__–::: Deepquest :::–__ » Archives

rss feed

Archives

September 2021 (279)

09-28: iOS 15.0 Gamed Information Disclosure (0)
09-28: iOS 15.0 nehelper Enumeration (0)
09-28: iOS 15.0 Nehelper Wifi Info Entitlement Check Bypass (0)
09-27: [local] Cyberfox Web Browser 52.9.1 – Denial-of-Service (PoC) (0)
09-27: [remote] Cisco small business RV130W 1.0.3.44 – Inject Counterfeit Routers (0)
09-27: [webapps] Library System 1.0 – 'student_id' SQL injection (Authenticated) (0)
09-27: [local] Ether_MP3_CD_Burner 1.3.8 – Buffer Overflow (SEH) (0)
09-27: [webapps] WordPress Plugin Wappointment 2.2.4 – Stored Cross-Site Scripting (XSS) (0)
09-25: https://www.ombudsman.go.th/krd.html (0)
09-25: SmarterTools SmarterTrack 7922 Information Disclosure (0)
09-25: OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service (0)
09-25: OpenVPN Monitor 1.1.3 Command Injection (0)
09-25: OpenVPN Monitor 1.1.3 Cross Site Request Forgery (0)
09-25: Apple Security Advisory 2021-09-23-1 (0)
09-25: Apple Security Advisory 2021-09-23-2 (0)
09-24: OpenVPN Monitor 1.1.3 Cross Site Request Forgery (0)
09-24: Apple Patches 3 More Zero-Days Under Active Attack (0)
09-24: 100M IoT Devices Exposed By Zero-Day Bug (0)
09-24: http://pymr.go.th/er.php (0)
09-24: Gurock Testrail 7.2.0.3014 Improper Access Control (0)
09-24: Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution (0)
09-24: WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery (0)
09-24: WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting (0)
09-24: Redragon Gaming Mouse Denial Of Service (0)
09-24: Police Crime Record Management Project 1.0 SQL Injection (0)
09-24: Pharmacy Point Of Sale System 1.0 SQL Injection (0)
09-24: WordPress 3DPrint Lite 1.9.1.4 Shell Upload (0)
09-24: [webapps] Pharmacy Point of Sale System 1.0 – SQLi Authentication BYpass (0)
09-24: [webapps] SmarterTools SmarterTrack 7922 – 'Multiple' Information Disclosure (0)
09-23: WordPress 3DPrint Lite 1.9.1.4 Shell Upload (0)
09-23: Cloudron 6.2 Cross Site Scripting (0)
09-23: Simple Attendance System 1.0 SQL Injection (0)
09-23: TotalAV 5.15.69 Unquoted Service Path (0)
09-23: Filerun 2021.03.26 Remote Code Execution (0)
09-23: Sentry 8.2.0 Remote Code Execution (0)
09-23: South Gate Inn Online Reservation System 1.0 Shell Upload / SQL Injection (0)
09-23: Online Reviewer System 1.0 Shell Upload (0)
09-23: e107 CMS 2.3.0 Shell Upload (0)
09-23: E-Negosyo System 1.0 SQL Injection (0)
09-23: E-Negosyo System 1.0 Shell Upload (0)
09-23: OpenCats 0.9.4-2 XML Injection (0)
09-23: Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race (0)
09-23: [webapps] Police Crime Record Management Project 1.0 – Time Based SQLi (0)
09-23: [webapps] WordPress Plugin Fitness Calculators 1.9.5 – Cross-Site Request Forgery (CSRF) (0)
09-23: [webapps] WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 – Reflected Cross-Site Scripting (XSS) (0)
09-23: [webapps] Backdrop CMS 1.20.0 – 'Multiple' Cross-Site Request Forgery (CSRF) (0)
09-23: [webapps] Wordpress Plugin 3DPrint Lite 1.9.1.4 – Arbitrary File Upload (0)
09-23: [dos] Redragon Gaming Mouse – 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) (0)
09-23: [webapps] Gurock Testrail 7.2.0.3014 – 'files.md5' Improper Access Control (0)
09-23: [webapps] Budget and Expense Tracker System 1.0 – Arbitrary File Upload (0)
09-22: Apple Security Advisory 2021-09-20-1 (0)
09-22: Apple Security Advisory 2021-09-20-2 (0)
09-22: Apple Security Advisory 2021-09-20-3 (0)
09-22: Apple Security Advisory 2021-09-20-4 (0)
09-22: Apple Security Advisory 2021-09-20-5 (0)
09-22: Apple Security Advisory 2021-09-20-6 (0)
09-22: Apple Security Advisory 2021-09-20-7 (0)
09-22: Apple Security Advisory 2021-09-20-8 (0)
09-22: Apple Security Advisory 2021-09-20-9 (0)
09-22: Apple Security Advisory 2021-09-20-10 (0)
09-22: Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race (0)
09-22: Yenkee Hornet Gaming Mouse Denial Of Service (0)
09-22: Church Management System 1.0 SQL Injection / Code Execution (0)
09-22: Trojan.Win32.Agent.xaamkd Insecure Permissions (0)
09-22: Budgets And Expense Tracker System 1.0 Shell Upload (0)
09-22: WebsiteBaker 2.13.0 Remote Code Execution (0)
09-22: Backdoor.Win32.Hupigon.asqx Unauthenticated Open Proxy (0)
09-22: Backdoor.Win32.Minilash.10.b Denial Of Service (0)
09-22: OpenCats 0.9.4 XML Injection (0)
09-22: ManageEngine OpManager SumPDU Java Deserialization (0)
09-22: [webapps] Filerun 2021.03.26 – Remote Code Execution (RCE) (Authenticated) (0)
09-22: [webapps] Simple Attendance System 1.0 – Unauthenticated Blind SQLi (0)
09-21: ManageEngine OpManager SumPDU Java Deserialization (0)
09-21: Maxpatrol 8 / Xspider Denial Of Service (0)
09-21: WordPress 5.7 Media Library XML Injection (0)
09-21: Church Management System 1.0 Shell Upload (0)
09-21: Online Food Ordering System 2.0 Shell Upload (0)
09-21: Budget And Expense Tracker System 1.0 SQL Injection (0)
09-21: Church Management System 1.0 SQL Injection (0)
09-21: T-Soft E-Commerce 4 Cross Site Request Forgery (0)
09-21: Microsoft Windows MSHTML Overview (0)
09-21: Apple Security Advisory 2021-09-13-1 (0)
09-21: Apple Security Advisory 2021-09-13-2 (0)
09-21: Apple Security Advisory 2021-09-13-3 (0)
09-21: Apple Security Advisory 2021-09-13-4 (0)
09-21: Apple Security Advisory 2021-09-13-5 (0)
09-21: [dos] Yenkee Hornet Gaming Mouse – 'GM312Fltr.sys' Denial-Of-Service (PoC) (0)
09-21: [webapps] WebsiteBaker 2.13.0 – Remote Code Execution (RCE) (Authenticated) (0)
09-21: [webapps] Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-20: Microsoft Windows MSHTML Overview (0)
09-20: http://chaleang.go.th/er.php (0)
09-20: [webapps] Budget and Expense Tracker System 1.0 – Authenticated Bypass (0)
09-20: [webapps] Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-20: [webapps] Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
09-20: [webapps] WordPress 5.7 – 'Media Library' XML External Entity Injection (XXE) (Authenticated) (0)
09-20: [webapps] Church Management System 1.0 – 'search' SQL Injection (Unauthenticated) (0)
09-20: [webapps] T-Soft E-Commerce 4 – change 'admin credentials' Cross-Site Request Forgery (CSRF) (0)
09-18: Simple Attendance System 1.0 SQL Injection (0)
09-18: Cloudron 6.2 Cross Site Scripting (0)
09-18: Library Management System 1.0 SQL Injection (0)
09-18: WordPress WooCommerce Booster 5.4.3 Authentication Bypass (0)
09-18: Geutebruck instantrec Remote Command Execution (0)
09-17: Geutebruck instantrec Remote Command Execution (0)
09-17: Impress CMS 1.4.2 Remote Code Execution (0)
09-17: Microsoft Windows cmd.exe Stack Buffer Overflow (0)
09-17: Git git-lfs Remote Code Execution (0)
09-17: Azure Zero Day Flaws Highlight Lurking Supply Chain Risk (0)
09-17: [webapps] Simple Attendance System 1.0 – Authenticated bypass (0)
09-17: [webapps] Library Management System 1.0 – Blind Time-Based SQL Injection (Unauthenticated) (0)
09-17: [webapps] WordPress Plugin WooCommerce Booster Plugin 5.4.3 – Authentication Bypass (0)
09-16: Git git-lfs Remote Code Execution (0)
09-16: Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload (0)
09-16: Evolution CMS 3.1.6 Remote Code Execution (0)
09-16: AHSS-PHP 1.0 Cross Site Scripting / SQL Injection (0)
09-16: Support Board 3.3.3 SQL Injection (0)
09-16: elFinder Archive Command Injection (0)
09-16: [webapps] ImpressCMS 1.4.2 – Remote Code Execution (RCE) (Authenticated) (0)
09-15: elFinder Archive Command Injection (0)
09-15: http://kpp.nfe.go.th/kurd.html (0)
09-15: Men Salon Management System 1.0 Cross Site Scripting / SQL Injection (0)
09-15: WordPress Download From Files 1.48 Shell Upload (0)
09-15: Apartment Visitor Management System 1.0 Shell Upload / SQL Injection (0)
09-15: Active WebCam 11.5 Unquoted Service Path (0)
09-15: Purchase Order Management System 1.0 Shell Upload (0)
09-15: Facebook ParlAI 1.0.0 Code Execution / Deserialization (0)
09-15: Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload (0)
09-15: Ulfius Web Framework Remote Memory Corruption (0)
09-15: DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting (0)
09-15: Pair Of Google Chrome Zero Day Bugs Actively Exploited (0)
09-15: [webapps] AlphaWeb XE – File Upload Remote Code Execution (RCE) (Authenticated) (0)
09-15: [webapps] Seowon 130-SLC router – 'queriesCnt' Remote Code Execution (Unauthenticated) (0)
09-15: [webapps] Evolution CMS 3.1.6 – Remote Code Execution (RCE) (Authenticated) (0)
09-15: [webapps] Support Board 3.3.3 – 'Multiple' SQL Injection (Unauthenticated) (0)
09-14: DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting (0)
09-14: [webapps] Purchase Order Management System 1.0 – Remote File Upload (0)
09-13: [webapps] Men Salon Management System 1.0 – Multiple Vulnerabilities (0)
09-13: [local] Active WebCam 11.5 – Unquoted Service Path (0)
09-13: [webapps] Apartment Visitor Management System (AVMS) 1.0 – SQLi to RCE (0)
09-13: [local] Facebook ParlAI 1.0.0 – Deserialization of Untrusted Data in parlai (0)
09-13: [webapps] ECOA Building Automation System – Weak Default Credentials (0)
09-13: [webapps] ECOA Building Automation System – Path Traversal Arbitrary File Upload (0)
09-13: [webapps] Wordpress Plugin Download From Files 1.48 – Arbitrary File Upload (0)
09-13: [webapps] ECOA Building Automation System – Arbitrary File Deletion (0)
09-13: [webapps] ECOA Building Automation System – Local File Disclosure (0)
09-13: [local] ECOA Building Automation System – Missing Encryption Of Sensitive Information (0)
09-13: [webapps] ECOA Building Automation System – Remote Privilege Escalation (0)
09-13: (0)
09-13: [remote] ECOA Building Automation System – Hard-coded Credentials SSH Access (0)
09-13: [webapps] ECOA Building Automation System – Cookie Poisoning Authentication Bypass (0)
09-13: [webapps] ECOA Building Automation System – Configuration Download Information Disclosure (0)
09-13: [webapps] ECOA Building Automation System – Directory Traversal Content Disclosure (0)
09-13: [webapps] ECOA Building Automation System – 'multiple' Cross-Site Request Forgery (CSRF) (0)
09-10: POMS-PHP 1.0 SQL Injection (0)
09-10: (0)
09-10: HEUR.Trojan.Win32.Generic Insecure Permissions (0)
09-10: ECOA Building Automation System Weak Default Credentials (0)
09-10: ECOA Building Automation System Path Traversal / Arbitrary File Upload (0)
09-10: ECOA Building Automation System Directory Traversal (0)
09-10: Backdoor.Win32.VB.awm Authentication Bypass / Information Disclosure (0)
09-10: ECOA Building Automation System Cross Site Request Forgery (0)
09-10: ECOA Building Automation System Cookie Poisoning / Authentication Bypass (0)
09-10: ECOA Building Automation System Configuration Download Information Disclosure (0)
09-10: Backdoor.Win32.Wollf.h Code Execution (0)
09-10: ECOA Building Automation System Hardcoded SSH Credentials (0)
09-10: ECOA Building Automation System Missing Encryption (0)
09-10: ECOA Building Automation System Remote Privilege Escalation (0)
09-10: ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference (0)
09-10: ECOA Building Automation System Local File Disclosure (0)
09-10: Backdoor.Win32.WinterLove.i Hardcoded Credential (0)
