-12: [local] Microsoft Internet Explorer 11 – XML External Entity Injection (0)
04-12: [local] CyberArk EPM 10.2.1.603 – Security Restrictions Bypass (0)
04-11: PHP 7.2 imagecolormatch() Out-Of-Band Heap Write (0)
04-11: Ashop Shopping Cart Software SQL Injection (0)
04-11: TP-LINK TL-WR940N / TL-WR941ND Buffer Overflow (0)
04-11: Loytec LGATE-902 XSS / Traversal / File Deletion (0)
04-11: EasyIO 30P Authentication Bypass / Cross Site Scripting (0)
04-11: Apache Axis 1.4 Remote Code Execution (0)
04-11: Microsoft Windows AppX Deployment Service Privilege Escalation (0)
04-11: Dell KACE Systems Management Appliance (K1000) 6.4.120756 Code Execution (0)
04-11: D-Link DI-524 2.06RU Cross Site Scripting (0)
04-11: FTPShell Server 6.83 Virtual Path Mapping Local Buffer Overflow (0)
04-11: FTPShell Server 6.83 Account Name To Ban Local Buffer Overflow (0)
04-11: NekoCMS 2.5 Database Disclosure (0)
04-11: Themosis Framework BookStore 1.3.0 Database Disclosure (0)
04-11: YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure (0)
04-11: Chrome FileChooserImpl Use-After-Free (0)
04-11: Horde Form Shell Upload (0)
04-10: Jobgator SQL Injection (0)
04-10: ShoreTel Connect ONSITE Cross Site Scripting / Session Fixation (0)
04-10: FlexHEX 2.71 Buffer Overflow (0)
04-10: Bolt CMS 3.6.6 Cross Site Request Forgery / Code Execution (0)
04-10: River Past Cam Do 3.7.6 Local Buffer Overflow (0)
04-10: WordPress Limit Login Attempts Reloaded 2.7.4 Bypass (0)
04-10: AllPlayer 7.4 SEH Buffer Overflow (0)
04-10: CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) Cross Site Scripting (0)
04-10: CARPE (DIEM) Apache 2.4.x Local Privilege Escalation (0)
04-10: [webapps] D-Link DI-524 V2.06RU – Multiple Cross-Site Scripting (0)
04-10: [local] FTPShell Server 6.83 – 'Virtual Path Mapping' Local Buffer (0)
04-10: [local] FTPShell Server 6.83 – 'Account name to ban' Local Buffer (0)
04-10: [webapps] Dell KACE Systems Management Appliance (K1000) 6.4.120756 – Unauthenticated Remote Code Execution (0)
04-09: [local] Microsoft Windows – AppX Deployment Service Privilege Escalation (0)
04-09: [remote] Apache Axis 1.4 – Remote Code Execution (0)
04-09: [webapps] Ashop Shopping Cart Software – 'bannedcustomers.php?blacklistitemid' SQL Injection (0)
04-09: [shellcode] Linux/x64 – XANAX Decoder Shellcode (127 bytes) (0)
04-09: [shellcode] Linux/x64 – XANAX Encoder Shellcode (127 bytes) (0)
04-09: [remote] TP-LINK TL-WR940N / TL-WR941ND – Buffer Overflow (0)
04-08: [local] Apache 2.4.17 < 2.4.38 – 'apache2ctl graceful' 'logrotate' Local Privilege Escalation (0)
04-08: [webapps] Bolt CMS 3.6.6 – Cross-Site Request Forgery / Remote Code Execution (0)
04-08: [webapps] Jobgator – 'experience' SQL Injection (0)
04-08: [local] FlexHEX 2.71 – SEH Buffer Overflow (Unicode) (0)
04-08: [webapps] ShoreTel Connect ONSITE < 19.49.1500.0 – Multiple Vulnerabilities (0)
04-08: [webapps] SaLICru -SLC-20-cube3(5) – HTML Injection (0)
04-08: [remote] QNAP Netatalk < 3.1.12 – Authentication Bypass (0)
04-08: [webapps] ManageEngine ServiceDesk Plus 9.3 – User Enumeration (0)
04-08: [local] Download Accelerator Plus (DAP) 10.0.6.0 – SEH Buffer Overflow (0)
04-08: [webapps] Tradebox CryptoCurrency – 'symbol' SQL Injection (0)
04-08: [webapps] WordPress Plugin Limit Login Attempts Reloaded 2.7.4 – Login Limit Bypass (0)
04-08: [webapps] CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) – Cross-Site Scripting (0)
04-08: [local] River Past Cam Do 3.7.6 – 'Activation Code' Local Buffer Overflow (0)
04-08: [local] AllPlayer 7.4 – SEH Buffer Overflow (Unicode) (0)
04-07: Arris Touchstone TG1672 Credential Disclosure (0)
04-07: Open-Xchange AppSuite 7.10.1 Information Disclosure / Improper Access Control (0)
04-07: WordPress Form Maker 1.13.2 Cross Site Request Forgery / Local File Inclusion (0)
04-07: NC450 1.5.0 Build 181022 Rel.3A033D Hardcoded Credentials (0)
04-06: Magic ISO Maker 5.5 Build 281 Denial Of Service (0)
04-06: Lupusec XT2 Plus Main Panel Shared Secrets / Secret Disclosure / CSRF (0)
04-06: WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery (0)
04-06: AIDA64 Extreme 5.99.4900 SEH Buffer Overflow (0)
04-06: Manage Engine ServiceDesk Plus 9.3 Privilege Escalation (0)
04-06: FreeSMS 2.1.2 SQL Injection (0)
04-06: WordPress 5.0.0 crop-image Shell Upload (0)
04-05: iScripts ReserveLogic SQL Injection (0)
04-05: Ashop Shopping Cart Software SQL Injection (0)
04-05: AIDA64 Business 5.99.4900 SEH Buffer Overflow (0)
04-05: PhreeBooks ERP 5.2.3 Arbitrary File Upload (0)
04-05: PhreeBooks ERP 5.2.3 Remote Command Execution (0)
04-05: Clinic Pro 4 SQL Injection (0)
04-05: TeemIp IPAM Command Injection (0)
04-05: Apache 2.4.38 Root Privilege Escalation (0)
04-05: Chrome 73.0.3683.86 Stable Proof Of Concept (0)
04-05: [remote] WordPress 5.0.0 – Crop-image Shell Upload (Metasploit) (0)
04-05: [webapps] WordPress Plugin Contact Form Maker 1.13.1 – Cross-Site Request Forgery (0)
04-05: [local] AIDA64 Extreme 5.99.4900 – 'Logging' SEH Buffer Overflow (0)
04-05: [webapps] Manage Engine ServiceDesk Plus 9.3 – Privilege Escalation (0)
04-04: [webapps] FreeSMS 2.1.2 – SQL Injection (Authentication Bypass) (0)
04-04: [local] AIDA64 Engineer 5.99.4900 – 'Load from file' Field Buffer Overflow (SEH) (0)
04-04: [dos] Magic ISO Maker 5.5(build 281) – 'Serial Code' Denial of Service (PoC) (0)
04-03: XNU Unsafe Pidversion Increment During Execve (0)
04-03: WebKitGTK+ ThreadedCompositor Race Condition (0)
04-03: Chrome V8TrustedTypePolicyOptions::ToImpl Type Confusion (0)
04-03: Chrome JSPromise::TriggerPromiseReactions Type Confusion (0)
04-03: Chrome ReadableStream Internal Object Leak (0)
04-03: Inout RealEstate SQL Injection (0)
04-03: Inout EasyRooms Ultimate Edition 1.0 SQL Injection (0)
04-03: WordPress PayPal Checkout Payment Gateway 1.6.8 Parameter Tampering (0)
04-03: AIDA64 Extreme Edition 5.99.4800 Buffer Overflow (0)
04-03: CMS Made Simple SQL Injection (0)
04-03: LimeSurvey Deserialization Remote Code Execution (0)
04-03: HP Color LaserJet CP4025 Printers 6.7.0.x Authentication Bypass (0)
04-03: HP Color LaserJet CP4525 Printers 6.7.0.x Authentication Bypass (0)
04-03: HP LaserJet 5200 HP LaserJet 5200 Authentication Bypass (0)
04-03: HP LaserJet P3015 Printers 6.7.0.x Authentication Bypass (0)
04-03: HP LaserJet P4014/P4015 Printers 6.7.0.x Authentication Bypass (0)
04-03: JioFi 4G M2S 1.0.2 Cross Site Request Forgery (0)
04-03: Coders Survey 3.4.10 Database Disclosure (0)
04-03: DataWrapper ProtoType 0.8 Database Disclosure (0)
04-03: Ektron CMS 9 Database Disclosure (0)
04-03: Mash Project Integrated 4.2.7.1 Database Disclosure (0)
04-03: Shinobi Security Software 1.0 Database Disclosure (0)
04-03: Directus Suite CMS 7.0.15 Database Disclosure (0)
04-03: Oracle Weblogic Server Deserialization RMI UnicastRef Remote Code Execution (0)
04-03: phpFileManager 1.7.8 Local File Inclusion (0)
04-03: [dos] SpiderMonkey – IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion) (0)
04-03: [dos] WebKitGTK+ – 'ThreadedCompositor' Race Condition (0)
04-03: [webapps] iScripts ReserveLogic – SQL Injection (0)
04-03: [dos] Google Chrome 72.0.3626.81 – 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion (0)
04-03: [webapps] Clinic Pro v4 – 'month' SQL Injection (0)
04-03: [dos] Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 – 'ReadableStream' Internal Object Leak Type Confusion (0)
04-03: [webapps] PhreeBooks ERP 5.2.3 – Arbitrary File Upload (0)
04-03: [remote] Cisco RV320 and RV325 – Unauthenticated Remote Code Execution (Metasploit) (0)
04-03: [remote] PhreeBooks ERP 5.2.3 – Remote Command Execution (0)
04-03: [webapps] Ashop Shopping Cart Software – SQL Injection (0)
04-03: [remote] TeemIp IPAM < 2.4.0 – 'new_config' Command Injection (Metasploit) (0)
04-03: [local] AIDA64 Business 5.99.4900 – SEH Buffer Overflow (EggHunter) (0)
04-03: [dos] WebKit JavaScriptCore – CodeBlock Dangling Watchpoints Use-After-Free (0)
04-03: [dos] WebKit JavaScriptCore – Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check (0)
04-03: [dos] iOS < 12.2 / macOS < 10.14.4 XNU – pidversion Increment During execve is Unsafe (0)
04-03: [dos] WebKit JavaScriptCore – 'createRegExpMatchesArray' Type Confusion (0)
04-03: [remote] Google Chrome 72.0.3626.96 / 74.0.3702.0 – 'JSPromise::TriggerPromiseReactions' Type Confusion (0)
04-02: https://hearing.dmf.go.th/q.htm (0)
04-02: [webapps] phpFileManager 1.7.8 – Local File Inclusion (0)
04-02: [webapps] Fiverr Clone Script 1.2.2 – SQL Injection / Cross-Site Scripting (0)
04-02: [local] AIDA64 Extreme Edition 5.99.4800 – Local SEH Buffer Overflow (0)
04-02: [webapps] CMS Made Simple < 2.2.10 – SQL Injection (0)
04-02: [webapps] LimeSurvey < 3.16 – Remote Code Execution (0)
04-02: [webapps] WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 – Parameter Tampering (0)
04-02: [webapps] JioFi 4G M2S 1.0.2 – Cross-Site Request Forgery (0)
04-02: [webapps] Inout EasyRooms – SQL Injection (0)
04-02: [webapps] Inout RealEstate – 'city' SQL Injection (0)
04-01: Packet Storm New Exploits For March, 2019 (0)
04-01: WordPress Feed Statistics 4.1 Open Redirection (0)
04-01: Classified Ad Lister 2.0 Arbitrary File Upload (0)
04-01: SphereFTP 2.0 Denial Of Service (0)
04-01: Zeuscart 3.0 User Detail Disclosure (0)
04-01: zipperSNAP 7.0.28 Directory Traversal (0)
04-01: zipperSNAP 7.0.28 Cross Site Scripting (0)
04-01: zStore 1.10 Cross Site Scripting (0)
04-01: WordPress Ultimate Member 2.0.38 Cross Site Request Forgery (0)
04-01: Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection (0)
04-01: https://www.labour.go.th/pwnd.txt (0)

March 2019 (347)

03-30: CentOS Web Panel 0.9.8.789 Cross Site Scripting (0)
03-30: Cisco RV320 / RV325 Unauthenticated Remote Code Execution (0)
03-29: Google Drops Zero Day On TP-Link Smart Home Routers (0)
03-29: Masch CMStudio Banners 8.6.1 Open Redirection (0)
03-29: WordPress Ultimate Form Builder 1.0 Database Disclosure (0)