09-10: ECOA Building Automation System Arbitrary File Deletion (0)
09-10: Internet Explorer JIT Optimization Memory Corruption (0)
09-10: Atlassian Confluence WebWork OGNL Injection (0)
09-10: https://spm-sk.go.th (0)
09-09: https://www.nkpthospital.go.th/readme.html (0)
09-09: WordPress TablePress 1.14 CSV Injection (0)
09-09: Rencode Denial Of Service (0)
09-09: Ionic Identity Vault 4.7 Android Biometric Authentication Bypass (0)
09-09: [webapps] Bus Pass Management System 1.0 – 'adminname' Stored Cross-Site Scripting (XSS) (0)
09-08: Ionic Identity Vault 4.7 Android Biometric Authentication Bypass (0)
09-08: Bus Pass Management System 1.0 Cross Site Scripting (0)
09-08: Argus Surveillance DVR 4.0 Unquoted Service Path (0)
09-08: FlatCore CMS 2.0.7 Remote Code Execution (0)
09-08: Antminer Monitor 0.5.0 Authentication Bypass (0)
09-08: Online Learning System 2 SQL Injection (0)
09-08: Bus Pass Management System 1.0 Insecure Direct Object Reference (0)
09-08: Backdoor.Win32.Nyara.aq Insecure Permissions (0)
09-08: Patient Appointment Scheduler System 1.0 Shell Upload (0)
09-08: Patient Appointment Scheduler System 1.0 Cross Site Scripting (0)
09-08: Backdoor.Win32.Small.gs Code Execution (0)
09-08: SmartFTP Client 10.0.2909.0 Denial Of Service (0)
09-08: WordPress WP Sitemap Page 1.6.4 Cross Site Scripting (0)
09-08: Backdoor.Win32.Small.vjt Code Execution (0)
09-08: WordPress Survey And Poll 1.5.7.3 SQL Injection (0)
09-08: https://osd101.ldd.go.th/lindex.php (0)
09-08: [webapps] WordPress Plugin TablePress 1.14 – CSV Injection (0)
09-07: http://www.inlandfisheries.go.th/lindex.php (0)
09-07: Backdoor.Win32.Small.vjt Code Execution (0)
09-07: [webapps] WordPress Plugin WP Sitemap Page 1.6.4 – Stored Cross-Site Scripting (XSS) (0)
09-06: http://www.pattaya.chonburi.police.go.th/README.txt (0)
09-06: [webapps] Antminer Monitor 0.5.0 – Authentication Bypass (0)
09-06: [dos] SmartFTP Client 10.0.2909.0 – 'Multiple' Denial of Service (0)
09-06: [webapps] Patient Appointment Scheduler System 1.0 – Persistent/Stored XSS (0)
09-06: [webapps] Patient Appointment Scheduler System 1.0 – Unauthenticated File Upload & Remote Code Execution (RCE) (0)
09-06: [webapps] Bus Pass Management System 1.0 – 'viewid' Insecure direct object references (IDOR) (0)
09-06: [webapps] FlatCore CMS 2.0.7 – Remote Code Execution (RCE) (Authenticated) (0)
09-06: [webapps] OpenEMR 6.0.0 – 'noteid' Insecure Direct Object Reference (IDOR) (0)
09-06: [local] Argus Surveillance DVR 4.0 – Unquoted Service Path (0)
09-04: Windows Defender Application Guard Denial Of Service (0)
09-04: jforum 2.7.0 Cross Site Scripting (0)
09-04: Remote Mouse 4.002 Unquoted Service Path (0)
09-04: OpenSIS 8.0 Directory Traversal (0)
09-04: Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal (0)
09-03: Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal (0)
09-03: WordPress Duplicate Page 4.4.1 Cross Site Scripting (0)
09-03: WPanel 4.3.1 Remote Code Execution (0)
09-03: Backdoor.Win32.MoonPie.40 Authentication Bypass / Code Execution (0)
09-03: OpenSIS Community 8.0 SQL Injection (0)
09-03: Compro Technology IP Camera Denial Of Service (0)
09-03: Backdoor.Win32.MoonPie.40 Man-In-The-Middle (0)
09-03: Compro Technology IP Camera RTSP Stream Disclosure (0)
09-03: Compro Technology IP Camera Credential Disclosure (0)
09-03: Dolibarr ERP/CRM 14.0.1 Privilege Escalation (0)
09-03: Backdoor.Win32.MoonPie.40 Remote Command Execution (0)
09-03: Compro Technology IP Camera Stream Disclosure (0)
09-03: Compro Technology IP Camera Screenshot Disclosure (0)
09-03: CyberArk Credential Provider Race Condition / Authorization Bypass (0)
09-03: Geutebruck Remote Command Execution (0)
09-03: [webapps] OpenSIS 8.0 'modname' – Directory/Path Traversal (0)
09-03: [local] Remote Mouse 4.002 – Unquoted Service Path (0)
09-02: Geutebruck Remote Command Execution (0)
09-02: Telegram Desktop 2.9.2 Denial Of Service (0)
09-02: COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection (0)
09-02: HiveNightmare AKA SeriousSAM (0)
09-02: WordPress GetPaid 2.4.6 HTML Injection (0)
09-02: Fabasoft Cloud Website Cross Site Scripting (0)
09-02: Traffic Offense Management System 1.0 SQL Injection / Remote Code Execution (0)
09-02: OpenEMR 6.0.0 Insecure Direct Object Reference (0)
09-02: Confluence Server 7.12.4 OGNL Injection Remote Code Execution (0)
09-02: Moxa Command Injection / Cross Site Scripting / Vulnerable Software (0)
09-02: Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation (0)
09-02: Packet Storm New Exploits For August, 2021 (0)
09-02: [webapps] WPanel 4.3.1 – Remote Code Execution (RCE) (Authenticated) (0)
09-02: [webapps] Compro Technology IP Camera – ' index_MJpeg.cgi' Stream Disclosure (0)
09-02: [webapps] Compro Technology IP Camera – 'Multiple' Credential Disclosure (0)
09-02: [webapps] Compro Technology IP Camera – RTSP stream disclosure (Unauthenticated) (0)
09-02: [webapps] OpenSIS Community 8.0 – 'cp_id_miss_attn' SQL Injection (0)
09-02: [webapps] Compro Technology IP Camera – 'killps.cgi' Denial-of-Service (DoS) (0)
09-02: [webapps] Compro Technology IP Camera – ' mjpegStreamer.cgi' Screenshot Disclosure (0)
09-02: [webapps] Dolibarr ERP/CRM 14.0.1 – Privilege Escalation (0)
09-01: Packet Storm New Exploits For August, 2021 (0)
09-01: MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation (0)
09-01: Strapi 3.0.0-beta.17.7 Remote Code Execution (0)
09-01: HEUR.Trojan.Win32.Delf.gen Insecure Permissions (0)
09-01: Bus Pass Management System 1.0 SQL Injection (0)
09-01: Backdoor.Win32.DarkKomet.aspl Insecure Permissions (0)
09-01: Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy (0)
09-01: Strapi CMS 3.0.0-beta.17.4 Remote Code Execution (0)
09-01: Backdoor.Win32.Antilam.11 Code Execution (0)
09-01: Ship Ferry Ticket Reservation System 1.0 SQL Injection (0)
09-01: Backdoor.Win32.Hupigon.abe Unauthenticated Open Proxy (0)
09-01: Projectsend r1295 Cross Site Scripting (0)
09-01: Strapi 3.0.0-beta Authentication Bypass (0)
09-01: Backdoor.Win32.Delf.um Authentication Bypass / Code Execution (0)
09-01: Online Leave Management System 1.0 SQL Injection (0)
09-01: Umbraco CMS 8.9.1 Traversal / Arbitrary File Write (0)
09-01: Backdoor.Win32.Delf.wr Authentication Bypass / Code Execution (0)
09-01: Backdoor.Win32.Delf.wr Man-In-The-Middle (0)
09-01: WordPress ProfilePress 3.1.3 Privilege Escalation (0)
09-01: Git LFS Clone Command Execution (0)
09-01: Backdoor.Win32.BO2K.11.d Buffer Overflow (0)
09-01: Backdoor.Win32.Hupigon.aejq Authentication Bypass / Code Execution (0)
09-01: Backdoor.Win32.Hupigon.aejq Man-In-The-Middle (0)
09-01: Backdoor.Win32.Hupigon.aejq Traversal (0)
09-01: BSCW Server XML Injection (0)
09-01: BSCW Server Remote Code Execution (0)
09-01: [dos] Telegram Desktop 2.9.2 – Denial of Service (PoC) (0)
09-01: [webapps] WordPress Plugin Payments Plugin | GetPaid 2.4.6 – HTML Injection (0)
09-01: [webapps] Traffic Offense Management System 1.0 – SQLi to Remote Code Execution (RCE) (Unauthenticated) (0)
09-01: [webapps] Confluence Server 7.12.4 – 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated) (0)

August 2021 (180)

08-31: BSCW Server Remote Code Execution (0)
08-31: [webapps] WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated) (0)
08-31: [webapps] Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated) (0)
08-30: [webapps] Projectsend r1295 – 'name' Stored XSS (0)
08-30: [webapps] Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated) (0)
08-30: [webapps] Strapi 3.0.0-beta – Set Password (Unauthenticated) (0)
08-30: [local] MySQL User-Defined (Linux) x32 / x86_64 – 'sys_exec' Local Privilege Escalation (2) (0)
08-30: [webapps] Usermin 1.820 – Remote Code Execution (RCE) (Authenticated) (0)
08-30: [webapps] Bus Pass Management System 1.0 – 'viewid' SQL Injection (0)
08-30: [webapps] Strapi CMS 3.0.0-beta.17.4 – Remote Code Execution (RCE) (Unauthenticated) (0)
08-30: [webapps] ZesleCP 3.1.9 – Remote Code Execution (RCE) (Authenticated) (0)
08-27: ProcessMaker 3.5.4 Local File Inclusion (0)
08-27: [webapps] CyberPanel 2.1 – Remote Code Execution (RCE) (Authenticated) (0)
08-26: ProcessMaker 3.5.4 Local File Inclusion (0)
08-26: WordPress Mail Masta 1.0 Local File Inclusion (0)
08-26: HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site Scripting (0)
08-26: Online Leave Management System 1.0 Shell Upload (0)
08-26: [webapps] ProcessMaker 3.5.4 – Local File inclusion (0)
08-25: Online Leave Management System 1.0 Shell Upload (0)
08-25: [webapps] Online Leave Management System 1.0 – Arbitrary File Upload to Shell (Unauthenticated) (0)
08-25: [webapps] HP OfficeJet 4630/7110 MYM1FN2025AR/2117A – Stored Cross-Site Scripting (XSS) (0)
08-25: [webapps] WordPress Plugin Mail Masta 1.0 – Local File Inclusion (2) (0)
08-24: Simple Phone Book/Directory 1.0 SQL Injection (0)
08-24: RaspAP 2.6.6 Remote Code Execution (0)
08-24: Shoutcast Server 2.6.0.753 Crash (0)
08-24: Online Traffic Offense Management System 1.0 Remote Code Execution (0)
08-24: https://thailandcoralbleaching.dmcr.go.th/index.html (0)
08-24: https://itcenter.dmcr.go.th/index.html (0)
08-24: http://form.dmcr.go.th/index.html (0)
08-23: Online Traffic Offense Management System 1.0 Remote Code Execution (0)
08-23: [webapps] RaspAP 2.6.6 – Remote Code Execution (RCE) (Authenticated) (0)
08-23: [webapps] Simple Phone book/directory 1.0 – 'Username' SQL Injection (Unauthenticated) (0)
08-23: [webapps] Online Traffic Offense Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
08-21: https://www.ccit.go.th/azu.php (0)
08-21: Laundry Booking Management System 1.0 Cross Site Scripting (0)
08-21: Laundry Booking Management System 1.0 SQL Injection (0)
08-21: NetModule Router Software Password Handling / Session Fixation (0)
08-21: Online Traffic Offense Management System 1.0 SQL Injection (0)
08-21: Microsoft Exchange ProxyShell Remote Code Execution (0)
08-20: Microsoft Exchange ProxyShell Remote Code Execution (0)
08-20: Charity Management System CMS 1.0 Code Execution / XSS / SQL Injection (0)
08-20: WebKit WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy Heap Use-After-Free (0)
08-20: JavaScriptCore Crash Proof Of Concept (0)
08-20: WebKit Element::dispatchMouseEvent Heap Use-After-Free (0)
08-20: Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials (0)
08-20: [webapps] Laundry Booking Management System 1.0 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
08-20: [webapps] Laundry Booking Management System 1.0 – 'Multiple' SQL Injection (0)
08-20: [webapps] Online Traffic Offense Management System 1.0 – 'id' SQL Injection (Authenticated) (0)
08-19: Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials (0)
08-19: Fortinet Slams Rapid7 For Disclosing Vulnerability (0)
08-19: COVID-19 Testing Management System 1.0 SQL Injection (0)
08-19: Hospital Management System Cross Site Scripting (0)
08-19: Crime Records Management System 1.0 SQL Injection (0)
08-19: Crossfire Server 1.0 Buffer Overflow (0)
08-19: Simple Image Gallery 1.0 Shell Upload (0)
08-19: [webapps] Charity Management System CMS 1.0 – Multiple Vulnerabilities (0)
08-18: Simple Image Gallery 1.0 Shell Upload (0)
08-18: http://mueang.chanthaburi.doae.go.th (0)
08-18: SonicWall NetExtender 10.2.0.300 Unquoted Service Path (0)
08-18: Cyberoam NetGenie Cross Site Scripting (0)
08-18: GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution (0)
08-18: Lucee Administrator imgProcess.cfm Arbitrary File Write (0)
08-18: [remote] crossfire-server 1.9.0 – 'SetUp()' Remote Buffer Overflow (0)
08-18: [webapps] Simple Image Gallery 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
08-18: [webapps] COVID19 Testing Management System 1.0 – 'Multiple' SQL Injections (0)
08-18: [webapps] Crime records Management System 1.0 – 'Multiple' SQL Injection (Authenticated) (0)
08-17: Lucee Administrator imgProcess.cfm Arbitrary File Write (0)
08-17: Tiny Java Web Server 1.115 Cross Site Scripting (0)
08-17: Firebase PHP-JWT Algorithm Confusion (0)
08-17: CentOS Web Panel 0.9.8.1081 Cross Site Scripting (0)
08-17: NetGear D1500 1.0.0.21_1.0.1PE Cross Site Scripting (0)
08-17: COMMAX Biometric Access Control System 1.0.0 Cross Site Scripting (0)
08-17: Chrome JS WasmJs::InstallConditionalFeatures Object Corruption (0)
08-17: Simple Water Refilling Station Management System 1.0 SQL Injection (0)
08-17: Simple Water Refilling Station Management System 1.0 Shell Upload (0)
08-17: COMMAX Biometric Access Control System 1.0.0 Authentication Bypass (0)
08-17: TastyIgniter 3.0.7 Cross Site Scripting (0)
08-17: COMMAX Smart Home IoT Control System CDP-1020n SQL Injection (0)
08-17: COMMAX WebViewer ActiveX Control 2.1.4.5 Buffer Overflow (0)
08-17: COMMAX UMS Client ActiveX Control 1.7.0.2 Buffer Overflow (0)
08-17: COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credential Disclosure (0)
08-17: COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS (0)
08-17: COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure (0)
08-17: [webapps] GeoVision Geowebserver 5.3.3 – LFI / XSS / HHI / RCE (0)
08-17: [local] SonicWall NetExtender 10.2.0.300 – Unquoted Service Path (0)
08-16: COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure (0)
08-16: [webapps] COMMAX CVD-Axx DVR 5.1.4 – Weak Default Credentials Stream Disclosure (0)
08-16: [webapps] COMMAX Smart Home Ruvie CCTV Bridge DVR Service – RTSP Credentials Disclosure (0)
08-16: [webapps] COMMAX Smart Home IoT Control System CDP-1020n – SQL Injection Authentication Bypass (0)
08-16: [webapps] COMMAX Biometric Access Control System 1.0.0 – Authentication Bypass (0)
08-16: [webapps] Simple Water Refilling Station Management System 1.0 – Authentication Bypass (0)
08-16: [webapps] Simple Water Refilling Station Management System 1.0 – Remote Code Execution (RCE) through File Upload (0)
08-16: [webapps] CentOS Web Panel 0.9.8.1081 – Stored Cross-Site Scripting (XSS) (0)
08-16: [webapps] COMMAX Smart Home Ruvie CCTV Bridge DVR Service – Config Write / DoS (Unauthenticated) (0)
08-16: [webapps] NetGear D1500 V1.0.0.21_1.0.1PE – 'Wireless Repeater' Stored Cross-Site Scripting (XSS) (0)
08-14: RATES SYSTEM 1.0 SQL Injection (0)
08-14: Police Crime Record Management System 1.0 SQL Injection (0)
08-14: Police Crime Record Management System 1.0 Cross Site Scripting (0)
08-14: Easy-Mock 1.6.0 Remote Code Execution (0)
08-14: Chikitsa 2.0.0 Cross Site Scripting (0)
08-14: Care2x Open Source Hospital Information Management 2.7 Alpha XSS (0)
08-14: 4images 1.8 SQL Injection (0)
08-14: Simple Image Gallery System 1.0 SQL Injection (0)
08-14: HackTool.Win32.HKit Remote Command Execution (0)
08-14: PluXML 5.8.7 Cross Site Scripting (0)
08-13: http://www.sesalpglpn.go.th/index.html (0)
08-13: PluXML 5.8.7 Cross Site Scripting (0)
08-13: Xiaomi 10.2.4.g Information Disclosure (0)
08-13: COVID19 Testing Management System 1.0 SQL Injection (0)
08-13: RATES SYSTEM 1.0 SQL Injection (0)
08-13: Atlassian Crowd pdkinstall Remote Code Execution (0)
08-13: Lexmark Driver Privilege Escalation (0)
08-13: [webapps] Simple Image Gallery System 1.0 – 'id' SQL Injection (0)
08-13: [webapps] easy-mock 1.6.0 – Remote Code Execution (RCE) (Authenticated) (0)
08-13: [webapps] 4images 1.8 – 'limitnumber' SQL Injection (Authenticated) (0)
08-12: Lexmark Driver Privilege Escalation (0)
08-12: Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy (0)
08-12: Backdoor.Win32.IRCBot.gen Hardcoded Credential (0)
08-12: HackTool.Win32.Hidd.b Buffer Overflow (0)
08-12: Canon TR150 Driver 3.71.2.10 Privilege Escalation (0)
08-12: http://www.pri1.go.th/yo.php (0)
08-12: [webapps] RATES SYSTEM 1.0 – 'Multiple' SQL Injections (0)
08-12: [webapps] Altova MobileTogether Server 7.3 – XML External Entity Injection (XXE) (0)
08-12: [webapps] COVID19 Testing Management System 1.0 – 'searchdata' SQL Injection (0)
08-11: Canon TR150 Driver 3.71.2.10 Privilege Escalation (0)
08-11: http://english.dip.go.th/ma.txt (0)
08-11: Cockpit CMS 0.11.1 NoSQL Injection (0)
08-11: WordPress LifterLMS 4.21.1 Insecure Direct Object Reference (0)
08-11: IPCop 2.1.9 Remote Code Execution (0)
08-11: Facebook For Android Friend Acceptance (0)
08-11: WordPress Picture Gallery 1.4.2 Cross Site Scripting (0)
08-11: Simple Library Management System 1.0 SQL Injection (0)
08-11: MobileTogether Server 7.3 XML Injection (0)
08-10: MobileTogether Server 7.3 XML Injection (0)
08-10: OneNav Beta 0.9.12 Cross Site Scripting (0)
08-10: Microsoft Windows Malicious Software Removal Tool Privilege Escalation (0)
08-10: [webapps] Cockpit CMS 0.11.1 – 'Username Enumeration & Password Reset' NoSQL Injection (0)
08-10: [local] Amica Prodigy 1.7 – Privilege Escalation (0)
08-10: [webapps] IPCop 2.1.9 – Remote Code Execution (RCE) (Authenticated) (0)
08-09: Microsoft Windows Malicious Software Removal Tool Privilege Escalation (0)
08-09: https://udn1.go.th/yo.php (0)
08-07: http://www.nongtongpattana.go.th (0)
08-07: Amica Prodigy 1.7 Privilege Escalation (0)
08-07: Constructor.Win32.SS.11.c Unauthenticated Open Proxy (0)
08-07: Trojan-Dropper.Win32.Small.fp Unauthenticated Open Proxy (0)
08-07: Backdoor.Win32.Zdemon.10 Remote Command Execution (0)
08-07: Backdoor.Win32.Zdemon.126 Remote Command Execution (0)
08-07: Backdoor.Win32.Zaratustra Remote File Write / Code Execution (0)
08-06: Backdoor.Win32.Zaratustra Remote File Write / Code Execution (0)
08-06: CMSuno 1.7 Cross Site Scripting (0)
08-06: Moodle 3.9 Remote Code Execution (0)
08-06: GFI Mail Archiver 15.1 Arbitrary File Upload (0)
08-05: GFI Mail Archiver 15.1 Arbitrary File Upload (0)
08-05: Apache OfBiz 17.12.01 Remote Command Execution (0)
08-05: WordPress WP Customize Login 1.1 Cross Site Scripting (0)
08-05: Riak Insecure Default Configuration / Remote Command Execution (0)
08-05: Client Management System 1.1 Cross Site Scripting (0)
08-05: qdPM 9.2 Information Disclosure (0)
08-05: [webapps] GFI Mail Archiver 15.1 – Telerik UI Component Arbitrary File Upload (Unauthenticated) (0)
08-05: [webapps] CMSuno 1.7 – 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated) (0)
08-05: [webapps] Moodle 3.9 – Remote Code Execution (RCE) (Authenticated) (0)
08-04: http://www.kuangrod.go.th (0)
08-04: qdPM 9.2 Information Disclosure (0)
08-04: Hotel Management System 1.0 Cross Site Scripting / Shell Upload (0)
08-04: [webapps] ApacheOfBiz 17.12.01 – Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments (0)
08-04: [webapps] qdPM 9.2 – DB Connection String and Password Exposure (Unauthenticated) (0)
08-04: [webapps] qdPM 9.1 – Remote Code Execution (RCE) (Authenticated) (0)
08-04: [webapps] WordPress Plugin WP Customize Login 1.1 – 'Change Logo Title' Stored Cross-Site Scripting (XSS) (0)
08-04: [webapps] Client Management System 1.1 – 'cname' Stored Cross-site scripting (XSS) (0)
08-03: https://rayonghospital.go.th/pwn.htm (0)
08-03: Hotel Management System 1.0 Cross Site Scripting / Shell Upload (0)
08-03: Men Salon Management System 1.0 SQL Injection (0)
08-03: Neo4j 3.4.18 Remote Code Execution (0)
08-03: Online Hotel Reservation System 1.0 Cross Site Scripting (0)
08-03: Packet Storm New Exploits For July, 2021 (0)
08-03: [webapps] Hotel Management System 1.0 – Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE) (0)
08-02: Packet Storm New Exploits For July, 2021 (0)
08-02: [webapps] Online Hotel Reservation System 1.0 – 'Multiple' Cross-site scripting (XSS) (0)
08-02: [remote] Neo4j 3.4.18 – RMI based Remote Code Execution (RCE) (0)
08-02: [webapps] Men Salon Management System 1.0 – SQL Injection Authentication Bypass (0)

July 2021 (311)

07-31: ObjectPlanet Opinio 7.13 / 7.14 XML Injection (0)
07-31: ObjectPlanet Opinio 7.13 Expression Language Injection (0)
07-31: ObjectPlanet Opinio 7.13 Shell Upload (0)
07-31: Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery (0)
07-31: Pi-Hole Remove Commands Linux Privilege Escalation (0)
07-31: http://korat7.go.th/hi.htm (0)
07-30: Pi-Hole Remove Commands Linux Privilege Escalation (0)
07-30: IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration (0)
07-30: Care2x Integrated Hospital Info System 2.7 SQL Injection (0)
07-30: CloverDX 5.9.0 Code Execution / Cross Site Request Forgery (0)
07-30: ObjectPlanet Opinio 7.12 Cross Site Scripting (0)
07-30: Denver IP Camera SHO-110 Snapshot Disclosure (0)
07-30: Longjing Technology BEMS API 1.21 Remote Arbitrary File Download (0)
07-30: Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection (0)
07-30: Microsoft Exchange AD Schema Misconfiguration Privilege Escalation (0)
07-29: Microsoft Exchange AD Schema Misconfiguration Privilege Escalation (0)
07-29: http://secondary33.go.th/vuln.gif (0)
07-29: TripSpark VEO Transportation SQL Injection (0)
07-29: eGain Chat 15.5.5 Cross Site Scripting (0)
07-29: Denver Smart Wifi Camera SHC-150 Remote Code Execution (0)
07-29: Event Registration System With QR Code 1.0 Shell Upload (0)
07-29: Backdoor.Win32.WinShell.40 Code Execution (0)
07-29: Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers (0)
07-29: [webapps] Oracle Fatwire 6.3 – Multiple Vulnerabilities (0)
07-29: [webapps] CloverDX 5.9.0 – Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) (0)
07-29: [webapps] Care2x Integrated Hospital Info System 2.7 – 'Multiple' SQL Injection (0)
07-29: [webapps] IntelliChoice eFORCE Software Suite 2.5.9 – Username Enumeration (0)
07-29: [webapps] Longjing Technology BEMS API 1.21 – Remote Arbitrary File Download (0)
07-29: [webapps] Denver IP Camera SHO-110 – Unauthenticated Snapshot (0)
07-28: Backdoor.Win32.WinShell.40 Code Execution (0)
07-28: WordPress Social Warfare 3.5.2 Remote Code Execution (0)
07-28: PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection (0)
07-28: https://kangplu.go.th/krz.html (0)
07-28: https://bantan.go.th/krz.html (0)
07-28: https://samrong.go.th/krz.html (0)
07-28: https://khamtalayso.go.th/krz.html (0)
07-28: https://nonyor.go.th/krz.html (0)
07-28: https://naimeung.go.th/krz.html (0)
07-28: [webapps] TripSpark VEO Transportation – Blind SQL Injection (0)
07-28: [remote] Denver Smart Wifi Camera SHC-150 – 'Telnet' Remote Code Execution (RCE) (0)
07-28: [webapps] Event Registration System with QR Code 1.0 – Authentication Bypass & RCE (0)
07-27: PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection (0)
07-27: Zabbix 5.x SQL Injection / Cross Site Scripting (0)
07-27: Elasticsearch ECE 7.13.3 Database Disclosure (0)