03-29: Magento 2.3.0 SQL Injection (0)
03-29: Pydio 8 Command Execution / Cross Site Scripting (0)
03-29: Apple Security Advisory 2019-3-27-1 (0)
03-29: [webapps] CentOS Web Panel 0.9.8.789 – NameServer Field Persistent Cross-Site Scripting (0)
03-28: WordPress AND-AntiBounce 1.0.3 Open Redirection (0)
03-28: Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation (0)
03-28: WordPress WP-Forum 1.7.8 Database Disclosure (0)
03-28: SJS Simple Job Script SQL Injection / Cross Site Scripting (0)
03-28: Jettweb Php Hazir ilan Sitesi Scripti 2 SQL Injection (0)
03-28: Rukovoditel ERP And CRM 2.4.1 Cross Site Scripting (0)
03-28: XooGallery SQL Injection (0)
03-28: XooDigital SQL Injection (0)
03-28: Firefox Array.prototype.slice Buffer Overflow (0)
03-28: Jettweb Hazir Rent A Car Scripti 4 SQL Injection (0)
03-28: Joomla ARI Image Slider 2.2.0 Cross Site Request Forgery / Shell Upload (0)
03-28: Cisco RV320 Unauthenticated Configuration Export (0)
03-28: Cisco RV320 Unauthenticated Diagnostic Data Retrieval (0)
03-28: Cisco RV320 Command Injection (0)
03-28: Fat Free CRM 0.19.0 HTML Injection (0)
03-28: GnuTLS verify_crt() Use-After-Free (0)
03-28: SpiderMonkey IonMonkey Type Confusion (0)
03-28: Oracle Weblogic Server Deserialization Remote Code Execution (0)
03-28: CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution (0)
03-28: [dos] Microsoft Visio 2016 16.0.4738.1000 – 'Log in accounts' Denial of Service (0)
03-28: [remote] CMS Made Simple (CMSMS) Showtime2 – File Upload RCE (Metasploit) (0)
03-28: [webapps] Airbnb Clone Script – Multiple SQL Injection (0)
03-28: [remote] Oracle Weblogic Server Deserialization RCE – Raw Object (Metasploit) (0)
03-28: [webapps] WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 – Local File Inclusion (0)
03-28: [webapps] Fat Free CRM 0.19.0 – HTML Injection (0)
03-28: [webapps] Thomson Reuters Concourse & Firm Central < 2.13.0097 – Directory Traversal / Local File Inclusion (0)
03-28: [dos] gnutls 3.6.6 – 'verify_crt()' Use-After-Free (0)
03-28: [local] Base64 Decoder 1.1.2 – Local Buffer Overflow (SEH Egghunter) (0)
03-28: [webapps] Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 – 'arac_kategori_id' SQL Injection (0)
03-28: [webapps] Job Portal 3.1 – 'job_submit' SQL Injection (0)
03-28: [webapps] BigTree 4.3.4 CMS – Multiple SQL Injection (0)
03-28: [webapps] i-doit 1.12 – 'qr.php' Cross-Site Scripting (0)
03-28: [webapps] WordPress Plugin Loco Translate 2.2.1 – Local File Inclusion (0)
03-27: Titan FTP Server 2019 Build 3505 Directory Traversal (0)
03-27: [webapps] Jettweb Hazır Rent A Car Scripti V4 – SQL Injection (0)
03-26: Apple Security Advisory 2019-3-25-2 (0)
03-26: Apple Security Advisory 2019-3-25-7 (0)
03-26: Apple Security Advisory 2019-3-25-4 (0)
03-26: Apple Security Advisory 2019-3-25-3 (0)
03-26: Apple Security Advisory 2019-3-25-5 (0)
03-26: Apple Security Advisory 2019-3-25-1 (0)
03-26: Apple Security Advisory 2019-3-25-6 (0)
03-26: X-NetStat Pro 5.63 Local Buffer Overflow (0)
03-26: Jettweb PHP Hazir Haber Sitesi Scripti 1 SQL Injection (0)
03-26: WordPress Plugins Open Redirection 2019/03/25 (0)
03-26: Jettweb PHP Hazir Haber Sitesi Scripti 2 SQL Injection (0)
03-26: Jettweb PHP Hazir Haber Sitesi Scripti 3 SQL Injection (0)
03-26: VMware Host VMX Process Impersonation Hijack Privilege Escalation (0)
03-26: VMware Host VMX Process COM Class Hijack Privilege Escalation (0)
03-26: Zeeways Matrimony CMS SQL Injection (0)
03-26: Zeeways Jobsite CMS SQL Injection (0)
03-26: SPIP CMS 2.x / 3.x Add Administrator / File Upload (0)
03-26: PCMan FTP Server 2.0 CDUP Remote Buffer Overflow (0)
03-26: DASAN H660RM Information Disclosure / Hardcoded Key (0)
03-26: WordPress article2pdf 0.24 DoS / File Deletion / Disclosure (0)
03-26: Advanced Bash-Scripting Guide Code Execution (0)
03-26: [dos] Spidermonkey – IonMonkey Type Inference is Incorrect for Constructors Entered via OSR (0)
03-26: [dos] Microsoft Windows 7/2008 – 'Win32k' Denial of Service (PoC) (0)
03-26: [webapps] SJS Simple Job Script – SQL Injection / Cross-Site Scripting (0)
03-26: [webapps] Titan FTP Server Version 2019 Build 3505 – Directory Traversal / Local File Inclusion (0)
03-26: [webapps] XooDigital – 'p' SQL Injection (0)
03-26: [webapps] XooGallery – Multiple SQL Injection (0)
03-26: [webapps] Rukovoditel ERP & CRM 2.4.1 – 'path' Cross-Site Scripting (0)
03-26: [papers] JMX RMI – Multiple Applications Remote Code Execution (0)
03-26: [webapps] Jettweb Php Hazır İlan Sitesi Scripti V2 – SQL Injection (0)
03-26: [dos] Firefox < 66.0.1 – 'Array.prototype.slice' Buffer Overflow (0)
03-25: Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting (0)
03-25: TCPDF 6.2.19 Deserialization / Remote Code Execution (0)
03-25: [webapps] Zeeways Matrimony CMS – SQL Injection (0)
03-25: [webapps] Zeeways Jobsite CMS – 'id' SQL Injection (0)
03-25: [local] VMware Workstation 14.1.5 / VMware Player 15 – Host VMX Process COM Class Hijack Privilege Escalation (0)
03-25: [local] VMware Workstation 14.1.5 / VMware Player 15.0.2 – Host VMX Process Impersonation Hijack Privilege Escalation (0)
03-25: [webapps] Jettweb PHP Hazır Haber Sitesi Scripti V3 – SQL Injection (0)
03-25: [webapps] Jettweb PHP Hazır Haber Sitesi Scripti V1 – SQL Injection (0)
03-25: [webapps] Jettweb PHP Hazır Haber Sitesi Scripti V2 – SQL Injection (Authentication Bypass) (0)
03-25: [webapps] Apache CouchDB 2.3.1 – Cross-Site Request Forgery / Cross-Site Scripting (0)
03-25: [local] X-NetStat Pro 5.63 – Local Buffer Overflow (0)
03-23: Meeplace Business Review Script SQL Injection (0)
03-23: Inout Article Base CMS SQL Injection (0)
03-23: Matri4Web Matrimony Web Script SQL Injection (0)
03-23: WordPress Themes Open Redirection 2019/03/22 (0)
03-22: Netartmedia Vlog System SQL Injection (0)
03-22: snap seccomp TIOCSTI Blacklist Circumvention (0)
03-22: https://hrh.go.th/kurd.html (0)
03-22: [dos] snap – seccomp BBlacklist for TIOCSTI can be Circumvented (0)
03-22: [webapps] Inout Article Base CMS – SQL Injection (0)
03-22: [webapps] Meeplace Business Review Script – 'id' SQL Injection (0)
03-22: [webapps] Matri4Web Matrimony Website Script – Multiple SQL Injection (0)
03-21: Netartmedia Deals Portal SQL Injection (0)
03-21: Netartmedia PHP Car Dealer SQL Injection (0)
03-21: Netartmedia PHP Dating Site SQL Injection (0)
03-21: 202CMS 10beta SQL Injection (0)
03-21: Netartmedia PHP Business Directory 4.2 SQL Injection (0)
03-21: Netartmedia Jobs Portal 6.1 SQL Injection (0)
03-21: Netartmedia PHP Real Estate Agency 4.0 SQL Injection (0)
03-21: PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery (0)
03-21: PLC Wireless Router GPN2.4P21-C-CN Incorrect Access Control (0)
03-21: NetShareWatcher 1.5.8.0 Local SEH Buffer Overflow (0)
03-21: JFrog Artifactory Administrator Authentication Bypass (0)
03-21: NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash (0)
03-21: http://www.hadnangkaew.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.koktoom.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.nmtb.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.nondeangcity.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.tharttong.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.chongsammor.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.huay-ang.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kaengdinso.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kapangpolice.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.khamsomboon.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kohloi.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kokhan.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.nongphailom.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.saiyong-chaiwan.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.sama.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.t-nakham.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.talad.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.tambonbuayai.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.thanangnaew.go.th/activity/images/ph.hitachi.shtml (0)
03-21: [webapps] Bootstrapy CMS – Multiple SQL Injection (0)
03-21: [dos] Canarytokens 2019-03-01 – Detection Bypass (0)
03-20: MyBB Upcoming Events 1.32 Cross Site Scripting (0)
03-20: Netartmedia Real Estate Portal 5.0 SQL Injection (0)
03-20: Netartmedia Event Portal 2.0 SQL Injection (0)
03-20: Gila CMS 1.9.1 Cross Site Scripting (0)
03-20: Netartmedia PHP Mall 4.1 SQL Injection (0)
03-20: eNdonesia Portal 8.7 Iframe Injection / SQL Injection (0)
03-20: Chrome ExtensionsGuestViewMessageFilter Data Race (0)
03-20: Advanced Host Monitor 11.92 Beta Local Buffer Overflow (0)
03-20: Chrome FileSystemOperationRunner Use-After-Free (0)
03-20: Chrome MidiManagerWin Use-After-Free (0)
03-20: Microsoft Windows IE11 VBScript Execution Policy Bypass In MSHTML (0)
03-20: Chrome StoragePartitionService Double-Destruction Race (0)
03-20: JFrog Artifactory Pro 6.5.9 Signature Validation (0)
03-20: VBScript VbsErase Memory Corruption (0)
03-20: Microsoft Edge Flash click2play Bypass (0)
03-19: PHP MySQLi Database Class 2.9.2 SQL Injection (0)
03-19: CSZ CMS 1.2.1 Arbitrary File Upload (0)
03-19: WordPress FormCraft 2.0 CSRF / Shell Upload (0)
03-19: WinMPG Video Convert 9.3.5 Denial Of Service (0)
03-19: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service (0)
03-19: TheCarProject 2 SQL Injection (0)
03-19: Gitea 1.7.3 HTML Injection (0)
03-19: libseccomp Incorrect Compilation Of Arithmetic Comparisons (0)
03-19: exacqVision 9.8 Unquoted Service Path Privilege Escalation (0)
03-19: Jenkins ACL Bypass / Metaprogramming Remote Code Execution (0)
03-19: [webapps] Netartmedia Real Estate Portal 5.0 – SQL Injection (0)
03-19: [webapps] Netartmedia PHP Mall 4.1 – SQL Injection (0)
03-19: [local] Advanced Host Monitor 11.92 beta – Local Buffer Overflow (0)
03-19: [webapps] Netartmedia Event Portal 2.0 – 'Email' SQL Injection (0)
03-19: [webapps] eNdonesia Portal 8.7 – Multiple Vulnerabilities (0)
03-19: [webapps] Gila CMS 1.9.1 – Cross-Site Scripting (0)
03-19: [webapps] MyBB Upcoming Events Plugin 1.32 – Cross-Site Scripting (0)
03-18: [remote] BMC Patrol Agent – Privilege Escalation Code Execution Execution (Metasploit) (0)
03-18: [webapps] TheCarProject 2 – Multiple SQL Injection (0)
03-18: [dos] WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 – Denial of Service (0)
03-18: [dos] WinMPG Video Convert 9.3.5 – Denial of Service (0)
03-16: Laundry CMS SQL / Iframe Injection (0)
03-16: NetData 1.13.0 HTML Injection (0)
03-16: Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure (0)
03-16: CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload (0)
03-16: ICE HRM 23.0 SQL / Iframe Injection (0)
03-16: Mail Carrier 2.5.1 Buffer Overflow (0)
03-16: Moodle 3.4.1 Remote Code Execution (0)
03-16: BMC Patrol Agent Privilege Escalation / Command Execution (0)
03-16: Webmin 1.900 Upload Authenticated Remote Command Execution (0)
03-15: Root Cause Of The CVE-2019-0808 Kernel Privilege Escalation (0)
03-15: FTPGetter Standard 5.97.0.177 Remote Code Execution (0)
03-15: Pegasus CMS 1.0 Remote Code Execution (0)
03-15: Apache UNO API Remote Code Execution (0)
03-15: Proof Of Concept Code Published For Windows 7 Zero Day (0)
03-15: [webapps] Moodle 3.4.1 – Remote Code Execution (0)
03-15: [webapps] Vembu Storegrid Web Interface 4.4.0 – Multiple Vulnerabilities (0)
03-15: [webapps] ICE HRM 23.0 – Multiple Vulnerabilities (0)
03-15: [remote] Mail Carrier 2.5.1 – 'MAIL FROM' Buffer Overflow (0)
03-15: [webapps] NetData 1.13.0 – HTML Injection (0)
03-15: [webapps] CMS Made Simple Showtime2 Module 3.6.2 – Authenticated Arbitrary File Upload (0)
03-15: [webapps] Laundry CMS – Multiple Vulnerabilities (0)
03-14: Microsoft Windows MSHTML Engine Edit Remote Code Execution (0)
03-14: WordPress GraceMedia Media Player 1.0 Local File Inclusion (0)
03-14: pfSense 2.4.4-p1 (HAProxy Package 0.59_14) Cross Site Scripting (0)
03-14: Apache Tika Server Command Injection (0)
03-14: ntopng 3.8.190307 Community Edition Cross Site Scripting (0)
03-14: Intel Modular Server System 10.18 Cross Site Request Forgery (0)
03-14: [webapps] Pegasus CMS 1.0 – 'extra_fields.php' Plugin Remote Code Execution (0)
03-14: [webapps] Intel Modular Server System 10.18 – Cross-Site Request Forgery (Change Admin Password) (0)
03-14: [remote] Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API – Remote Code Execution (0)
03-14: [remote] FTPGetter Standard 5.97.0.177 – Remote Code Execution (0)
03-13: CoreFTP Server FTP / SFTP Server 2 Build 674 MDTM Directory Traversal (0)
03-13: WordPress WP Fastest Cache 0.8.9.0 Arbitrary File Deletion (0)
03-13: NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution (0)
03-13: Microsoft Windows .Reg File / Dialog Box Message Spoofing (0)
03-13: Core FTP 2.0 Build 653 PBSZ Denial Of Service (0)
03-13: PilusCart 1.4.1 Cross Site Request Forgery (0)
03-13: elFinder PHP Connector exiftran Command Injection (0)
03-13: Unpatched Windows Bug Allows Attackers To Spoof Security Dialog Boxes (0)
03-13: [webapps] WordPress Plugin GraceMedia Media Player 1.0 – Local File Inclusion (0)
03-13: [dos] Core FTP Server FTP / SFTP Server v2 Build 674 – 'MDTM' Directory Traversal (0)
03-13: [dos] Microsoft Windows – .reg File / Dialog Box Message Spoofing (0)
03-13: [dos] Core FTP Server FTP / SFTP Server v2 Build 674 – 'SIZE' Directory Traversal (0)
03-12: MeteoTemplate 17.1 Nectarine Diary 4.0 Open Redirection (0)
03-12: MeteoTemplate 17.1 Nectarine globalSnow 1.1 Open Redirection (0)
03-12: Meteotemplate 17.1 Nectarine indoorData 4.0 Open Redirection (0)
03-12: TeamCity Disabled Registration Bypass (0)
03-12: DirectAdmin 1.55 Cross Site Request Forgery (0)
03-12: McAfee ePO 5.9.1 Registered Executable Local Access Bypass (0)
03-12: Sony PlayStation 4 WebKit Code Execution (0)
03-12: Flexpaper 2.3.6 Remote Code Execution (0)
03-12: OpenKM Document Management Remote Command Execution (0)
03-12: NetSetMan 4.7.1 Buffer Overflow (0)
03-12: PRTG Network Monitor 18.2.38 Remote Code Execution (0)
03-12: Linux Kernel 4.4 (Ubuntu 16.04) snd_timer_user_ccallback() Kernel Pointer Leak (0)
03-12: Liferay CE Portal Groovy-Console Remote Command Execution (0)
03-12: [dos] Core FTP 2.0 build 653 – 'PBSZ' Denial of Service (PoC) (0)
03-12: [webapps] PilusCart 1.4.1 – Cross-Site Request Forgery (Add Admin) (0)
03-11: http://www.huorua.go.th/d_finance/new_finance/ooo.jpg (0)
03-11: http://www.nongsangwapi.go.th/f_rules/new_rules/ooo.jpg (0)
03-11: [webapps] PRTG Network Monitor 18.2.38 – Authenticated Remote Code Execution (0)
03-11: [shellcode] Linux/x86 – MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes) (0)
03-11: [local] NetSetMan 4.7.1 – Local Buffer Overflow (SEH Unicode) (0)
03-11: [dos] Linux Kernel 4.4 (Ubuntu 16.04) – 'snd_timer_user_ccallback()' Kernel Pointer Leak (0)
03-11: [webapps] Flexpaper PHP Publish Service 2.3.6 – Remote Code Execution (0)
03-11: [webapps] OpenKM 6.3.2 < 6.3.7 – Remote Command Execution (Metasploit) (0)
03-11: [webapps] Liferay CE Portal < 7.1.2 ga3 – Remote Command Execution (Metasploit) (0)
03-11: [shellcode] Linux/x86 – Polymorphic execve(/bin/sh) Shellcode (63 bytes) (0)
03-08: phpBB 3.2.3 Remote Code Execution (0)
03-08: Sparkasse Cross Site Scripting (0)
03-08: Anyburn 4.x x86 Buffer Overflow (0)
03-08: QNAP TS-431 QTS Remote Command Execution (0)
03-08: OrientDB 3.0.17 GA Community Edition XSS / CSRF (0)
03-08: Kados R10 GreenBee SQL Injection (0)
03-08: Oracle Weblogic Server Deserialization Remote Command Execution (0)
03-08: A Serious Windows Zeroday Is Being Actively Exploited In The Wild (0)
03-08: [shellcode] Linux/x86 – INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes) (0)
03-08: [webapps] OrientDB 3.0.17 GA Community Edition – Cross-Site Request Forgery / Cross-Site Scripting (0)
03-08: [webapps] McAfee ePO 5.9.1 – Registered Executable Local Access Bypass (0)
03-07: Sparkasse – Multiple Persistent Cross Site Vulnerabilities (0)
03-07: EasyBoot v6.6.0.800 – Stack Buffer Overflow Vulnerability (0)
03-07: Telekom Magenta Musik 360 – Cross Site Web Vulnerabilities (0)
03-07: vBulletin 4.x Seo By vBSeo 3.3.2 Open Redirection (0)
03-07: vBulletin 4.2.5 Ajax Threads 1.1.3 Lite Open Redirection (0)
03-07: vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection (0)
03-07: Java Debug Wire Protocol Remote Code Execution (0)
03-07: vBulletin 4.2.5 vBSuper_PM 1.2.3 Lite Open Redirection (0)
03-07: OpenDocMan 1.3.4 SQL Injection (0)
03-07: vBulletin 4.2.5 Member Map 1.1.2 Open Redirection (0)
03-07: WordPress WP-Image-News-Slider 3.3 Cross Site Request Forgery / Shell Upload (0)
03-07: Babel 0.4.1 Open Redirection (0)
03-07: Sagemcom Router Insufficient Default PSK Entropy (0)
03-07: RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow (0)
03-07: Android Binder Use-After-Free (0)
03-07: Android getpidcon() ACL Bypass (0)
03-07: Linux Virtual Address 0 Mappable Via Privilege write() (0)
03-07: Drupal RESTful Web Services unserialize() Remote Code Execution (0)
03-07: Imperva SecureSphere 13.x PWS Command Injection (0)
03-07: ClearOS 7 Community Edition Cross Site Scripting (0)
03-07: Android su Privilege Escalation (0)
03-07: FreeBSD Intel SYSRET Privilege Escalation (0)
03-07: http://e-lib.ddc.moph.go.th/security/lang.tmp (0)
03-07: [remote] Drupal < 8.5.11 / < 8.6.10 – RESTful Web Services unserialize() Remote Command Execution (Metasploit) (0)
03-07: [local] FreeBSD – Intel SYSRET Privilege Escalation (Metasploit) (0)
03-07: [local] Anyburn 4.3 x86 – 'Copy disc to image file' Buffer Overflow – (UNICODE)(SEH) (0)
03-07: [remote] QNAP TS-431 QTS < 4.2.2 – Remote Command Execution (Metasploit) (0)
03-07: [webapps] Kados R10 GreenBee – Multiple SQL Injection (0)
03-07: [remote] Imperva SecureSphere 13.x – 'PWS' Command Injection (Metasploit) (0)
03-06: [dos] Android – getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass (0)
03-06: [dos] Linux < 4.20.14 – Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem (0)
03-06: [dos] Android – binder Use-After-Free via racy Initialization of ->allow_user_free (0)
03-05: Xoops 1.0.2 PD-Links 1.0 Database Disclosure (0)
03-05: Kache Cross Protocol Request Forgery (0)
03-05: Joomla ModPPCSimpleSpotLight 1.2 / 3.0 CSRF / Shell Upload (0)
03-05: 1C-Bitrix Site Management Russia 2.0 Open Redirection (0)
03-05: WordPress WP-DreamworkGallery 2.3 CSRF / Shell Upload (0)
03-05: zzzphp CMS 1.6.1 Cross Site Request Forgery (0)
03-05: Microsoft Edge Chakra 1.11.4 Type Confusion (0)
03-05: Mailtraq WebMail 2.17.7.3550 Cross Site Scripting (0)
03-05: Ability Mail Server 4.2.6 Cross Site Scripting (0)
03-05: Bold CMS 3.6.4 Cross Site Scripting (0)
03-05: Craft CMS 3.1.12 Pro Cross Site Scripting (0)
03-05: SAP J2EE Engine/7.01/Portal/EPP Protocol Cross Site Scripting (0)
03-05: SAP J2EE Engine/7.01/Fiori test2 Cross Site Scripting (0)
03-05: SAP J2EE Engine/7.01/Fiori Protocol Cross Site Scripting (0)
03-05: MarcomCentral FusionPro VDP Creator Directory Traversal (0)
03-05: Fiberhome AN5506-04-F RP2669 Cross Site Scripting (0)
03-05: elFinder 2.1.47 Command Injection (0)
03-05: Booked Scheduler 2.7.5 Remote Command Execution (0)
03-05: Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 Remote Code Execution (0)
03-05: Splunk Enterprise 7.2.4 Remote Code Execution (0)
03-05: [shellcode] Linux/x86 – XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes) (0)
03-05: [shellcode] Linux/x86 – XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes) (0)
03-05: [webapps] OpenDocMan 1.3.4 – 'search.php where' SQL Injection (0)
03-05: [webapps] OpenDocMan 1.3.4 – 'search.php where' SQL Injection (0)
03-04: SMF 2.0.15 SMF4Mobile 1.1.5 / 1.2 Open Redirection (0)
03-04: vBulletin 4.2.5 Advanced User Tagging 3.1.3 Open Redirection (0)
03-04: vBulletin 4.x.x vB Optimise 2.6.3 Pro Open Redirection (0)