07-27: Backdoor.Win32.Hupigon.aaur Unauthenticated Open Proxy (0)
07-27: Backdoor.Win32.Mazben.me Unauthenticated Open Proxy (0)
07-27: Leawo Prof. Media 11.0.0.1 Denial Of Service (0)
07-27: Backdoor.Win32.Agent.cu Authentication Bypass (0)
07-27: XOS Shop 1.0.9 Arbitrary File Deletion (0)
07-27: Backdoor.Win32.Agent.cu Man-In-The-Middle (0)
07-27: Backdoor.Win32.Agent.cu Code Execution (0)
07-27: Backdoor.Win32.PsyRat.b Denial Of Service (0)
07-27: NoteBurner 2.35 Denial Of Service (0)
07-27: Backdoor.Win32.PsyRat.b Code Execution (0)
07-27: WordPress Modern Events Calendar Remote Code Execution (0)
07-27: Backdoor.Win32.Bifrose.acci Buffer Overflow (0)
07-27: Backdoor.Win32.Nbdd.bgz Buffer Overflow (0)
07-27: WordPress SP Project And Document Remote Code Execution (0)
07-27: [webapps] PHP 7.3.15-3 – 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection (0)
07-27: [webapps] Customer Relationship Management System (CRM) 1.0 – Sql Injection Authentication Bypass (0)
07-26: [webapps] XOS Shop 1.0.9 – 'Multiple' Arbitrary File Deletion (Authenticated) (0)
07-26: [webapps] NoteBurner 2.35 – Denial Of Service (DoS) (PoC) (0)
07-26: [dos] Leawo Prof. Media 11.0.0.1 – Denial of Service (DoS) (PoC) (0)
07-26: [webapps] Elasticsearch ECE 7.13.3 – Anonymous Database Dump (0)
07-24: WordPress Simple Post 1.1 Cross Site Scripting (0)
07-24: Microsoft SharePoint Server 2019 Remote Code Execution (0)
07-24: ElasticSearch 7.13.3 Memory Disclosure (0)
07-23: Apple Security Advisory 2021-07-21-1 (0)
07-23: Apple Security Advisory 2021-07-21-2 (0)
07-23: Apple Security Advisory 2021-07-21-3 (0)
07-23: Apple Security Advisory 2021-07-21-4 (0)
07-23: Apple Security Advisory 2021-07-21-5 (0)
07-23: Apple Security Advisory 2021-07-21-6 (0)
07-23: Apple Security Advisory 2021-07-21-7 (0)
07-23: ElasticSearch 7.13.3 Memory Disclosure (0)
07-23: [webapps] ElasticSearch 7.13.3 – Memory disclosure (0)
07-23: [webapps] WordPress Plugin Simple Post 1.1 – 'Text field' Stored Cross-Site Scripting (XSS) (0)
07-22: NSO Will No Longer Talk To The Press About Damning Reports (0)
07-22: Vehicle Parking Management System 1.0 Cross Site Scripting (0)
07-22: Vehicle Parking Management System 1.0 SQL Injection (0)
07-22: Online Shopping Portal 3.1 SQL Injection (0)
07-22: News Portal Project 3.1 SQL Injection (0)
07-22: CSZ CMS 1.2.9 Arbitrary File Deletion (0)
07-22: Ampache 4.4.2 Cross Site Scripting (0)
07-22: Sequoia: A Deep Root In Linux's Filesystem Layer (0)
07-22: WordPress Backup Guard Authenticated Remote Code Execution (0)
07-22: Sage X3 Administration Service Authentication Bypass / Command Execution (0)
07-21: WordPress KN Fix Your Title 1.0.1 Cross Site Scripting (0)
07-21: Webmin 1.973 Cross Site Request Forgery (0)
07-21: Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation (0)
07-21: Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization (0)
07-21: KevinLAB BEMS 1.0 Undocumented Backdoor Account (0)
07-21: KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass (0)
07-21: KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure (0)
07-21: Apple Under Pressure Over iPhone Security After NSO Spyware Claims (0)
07-21: [webapps] CSZ CMS 1.2.9 – 'Multiple' Arbitrary File Deletion (0)
07-21: [webapps] KevinLAB BEMS 1.0 – File Path Traversal Information Disclosure (Authenticated) (0)
07-21: [webapps] KevinLAB BEMS 1.0 – Unauthenticated SQL Injection / Authentication Bypass (0)
07-21: [remote] KevinLAB BEMS 1.0 – Undocumented Backdoor Account (0)
07-20: http://www.takesa1.go.th (0)
07-20: Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation (0)
07-20: PEEL Shopping 9.3.0 SQL Injection (0)
07-20: HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy (0)
07-20: HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy (0)
07-20: Backdoor.Win32.IRCBot.gen Weak Hardcoded Password (0)
07-20: HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions (0)
07-20: WordPress LearnPress SQL Injection (0)
07-20: WordPress LearnPress Privilege Escalation (0)
07-20: HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions (0)
07-20: Backdoor.Win32.Agent.bjev Insecure Permissions (0)
07-20: Dolibarr ERP/CRM 10.0.6 Login Brute Forcer (0)
07-20: Trojan-Spy.Win32.SpyEyes.abdb Insecure Permissions (0)
07-20: Trojan-Spy.Win32.SpyEyes.hqd Insecure Permissions (0)
07-20: WordPress Mimetic Books 0.2.13 Cross Site Scripting (0)
07-20: Backdoor.Win32.IRCBot.gen Remote Command Execution (0)
07-20: [webapps] WordPress Plugin KN Fix Your Title 1.0.1 – 'Separator' Stored Cross-Site Scripting (XSS) (0)
07-19: [webapps] PEEL Shopping 9.3.0 – 'id' Time-based SQL Injection (0)
07-19: [webapps] Dolibarr ERP/CRM 10.0.6 – Login Brute Force (0)
07-19: [webapps] WordPress Plugin Mimetic Books 0.2.13 – 'Default Publisher ID field' Stored Cross-Site Scripting (XSS) (0)
07-19: [webapps] WordPress Plugin LearnPress 3.2.6.7 – 'current_items' SQL Injection (Authenticated) (0)
07-19: [webapps] WordPress Plugin LearnPress 3.2.6.8 – Privilege Escalation (0)
07-17: VMware ThinApp DLL Hijacking (0)
07-17: Aruba Instant (IAP) Remote Code Execution (0)
07-17: Seagate BlackArmor NAS sg2000-2000.1331 Command Injection (0)
07-17: Aruba Instant 8.7.1.0 Arbitrary File Modification (0)
07-17: ForgeRock Access Manager/OpenAM 14.6.3 Remote Code Execution (0)
07-17: Argus Surveillance DVR 4.0 Weak Password Encryption (0)
07-17: OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting (0)
07-17: Linux Kernel Netfilter Heap Out-Of-Bounds Write (0)
07-16: Linux Kernel Netfilter Heap Out-Of-Bounds Write (0)
07-16: https://www.forest.go.th/by.html (0)
07-16: Safari Zero-Day Used In LinkedIn Campaign (0)
07-16: osCommerce 2.3.4.1 Remote Code Execution (0)
07-16: WordPress Popular Posts 5.3.2 Shell Upload (0)
07-16: Tor Half-Closed Connection Stream Confusion (0)
07-16: [remote] Aruba Instant 8.7.1.0 – Arbitrary File Modification (0)
07-16: [webapps] ForgeRock Access Manager/OpenAM 14.6.3 – Remote Code Execution (RCE) (Unauthenticated) (0)
07-16: [local] Argus Surveillance DVR 4.0 – Weak Password Encryption (0)
07-16: [webapps] Seagate BlackArmor NAS sg2000-2000.1331 – Command Injection (0)
07-15: iOS Zero-Day Let SolarWinds Hackers Compromise iPhones (0)
07-15: Google Details Recent Malware Campaigns Amid Uptick In Zero-Day Attacks (0)
07-15: https://e-service.loei2.go.th/report/resource/krz.txt (0)
07-15: http://nakhonphanom.rid.go.th/wp-includes_/krz.txt (0)
07-15: http://rio14data.rid.go.th/data_rio14/finance/krz.txt (0)
07-15: http://yasothon.rid.go.th/wp-content/krz.txt (0)
07-15: http://krabi.rid.go.th/kbi/wp-content/krz.txt (0)
07-15: http://pasakjolasid.rid.go.th/krz.txt (0)
07-15: http://songkhla.rid.go.th/wp-content//krz.txt (0)
07-15: http://phakhai.rid.go.th/2021/sites/krz.txt (0)
07-15: http://rio11.rid.go.th/images/krz.txt (0)
07-15: http://kangkrachan.rid.go.th/images/krz.txt (0)
07-15: http://maelao.rid.go.th/krz.txt (0)
07-15: http://narathiwat.rid.go.th/17/tmp/krz.txt (0)
07-15: http://rio2.rid.go.th/krz.txt (0)
07-15: http://nongwai.rid.go.th/nw/tmp/krz.txt (0)
07-15: http://surin.rid.go.th/images/krz.txt (0)
07-15: Tor Half-Closed Connection Stream Confusion (0)
07-15: https://www.jvkorat.go.th/pi.html (0)
07-15: Webmin 1.973 Cross Site Request Forgery (0)
07-15: WordPress Current Book 1.0.1 Cross Site Scripting (0)
07-15: Microsoft Hyper-V vmswitch.sys Proof Of Concept (0)
07-15: Realtek RTKVHD64.sys Out-Of-Bounds Access (0)
07-15: Windows TCP/IP Denial Of Service (0)
07-15: XNU Network Stack Kernel Heap Overflow (0)
07-15: Microsoft Windows CreateProcessWithLogon Write Restricted Service Privilege Escalation (0)
07-15: Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution (0)
07-15: [webapps] osCommerce 2.3.4.1 – Remote Code Execution (2) (0)
07-15: [webapps] WordPress Plugin Popular Posts 5.3.2 – Remote Code Execution (RCE) (Authenticated) (0)
07-14: Apache Tomcat 9.0.0M1 Open Redirect (0)
07-14: Apache Tomcat 9.0.0.M1 Cross Site Scripting (0)
07-14: HEUR.Backdoor.Win32.Agent.gen Insecure Permissions (0)
07-14: Backdoor.IRC.Ataka.a Insecure Permissions (0)
07-14: Trojan-Proxy.Win32.Ranky.gen Unauthenticated Open Proxy (0)
07-14: Backdoor.Win32.NerTe.a Authentication Bypass / Code Execution (0)
07-14: Pandora FMS 7.54 Cross Site Scripting (0)
07-14: Backdoor.Win32.NerTe.a Unauthenticated Remote Command Execution (0)
07-14: Trojan.Win32.RASFlooder.b Hardcoded Password (0)
07-14: Backdoor.Win32.Surila.j Man-In-The-Middle / Port Bounce (0)
07-14: Backdoor.Win32.Surila.j Authentication Bypass (0)
07-14: OpenEMR 5.0.1.3 Shell Upload (0)
07-14: VirTool.Win32.Afix Buffer Overflow / Code Execution (0)
07-14: WordPress WPFront Notification Bar 1.9.1.04012 Cross Site Scripting (0)
07-14: Garbage Collection Management System 1.0 Shell Upload / SQL Injection (0)
07-14: Backdoor.Win32.Surila.j Denial Of Service (0)
07-14: Invoice System 1.0 Cross Site Scripting (0)
07-14: VirTool.Win32.Afix Buffer Overflow / Code Execution (0)
07-14: ForgeRock / OpenAM Jato Java Deserialization (0)
07-14: VMware vCenter Server Virtual SAN Health Check Remote Code Execution (0)
07-14: SolarWinds Issues Hotfix For Zero-Day Flaw Under Active Attack (0)
07-14: [webapps] WordPress Plugin Current Book 1.0.1 – 'Book Title and Author field' Stored Cross-Site Scripting (XSS) (0)
07-14: [webapps] Webmin 1.973 – Cross-Site Request Forgery (CSRF) (0)
07-13: [webapps] Garbage Collection Management System 1.0 – SQL Injection + Arbitrary File Upload (0)
07-13: [webapps] OpenEMR 5.0.1.3 – 'manage_site_files' Remote Code Execution (Authenticated) (2) (0)
07-13: [webapps] Invoice System 1.0 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
07-13: [webapps] Apache Tomcat 9.0.0.M1 – Open Redirect (0)
07-13: [webapps] WordPress Plugin WPFront Notification Bar 1.9.1.04012 – Stored Cross-Site Scripting (XSS) (0)
07-13: [webapps] Apache Tomcat 9.0.0.M1 – Cross-Site Scripting (XSS) (0)
07-10: Zoo Management System 1.0 Cross Site Scripting (0)
07-10: Church Management System 1.0 Shell Upload / SQL Injection (0)
07-10: Polkit D-Bus Authentication Bypass (0)
07-09: WordPress SP Project And Document Manager 4.21 Shell Upload (0)
07-09: Employee Record Management System 1.2 Cross Site Scripting (0)
07-09: Online Covid Vaccination Scheduler System 1.0 Shell Upload (0)
07-09: MpEngine ASProtect Embedded Runtime DLL Memory Corruption (0)
07-09: Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload (0)
07-09: [webapps] Zoo Management System 1.0 – 'Multiple' Stored Cross-Site-Scripting (XSS) (0)
07-09: [webapps] Church Management System 1.0 – SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE (0)
07-08: Online Covid Vaccination Scheduler System 1.0 SQL Injection (0)
07-08: Docker Dashboard Remote Command Execution (0)
07-08: Rocket.Chat 3.12.1 NoSQL Injection / Code Execution (0)
07-08: WordPress Plainview Activity Monitor 20161228 Remote Code Execution (0)
07-08: Okta Access Gateway 2020.5.5 Authenticated Remote Root (0)
07-08: [webapps] Wordpress Plugin SP Project & Document Manager 4.21 – Remote Code Execution (RCE) (Authenticated) (0)
07-08: [webapps] Wyomind Help Desk 1.3.6 – Remote Code Execution (RCE) (0)