03-04: XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection (0)
03-04: XenForo 1.5.x Open Redirection (0)
03-04: [dos] FileZilla 3.40.0 – 'Local search' / 'Local site' Denial of Service (PoC) (0)
03-04: [webapps] OOP CMS BLOG 1.0 – Multiple Cross-Site Request Forgery (0)
03-04: [webapps] OOP CMS BLOG 1.0 – Multiple SQL Injection (0)
03-04: [webapps] elFinder 2.1.47 – 'PHP connector' Command Injection (0)
03-04: [webapps] WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 – Multiple Bypass Vulnerabilities (0)
03-04: [webapps] CMSsite 1.0 – Multiple Cross-Site Request Forgery (0)
03-04: [webapps] Fiberhome AN5506-04-F RP2669 – Persistent Cross-Site Scripting (0)
03-04: [dos] Microsoft Edge Chakra 1.11.4 – Read Permission via Type Confusion (0)
03-04: [webapps] Booked Scheduler 2.7.5 – Remote Command Execution (Metasploit) (0)
03-04: [webapps] Craft CMS 3.1.12 Pro – Cross-Site Scripting (0)
03-04: [webapps] Bolt CMS 3.6.4 – Cross-Site Scripting (0)
03-04: [webapps] MarcomCentral FusionPro VDP Creator < 10.0 – Directory Traversal (0)
03-04: [shellcode] Linux/x64 – Kill All Processes Shellcode (11 bytes) (0)
03-04: [shellcode] Linux/x86 – NOT Encoder / Decoder – execve(/bin/sh) Shellcode (44 bytes) (0)
03-04: [webapps] Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 – Remote Code Execution (0)
03-04: [shellcode] Linux/x86 – iptables -F Shellcode (43 bytes) (0)
03-04: [webapps] Splunk Enterprise 7.2.4 – Custom App Remote Command Execution (Persistent Backdoor / Custom Binary) (0)
03-04: [webapps] zzzphp CMS 1.6.1 – Cross-Site Request Forgery (0)
03-02: CMSsite 1.0 Cross Site Request Forgery (0)
03-02: OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection (0)
03-02: FileZilla 3.40.0 Denial Of Service (0)
03-02: XNU Copy-On-Write Behavior Bypass (0)
03-01: TransMac 12.3 Denial Of Service (0)
03-01: Usermin 1.750 Remote Command Execution (0)
03-01: vBulletin 4.2.5 vBSEO 3.6.1 Open Redirection (0)
03-01: vBulletin 4.x.x DragonByte SEO 2.0.31 Open Redirection (0)
03-01: WordPress Cerber 8.0 Bypass (0)
03-01: Feng Office 3.7.0.5 Remote Command Execution (0)
03-01: FTP Server 1.32 Denial Of Service (0)
03-01: Joomla Content 3.x SQL Injection (0)
03-01: Cisco WebEx Meetings Privilege Escalation (0)
03-01: Joomla J2Store SQL Injection (0)
03-01: Packet Storm New Exploits For February, 2019 (0)
03-01: [local] Cisco WebEx Meetings < 33.6.6 / < 33.9.1 – Privilege Escalation (0)
03-01: [dos] Linux < 4.14.103 / < 4.19.25 – Out-of-Bounds Read and Write in SNMP NAT Module (0)
03-01: [dos] tcpdump < 4.9.3 – Multiple Heap-Based Out-of-Bounds Reads (0)
03-01: [dos] Google Chrome < M72 – FileWriterImpl Use-After-Free (0)
03-01: [dos] Google Chrome < M72 – RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free (0)
03-01: [dos] Google Chrome < M72 – Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost (0)
03-01: [dos] macOS XNU – Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image (0)
03-01: [dos] Google Chrome < M72 – PaymentRequest Service Use-After-Free (0)

February 2019 (490)

02-28: Simple Online Hotel Reservation System SQL Injection (0)
02-28: DomainMOD 4.11.01 category.php Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 ssl-accounts.php Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 ssl-provider-name Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 registrar-accounts.php Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 DisplayName Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 Owner Name Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 Registrar Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 Custom SSL Fields Cross Site Scripting (0)
02-28: SVG nanosvg Library Memory Corruption / Denial Of Service (0)
02-28: SQLiteManager 1.2.0 / 1.2.4 SQL Injection (0)
02-28: vBulletin 4.2.0 ChangUonDyU Chatbox 3.6.0 Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 Custom Domain Cross Site Scripting (0)
02-28: Joomla Alberghi 2.1.3 File Upload / SQL Injection (0)
02-28: Simple Online Hotel Reservation System Cross Site Request Forgery (0)
02-28: tcpdump Out-Of-Bounds Read (0)
02-28: Chrome RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free (0)
02-28: Chrome P2PSocketDispatcherHost Use-After-Free (0)
02-28: Chrome FileWriterImpl Use-After-Free (0)
02-28: Chrome PaymentRequest Service Use-After-Free (0)
02-28: Zentyal Server Development Edition 6.0 Cross Site Scripting (0)
02-28: SHAREit For Android 4.0.38 Authentication Bypass / File Download (0)
02-28: [papers] Crypto Wallet Local Storage Attack (0)
02-28: [webapps] Feng Office 3.7.0.5 – Remote Command Execution (Metasploit) (0)
02-28: [webapps] Simple Online Hotel Reservation System – Cross-Site Request Forgery (Add Admin) (0)
02-28: [webapps] Simple Online Hotel Reservation System – Cross-Site Request Forgery (Delete Admin) (0)
02-28: [webapps] Simple Online Hotel Reservation System – SQL Injection (0)
02-28: [dos] TransMac 12.3 – Denial of Service (PoC) (0)
02-28: [webapps] Usermin 1.750 – Remote Command Execution (Metasploit) (0)
02-28: [webapps] Joomla! Component J2Store < 3.3.7 – SQL Injection (0)
02-28: [dos] WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 – Denial of Service (0)
02-28: [dos] FTP Server 1.32 – Denial of Service (0)
02-26: Drupal 8.6.9 REST Remote Code Execution (0)
02-26: Xlight FTP Server 3.9.1 Buffer Overflow (0)
02-26: RavenDB 4.1.4 Cross Site Request Forgery / Cross Site Scripting (0)
02-26: Joomla BookingCalendarForJoomla 3.4.0 SQL Injection (0)
02-26: Joomla Contact Enhanced 3.9.2 SQL Injection (0)
02-26: Joomla FlexiContent 3.2.1.15 SQL Injection (0)
02-26: Joomla Furniture Virtuemart Templates 1.5 SQL Injection (0)
02-26: Joomla Geommunity3es 1.4 SQL Injection (0)
02-26: Joomla JM Car Classifieds CarAgent Templates 3.8.12 SQL Injection (0)
02-26: Joomla Matukio Events 7.0.15 SQL Injection (0)
02-26: Joomla RD e-Tickets TicketMasterExt 3.5.7 SQL Injection (0)
02-26: Joomla Responsive Grid For Articles Grid 3.4.5 SQL Injection (0)
02-26: Joomla SpiderCalendar 3.2.17 SQL Injection (0)
02-26: Going1up The Newspaper CMS 1998-2019 1.x Open Redirection (0)
02-26: AsureForce Time 12.0 Open Redirection (0)
02-26: Joomla ChronoForms 6.0.17 SQL Injection (0)
02-26: MeteoTemplate 17.1 Nectarine Deviations Open Redirection (0)
02-26: MeteoTemplate 17.1 Nectarine stationExtremes 2.0 Open Redirection (0)
02-26: MeteoTemplate 17.1 Nectarine windDirection 2.2 Open Redirection (0)
02-26: MyBB 1.6.x ChangUonDyU Chatbox 3.6.0 Cross Site Scripting (0)
02-26: Web Wiz Forums 12.01 Database Disclosure (0)
02-26: WordPress NativeChurch Multi-Purpose 5.0.x File Download (0)
02-26: Zarr Software Warwickshire 1.x Open Redirection (0)
02-26: Linux SNMP NAT Module Out-Of-Bounds Read/Write (0)
02-26: PDF Viewer Signatures Broken (0)
02-25: Drupal REST Module Remote Code Execution (0)
02-25: News Website Script 2.0.5 SQL Injection (0)
02-25: Advance Gift Shop Pro Script 2.0.3 SQL Injection (0)
02-25: [dos] Xlight FTP Server 3.9.1 – Buffer Overflow (PoC) (0)
02-25: [webapps] Advance Gift Shop Pro Script 2.0.3 – SQL Injection (0)
02-25: [webapps] News Website Script 2.0.5 – SQL Injection (0)
02-25: [webapps] zzzphp CMS 1.6.1 – Remote Code Execution (0)
02-25: [webapps] PHP Ecommerce Script 2.0.6 – Cross-Site Scripting / SQL Injection (0)
02-25: [webapps] Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 – Remote Code Execution (0)
02-25: [webapps] Drupal < 8.6.9 – REST Module Remote Code Execution (0)
02-23: HanYazilim Paper Submission System .NET 1.0 Shell Upload (0)
02-23: Quest NetVault Backup Server Code Execution / SQL Injection (0)
02-23: Tautulli 2.1.26 Cross Site Scripting (0)
02-23: [webapps] Drupal < 8.6.10 / < 8.5.11 – REST Module Remote Code Execution (0)
02-22: Kanboard 1.2.7 Code Execution / Cross Site Request Forgery (0)
02-22: Advanced Comment System 1.0 Cross Site Scripting (0)
02-22: Teracue ENC-400 Command Injection / Missing Authentication (0)
02-22: VertrigoServ 2.17 Cross Site Scripting (0)
02-22: Exploitation Framework For STMicroelectronics DVB Chipsets (0)
02-22: Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation (0)
02-22: EI-Tube 3 SQL Injection (0)
02-22: RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow (0)
02-22: Valentina Studio 9.0.5 Buffer Overflow (0)
02-22: Drupal Pubdlcnt 7.x-1.2 Open Redirection (0)
02-22: Joomla AdsManager 3.2.0 CSRF / Database Disclosure / SQL Injection (0)
02-22: Typo3 CMS Modern Guestbook tx_veguestbook_pi1 3.3.0 SQL Injection (0)
02-22: WordPress Village 5.0 CSRF / Backdoor / SQL Injection (0)
02-22: Medical Store Script 3.0.3 Cross Site Scripting (0)
02-22: AirDrop 2.0 Denial Of Service (0)
02-22: Virtual VCR Max .0a Buffer Overflow (0)
02-22: C4G Basic Laboratory Information System (BLIS) 3.4 SQL Injection (0)
02-22: ScreenStream 3.0.15 Denial Of Service (0)
02-22: MikroTik RouterOS Firewall / NAT Bypass (0)
02-22: WebKit JSC reifyStaticProperty Attribute Flag Issue (0)
02-22: MatrixSSL x.509 Certificate Verification Stack Buffer Overflow (0)
02-22: Nuuo Central Management SQL Injection (0)
02-22: [webapps] Teracue ENC-400 – Command Injection / Missing Authentication (0)
02-22: [webapps] Quest NetVault Backup Server < 11.4.5 – Process Manager Service SQL Injection / Remote Code Execution (0)
02-22: [webapps] Micro Focus Filr 3.4.0.217 – Path Traversal / Local Privilege Escalation (0)
02-22: [remote] Nuuo Central Management – Authenticated SQL Server SQL Injection (Metasploit) (0)
02-22: [dos] WebKit JSC – reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter (0)
02-22: [papers] Protecting Windows Privilege Accounts (0)
02-21: HotelDruid 2.3 Cross Site Scripting (0)
02-21: Nuuo Central Management Server 2.4 Authenticated Arbitrary File Upload (0)
02-21: Apple macOS 10.13.5 Local Privilege Escalation (0)
02-21: [dos] Valentina Studio 9.0.5 Linux – 'Host' Buffer Overflow (PoC) (0)
02-21: [webapps] C4G Basic Laboratory Information System (BLIS) 3.4 – SQL Injection (0)
02-21: [remote] MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) – Firewall and NAT Bypass (0)
02-21: [dos] AirDrop 2.0 – Denial of Service (DoS) (0)
02-21: [webapps] EI-Tube 3 – SQL Injection (0)
02-21: [local] Memu Play 6.0.7 – Privilege Escalation (0)
02-21: [dos] ScreenStream 3.0.15 – Denial of Service (0)
02-21: [local] RealTerm Serial Terminal 2.0.0.70 – 'Echo Port' Buffer Overflow (SEH) (0)
02-21: [dos] Virtual VCR Max .0a – '.vcr' Buffer Overflow (PoC) (0)
02-20: Ask Expert Script 3.0.5 Cross Site Scripting / SQL Injection (0)
02-20: Joomla Attachments 3.2.6 Shell Upload (0)
02-20: M/Monit 3.7.2 Privilege Escalation (0)
02-20: Valentina Studio 9.0.4 Denial Of Service (0)
02-20: BulletProof FTP Server 2019.0.0.50 Denial Of Service (0)
02-20: eDirectory SQL Injection / File Disclosure (0)
02-20: Joomla JWallPapers 2.0.1 Cross Site Request Forgery / Shell Upload (0)
02-20: Typo3 CMS BrowserMaps Leaflet Tutorial tx_browser_pi1 8.0.39 SQL Injection (0)
02-20: Typo3 Calendar Base tx_pxkalender_pi1 2.0.0 Database Disclosure / SQL Injection (0)
02-20: NetSetMan 4.7.1 Denial Of Service (0)
02-20: XAMPP 5.6.8 Cross Site Scripting / SQL Injection (0)
02-20: Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Traversal / XSS (0)
02-20: Typo3 CMS Commerce DAM connector tx_commerce_pi1 0.1.0 SQL Injection (0)
02-20: Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload (0)
02-20: Typo3 CMS Realty Manager tx_realty_pi1 2.0.0 Database Disclosure / SQL Injection (0)
02-20: WordPress WooCommerce GloBee Payment Gateway 1.1.1 Bypass / Spoofing (0)
02-20: Typo3 CMS T3 EasyEvent tx_easyevent_pi1 0.37.3 SQL Injection (0)
02-20: Webiness Inventory 2.3 Arbitrary File Upload (0)
02-20: Jenkins Remote Code Execution (0)
02-20: Typo3 CMS Shop System tt_products 2.9.4 SQL Injection (0)
02-20: MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 Privilege Escalation (0)
02-20: Android seccomp Filter Ptrace Hole (0)
02-20: FaceTime Texture Processing Memory Corruption (0)
02-20: Belkin Wemo UPnP Remote Code Execution (0)
02-20: http://mattayom31.go.th/web1/file_editor/db.txt (0)
02-20: http://www.nonsanga.go.th/web1/file_editor/db.txt (0)
02-20: http://www.abtnachuek.go.th/web1/file_editor/db.txt (0)
02-20: [remote] Belkin Wemo UPnP – Remote Code Execution (Metasploit) (0)
02-20: [dos] Android Kernel < 4.8 – ptrace seccomp Filter Bypass (0)
02-20: [dos] FaceTime – Texture Processing Memory Corruption (0)
02-20: [dos] WinRAR 5.61 – '.lng' Denial of Service (0)
02-20: [dos] FTPShell Server 6.83 – 'Account name to ban' Denial of Service (PoC) (0)
02-20: [webapps] webERP 4.15 – 'ImportBankTransaction' Blind SQL Injection (0)
02-20: [dos] MatrixSSL < 4.0.2 – Stack Buffer Overflow Verifying x.509 Certificates (0)
02-20: [webapps] HotelDruid 2.3 – Cross-Site Scripting (0)
02-19: DASAN H665 Backdoor Account (0)
02-19: RealTerm Serial Terminal 2.0.0.70 Denial Of Service (0)
02-19: MISP 2.4.97 SQL Injection / Command Injection (0)
02-19: Realterm Serial Termianl 2.0.0.70 Buffer Overflow (0)
02-19: Digi TransPort LR54 Restricted Shell Escape (0)
02-19: mIRC Remote Command Execution (0)
02-19: CMSsite 1.0 post.php SQL Injection (0)
02-19: Apache CouchDB 2.3.0 Cross Site Scripting (0)
02-19: qdPM 9.1 Cross Site Scripting (0)
02-19: ArangoDB Community Edition 3.4.2-1 Cross Site Scripting (0)
02-19: Master IP CAM 01 3.3.4.2103 Remote Command Execution (0)
02-19: Comodo Dome Firewall 2.7.0 Cross Site Scripting (0)
02-19: HTMLy 2.7.4 Cross Site Scripting (0)
02-19: Oracle Java Runtime Environment OpenType Font Heap Out-Of-Bounds Read (0)
02-19: Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read (0)
02-19: Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read (0)
02-19: Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read (0)
02-19: [webapps] eDirectory – SQL Injection (0)
02-19: [dos] BulletProof FTP Server 2019.0.0.50 – 'SMTP Server' Denial of Service (PoC) (0)
02-19: [dos] Valentina Studio 9.0.4 – 'Host' Denial of Service (PoC) (0)
02-19: [webapps] Zuz Music 2.1 – 'zuzconsole/___contact ' Persistent Cross-Site Scripting (0)
02-19: [webapps] Find a Place CMS Directory 1.5 – 'assets/external/data_2.php cate' SQL Injection (0)
02-19: [webapps] Listing Hub CMS 1.0 – 'pages.php id' SQL Injection (0)
02-19: [local] MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 – Local Privilege Escalation (0)
02-19: [dos] NetSetMan 4.7.1 – 'Workgroup' Denial of Service (PoC) (0)
02-19: [papers] The Ultimate Guide For Subdomain Takeover with Practical (0)
02-19: [webapps] XAMPP 5.6.8 – SQL Injection / Persistent Cross-Site Scripting (0)
02-19: [webapps] Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 – Path Traversal / Cross-Site Scripting (0)
02-19: [webapps] Jenkins – Remote Code Execution (0)
02-19: [webapps] Ask Expert Script 3.0.5 – Cross Site Scripting / SQL Injection (0)
02-18: [webapps] WordPress Plugin WooCommerce – GloBee (cryptocurrency) Payment Gateway 1.1.1 – Payment Bypass / Unauthorized Order Status Spoofing (0)
02-18: [webapps] Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 – Arbitrary File Upload (0)
02-18: [shellcode] macOS – Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) (0)
02-18: [shellcode] macOS – Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) (0)
02-18: [shellcode] macOS – Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) (0)
02-18: [shellcode] macOS – Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) (0)
02-18: [dos] Realterm Serial Terminal 2.0.0.70 – Local Buffer Overflow (SEH) (0)
02-18: [remote] mIRC < 7.55 – Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers (0)
02-18: [dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass (0)
02-18: [dos] Realterm Serial Terminal 2.0.0.70 – Denial of Service (0)
02-18: [dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process (0)
02-18: [shellcode] macOS – execve(/bin/sh) + Null-Free Shellcode (31 bytes) (0)
02-18: [webapps] qdPM 9.1 – 'type' Cross-Site Scripting (0)
02-18: [dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions (0)
02-18: [dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour (0)
02-18: [webapps] Comodo Dome Firewall 2.7.0 – Cross-Site Scripting (0)
02-18: [webapps] Apache CouchDB 2.3.0 – Cross-Site Scripting (0)
02-18: [webapps] ArangoDB Community Edition 3.4.2-1 – Cross-Site Scripting (0)
02-18: [webapps] M/Monit 3.7.2 – Privilege Escalation (0)
02-18: [webapps] Webiness Inventory 2.3 – 'ProductModel' Arbitrary File Upload (0)
02-18: [webapps] CMSsite 1.0 – 'post' SQL Injection (0)
02-18: [dos] NBMonitor 1.6.5.0 – 'Key' Denial of Service (PoC) (0)
02-18: [webapps] Master IP CAM 01 3.3.4.2103 – Remote Command Execution (0)
02-18: [webapps] MISP 2.4.97 – SQL Command Execution via Command Injection in STIX Module (0)
02-18: [webapps] qdPM 9.1 – 'search[keywords]' Cross-Site Scripting (0)
02-17: MyBB Trash Bin 1.1.3 Cross Site Request Forgery / Cross Site Scripting (0)
02-17: Jinja2 2.10 Command Injection (0)
02-17: Find A Place CMS Directory 1.5 SQL Injection (0)
02-17: WeHelp 1.6 Cross Site Scripting (0)
02-17: JobFinder Cross Site Scripting (0)
02-17: ZuzMusic 2.1 Cross Site Scripting (0)
02-17: Listing Hub CMS 1.0 SQL Injection (0)
02-17: KVM kvm_inject_page_fault Uninitialized Memory Leak (0)
02-17: KVM VMX Preemption Timer Use-After-Free (0)
02-17: http://www.reo18.go.th (0)
02-16: Linux kvm_ioctl_create_device() Reference Flow Failure (0)
02-16: exacqVision ESM 5.12.2 Privilege Escalation (0)
02-16: WordPress Booking Calendar 8.4.3 SQL Injection (0)
02-16: MediaMonkey 4.1.23 Denial Of Service (0)
02-16: LayerBB 1.1.2 Cross Site Request Forgery (0)
02-16: DomainMOD 4.11.01 Cross Site Scripting (0)
02-16: ApowerManager 3.1.7 Denial Of Service (0)
02-16: Core FTP/SFTP Server 1.2 Build 589.42 Denial Of Service (0)
02-16: http://backoffice.onec.go.th/ket.txt (0)
02-15: runc Container Breakout (0)
02-15: BizPotential EasyWebTime 8.6.2 Bypass / SQL Injection (0)
02-15: F3-CMS FatFreeFramework 0.0.1 Database Disclosure (0)
02-15: Invo PhalconPHP 1.x Database Configuration Disclosure (0)
02-15: Ispirithalaya Hospital Management System 0.1.2 Database Configuration Disclosure (0)
02-15: Joomla DatsoGallery 3.4.4 SQL Injection (0)
02-15: Joomla DT Register 4.0.3 SQL Injection (0)
02-15: Joomla EasyBookReloaded 3.3.2 SQL Injection (0)
02-15: Joomla LightGallery 1.2.1 SQL Injection (0)
02-15: Joomla OSMap 4.2.19 Database Disclosure / SQL Injection (0)
02-15: Joomla PhocaMaps 3.0.5 Database Disclosure / SQL Injection (0)
02-15: Joomla PrayerCenter 3.0.4 Database Disclosure / SQL Injection (0)
02-15: Joomla VirtueMart 3.4.1 SQL Injection (0)
02-15: ph7CMS Social Dating Community 14.8 Database Configuration Disclosure (0)
02-15: phpMyVisites CNTNT Templates 2.4 SQL Injection (0)
02-15: RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection (0)
02-15: Slims CMS Senayan Library Management System 7.0 Shell Upload (0)
02-15: TinyMCE JBimages 3.x JustBoilMe Arbitrary File Upload (0)
02-15: WordPress Jssor-Slider 3.1.24 Cross Site Request Forgery / File Upload (0)
02-15: WordPress WP-JS-External-Link-Info 2.2.0 Open Redirection (0)
02-15: Zend Framework 1.11.11 Database Configuration Disclosure (0)
02-15: Zend Framework ZF1 1.x Database Configuration Disclosure (0)
02-15: ZRECore 1.3.1 Database Configuration Disclosure (0)
02-15: GetSimpleCMS 3.3.13 Open Redirect (0)
02-15: [dos] Linux – 'kvm_ioctl_create_device()' NULL Pointer Dereference (0)
02-15: [webapps] UniSharp Laravel File Manager 2.0.0-alpha7 – Arbitrary File Upload (0)
02-15: [dos] AirMore 1.6.1 – Denial of Service (PoC) (0)
02-15: [dos] Free IP Switcher 3.1 – 'Computer Name' Denial of Service (PoC) (0)
02-15: [webapps] qdPM 9.1 – 'search_by_extrafields[]' SQL Injection (0)
02-15: [webapps] Jinja2 2.10 – 'from_string' Server Side Template Injection (0)
02-15: [dos] VSCO 1.1.1.0 – Denial of Service (PoC) (0)