07-08: [webapps] Employee Record Management System 1.2 – Stored Cross-Site Scripting (XSS) (0)
07-08: [webapps] Online Covid Vaccination Scheduler System 1.0 – Arbitrary File Upload to Remote Code Execution (Unauthenticated) (0)
07-08: [webapps] Exam Hall Management System 1.0 – Unrestricted File Upload + RCE (Unauthenticated) (0)
07-07: Visual Tools DVR VX16 4.2.28 Privilege Escalation (0)
07-07: Netgear DGN2200v1 Remote Command Execution (0)
07-07: Black Box Kvm Extender 3.4.31307 Local File Inclusion (0)
07-07: Backdoor.Win32.NerTe.781 Authentication Bypass / Code Execution (0)
07-07: Visual Tools DVR VX16 4.2.28.0 Command Injection (0)
07-07: perfexcrm 1.10 Cross Site Scripting (0)
07-07: Pallets Werkzeug 0.15.4 Path Traversal (0)
07-07: WordPress Anti-Malware Security And Bruteforce Firewall 4.20.59 Directory Traversal (0)
07-07: Phone Shop Sales Managements System 1.0 Shell Upload (0)
07-07: Phone Shop Sales Managements System 1.0 SQL Injection (0)
07-07: Billing System Project 1.0 Shell Upload (0)
07-07: Exam Hall Management System 1.0 Shell Upload (0)
07-07: NSClient++ 0.5.2.35 Privilege Escalation (0)
07-07: [webapps] WordPress Plugin Plainview Activity Monitor 20161228 – Remote Code Execution (RCE) (Authenticated) (2) (0)
07-07: [webapps] Online Covid Vaccination Scheduler System 1.0 – 'username' time-based blind SQL Injection (0)
07-07: [webapps] Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated) (2) (0)
07-06: https://saranitet.police.go.th/robots.txt (0)
07-06: http://www.lampangcity.go.th/robots.txt (0)
07-06: Backdoor.Win32.NerTe.781 Code Execution (0)
07-06: Trojan-Spy.Win32.Xspyout.a Unauthenticated Open Proxy (0)
07-06: Online Birth Certificate System 1.1 Cross Site Scripting (0)
07-06: Trojan-Proxy.Win32.Ranky.ag Unauthenticated Open Proxy (0)
07-06: Backdoor.Win32.Hupigon.aiss Unauthenticated Open Proxy (0)
07-06: Church Management System 1.0 SQL Injection (0)
07-06: Church Management System 1.0 Cross Site Scripting (0)
07-06: Church Management System 1.0 Shell Upload (0)
07-06: Backdoor.Win32.Hupigon.gsy Unauthenticated Open Proxy (0)
07-06: Trojan.Win32.VB.bcng Insecure Permissions (0)
07-06: Trojan-Dropper.Win32.Agent.wxl Insecure Permissions (0)
07-06: HEUR.Trojan.Win32.Generic Insecure Permissions (0)
07-06: Online Voting System 1.0 SQL Injection / Remote Code Execution (0)
07-06: Trojan.Win32.Inject.adwas Insecure Permissions (0)
07-06: Backdoor.Win32.Zombam.l Buffer Overflow (0)
07-06: Backdoor.Win32.Zombam.l Code Execution (0)
07-06: OpenEMR 5.0.1.7 Path Traversal (0)
07-06: Backdoor.Win32.WinShell.40 Authentication Bypass / Command Execution (0)
07-06: WordPress WP Learn Manager 1.1.2 Cross Site Scripting (0)
07-06: Virus.Win32.Shodi.e Insecure Transit (0)
07-06: WordPress Backup Guard 1.5.8 Shell Upload (0)
07-06: Virus.Win32.Shodi.e Remote Command Execution (0)
07-06: Simple Client Management System 1.0 SQL Injection / Shell Upload (0)
07-06: Virus.Win32.Shodi.e Heap Corruption (0)
07-06: Ricon Industrial Cellular Router S9922XL Remote Command Execution (0)
07-06: [webapps] Phone Shop Sales Managements System 1.0 – 'Multiple' Arbitrary File Upload to Remote Code Execution (0)
07-06: [webapps] WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 – Directory Traversal (0)
07-06: [webapps] perfexcrm 1.10 – 'State' Stored Cross-site scripting (XSS) (0)
07-06: [webapps] Visual Tools DVR VX16 4.2.28.0 – OS Command Injection (Unauthenticated) (0)
07-06: [webapps] Phone Shop Sales Managements System 1.0 – Authentication Bypass (SQLi) (0)
07-06: [webapps] Visual Tools DVR VX16 4.2.28 – Local Privilege Escalation (0)
07-06: [webapps] Exam Hall Management System 1.0 – Unrestricted File Upload (Unauthenticated) (0)
07-06: [webapps] Pallets Werkzeug 0.15.4 – Path Traversal (0)
07-06: [webapps] Billing System Project 1.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
07-06: [webapps] Netgear DGN2200v1 – Remote Command Execution (RCE) (Unauthenticated) (0)
07-06: [webapps] Black Box Kvm Extender 3.4.31307 – Local File Inclusion (0)
07-05: [webapps] OpenEMR 5.0.1.7 – 'fileName' Path Traversal (Authenticated) (2) (0)
07-05: [webapps] WordPress Plugin WP Learn Manager 1.1.2 – Stored Cross-Site Scripting (XSS) (0)
07-05: [webapps] TextPattern CMS 4.9.0-dev – Remote Command Execution (RCE) (Authenticated) (0)
07-05: [webapps] Ricon Industrial Cellular Router S9922XL – Remote Command Execution (RCE) (0)
07-05: [webapps] Online Voting System 1.0 – SQLi (Authentication Bypass) + Remote Code Execution (RCE) (0)
07-05: [webapps] Online Birth Certificate System 1.1 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
07-05: [webapps] Simple Client Management System 1.0 – Remote Code Execution (RCE) (0)
07-05: [webapps] Wordpress Plugin Backup Guard 1.5.8 – Remote Code Execution (Authenticated) (0)
07-05: [webapps] Church Management System 1.0 – 'password' SQL Injection (Authentication Bypass) (0)
07-05: [webapps] Church Management System 1.0 – Unrestricted File Upload to Remote Code Execution (Authenticated) (0)
07-05: [webapps] Church Management System 1.0 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
07-03: AKCP sensorProbe SPX476 Cross Site Scripting (0)
07-03: b2evolution 7.2.2 Cross Site Request Forgery (0)
07-03: WordPress Modern Events Calendar 5.16.2 Information Disclosure (0)
07-03: WordPress Modern Events Calendar 5.16.2 Shell Upload (0)
07-03: Scratch Desktop 3.17 Code Execution / Cross Site Scripting (0)
07-03: Microsoft PrintNightmare Proof Of Concept (0)
07-03: Garbage Collection Management System 1.0 SQL Injection (0)
07-03: PrintNightmare Windows Spooler Service Remote Code Execution (0)
07-02: Vianeos OctoPUS 5 SQL Injection (0)
07-02: Online Voting System 1.0 SQL Injection (0)
07-02: Online Voting System 1.0 Remote Code Execution (0)
07-02: WinWaste.NET 1.0.6183.16475 Local Privilege Escalation (0)
07-02: WordPress XCloner 4.2.12 Remote Code Execution (0)
07-02: Docker Container Escape (0)
07-02: Packet Storm New Exploits For June, 2021 (0)
07-02: [local] WinWaste.NET 1.0.6183.16475 – Privilege Escalation due Incorrect Access Control (0)
07-02: [webapps] b2evolution 7.2.2 – 'edit account details' Cross-Site Request Forgery (CSRF) (0)
07-02: [webapps] AKCP sensorProbe SPX476 – 'Multiple' Cross-Site Scripting (XSS) (0)
07-02: [webapps] Wordpress Plugin Modern Events Calendar 5.16.2 – Remote Code Execution (Authenticated) (0)
07-02: [webapps] Scratch Desktop 3.17 – Cross-Site Scripting/Remote Code Execution (XSS/RCE) (0)
07-01: phpAbook 0.9i SQL Injection (0)
07-01: Doctors Patients Management System 1.0 SQL Injection (0)
07-01: Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation (0)
07-01: Apache Superset 1.1.0 Account Enumeration (0)
07-01: KVM nested_svm_vmrun Double Fetch (0)
07-01: [webapps] Vianeos OctoPUS 5 – 'login_user' SQLi (0)
07-01: [webapps] Online Voting System 1.0 – Remote Code Execution (Authenticated) (0)
07-01: [webapps] Online Voting System 1.0 – Authentication Bypass (SQLi) (0)
07-01: [webapps] Wordpress Plugin XCloner 4.2.12 – Remote Code Execution (Authenticated) (0)

June 2021 (371)

06-30: ES File Explorer 4.1.9.7.4 Arbitrary File Read (0)
06-30: [webapps] Doctors Patients Management System 1.0 – SQL Injection (Authentication Bypass) (0)
06-30: [webapps] Apache Superset 1.1.0 – Time-Based Account Enumeration (0)
06-30: [webapps] Simple Traffic Offense System 1.0 – Stored Cross Site Scripting (XSS) (0)
06-30: [webapps] phpAbook 0.9i – SQL Injection (0)
06-29: Atlassian Jira Server/Data Center 8.16.0 Cross Site Scripting (0)
06-29: Email-Worm.Win32.Trance.a Insecure Permissions (0)
06-29: Android Data Exfiltration (0)
06-29: SAS Environment Manager 2.5 Cross Site Scripting (0)
06-29: Personnel Record Management System 1.0 SQL Injection (0)
06-29: Trojan-Dropper.Win32.Scrop.dyi Insecure Permissions (0)
06-29: Netgear WNAP320 2.0.3 Remote Code Execution (0)
06-29: Personnel Record Management System 1.0 Authentication Bypass / XSS (0)
06-29: WordPress YOP Polls 6.2.7 Cross Site Scripting (0)
06-29: Constructor.Win32.Bifrose.asc Buffer Overflow / Heap Corruption (0)
06-29: WordPress wpDiscuz 7.0.4 Shell Upload (0)
06-29: [remote] ES File Explorer 4.1.9.7.4 – Arbitrary File Read (0)
06-28: Android 2.0 FreeCIV Arbitrary Code Execution (0)
06-28: [webapps] Netgear WNAP320 2.0.3 – 'macAddress' Remote Code Execution (RCE) (Unauthenticated) (0)
06-28: [webapps] SAS Environment Manager 2.5 – 'name' Stored Cross-Site Scripting (XSS) (0)
06-28: [webapps] Atlassian Jira Server/Data Center 8.16.0 – Reflected Cross-Site Scripting (XSS) (0)
06-28: [webapps] WordPress Plugin YOP Polls 6.2.7 – Stored Cross Site Scripting (XSS) (0)
06-26: VMware vCenter 6.5 / 6.7 / 7.0 Remote Code Execution (0)
06-26: Backdoor.Win32.ReverseTrojan.200 Authentication Bypass (0)
06-26: Trojan.Win32.SecondThought.ak Insecure Permissions (0)
06-26: Adobe ColdFusion 8 Remote Command Execution (0)
06-26: Trojan.Win32.Banpak.kh Insecure Permissions (0)
06-26: Huawei DG8045 Authentication Bypass (0)
06-26: TP-Link TL-WR841N Command Injection (0)
06-26: Trojan-Dropper.Win32.Juntador.a Weak Hardcoded Password (0)
06-26: Trojan-Dropper.Win32.Krepper.a Remote Command Execution (0)
06-26: rConfig Shell Upload (0)
06-26: Simple Client Management System 1.0 SQL Injection (0)
06-26: Online Pet Shop We App 1.0 SQL Injection / Shell Upload (0)
06-26: Seeddms 5.1.10 Remote Command Execution (0)
06-26: Lightweight Facebook-Styled Blog Remote Code Execution (0)
06-26: SAPSprint 7.60 Unquoted Service Path (0)
06-25: https://www.afrims.go.th/o.txt (0)
06-25: rConfig Shell Upload (0)
06-25: [webapps] Lightweight facebook-styled blog 1.3 – Remote Code Execution (RCE) (Authenticated) (Metasploit) (0)
06-25: [webapps] Simple Client Management System 1.0 – 'uemail' SQL Injection (Unauthenticated) (0)
06-25: [webapps] Seeddms 5.1.10 – Remote Command Execution (RCE) (Authenticated) (0)
06-25: [local] SAPSprint 7.60 – 'SAPSprint' Unquoted Service Path (0)
06-24: [webapps] Huawei dg8045 – Authentication Bypass (0)
06-24: [webapps] TP-Link TL-WR841N – Command Injection (0)
06-24: [webapps] Adobe ColdFusion 8 – Remote Command Execution (RCE) (0)
06-24: [webapps] VMware vCenter Server RCE 6.5 / 6.7 / 7.0 – Remote Code Execution (RCE) (Unauthenticated) (0)
06-23: Backdoor.Win32.Hupigon.aaio Buffer Overflow (0)
06-23: Simple CRM 3.0 Cross Site Scripting (0)
06-23: Simple CRM 3.0 Cross Site Request Forgery (0)
06-23: Lexmark Printer Software G2 Installation Package 1.8.0.0 Unquoted Service Path (0)
06-23: Wise Care 365 5.6.7.568 Unquoted Service Path (0)
06-23: Websvn 2.6.0 Remote Code Execution (0)
06-23: Dlink DSL2750U Command Injection (0)
06-23: Solaris SunSSH 11.0 Remote Root (0)
06-23: Fedora / Gnome fscaps Issue (0)
06-23: Customer Relationship Management System 1.0 Remote Code Execution (0)
06-23: Phone Shop Sales Managements System 1.0 Insecure Direct Object Reference (0)
06-23: Responsive Tourism Website 3.1 Remote Code Execution (0)
06-23: ASUS DisplayWidget Software 3.4.0.036 Unquoted Service Path (0)
06-23: Remote Mouse GUI 3.008 Privilege Escalation (0)
06-23: WordPress Admin Columns Cross Site Scripting (0)
06-23: Online Library Management System 1.0 SQL Injection (0)