02-15: [dos] Navicat for Oracle 12.1.15 – "Password" Denial of Service (PoC) (0)
02-15: [webapps] MyBB Trash Bin Plugin 1.1.3 – Cross-Site Scripting / Cross-Site Request Forgery (0)
02-14: runc Host Command Execution (0)
02-14: snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation (0)
02-14: snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation (0)
02-14: SYSTORME ISG Cross Site Request Forgery (0)
02-14: SYSTORME ISG Command Injection (0)
02-14: Raisecom Technology GPON-ONU HT803G-07 Command Injection (0)
02-14: Raisecom Technology GPON-ONU HT803G-07 Command Injection (0)
02-14: Nokia 8810 Denial Of Service (0)
02-14: Jiofi 4 (JMR 1140) Cross Site Scripting (0)
02-14: Jiofi 4 (JMR 1140) WiFi Password Cross Site Request Forgery (0)
02-14: Jiofi 4 (JMR 1140) Admin Token Disclosure Cross Site Request Forgery (0)
02-14: Rukovoditel Project Management CRM 2.4.1 Cross Site Scripting (0)
02-14: NetworkSleuth 3.0 Denial Of Service (0)
02-14: PilusCart 1.4.1 SQL Injection (0)
02-14: [dos] ApowerManager 3.1.7 – Phone Manager Remote Denial of Service (DoS) (0)
02-14: [dos] MediaMonkey 4.1.23 – '.mp3' URL Denial of Service (PoC) (0)
02-14: [webapps] WordPress Plugin Booking Calendar 8.4.3 – Authenticated SQL Injection (0)
02-14: [webapps] DomainMOD 4.11.01 – 'assets/edit/host.php?whid=5' Cross-Site Scripting (0)
02-14: [webapps] DomainMOD 4.11.01 – 'category.php CatagoryName, StakeHolder' Cross-Site Scripting (0)
02-14: [webapps] DomainMOD 4.11.01 – 'assets/add/dns.php' Cross-Site Scripting (0)
02-14: [webapps] DomainMOD 4.11.01 – 'ssl-provider-name' Cross-Site Scripting (0)
02-14: [webapps] DomainMOD 4.11.01 – 'ssl-accounts.php username' Cross-Site Scripting (0)
02-14: [local] exacqVision ESM 5.12.2 – Privilege Escalation (0)
02-14: [webapps] LayerBB 1.1.2 – Cross-Site Request Forgery (Add Admin) (0)
02-14: [dos] Core FTP/SFTP Server 1.2 Build 589.42 – 'User domain' Denial of Service (PoC) (0)
02-13: MyBB Bans List 1.0 Cross Site Scripting (0)
02-13: Webiness Inventory 2.3 SQL Injection (0)
02-13: Microsoft Excel .SLK Payload Delivery (0)
02-13: Jenkins 2.150.2 Remote Command Execution Via Node JS (0)
02-13: Joomla ABook Alexandria Book Library 3.1.4 SQL Injection (0)
02-13: Joomla Agora 4.10 Bypass / SQL Injection (0)
02-13: Joomla BookLibrary 4.0.31 Database Disclosure / SQL Injection (0)
02-13: Joomla ExtCalendar 2.0 SQL Injection (0)
02-13: Joomla JoomGallery 3.2.2 / PonyGallery 2.5.1 Database Disclosure / SQL Injection (0)
02-13: Joomla Mosets Hot Property 1.0.0 SQL Injection (0)
02-13: Joomla PhocaGuestBook 3.0.8 Database Disclosure / SQL Injection (0)
02-13: Joomla SermonSpeaker 5.9.0 Database Disclosure / SQL Injection (0)
02-13: Joomla WordPress Blog 4.8.0 SQL Injection (0)
02-13: Joomla ZCalendar Zap Calendar 4.4.0 SQL Injection (0)
02-13: BlogEngine.NET 3.3.6 Directory Traversal / Remote Code Execution (0)
02-13: LayerBB 1.1.2 Cross Site Scripting (0)
02-13: CentOS Web Panel 0.9.8.763 Cross Site Scripting (0)
02-13: Android Binder fdget() Optimization Use-After-Free (0)
02-13: Android Binder VMA Use-After-Free (0)
02-13: [local] snapd < 2.37.0 (Ubuntu) – 'dirty_sock' Local Privilege Escalation (2) (0)
02-13: [local] snapd < 2.37.0 (Ubuntu) – 'dirty_sock' Local Privilege Escalation (1) (0)
02-12: http://101research.reh.go.th/owned.htm (0)
02-12: http://www.asean-cholang.reh.go.th/owned.htm (0)
02-12: http://cancerconference.reh.go.th/owned.htm (0)
02-12: http://cancer101.reh.go.th/owned.htm (0)
02-12: http://health7.reh.go.th/owned.htm (0)
02-12: http://charityrun.reh.go.th/owned.htm (0)
02-12: http://interconference.reh.go.th/owned.htm (0)
02-12: Avast Anti-Virus Local Credential Disclosure (0)
02-12: NordVPN 6.19.6 Denial Of Service (0)
02-12: Joomla AcePolls 3.x SQL Injection (0)
02-12: Joomla BreezingForms 1.9.0 Database Disclosure / SQL Injection (0)
02-12: Coship Wireless Router 4.0.0.x / 5.0.0.x Authentication Bypass (0)
02-12: AirDroid 4.2.1.6 Denial Of Service (0)
02-12: Joomla jDownloads 3.2.63 Database Disclosure / SQL Injection (0)
02-12: Joomla JVLE JV-LinkExchanger 3.2 SQL Injection (0)
02-12: FutureDj Pro 1.7.20 Denial Of Service (0)
02-12: Joomla WebLinks 3.6.0 Database Disclosure / SQL Injection (0)
02-12: Indusoft Web Studio 8.1 SP2 Remote Code Execution (0)
02-12: VA MAX 8.3.4 Remote Code Execution (0)
02-12: River Past Cam Do 3.7.6 Local Buffer Overflow (0)
02-12: IP-Tools 2.5 Local Buffer Overflow (0)
02-12: Skyworth GPON HomeGateways / Optical Network Stack Overflow (0)
02-12: [webapps] LayerBB 1.1.2 – Cross-Site Scripting (0)
02-12: [webapps] BlogEngine.NET 3.3.6 – Directory Traversal / Remote Code Execution (0)
02-12: [webapps] Jenkins 2.150.2 – Remote Command Execution (Metasploit) (0)
02-12: [webapps] OPNsense < 19.1.1 – Cross-Site Scripting (0)
02-11: [webapps] Smoothwall Express 3.1-SP4 – Cross-Site Scripting (0)
02-11: [webapps] CentOS Web Panel 0.9.8.763 – Persistent Cross-Site Scripting (0)
02-11: [webapps] Webiness Inventory 2.3 – 'email' SQL Injection (0)
02-11: [local] IP-Tools 2.5 – Local Buffer Overflow (SEH) (Egghunter) (0)
02-11: [local] River Past Cam Do 3.7.6 – Local Buffer Overflow (SEH) (0)
02-11: [webapps] VA MAX 8.3.4 – Authenticated Remote Code Execution (0)
02-11: [webapps] MyBB Bans List 1.0 – Cross-Site Scripting (0)
02-11: [dos] River Past Video Cleaner 7.6.3 – Local Buffer Overflow (SEH) (0)
02-11: [webapps] IPFire 2.21 – Cross-Site Scripting (0)
02-11: [local] Avast Anti-Virus < 19.1.2360 – Local Credentials Disclosure (0)
02-11: [remote] Indusoft Web Studio 8.1 SP2 – Remote Code Execution (0)
02-11: [dos] NordVPN 6.19.6 – Denial of Service (PoC) (0)
02-11: [remote] NUUO NVRmini – upgrade_handle.php Remote Command Execution (Metasploit) (0)
02-11: [local] Evince – CBT File Command Injection (Metasploit) (0)
02-11: [dos] FutureDj Pro 1.7.2.0 – Denial of Service (0)
02-11: [remote] Adobe Flash Player – DeleteRangeTimelineOperation Type Confusion (Metasploit) (0)
02-11: [webapps] Coship Wireless Router 4.0.0.x/5.0.0.x – WiFi Password Reset (0)
02-11: [dos] AirDroid 4.2.1.6 – Denial of Service (0)
02-10: OpenText Documentum Webtop 5.3 SP2 Open Redirect (0)
02-10: Amazon FireOS 5.3.6.3 Man-In-The-Middle (0)
02-10: Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting (0)
02-10: SAMSUNG X7400GX Sync Thru Web Cross Site Scripting (0)
02-10: Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS (0)
02-10: IPFire 2.21 Cross Site Scripting (0)
02-10: Adobe Flash Player DeleteRangeTimelineOperation Type Confusion (0)
02-10: http://www.reh.go.th/owned.htm (0)
02-09: Apple Security Advisory 2019-2-07-1 (0)
02-09: Apple Security Advisory 2019-2-07-2 (0)
02-09: Apple Security Advisory 2019-2-07-1 (0)
02-09: Apple Security Advisory 2019-2-07-3 (0)
02-08: Paypal Inc – Broken Authorization & CSRF Vulnerability (0)
02-08: http://asset.fisheries.go.th/APP/pok.html (0)
02-08: Evince CBT File Command Injection (0)
02-08: NUUO NVRmini upgrade_handle.php Remote Command Execution (0)
02-07: osCommerce 2.3.4.1 SQL Injection (0)
02-07: River Past Audio Converter 7.7.16 Buffer Overflow (0)
02-07: Smoothwall Express 3.1-SP4-polar-x86_64-update9 Cross Site Scripting (0)
02-06: WordPress WP User Manager 2.0.8 Shell Upload (0)
02-06: Cisco ISE 2.4.0 XSS / Remote Code Execution (0)
02-06: OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass (0)
02-06: WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection (0)
02-06: WordPress Quiz And Survey Master 6.0.4 Cross Site Scripting (0)
02-06: WordPress Blog2Social 5.0.2 Cross Site Scripting (0)
02-06: Device Monitoring Studio 8.10.00.8925 Denial Of Service (0)
02-06: WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting (0)
02-06: River Past Audio Converter 7.7.16 Denial Of Service (0)
02-06: WordPress Font Organizer 2.1.1 Cross Site Scripting (0)
02-06: Zyxel VMG3312-B10B DSL-491HNU-B1 V2 Cross Site Request Forgery (0)
02-06: WordPress Give 2.3.0 Cross Site Scripting (0)
02-06: WordPress KingComposer 2.7.6 Cross Site Scripting (0)
02-06: OpenMRS Platform Insecure Object Deserialization (0)
02-06: WordPress Social Networks Auto-Poster 4.2.7 Cross Site Scripting (0)
02-06: Skia Buffer Overflow (0)
02-06: WordPress wpGoogleMaps 7.10.41 Cross Site Scripting (0)
02-06: WordPress WP Live Chat 8.0.18 Cross Site Scripting (0)
02-06: WordPress YOP Poll 6.0.2 Cross Site Scripting (0)
02-06: [local] River Past Audio Converter 7.7.16 – Buffer Overflow (SEH) (0)
02-06: [webapps] osCommerce 2.3.4.1 – 'products_id' SQL Injection (0)
02-06: [webapps] osCommerce 2.3.4.1 – 'reviews_id' SQL Injection (0)
02-06: [webapps] osCommerce 2.3.4.1 – 'currency' SQL Injection (0)
02-05: http://myoffice2560.surat3.go.th/index.php (0)
02-05: http://myoffice2561.surat3.go.th/index.php (0)
02-05: http://amssplus.surat3.go.th/index.php (0)
02-05: http://phpmyadmin.surat3.go.th/index.php (0)
02-05: http://schoolmy2560.surat3.go.th/index.php (0)
02-05: http://new.surat3.go.th/index.php (0)
02-05: Joomla FSF FreeStyle FAQs 1.11.18 Database Disclosure / SQL Injection (0)
02-05: Joomla RSForm 1.5 Database Disclosure / SQL Injection (0)
02-05: Joomla ActivityManager 5.3 SQL Injection (0)
02-05: Joomla BF Survey Pro 2.13.1 SQL Injection (0)
02-05: Joomla DocMan 3.3.4 SQL Injection (0)
02-05: Joomla K2 2.9.0 Database Disclosure / SQL Injection (0)
02-05: Joomla Mailto 1.2.2.2 SQL Injection (0)
02-05: Joomla Ninja RSS Syndicator 2.0.5 SQL Injection (0)
02-05: Joomla PhocaDownload 3.1.7 Database Disclosure / SQL Injection (0)
02-05: Joomla PhotoMapGallery 1.0 SQL Injection (0)
02-05: Joomla RedShop 2.0.0.3 Database Disclosure / SQL Injection (0)
02-05: Joomla WebMapPlus 1.0 SQL Injection (0)
02-05: Joomla Acajoom 5.1.5 SQL Injection (0)
02-05: Joomla FacileForms 1.4.7 SQL Injection (0)
02-05: Joomla Jomres 9.16.1 SQL Injection (0)
02-05: Joomla JoomLeague 2.x Database Disclosure / SQL Injection (0)
02-05: Joomla Jumi 3.0.5 Database Disclosure / SQL Injection (0)
02-05: WordPress Ultimate-Member 2.0.38 Cross Site Request Forgery / Shell Upload (0)
02-05: devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation (0)
02-05: devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery (0)
02-05: devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution (0)
02-05: BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure (0)
02-05: BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery (0)
02-05: BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure (0)
02-05: BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution (0)
02-05: http://suratthani.rid.go.th/home/tmp/f3r.html (0)
02-05: http://nongbualumphu.rid.go.th/main/wp-content/f3r.html (0)
02-05: http://upperchi-omp.rid.go.th/website/images/f3r.html (0)
02-05: http://seawyai-omp.rid.go.th/joomla/tmp/f3r.html (0)
02-05: [webapps] BEWARD N100 H.264 VGA IP Camera M2.1.6 – RTSP Stream Disclosure (0)
02-05: [webapps] Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem – Cross-Site Request Forgery (0)
02-05: [webapps] OpenMRS Platform < 2.24.0 – Insecure Object Deserialization (0)
02-05: [webapps] BEWARD N100 H.264 VGA IP Camera M2.1.6 – Cross-Site Request Forgery (Add Admin) (0)
02-05: [webapps] BEWARD N100 H.264 VGA IP Camera M2.1.6 – Remote Code Execution (0)
02-05: [webapps] devolo dLAN 550 duo+ Starter Kit – Remote Code Execution (0)
02-05: [webapps] devolo dLAN 550 duo+ Starter Kit – Cross-Site Request Forgery (0)
02-05: [shellcode] Linux/x86 – Random Insertion Encoder and Decoder Shellcode (Generator) (0)
02-05: [dos] Device Monitoring Studio 8.10.00.8925 – Denial of Service (PoC) (0)
02-05: [dos] River Past Audio Converter 7.7.16 – Denial of Service (PoC) (0)
02-05: [webapps] BEWARD N100 H.264 VGA IP Camera M2.1.6 – Arbitrary File Disclosure (0)
02-04: [webapps] Nessus 8.2.1 – Cross-Site Scripting (0)
02-04: [webapps] ResourceSpace 8.6 – 'watched_searches.php' SQL Injection (0)
02-04: [webapps] pfSense 2.4.4-p1 – Cross-Site Scripting (0)
02-04: [dos] TaskInfo 8.2.0.280 – Denial of Service (PoC) (0)
02-04: [dos] SpotAuditor 3.6.7 – Denial of Service (PoC) (0)
02-04: [dos] River Past Ringtone Converter 2.7.6.1601 – Denial of Service (PoC) (0)
02-04: [webapps] SuiteCRM 7.10.7 – 'record' SQL Injection (0)
02-04: [webapps] SuiteCRM 7.10.7 – 'parentTab' SQL Injection (0)
02-04: [dos] MyVideoConverter Pro 3.14 – Denial of Service (0)
02-02: ASPRunner Professional 6.0.766 Denial Of Service (0)
02-02: FlexHEX 2.46 Denial Of Service (0)
02-02: LanHelper 1.74 Denial Of Service (0)
02-02: PassFab Excel Password Recovery 8.3.1 SEH Buffer Overflow (0)
02-02: Joomla AtomiconGallery 1.5.x SQL Injection (0)
02-02: Joomla ChronoConnectivity2 6.0.7 SQL Injection (0)
02-02: Joomla GMapFP Google Map 3.52 SQL Injection (0)
02-02: Joomla JamBook 1.5 SQL Injection (0)
02-02: Joomla Sobi2 SobiPro 1.4.9 SQL Injection (0)
02-02: Joomla wgPicasa 3x SQL Injection (0)
02-02: OPNsense 19.1 Cross Site Scripting (0)
02-02: Pages For Bitbucket Server 2.6.0 Cross Site Scripting (0)
02-02: COYO 9.0.8 / 10.0.11 / 12.0.4 Cross Site Scripting (0)
02-02: Linux Insufficient eBPF Spectre V1 Mitigation (0)
02-02: Remote Process Explorer 1.0.0.16 Denial Of Service (0)
02-02: SureMDM Local / Remote File Inclusion (0)
02-02: CUJO Firewall User Enumeration / Authorization Bypass (0)
02-02: Zimbra Collaboration Cross Site Scripting (0)
02-02: SolarWinds Serv-U FTP 15.1.6 Privilege Escalation (0)
02-02: SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting (0)
02-02: Packet Storm New Exploits For January, 2019 (0)
02-01: PayPal Inc BB – Arbitrary File Upload Vulnerability (0)
02-01: Joomla Rokin RokGallery 3.2.6 SQL Injection (0)
02-01: Joomla SimplestForum 1.5 SQL Injection (0)
02-01: Joomla XMap 2.3.0 Database Disclosure / SQL Injection (0)
02-01: Joomla Zoo By YooTheme 3.3.10 Database Disclosure / SQL Injection (0)
02-01: MacOS 10.14.1 libxpc Deallocation (0)
02-01: iOS / MacOS iohideventsystem Sandbox Escape (0)
02-01: XNU copy-on-write Behavior Bypass (0)
02-01: XNU vm_map_copy Optimization Issue (0)
02-01: iOS / MacOS PF_KEY Kernel Heap Overflow (0)
02-01: R i386 3.5.0 Local Buffer Overflow (0)
02-01: AnyBurn x86 4.3 Denial Of Service (0)
02-01: UltraISO 9.7.1.3519 Local Buffer Overflow (0)
02-01: WeBid 1.2.2 Cross Site Scripting (0)
02-01: Joomla Formularz 1.0.2 SQL Injection (0)
02-01: Joomla HotelGuide 1.0 SQL Injection (0)
02-01: Joomla HWDVideoShare 1.5 Bypass / Database Disclosure / SQL Injection (0)
02-01: Joomla JCalPro Calendar 4.3.26 SQL Injection (0)
02-01: Joomla JComments 3.0.5 SQL Injection (0)
02-01: Joomla JEvents 3.4.47 SQL Injection (0)
02-01: Joomla JooMap 2.0.6 SQL Injection (0)
02-01: Joomla JUserTube 8.3.1 SQL Injection (0)
02-01: Joomla MorfeoShow 1.2.0 SQL Injection (0)
02-01: Joomla Remository 3.58 Database Disclosure / Shell Upload / SQL Injection (0)
02-01: [local] PassFab Excel Password Recovery 8.3.1 – SEH Local Exploit (0)
02-01: [shellcode] Linux/x86 – Read /etc/passwd Shellcode (58 Bytes) (3) (0)
02-01: [dos] Remote Process Explorer 1.0.0.16 – Denial of Service SEH Overwrite (PoC) (0)
02-01: [webapps] SureMDM < 2018-11 Patch – Local / Remote File Inclusion (0)
02-01: [papers] Remote Code Execution with EL Injection Vulnerabilities (0)

January 2019 (481)

01-31: Collabtive 3.1 Cross Site Scripting (0)
01-31: [dos] macOS < 10.14.3 / iOS < 12.1.3 – Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics (0)
01-31: [local] R 3.5.0 – Local Buffer Overflow (SEH) (0)
01-31: [dos] Anyburn 4.3 – 'Convert image to file format' Denial of Service (0)
01-31: [local] UltraISO 9.7.1.3519 – 'Output FileName' Local Buffer Overflow (SEH) (0)
01-31: [dos] Advanced Host Monitor 11.90 Beta – 'Registration number' Denial of Service (PoC) (0)
01-31: [dos] macOS < 10.14.3 / iOS < 12.1.3 XNU – 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic (0)
01-31: [dos] macOS < 10.14.3 / iOS < 12.1.3 – Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem (0)
01-31: [dos] macOS < 10.14.3 / iOS < 12.1.3 – Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack (0)
01-31: [dos] LanHelper 1.74 – Denial of Service (PoC) (0)
01-31: [dos] macOS XNU – Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File (0)
01-31: [dos] ASPRunner Professional 6.0.766 – Denial of Service (PoC) (0)
01-31: [dos] FlexHEX 2.46 – Denial of Service SEH Overwrite (PoC) (0)
01-31: [dos] AMAC Address Change 5.4 – Denial of Service (PoC) (0)
01-30: HTML Video Player 1.2.5 Local Buffer Overflow (0)
01-30: Nessus 8.2.1 Cross Site Scripting (0)
01-30: MiniUPnPd 2.1 Out-Of-Bounds Read (0)
01-30: PDF Signer 3.0 Template Injection / CSRF / Code Execution (0)
01-30: iOS / macOS Uninitialized Kernel Stack Disclosure (0)
01-30: Microsoft Exchange Vulnerable To PrivExchange Zero Day (0)
01-30: [dos] Necrosoft DIG 0.4 – Denial of Service SEH Overwrite (PoC) (0)
01-30: [dos] IP-Tools 2.50 – Denial of Service SEH Overwrite (PoC) (0)
01-30: [dos] iOS/macOS 10.13.6 – 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure (0)
01-30: [dos] Advanced File Manager 3.4.1 – Denial of Service (PoC) (0)
01-30: [local] 10-Strike Network Inventory Explorer 8.54 – Local Buffer Overflow (SEH) (DEP Bypass) (0)
01-30: [webapps] Rukovoditel Project Management CRM 2.4.1 – 'lists_id' SQL Injection (0)
01-30: [shellcode] Windows/x86 – 'msiexec.exe' Download and Execute Shellcode (95 bytes) (0)
01-29: WordPress WP-Smushit 3.0.2 SQL Injection (0)
01-29: WordPress Yeloni Free Exit Popup 8.1.9 SQL Injection (0)
01-29: ResourceSpace 8.6 SQL Injection (0)
01-29: Smart VPN 1.1.3.0 Denial Of Service (0)
01-29: MyBB IP History Logs 1.0.2 Cross Site Scripting (0)
01-29: BEWARD Intercom 2.3.1 Credential Disclosure (0)
01-29: Mess Management System 1.0 SQL Injection (0)
01-29: Teameyo Project Management System 1.0 SQL Injection (0)
01-29: Faleemi Desktop Software 1.8 Local Buffer Overflow (0)
01-29: Care2x 2.7 (HIS) Hospital Information System SQL Injection (0)
01-29: Newsbull Haber Script 1.0.0 SQL Injection (0)
01-29: Cisco Firepower Management Center 6.2.2.2 / 6.2.3 XSS (0)
01-29: Rundeck Community Edition Cross Site Scripting (0)
01-29: CMSsite 1.0 SQL Injection (0)
01-29: MySQL User-Defined (Linux) x32 / x86_64 sys_exec Privilege Escalation (0)
01-29: CloudMe Sync 1.11.2 Buffer Overflow (0)
01-29: WordPress Ad Manager WD 1.0.11 Arbitrary File Download (0)
01-29: AirTies Air5341 Modem 1.0.0.12 Cross Site Request Forgery (0)
01-29: LongBox Limited Access Manager Insecure Direct Object Reference (0)
01-29: Cisco RV300 / RV320 Information Disclosure (0)
01-29: pfSense 2.4.4-p1 Cross Site Scripting (0)
01-29: Sricam gSOAP 2.8 Denial Of Service (0)
01-29: Easy Video To iPod Converter 1.6.20 Buffer Overflow (0)
01-29: CMSsite 1.0 SQL Injection (0)
01-29: OPNsense 18.7 Cross Site Scripting (0)
01-29: [webapps] PDF Signer 3.0 – Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie) (0)
01-29: [shellcode] Linux/x86 – execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes) (0)
01-29: [local] HTML5 Video Player 1.2.5 – Local Buffer Overflow (Non SEH) (0)
01-29: [dos] MiniUPnPd 2.1 – Out-of-Bounds Read (0)
01-28: http://smss.surat3.go.th/index.php (0)
01-28: http://myoffice2562.surat3.go.th/index.php (0)
01-28: http://hp217.surat3.go.th/index.php (0)
01-28: http://emoney.surat3.go.th/index.php (0)
01-26: WordPress Wisechat 2.6.3 Forced Redirect / Phishing (0)
01-26: Lua 5.3.5 Use-After-Free (0)
01-26: Joomla RSFirewall 2.11.25 Database Disclosure (0)
01-26: Green CMS 2.x SQL Injection (0)
01-26: Green CMS 2.x Arbitrary File / Directory Download (0)
01-26: Podcast Generator 2.7 Cross Site Scripting (0)
01-26: WordPress pitajte-strucnjaka 4.9.6 Shell Upload (0)
01-26: WordPress MM-Forms-Community 2.2.7 Shell Upload / SQL Injection (0)
01-26: https://www.banmor.go.th (0)
01-25: Apple Security Advisory 2019-1-24-1 (0)
01-25: Microsoft Remote Desktop 10.2.4(134) Denial Of Service (0)
01-25: Microsoft Remote Desktop 10.2.4(134) Denial Of Service (0)