06-23: Online Library Management System 1.0 Shell Upload (0)
06-23: Simple CRM 3.0 SQL Injection (0)
06-23: Microsoft Windows Filtering Platform Token Access Check Privilege Escalation (0)
06-23: WordPress Poll, Survey, Questionnaire And Voting System 1.5.2 SQL Injection (0)
06-23: WordPress WP Google Maps 8.1.11 Cross Site Scripting (0)
06-23: Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload (0)
06-23: F5 BIG-IQ VE 8.0.0-2923215 Remote Root (0)
06-23: Cisco Modeling Labs 2.1.1-b19 Remote Command Execution (0)
06-23: HPE RDA-CAS 1.23.826 Denial Of Service (0)
06-23: http://new.ayutthaya2.go.th/_.php (0)
06-23: Lexmark Printers Open To Arbitrary Code Execution Zero Day (0)
06-23: WordPress Admin Columns Cross Site Scripting (0)
06-23: Lexmark Printers Open To Arbitrary Code Execution Zero Day (0)
06-23: [webapps] Simple CRM 3.0 – 'email' SQL injection (Authentication Bypass) (0)
06-23: [webapps] Online Library Management System 1.0 – Arbitrary File Upload Remote Code Execution (Unauthenticated) (0)
06-23: [webapps] Online Library Management System 1.0 – 'Search' SQL Injection (0)
06-23: [webapps] WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 – 'date_answers' Blind SQL Injection (0)
06-23: [webapps] WordPress Plugin WP Google Maps 8.1.11 – Stored Cross-Site Scripting (XSS) (0)
06-22: http://lpg1.go.th/hi.htm (0)
06-22: [local] ASUS DisplayWidget Software 3.4.0.036 – 'ASUSDisplayWidgetService' Unquoted Service Path (0)
06-21: http://bankhon.go.th/pun10.html (0)
06-21: http://changkerng.go.th/pun10.html (0)
06-21: http://pakai.go.th/pun10.html (0)
06-21: http://chaivaree.go.th/pun10.html (0)
06-21: http://maelaluang.go.th/pun10.html (0)
06-21: http://yangkham.go.th/pun10.html (0)
06-21: http://maehoa.go.th/pun10.html (0)
06-21: http://changpeuk.go.th/pun10.html (0)
06-21: http://khunyuam.go.th/pun10.html (0)
06-21: http://phe.go.th/pun10.html (0)
06-21: http://panna.go.th/pun10.html (0)
06-21: http://maesuad.go.th/pun10.html (0)
06-21: http://wiangkarn.go.th/pun10.html (0)
06-21: http://phonglocal.go.th/pun10.html (0)
06-21: http://changpuek.go.th/pun10.html (0)
06-21: http://nasaklampang.go.th/pun10.html (0)
06-21: http://phocaipiboon.go.th/pun10.html (0)
06-21: http://dongichan.go.th/pun10.html (0)
06-21: http://nasum.go.th/pun10.html (0)
06-21: [local] iFunbox 4.2 – 'Apple Mobile Device Service' Unquoted Service Path (0)
06-21: [local] Wise Care 365 5.6.7.568 – 'WiseBootAssistant' Unquoted Service Path (0)
06-21: [remote] Solaris SunSSH 11.0 x86 – libpam Remote Root (3) (0)
06-21: [webapps] OpenEMR 5.0.1.7 – 'fileName' Path Traversal (Authenticated) (0)
06-18: DiskPulse 13.6.14 Unquoted Service Path (0)
06-18: Disk Sorter Server 13.6.12 Unquoted Service Path (0)
06-18: Teachers Record Management System 1.0 Cross Site Scripting (0)
06-18: Teachers Record Management System 1.0 SQL Injection (0)
06-18: CKEditor 3 Server-Side Request Forgery (0)
06-18: Cotonti Siena 0.9.19 Cross Site Scripting (0)
06-18: Disk Savvy 13.6.14 Unquoted Service Path (0)
06-18: Sync Breeze 13.6.18 Sync Breeze 13.6.18 Unquoted Service Path (0)
06-18: OpenEMR 5.0.1.3 Authentication Bypass (0)
06-18: Email-Worm.Win32.Kipis.a Code Execution (0)
06-18: Online Shopping Portal 3.1 Shell Upload (0)
06-18: Workspace ONE Intelligent Hub 20.3.8.0 Unquoted Service Path (0)
06-18: Trojan.Win32.Alien.erf Denial Of Service (0)
06-18: Zoho ManageEngine ServiceDesk Plus 9.4 User Enumeration (0)
06-18: VX Search 13.5.28 Unquoted Service Path (0)
06-18: VeryFitPro 3.2.8 Insecure Transit (0)
06-18: Samsung NPU npu_session_format Out-Of-Bounds Write (0)
06-18: Unified Office Total Connect Now 1.0 SQL Injection (0)
06-18: Trojan.Win32.Alien.erf Buffer Overflow (0)
06-18: Dup Scout 13.5.28 Unquoted Service Path (0)
06-18: Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution (0)
06-18: Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution (0)
06-18: Windows Kerberos AppContainer Enterprise Authentication Capability Bypass (0)
06-18: Windows Kerberos AppContainer Enterprise Authentication Capability Bypass (0)
06-18: http://dnprg15.dnp.go.th (0)
06-18: [webapps] Node.JS – 'node-serialize' Remote Code Execution (3) (0)
06-18: [remote] Dlink DSL2750U – 'Reboot' Command Injection (0)
06-18: [webapps] ICE Hrm 29.0.0.OS – 'xml upload' Stored Cross-Site Scripting (XSS) (0)
06-18: [webapps] ICE Hrm 29.0.0.OS – 'Account Takeover' Cross-Site Request Forgery (CSRF) (0)
06-18: [webapps] ICE Hrm 29.0.0.OS – 'Account Takeover' Cross-Site Scripting and Session Fixation (0)
06-17: http://www.bantako.go.th (0)
06-17: [webapps] Online Shopping Portal 3.1 – Remote Code Execution (Unauthenticated) (0)
06-17: [webapps] Zoho ManageEngine ServiceDesk Plus MSP 9.4 – User Enumeration (0)
06-17: [local] VX Search 13.5.28 – 'Multiple' Unquoted Service Path (0)
06-17: [local] Dup Scout 13.5.28 – 'Multiple' Unquoted Service Path (0)
06-17: [local] Sync Breeze 13.6.18 – 'Multiple' Unquoted Service Path (0)
06-17: [local] Disk Savvy 13.6.14 – 'Multiple' Unquoted Service Path (0)
06-17: [local] Workspace ONE Intelligent Hub 20.3.8.0 – 'VMware Hub Health Monitoring Service' Unquoted Service Path (0)
06-17: [webapps] Unified Office Total Connect Now 1.0 – 'data' SQL Injection (0)
06-16: SysGauge 7.9.18 Unquoted Service Path (0)
06-16: SAP Solution Manager 7.2 (ST 720) Open Redirection (0)
06-16: Sami HTTP Server 2.0 Denial Of Service (0)
06-16: Brother BRAgent 1.38 Unquoted Service Path (0)
06-16: Online Library Management System 2.0 Cross Site Request Forgery (0)
06-16: Polkit 0.105-26 0.117-2 Privilege Escalation (0)
06-16: XML External Entity Via MP3 File Upload On WordPress (0)
06-16: Brother BRPrint Auditor 3.0.7 Unquoted Service Path (0)
06-16: HashiCorp Nomad Remote Command Execution (0)
06-16: IPFire 2.25 Remote Code Execution (0)
06-16: Client Management System 1.1 Cross Site Scripting (0)
06-16: Client Management System 1.1 SQL Injection (0)
06-16: SAP Netweaver JAVA 7.50 Missing Authorization (0)
06-16: http://www.banyanglocal.go.th (0)
06-16: http://www.nongchaisri.go.th (0)
06-16: [local] Disk Sorter Server 13.6.12 – 'Disk Sorter Server' Unquoted Service Path (0)
06-16: [local] DiskPulse 13.6.14 – 'Multiple' Unquoted Service Path (0)
06-15: SAP Netweaver JAVA 7.50 Missing Authorization (0)
06-15: Spy Emergency 25.0.650 Unquoted Service Path (0)
06-15: PCMan FTP Server 2.0.7 Denial Of Service (0)
06-15: Notex The Best Notes 6.4 Denial Of Service (0)
06-15: Post-it 5.0.1 Denial Of Service (0)
06-15: Secure Notepad Private Notes 3.0.3 Denial Of Service (0)
06-15: Backdoor.Win32.VB.pld Insecure Transit (0)
06-15: WibuKey Runtime 6.51 Unquoted Service Path (0)
06-15: KnFTP Server 1.0.0 Denial Of Service (0)
06-15: OpenEMR 5.0.1.3 Shell Upload (0)
06-15: COVID-19 Testing Management System 1.0 Cross Site Scripting (0)
06-15: Backdoor.Win32.Pazus.18 Authentication Bypass / Code Execution (0)
06-15: Accela Civic Platform 21.1 Cross Site Scripting / Open Redirection (0)
06-15: Accela Civic Platform 21.1 Insecure Direct Object Reference (0)
06-15: GLPI 9.4.5 Remote Code Execution (0)
06-15: Backdoor.Win32.Zombam.gen Information Disclosure (0)
06-15: Stock Management System 1.0 SQL Injection (0)
06-15: Small CRM 3.0 SQL Injection (0)
06-15: TextPattern CMS 4.8.7 Remote Command Execution (0)
06-15: Backdoor.Win32.VB.pld Code Execution (0)
06-15: ChromeOS arc-obb-mounter Missing Path Restriction (0)
06-15: https://www.nk.go.th/galau.html (0)
06-15: [local] Brother BRAgent 1.38 – 'WBA_Agent_Client' Unquoted Service Path (0)
06-15: [webapps] Client Management System 1.1 – 'Search' SQL Injection (0)
06-15: [webapps] Client Management System 1.1 – 'username' Stored Cross-Site Scripting (XSS) (0)
06-15: [local] SysGauge 7.9.18 – ' SysGauge Server' Unquoted Service Path (0)
06-15: [local] Brother BRPrint Auditor – 'Multiple' Unquoted Service Path (0)
06-14: ChromeOS arc-obb-mounter Missing Path Restriction (0)
06-14: [webapps] Accela Civic Platform 21.1 – 'successURL' Cross-Site-Scripting (XSS) (0)
06-14: [dos] Post-it 5.0.1 – Denial of Service (PoC) (0)
06-14: [dos] Notex the best notes 6.4 – Denial of Service (PoC) (0)
06-14: [webapps] Accela Civic Platform 21.1 – 'contactSeqNumber' Insecure Direct Object References (IDOR) (0)
06-14: [webapps] GLPI 9.4.5 – Remote Code Execution (RCE) (0)
06-14: [dos] Secure Notepad Private Notes 3.0.3 – Denial of Service (PoC) (0)
06-14: [local] WibuKey Runtime 6.51 – 'WkSvW32.exe' Unquoted Service Path (0)
06-14: [webapps] OpenEMR 5.0.1.3 – 'manage_site_files' Remote Code Execution (Authenticated) (0)
06-14: [webapps] TextPattern CMS 4.8.7 – Remote Command Execution (Authenticated) (0)
06-14: [local] Spy Emergency 25.0.650 – 'Multiple' Unquoted Service Path (0)
06-14: [webapps] Stock Management System 1.0 – 'user_id' Blind SQL injection (Authenticated) (0)
06-14: [webapps] Small CRM 3.0 – 'Authentication Bypass' SQL Injection (0)
06-14: [webapps] COVID19 Testing Management System 1.0 – 'State' Stored Cross-Site-Scripting (XSS) (0)
06-12: Solar-Log 500 2.8.2 Incorrect Access Control (0)
06-12: Solar-Log 500 2.8.2 Password Disclosure (0)
06-12: Ability FTP Server 2.34 Denial Of Service (0)
06-12: Microsoft SharePoint Server 16.0.10372.20060 Server-Side Request Forgery (0)
06-12: Cerberus FTP Web Service 11 Cross Site Scripting (0)
06-12: Zenario CMS 8.8.52729 SQL Injection (0)
06-12: WoWonder Social Network Platform 3.1 Authentication Bypass (0)
06-12: Backdoor.Win32.Zombam.gen Cross Site Scripting (0)
06-12: Backdoor.Win32.Zombam.gen Code Execution (0)
06-12: OpenEMR 5.0.0 Remote Shell Upload (0)
06-12: Grocery Crud 1.6.4 SQL Injection (0)
06-12: WordPress Database Backups 1.2.2.6 Cross Site Request Forgery (0)
06-12: Backdoor.Win32.Zombam.gen Buffer Overflow (0)
06-12: Accela Civic Platorm 21.1 Cross Site Scripting (0)
06-12: NetSetManPro 4.7.2 Privilege Escalation (0)
06-11: NetSetManPro 4.7.2 Privilege Escalation (0)
06-11: http://www.pakchongcity.go.th/ind.html (0)
06-11: [webapps] OpenEMR 5.0.0 – Remote Code Execution (Authenticated) (0)
06-11: [webapps] Microsoft SharePoint Server 16.0.10372.20060 – 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF) (0)
06-11: [webapps] Cerberus FTP Web Service 11 – 'svg' Stored Cross-Site Scripting (XSS) (0)
06-11: [webapps] Accela Civic Platform 21.1 – 'servProvCode' Cross-Site-Scripting (XSS) (0)
06-10: n+otes 1.6.2 Denial Of Service (0)
06-10: Sticky Notes Widget 3.0.6 Denial Of Service (0)
06-10: EasyFTP Server 1.7.0.11 Denial Of Service (0)
06-10: memono Notepad 4.2 Denial Of Service (0)
06-10: TextPattern CMS 4.8.7 Cross Site Scripting (0)
06-10: Student Result Management System 1.0 SQL Injection (0)
06-10: GravCMS 1.10.7 Arbitrary YAML Write / Update (0)
06-10: NSClient++ 0.5.2.35 Remote Code Execution (0)
06-10: [dos] n+otes 1.6.2 – Denial of Service (PoC) (0)
06-10: [dos] Sticky Notes Widget Version 3.0.6 – Denial of Service (PoC) (0)
06-10: [local] memono Notepad Version 4.2 – Denial of Service (PoC) (0)
06-10: [webapps] Student Result Management System 1.0 – 'class' SQL Injection (0)
06-10: [webapps] TextPattern CMS 4.8.7 – Stored Cross-Site Scripting (XSS) (0)
06-09: Backdoor.Win32.Wuca.nz Insecure Permissions (0)
06-09: Intelbras Router RF 301K Cross Site Request Forgery (0)
06-09: OpenCart 3.0.3.7 Cross Site Request Forgery (0)
06-09: Backdoor.Win32.XRat.d Code Execution (0)
06-09: FreeFloat FTP Server 1.0 Denial Of Service (0)
06-09: WordPress Visitors-App 0.3 Cross Site Scripting (0)
06-09: Internet Explorer jscript9.dll Memory Corruption (0)
06-09: [webapps] WordPress Plugin visitors-app 0.3 – 'user-agent' Stored Cross-Site Scripting (XSS) (0)
06-09: [webapps] OpenCart 3.0.3.7 – 'Change Password' Cross-Site Request Forgery (CSRF) (0)
06-09: [webapps] OpenCart 3.0.3.6 – 'subject' Stored Cross-Site Scripting (0)
06-09: [webapps] Intelbras Router RF 301K – 'DNS Hijacking' Cross-Site Request Forgery (CSRF) (0)
06-08: Trojan-Dropper.Win32.Googite.a Unauthenticated Open Proxy (0)
06-08: NBMonitor 1.6.8 Denial Of Service (0)
06-08: Nsauditor 3.2.3 Denial Of Service (0)
06-08: Backup Key Recovery 2.2.7 Denial Of Service (0)
06-08: SAMI FTP Server 2.0.2 Denial Of Service (0)
06-08: WordPress wpDiscuz 7.0.4 Remote Code Execution (0)
06-08: COVID-19 Testing Management System 1.0 SQL Injection (0)
06-08: Trojan-Dropper.Win32.Googite.a Unauthenticated Open Proxy (0)
06-08: [webapps] WordPress Plugin wpDiscuz 7.0.4 – Remote Code Execution (Unauthenticated) (0)
06-08: [dos] Nsauditor 3.2.3 – Denial of Service (PoC) (0)
06-08: [local] Backup Key Recovery 2.2.7 – Denial of Service (PoC) (0)
06-08: [dos] NBMonitor 1.6.8 – Denial of Service (PoC) (0)
06-07: WordPress Smart Slider-3 3.5.0.8 Cross Site Scripting (0)
06-07: WordPress wpDiscuz 7.0.4 Shell Upload (0)
06-07: Backdoor.Win32.Neakse.bit Insecure Permissions (0)
06-07: Grav CMS 1.7.10 Server-Side Template Injection (0)
06-07: Sticky Notes And Color Widgets 1.4.2 Denial Of Service (0)
06-07: Backdoor.Win32.Wollf.12 Code Execution (0)
06-07: OptiLink ONT1GEW GPON 2.1.11_X101 Remote Code Execution (0)
06-07: IcoFX 2.6 Buffer Overflow (0)
06-07: Rocket.Chat 3.12.1 NoSQL Injection / Code Execution (0)
06-07: [webapps] Wordpress Plugin wpDiscuz 7.0.4 – Arbitrary File Upload (Unauthenticated) (0)
06-07: [webapps] Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated) (0)
06-07: [webapps] Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated) (0)
06-07: [local] IcoFX 2.6 – '.ico' Buffer Overflow SEH + DEP Bypass using JOP (0)
06-07: [webapps] WordPress Plugin Smart Slider-3 3.5.0.8 – 'name' Stored Cross-Site Scripting (XSS) (0)
06-07: [webapps] OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 – Remote Code Execution (Authenticated) (0)
06-07: [dos] Sticky Notes & Color Widgets 1.4.2 – Denial of Service (PoC) (0)
06-05: FileCOPA FTP Server 1.01 Denial Of Service (0)
06-05: HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration (0)
06-05: HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover (0)
06-05: HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover (0)
06-04: Notepad Notes 2.6.7 Denial Of Service (0)
06-04: Blacknote 2.2.1 Denial Of Service (0)
06-04: BasicNote 1.1.9 Denial Of Service (0)
06-04: PHP 8.1.0-dev User-Agentt Remote Code Execution (0)
06-04: CHIYU IoT Telnet Authentication Bypass (0)
06-04: CHIYU IoT Denial Of Service (0)
06-04: FUDForum 3.1.0 Cross Site Scripting (0)
06-04: 4Images 1.8 Cross Site Scripting (0)
06-04: Gitlab 13.9.3 Remote Code Execution (0)
06-04: Gstreamer Matroska Demuxing Use-After-Free (0)
06-04: VMware ESXi OpenSLP Heap Overflow (0)
06-04: Cisco SD-WAN vManage 19.2.2 Remote Root (0)
06-04: Exim base64d Buffer Overflow (0)
06-04: Microsoft RDP Remote Code Execution (0)
06-04: Color Notes 1.4 Denial Of Service (0)
06-04: Macaron Notes Great Notebook 5.5 Denial Of Service (0)
06-04: My Notes Safe 5.3 Denial Of Service (0)
06-04: Inkpad Notepad And To Do List 4.3.61 Denial Of Service (0)
06-04: Monstra CMS 3.0.4 Remote Code Execution (0)
06-04: Gitlab 13.10.2 Remote Code Execution (0)
06-04: Backdoor.Win32.Androm.df Code Execution (0)
06-04: QT TIFF Processing Heap Overflow (0)
06-04: Chrome Legacy ipc::Message Passed Via Shared Memory (0)
06-04: SuiteCRM Log File Remote Code Execution (0)
06-04: Cisco HyperFlex HX Data Platform Command Execution (0)
06-04: [dos] My Notes Safe 5.3 – Denial of Service (PoC) (0)
06-04: [dos] Macaron Notes great notebook 5.5 – Denial of Service (PoC) (0)
06-04: [dos] Color Notes 1.4 – Denial of Service (PoC) (0)
06-04: [dos] Inkpad Notepad & To do list 4.3.61 – Denial of Service (PoC) (0)
06-04: [webapps] Gitlab 13.10.2 – Remote Code Execution (Authenticated) (0)
06-04: [webapps] Monstra CMS 3.0.4 – Remote Code Execution (Authenticated) (0)
06-03: Microsoft RDP Remote Code Execution (0)
06-03: GetSimple CMS 3.3.4 Information Disclosure (0)
06-03: Apache Airflow 1.10.10 Remote Code Execution (0)
06-03: Intel Audio Service 01.00.1080.0 Unquoted Service Path (0)
06-03: Products.PluggableAuthService 2.6.0 Open Redirect (0)
06-03: Backdoor.Win32.Delf.acz Buffer Overflow (0)
06-03: Seo Panel 4.8.0 Cross Site Scripting (0)
06-03: Thecus N4800Eco Command Injection (0)
06-03: Cacti 1.2.12 SQL Injection / Remote Command Execution (0)
06-03: [webapps] FUDForum 3.1.0 – 'author' Reflected XSS (0)
06-03: [dos] Blacknote 2.2.1 – Denial of Service (PoC) (0)
06-03: [dos] Notepad notes 2.6.7 – Denial of Service (PoC) (0)
06-03: [dos] ColorNote 4.1.9 – Denial of Service (PoC) (0)
06-03: [webapps] CHIYU IoT Devices – Denial of Service (DoS) (0)
06-03: [dos] BasicNote 1.1.9 – Denial of Service (PoC) (0)
06-03: [webapps] Seo Panel 4.8.0 – 'from_time' Reflected XSS (0)
06-03: [remote] CHIYU IoT Devices – 'Telnet' Authentication Bypass (0)
06-03: [webapps] FUDForum 3.1.0 – 'srch' Reflected XSS (0)
06-03: [webapps] PHP 8.1.0-dev – 'User-Agentt' Remote Code Execution (0)
06-02: Cacti 1.2.12 SQL Injection / Remote Command Execution (0)
06-02: Postbird 0.8.4 XSS / LFI / Insecure Data Storage (0)
06-02: Packet Storm New Exploits For May, 2021 (0)
06-02: Veyon 4.4.1 Unquoted Service Path (0)
06-02: DupTerminator 1.4.5639.37199 Denial Of Service (0)
06-02: Backdoor.Win32.Wisell Code Execution (0)
06-02: LogonTracer 1.2.0 Remote Code Execution (0)
06-02: WordPress WP Prayer 1.6.1 Cross Site Scripting (0)
06-02: CHIYU TCP/IP Converter CRLF Injection (0)
06-02: CHIYU IoT Cross Site Scripting (0)
06-02: Atlassian Jira 8.15.0 Username Enumeration (0)
06-02: Backdoor.Win32.NetSpy.10 Heap Corruption (0)
06-02: Ubee EVW327 Cross Site Request Forgery (0)
06-02: ProjeQtOr Project Management 9.1.4 Shell Upload (0)
06-02: Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication (0)
06-02: http://www.chiangmaiarea1.go.th/pwn.txt (0)
06-02: [webapps] Seo Panel 4.8.0 – 'search_name' Reflected XSS (0)
06-02: [webapps] Products.PluggableAuthService 2.6.0 – Open Redirect (0)
06-02: [local] Intel(R) Audio Service x64 01.00.1080.0 – 'IntelAudioService' Unquoted Service Path (0)
06-02: [webapps] Thecus N4800Eco Nas Server Control Panel – Comand Injection (0)
06-02: [webapps] GetSimple CMS 3.3.4 – Information Disclosure (0)
06-02: [webapps] Apache Airflow 1.10.10 – 'Example Dag' Remote Code Execution (0)
06-01: Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication (0)
06-01: Trojan.Win32.Scar.dulk Insecure Permissions (0)
06-01: Backdoor.Win32.NerTe.772 Authentication Bypass / Code Execution (0)
06-01: Backdoor.Win32.NerTe.772 Code Execution (0)
06-01: Backdoor.Win32.Netbus.12 Information Disclosure (0)
06-01: Backdoor.Win32.NetControl2.293 Code Execution (0)
06-01: Backdoor.Win32.Whirlpool.a Buffer Overflow (0)
06-01: PHP 8.1.0-dev Backdoor Remote Command Execution (0)
06-01: Ubuntu OverlayFS Local Privilege Escalation (0)
06-01: Backdoor.Win32.WinShell.a Code Execution (0)
06-01: IPS Community Suite 4.5.4.2 PHP Code Injection (0)
06-01: http://watluanglocal.go.th (0)
06-01: [webapps] ProjeQtOr Project Management 9.1.4 – Remote Code Execution (0)
06-01: [webapps] CHIYU TCP/IP Converter devices – CRLF injection (0)
06-01: [webapps] CHIYU IoT devices – 'Multiple' Cross-Site Scripting (XSS) (0)
06-01: [webapps] WordPress Plugin WP Prayer version 1.6.1 – 'prayer_messages' Stored Cross-Site Scripting (XSS) (Authenticated) (0)
06-01: [webapps] Ubee EVW327 – 'Enable Remote Access' Cross-Site Request Forgery (CSRF) (0)
06-01: [dos] DupTerminator 1.4.5639.37199 – Denial of Service (PoC) (0)
06-01: [webapps] LogonTracer 1.2.0 – Remote Code Execution (Unauthenticated) (0)

May 2021 (332)

05-31: IPS Community Suite 4.5.4.2 PHP Code Injection (0)
05-29: Selenium 3.141.59 Remote Code Execution (0)
05-29: WordPress LifterLMS 4.21.0 Cross Site Scripting (0)
05-29: PHPFusion 9.03.50 Remote Code Execution (0)
05-29: Trixbox 2.8.0.4 Path Traversal (0)
05-29: Trixbox 2.8.0.4 Remote Code Execution (0)
05-28: Trixbox 2.8.0.4 Remote Code Execution (0)
05-28: Postbird 0.8.4 Cross Site Scripting / Local File Inclusion (0)
05-28: QT PNG ICC Processing Out-Of-Bounds Read (0)
05-28: Pandora FMS 6.0SP3 Cross Site Scripting (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write (0)
05-28: CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account (0)
05-28: http://nongwalocal.go.th/pun10.html (0)
05-28: http://sanhai.go.th/pun10.html (0)
05-28: http://sobkhong.go.th/pun10.html (0)
05-28: http://maiya.go.th/pun10.html (0)
05-28: http://doitao.go.th/pun10.html (0)
05-28: http://maesamlab.go.th/pun10.html (0)
05-28: http://faikaewnan.go.th/pun10.html (0)
05-28: http://hongsaeng.go.th/pun10.html (0)
05-28: http://dutai.go.th/pun10.html (0)
05-28: [webapps] Selenium 3.141.59 – Remote Code Execution (Firefox/geckodriver) (0)
05-28: [webapps] Trixbox 2.8.0.4 – 'lang' Path Traversal (0)
05-28: [webapps] Trixbox 2.8.0.4 – 'lang' Remote Code Execution (Unauthenticated) (0)
05-28: [webapps] PHPFusion 9.03.50 – Remote Code Execution (0)
05-28: [webapps] WordPress Plugin LifterLMS 4.21.0 – Stored Cross-Site Scripting (XSS) (0)
05-27: https://www.doa.go.th/th/luv.htm (0)
05-27: CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account (0)
05-27: RarmaRadio 2.72.8 Denial Of Service (0)
05-27: Codiad 2.8.4 Shell Upload (0)
05-27: ProFTPd 1.3.5 Remote Command Execution (0)
05-27: Nagios XI / Fusion Privilege Escalation / Cross Site Scripting / Code Execution (0)
05-27: Pluck CMS 4.7.13 Remote Shell Upload (0)
05-27: i-doit 1.15.2 Cross Site Scripting (0)
05-27: nginx 1.20.0 DNS Resolver Off-By-One Heap Write (0)
05-27: Apple Security Advisory 2021-05-25-4 (0)
05-27: Apple Security Advisory 2021-05-25-3 (0)
05-27: Apple Security Advisory 2021-05-25-8 (0)
05-27: Apple Security Advisory 2021-05-25-1 (0)
05-27: Apple Security Advisory 2021-05-25-5 (0)
05-27: Apple Security Advisory 2021-05-25-7 (0)
05-27: Apple Security Advisory 2021-05-25-2 (0)
05-27: Apple Security Advisory 2021-05-25-6 (0)
05-27: nginx 1.20.0 DNS Resolver Off-By-One Heap Write (0)
05-27: [webapps] Postbird 0.8.4 – Javascript Injection (0)
05-26: Gadget Works Online Ordering System 1.0 Cross Site Scripting (0)
05-26: WordPress Cookie Law Bar 1.2.1 Cross Site Scripting (0)
05-26: QT TIFF Processing Out-Of-Bounds Read (0)
05-26: [webapps] Pluck CMS 4.7.13 – File Upload Remote Code Execution (Authenticated) (0)
05-26: [webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (3) (0)
05-26: [remote] ProFTPd 1.3.5 – 'mod_copy' Remote Command Execution (2) (0)
05-26: [dos] RarmaRadio 2.72.8 – Denial of Service (PoC) (0)
05-25: QT TIFF Processing Out-Of-Bounds Read (0)
05-25: Backdoor.Win32.Singu.a Buffer Overflow (0)
05-25: Backdoor.Win32.SkyDance.216 Buffer Overflow (0)
05-25: DiskBoss Service 12.2.18 Unquoted Service Path (0)
05-25: ePowerSvc 6.0.3008.0 Unquoted Service Path (0)
05-25: D-Link DWR-710 Missing Validation (0)
05-25: WordPress ReDi Restaurant Reservation 21.0307 Cross Site Scripting (0)
05-25: Backdoor.Win32.Spirit.12.b Insecure Permissions (0)
05-25: Backdoor.Win32.Upload.a Denial Of Service (0)
05-25: iDailyDiary 4.30 Denial Of Service (0)
05-25: Shopizer 2.16.0 Cross Site Scripting (0)
05-25: PHP 8.1.0-dev Backdoor Remote Command Injection (0)
05-25: Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal (0)
05-25: Backdoor.Win32.Spion4 Insecure Transit (0)
05-25: Codiad 2.8.4 Remote Code Execution (0)
05-25: Backdoor.Win32.Tonerok.d Code Execution (0)
05-25: http://nueaklong.go.th (0)
05-25: [webapps] Gadget Works Online Ordering System 1.0 – 'Category' Persistent Cross-Site Scripting (XSS) (0)
05-25: [webapps] WordPress Plugin Cookie Law Bar 1.2.1 – 'clb_bar_msg' Stored Cross-Site Scripting (XSS) (0)
05-24: Backdoor.Win32.Tonerok.d Code Execution (0)
05-24: [local] DiskBoss Service 12.2.18 – 'diskbsa.exe' Unquoted Service Path (0)
05-24: [dos] iDailyDiary 4.30 – Denial of Service (PoC) (0)
05-24: [webapps] Schlix CMS 2.2.6-6 – Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated) (0)
05-23: http://kshos.go.th/readme.html (0)
05-23: http://wihanhosp.go.th/readme.html (0)
05-22: Mozilla Firefox 88.0.1 File Extension Execution (0)
05-22: Microsoft Exchange ProxyLogon Collector (0)
05-22: libX11 Insufficient Length Check / Injection (0)
05-22: WordPress WP Statistics 13.0.7 SQL Injection (0)
05-22: DELL dbutil_2_3.sys 2.3 Arbitrary Write / Privilege Escalation (0)
05-21: DELL dbutil_2_3.sys 2.3 Arbitrary Write / Privilege Escalation (0)
05-21: ASUS HID Access Service 1.0.94.0 Unquoted Service Path (0)
05-21: Microsoft HTTP Protocol Stack Remote Code Execution (0)
05-21: Acer Backup Manager Module 3.0.0.99 Unquoted Service Path (0)
05-21: Acer Updater Service 1.2.3500.0 Unquoted Service Path (0)
05-21: Spotweb-Develop 1.4.9 Cross Site Scripting (0)
05-21: Spotweb-Develop 1.4.9 Cross Site Scripting (0)
05-21: [webapps] Microsoft Exchange 2019 – Unauthenticated Email Download (Metasploit) (0)
05-21: [local] DELL dbutil_2_3.sys 2.3 – Arbitrary Write to Local Privilege Escalation (LPE) (0)
05-21: [webapps] Spotweb 1.4.9 – DOM Based Cross-Site Scripting (XSS) (0)
05-21: [local] Mozilla Firefox 88.0.1 – File Extension Execution of Arbitrary Code (0)
05-20: 4 Vulnerabilities Under Attack Give Hackers Full Control Of Android Devices (0)
05-20: WordPress Stop Spammers 2021.8 Cross Site Scripting (0)
05-20: COVID19 Testing Management System 1.0 SQL Injection (0)
05-20: COVID19 Testing Management System 1.0 Cross Site Scripting (0)
05-20: WebSSH For iOS 14.16.10 Denial Of Service (0)
05-20: Visual Studio Code 1.47.1 Denial Of Service (0)
05-20: In4Suit ERP 3.2.74.1370 SQL Injection (0)
05-20: ManageEngine ADSelfService Plus 6.1 CSV Injection (0)
05-20: Backdoor.Win32.Psychward.c Code Execution (0)
05-20: Backdoor.Win32.Psychward.ds Weak Hardcoded Password (0)
05-20: Backdoor.Win32.RMFdoor.c Authentication Bypass / Code Execution (0)
05-20: [local] Acer Updater Service 1.2.3500.0 – 'UpdaterService.exe' Unquoted Service Path (0)
05-20: [local] Backup Manager Module 3.0.0.99 – 'IScheduleSvc.exe' Unquoted Service Path (0)
05-20: [local] ASUS HID Access Service 1.0.94.0 – 'AsHidSrv.exe' Unquoted Service Path (0)
05-19: Backdoor.Win32.RMFdoor.c Authentication Bypass / Code Execution (0)
05-19: Backdoor.Win32.DarkMoon.a Weak Hardcoded Password (0)
05-19: Backdoor.Win32.DarkMoon.a Insecure Transit (0)
05-19: EgavilanMedia PHPCRUD 1.0 SQL Injection (0)
05-19: Microsoft Exchange 2019 Unauthenticated Email Download (0)
05-19: Backdoor.Win32.Delf.aez Code Execution (0)
05-19: NetMotion Mobility Server MvcUtil Java Deserialization (0)
05-19: NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery (0)
05-19: Microsoft ACL Shortcomings (0)
05-19: rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution (0)
05-19: rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution (0)
05-19: [webapps] ManageEngine ADSelfService Plus 6.1 – CSV Injection (0)
05-19: [webapps] In4Suit ERP 3.2.74.1370 – 'txtLoginId' SQL injection (0)
05-19: [dos] WebSSH for iOS 14.16.10 – 'mashREPL' Denial of Service (PoC) (0)
05-19: [local] Visual Studio Code 1.47.1 – Denial of Service (PoC) (0)
05-19: [webapps] WordPress Plugin Stop Spammers 2021.8 – 'log' Reflected Cross-site Scripting (XSS) (0)
05-18: Customer Relationship Management System 1.0 Cross Site Scripting (0)
05-18: Backdoor.Win32.Delf.abb Insecure Transit (0)
05-18: Simple Chatbot Application 1.0 Cross Site Scripting (0)
05-18: Backdoor.Win32.Agent.cy Hardcoded Credentials (0)
05-18: Microsoft Internet Explorer 8 SetMouseCapture Use-After-Free (0)
05-18: Backdoor.Win32.Agent.cy Insecure Transit (0)
05-18: Backdoor.Win32.Agent.cy Denial Of Service / Null Pointer (0)
05-18: Billing Management System 2.0 SQL Injection (0)
05-18: Printable Staff ID Card Creator System 1.0 Shell Upload / SQL Injection (0)
05-18: Subrion CMS 4.2.1 Shell Upload (0)
05-18: Backdoor.Win32.Agent.lyw Buffer Overflow (0)
05-18: Backdoor.Win32.Danton.43 Code Execution / Hardcoded Credentials (0)
05-18: Dental Clinic Appointment Reservation System 1.0 Cross Site Scripting (0)
05-18: Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery (0)
05-18: Backdoor.Win32.Danton.43 Man-In-The-Middle (0)
05-18: Backdoor.Win32.Agent.oda Buffer Overflow (0)
05-18: Advanced Guestbook 2.4.4 Cross Site Scripting (0)
05-18: Backdoor.Win32.Antilam.14.d Code Execution (0)
05-18: IPFire 2.25 Remote Code Execution (0)
05-18: Dell DBUtil_2_3.sys IOCTL Memory Read / Write (0)
05-18: Microsoft Windows TokenMagic Privilege Escalation (0)
05-18: [webapps] Microsoft Exchange 2019 – Unauthenticated Email Download (0)
05-18: [webapps] EgavilanMedia PHPCRUD 1.0 – 'First Name' SQL Injection (0)
05-17: http://nongplasawai.go.th/pun10.html (0)
05-17: http://makhueajae.go.th/pun10.html (0)
05-17: http://paphai.go.th/pun10.html (0)
05-17: http://padad.go.th/pun10.html (0)
05-17: http://mokjumpae.go.th/pun10.html (0)
05-17: http://songkwae.go.th/pun10.html (0)
05-17: http://pongyeang.go.th/pun10.html (0)
05-17: http://thawangthong.go.th/pun10.html (0)
05-17: http://soongnern.go.th/pun10.html (0)
05-17: http://thakhamlocal.go.th/pun10.html (0)
05-17: http://thaduea.go.th/pun10.html (0)
05-17: http://bantanlocal.go.th/pun10.html (0)
05-17: http://tontong.go.th/pun10.html (0)
05-17: http://banmanglocal.go.th/pun10.html (0)
05-17: http://donpao.go.th/pun10.html (0)
05-17: http://tungpheesao.go.th/pun10.html (0)
05-17: http://wiangnuepai.go.th/pun10.html (0)
05-17: http://kudlad.go.th/pun10.html (0)
05-17: http://hangdonghod.go.th/pun10.html (0)
05-17: http://paisali.go.th/pun10.html (0)
05-17: [webapps] Dental Clinic Appointment Reservation System 1.0 – Cross Site Request Forgery (Add Admin) (0)
05-17: [webapps] Dental Clinic Appointment Reservation System 1.0 – 'Firstname' Persistent Cross Site Scripting (Authenticated) (0)
05-17: [webapps] IPFire 2.25 – Remote Code Execution (Authenticated) (0)
05-17: [webapps] Customer Relationship Management (CRM) System 1.0 – 'Category' Persistent Cross site Scripting (0)
05-15: Chamilo LMS 1.11.14 Remote Code Execution (0)
05-15: Podcast Generator 3.1 Cross Site Scripting (0)
05-15: Student Management System 1.0 Cross Site Scripting (0)
05-15: Chrome Array Transfer Bypass (0)
05-14: ZeroShell 3.9.0 Remote Command Execution (0)
05-14: Dental Clinic Appointment Reservation System 1.0 SQL Injection (0)
05-14: OpenPLC WebServer 3 Remote Code Execution (0)
05-14: ScadaBR 1.0 / 1.1CE Linux Shell Upload (0)
05-14: Microsoft Internet Explorer 8/11 Use-After-Free (0)
05-14: ScadaBR 1.0 / 1.1CE Windows Shell Upload (0)
05-14: Firefox 72 IonMonkey JIT Type Confusion (0)
05-14: Internet Explorer jscript9.dll Memory Corruption (0)
05-14: http://www.phafaek.go.th (0)
05-14: [webapps] Chamilo LMS 1.11.14 – Remote Code Execution (Authenticated) (0)
05-14: [webapps] Podcast Generator 3.1 – 'Long Description' Persistent Cross-Site Scripting (XSS) (0)
05-14: [webapps] Student Management System 1.0 – 'message' Persistent Cross-Site Scripting (Authenticated) (0)
05-13: Hexagon G!nius Auskunftsportal SQL Injection (0)
05-13: Customer Relationship Management (CRM) System 1.0 SQL Injection (0)
05-13: Customer Relationship Management (CRM) System 1.0 Cross Site Scripting (0)
05-13: Customer Relationship Management (CRM) System 1.0 Shell Upload (0)
05-13: Odoo 12.0.20190101 Unquoted Service Path (0)
05-13: Splinterware System Scheduler Professional 5.30 Unquoted Service Path (0)
05-13: Android NFC nfa_rw_sys_disable Type Confusion (0)
05-13: Chevereto 3.17.1 Cross Site Scripting (0)
05-13: Backdoor.Win32.Delf.zho Authentication Bypass / Code Execution (0)
05-13: Windows Container Manager Service CmsRpcSrv_CreateContainer Privilege Escalation (0)
05-13: Windows Container Manager Service CmsRpcSrv_MapVirtualDiskToContainer Privilege Escalation (0)
05-13: Windows Container Manager Service Arbitrary Object Directory Creation Privilege Escalation (0)
05-13: ExifTool DjVu ANT Perl Injection (0)
05-13: Windows Container Manager Service CmsRpcSrv_MapNamedPipeToContainer Privilege Escalation (0)
05-13: [local] Firefox 72 IonMonkey – JIT Type Confusion (0)
05-13: [local] Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' – Use-After-Free (0)
05-13: [webapps] ZeroShell 3.9.0 – Remote Command Execution (0)
05-13: [webapps] Dental Clinic Appointment Reservation System 1.0 – Authentication Bypass (SQLi) (0)
05-13: [webapps] Dental Clinic Appointment Reservation System 1.0 – 'date' UNION based SQL Injection (Authenticated) (0)
05-12: Hackers Leverage Adobe Zero Day Bug Impacting Adobe Reader (0)
05-12: https://thongfah.dit.go.th/idolsec.htm (0)
05-12: https://lowpricemap.dit.go.th/idolsec.htm (0)
05-12: https://blueflag.dit.go.th/idolsec.htm (0)
05-12: Splinterware System Scheduler Professional 5.30 Privilege Escalation (0)
05-12: Mozilla Windows Maintenance Service Weak DACL (0)
05-12: SIS-REWE GO 7.5.0/12C Cross Site Scripting (0)
05-12: ERPNext 12.18.0 / 13.0.0 SQL Injection (0)
05-12: ERPNext 12.18.0 / 13.0.0 Cross Site Scripting (0)
05-12: [webapps] Chevereto 3.17.1 – Cross Site Scripting (Stored) (0)
05-12: [local] Splinterware System Scheduler Professional 5.30 – Unquoted Service Path (0)
05-11: PHP Timeclock 1.04 Cross Site Scripting (0)
05-11: PHP Timeclock 1.04 SQL Injection (0)
05-11: DHCP Broadband 4.1.0.1503 Unquoted Service Path (0)
05-11: BOOTP Turbo 2.0.0.1253 Unquoted Service Path (0)
05-11: TFTP Broadband 4.3.0.1465 Unquoted Service Path (0)
05-11: Backdoor.Win32.MotivFTP.12 Authentication Bypass / Code Execution (0)
05-11: Backdoor.Win32.Antilam.13.a Code Execution (0)
05-11: Microweber CMS 1.1.20 Remote Code Execution (0)
05-11: Human Resource Information System 