01-25: Zyxel NBG-418N V2 Cross Site Request Forgery (0)
01-25: Zyxel NBG-418N V2 Cross Site Request Forgery (0)
01-25: Joomla! J-CruisePortal 6.0.4 SQL Injection (0)
01-25: Joomla! J-CruisePortal 6.0.4 SQL Injection (0)
01-25: Joomla! JHotelReservation 6.0.7 SQL Injection (0)
01-25: Joomla! JHotelReservation 6.0.7 SQL Injection (0)
01-25: SimplePress CMS 1.0.7 SQL Injection (0)
01-25: SimplePress CMS 1.0.7 SQL Injection (0)
01-25: iOS / macOS task_swap_mach_voucher() Use-After-Free (0)
01-25: iOS / macOS task_swap_mach_voucher() Use-After-Free (0)
01-25: ImpressCMS 1.3.11 SQL Injection (0)
01-25: ImpressCMS 1.3.11 SQL Injection (0)
01-25: Cisco RV320 Unauthenticated Configuration Export (0)
01-25: Cisco RV320 Unauthenticated Configuration Export (0)
01-25: Cisco RV320 Unauthenticated Diagnostic Data Retrieval (0)
01-25: Cisco RV320 Unauthenticated Diagnostic Data Retrieval (0)
01-25: Cisco RV320 Command Injection (0)
01-25: Cisco RV320 Command Injection (0)
01-25: SirsiDynix e-Library 3.5.x Cross Site Scripting (0)
01-25: SirsiDynix e-Library 3.5.x Cross Site Scripting (0)
01-25: MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation (0)
01-25: MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation (0)
01-25: Splunk Enterprise 7.2.3 Command Execution (0)
01-25: Splunk Enterprise 7.2.3 Command Execution (0)
01-25: Endian Firewall Community release 3.3.0 Cross Site Scripting (0)
01-25: Endian Firewall Community release 3.3.0 Cross Site Scripting (0)
01-25: CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting (0)
01-25: CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting (0)
01-24: CloudMe Sync 1.11.2 Bufer Overflow (0)
01-24: Joomla! vWishlist 1.0.1 SQL Injection (0)
01-24: Joomla! vAccount 2.0.2 SQL Injection (0)
01-24: Joomla! vReview 1.9.11 SQL Injection (0)
01-24: Joomla! J-MultipleHotelReservation 6.0.7 SQL Injection (0)
01-24: Joomla! J-ClassifiedsManager 3.0.5 SQL Injection (0)
01-24: Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation (0)
01-24: Joomla! vBizz 1.0.7 SQL Injection (0)
01-24: Joomla! vBizz 1.0.7 Code Execution (0)
01-24: Joomla! VMap 1.9.6 SQL Injection (0)
01-24: Joomla! J-BusinessDirectory 4.9.7 SQL Injection (0)
01-24: Joomla! Easy Shop 1.2.3 Local File Inclusion (0)
01-24: Microsoft Windows Contact File HTML Link Injection Remote Code Execution (0)
01-24: DNN 9.1 XML Related Cross Site Scripting (0)
01-24: Abantecart 1.2.12 Cross Site Scripting (0)
01-24: Coppermine 1.5.46 Cross Site Scripting (0)
01-24: Ghostscript Pseudo-Operator Remote Code Execution (0)
01-24: AddressSanitizer (ASan) SUID Executable Privilege Escalation (0)
01-24: Apple Security Advisory 2019-1-22-1 (0)
01-24: Apple Security Advisory 2019-1-22-6 (0)
01-24: Apple Security Advisory 2019-1-22-5 (0)
01-24: Apple Security Advisory 2019-1-22-4 (0)
01-24: Apple Security Advisory 2019-1-22-2 (0)
01-24: Apple Security Advisory 2019-1-22-3 (0)
01-23: Pydio / AjaXplorer 5.0.3 Shell Upload / Directory Traversal (0)
01-23: Kepler Wallpaper Script 1.1 SQL Injection (0)
01-23: Linux Kernel 4.13 compat_get_timex() Kernel Pointer Leak (0)
01-23: Joomla FPSS Art Frontpage Slideshow 1.6.0 Database Disclose / SQL Injection (0)
01-23: Joomla JVFramework 1.6.4.0 Database Disclosure (0)
01-23: Coman Company Management System 1.0 SQL Injection (0)
01-23: Open-Xchange OX App Suite Cross Site Scripting / SSRF (0)
01-23: Echo Mirage 3.1 Buffer Overflow (0)
01-23: MoneyFlux 1.0 SQL Injection (0)
01-23: PHP Dashboards NEW 5.8 SQL Injection (0)
01-23: Reservic 1.0 SQL Injection (0)
01-23: PHP Uber-style GeoTracking 1.1 SQL Injection (0)
01-23: Adianti Framework 5.5.0 SQL Injection (0)
01-23: GattLib 0.2 Stack Buffer Overflow (0)
01-23: Joomla Akeeba Backup 6.3.3 Database Disclosure (0)
01-23: PHP Dashboards NEW 5.8 Local File Inclusion (0)
01-23: Comodo KORUGAN LITE 1.6.5.1024 Cross Site Scripting (0)
01-23: SIDU 6.0 Cross Site Scripting (0)
01-23: Comodo KORUGAN VM 1.9.3.1100 Cross Site Scripting (0)
01-23: NUUO CMS Session Tokens / Traversal / SQL Injection (0)
01-23: Microsoft Windows VCF Arbitrary Code Execution (0)
01-23: ManageEngine OpManager 12.3 Privilege Escalation (0)
01-23: Exploitation Framework For STMicroelectronics DVB Chipsets (0)
01-23: PLC Wireless Router GPN2.4P21-C-CN Incorrect Access Control (0)
01-23: PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery (0)
01-23: Two More Windows Zero Days Get Temporary Patches (0)
01-21: http://amphos.go.th/pwn.txt (0)
01-20: https://www2.po.opdc.go.th/0.php (0)
01-20: http://auditonline.opdc.go.th/0.php (0)
01-20: http://bookingonline.opdc.go.th/0.php (0)
01-20: http://cleanreport.opdc.go.th/0.php (0)
01-20: http://yota.maehia.go.th/0.php (0)
01-19: Watchr 1.1.0.0 Denial Of Service (0)
01-19: 7 Tik 1.0.1.0 Denial Of Service (0)
01-19: VPN Browser+ 1.1.0.0 Denial Of Service (0)
01-19: One Search 1.1.0.0 Denial Of Service (0)
01-19: Eco Search 1.0.2.0 Denial Of Service (0)
01-19: FastTube 1.0.1.0 Denial Of Service (0)
01-19: SSHtranger Things SCP Client File Issue (0)
01-19: Webmin 1.900 Remote Command Execution (0)
01-19: DotNetNuke Events Calendar 1.x File Download (0)
01-19: SeoToaster Ecommerce 3.0.0 Local File Inclusion (0)
01-19: phpTransformer 2016.9 SQL Injection (0)
01-19: phpTransformer 2016.9 Directory Traversal (0)
01-19: Joomla! 3.9.1 Cross Site Scripting (0)
01-19: Kentix MultiSensor-LAN 5.63.00 Authentication Bypass (0)
01-18: Microsoft Edge Chakra JIT NewScObjectNoCtor / InitProto Type Confusion (0)
01-18: Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation (0)
01-18: Microsoft Edge Chakra JIT Use-After-Free / Flag Issue (0)
01-18: Joomla ZHYandexMap 8.0.0.2 Database Disclosure (0)
01-18: Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection (0)
01-18: Oracle Reports Developer 12.2.1.3 Cross Site Scripting (0)
01-18: Siemens SICAM A8000 Series Denial Of Service (0)
01-18: Mozilla Firefox 64 Information Disclosure (0)
01-18: Microsoft Edge Chakra InlineArrayPush Type Confusion (0)
01-17: Spotify 1.0.96.181 Denial Of Service (0)
01-17: Web Design SQL Injection 2019/01/14 (0)
01-17: Web Design SQL Injection 2019/01/16 (0)
01-17: WordPress 2013 TwentyThirteen Theme 5.0.3 Open Redirection (0)
01-17: NTPsec 1.1.2 ctl_getitem Out-Of-Bounds Read (0)
01-17: NTPsec 1.1.2 config Out-Of-Bounds Write (0)
01-17: NTPsec 1.1.2 ntp_control Out-Of-Bounds Read (0)
01-17: WordPress Category Page Icons 3.6.1 CSRF / Shell Upload (0)
01-17: NTPsec 1.1.2 ntp_control Null Pointer Dereference (0)
01-17: 1Password Denial Of Service (0)
01-17: ownDMS 4.7 SQL Injection (0)
01-17: WebKit JSC JIT Use-After-Free (0)
01-17: Streamworks Job Scheduler Release 7 Authentication Weakness (0)
01-17: Microsoft Windows RestrictedErrorInfo Unmarshal Section Handle Use-After-Free (0)
01-17: Microsoft Windows XmlDocument Insecure Sharing Privilege Escalation (0)
01-17: blueman set_dhcp_handler D-Bus Privilege Escalation (0)
01-17: Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation (0)
01-17: Coship Wireless Router Unauthenticated Admin Password Reset (0)
01-17: FortiGate FortiOS LDAP Credential Disclosure (0)
01-17: Roxy Fileman 1.4.5 Arbitrary File Download (0)
01-17: GL-AR300M-Lite 2.2.7 Command Injection / Directory Traversal (0)
01-17: Microsoft Windows .contact Arbitrary Code Execution (0)
01-17: doorGets CMS 7.0 File Download (0)
01-17: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution (0)
01-17: Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload (0)
01-17: [local] Microsoft Windows CONTACT – Remote Code Execution (0)
01-17: [webapps] Oracle Reports Developer Component 12.2.1.3 – Cross-site Scripting (0)
01-16: [local] Microsoft Windows 10 – XmlDocument Insecure Sharing Privilege Escalation (0)
01-16: [dos] NTPsec 1.1.2 – 'ctl_getitem' Out-of-Bounds Read (PoC) (0)
01-16: [dos] Spotify 1.0.96.181 – 'Proxy configuration' Denial of Service (PoC) (0)
01-16: [dos] WebKit JSC JIT – GetIndexedPropertyStorage Use-After-Free (0)
01-16: [webapps] Blueimp's jQuery File Upload 9.22.0 – Arbitrary File Upload Exploit (0)
01-16: [dos] Google Chrome V8 JavaScript Engine 71.0.3578.98 – Out-of-Memory in Invalid Array Length (0)
01-16: [webapps] GL-AR300M-Lite 2.27 – Authenticated Command Injection / Arbitrary File Download / Directory Traversal (0)
01-16: [webapps] Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 – Unauthenticated Admin Password Reset (0)
01-16: [dos] NTPsec 1.1.2 – 'ntp_control' Authenticated NULL Pointer Dereference (PoC) (0)
01-16: [dos] NTPsec 1.1.2 – 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC) (0)
01-16: [dos] Microsoft Windows 10 – 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free (0)
01-16: [dos] NTPsec 1.1.2 – 'ntp_control' Out-of-Bounds Read (PoC) (0)
01-16: [webapps] doorGets CMS 7.0 – Arbitrary File Download (0)
01-16: [webapps] ShoreTel / Mitel Connect ONSITE 19.49.5200.0 – Remote Code Execution (0)
01-16: [webapps] FortiGate FortiOS < 6.0.3 – LDAP Credential Disclosure (0)
01-16: [webapps] Roxy Fileman 1.4.5 – Arbitrary File Download (0)
01-15: http://monitor.cpd.go.th/k3t.html (0)
01-15: Twilio WEB To Fax Machine System Application 1.0 SQL Injection (0)
01-15: Modern POS 1.3 Arbitrary File Download (0)
01-15: Job Portal 1.0 SQL Injection (0)
01-15: Real Estate Custom Script 2.0 SQL Injection (0)
01-15: i-doit CMDB 1.12 SQL Injection (0)
01-15: Live Call Support 1.5 Cross Site Request Forgery (0)
01-15: Live Call Support 1.5 Code Execution / SQL Injection (0)
01-15: Modern POS 1.3 SQL Injection (0)
01-15: Cleanto 5.0 SQL Injection (0)
01-15: HealthNode Hospital Management System 1.0 SQL Injection (0)
01-15: Webmin 1.890 Cross Site Scripting (0)
01-15: Joomla Simple RSS Feed Reader mod_jw_srfr 3.6.0 Open Redirection (0)
01-15: ModX Open Source CMS Babel 3.0.0 Open Redirection (0)
01-15: Craigs CMS 1.0.2 SQL Injection (0)
01-15: WordPress topcsstools 1.0 Open Redirection / Remote File Inclusion (0)
01-15: Locations CMS 1.5 SQL Injection (0)
01-15: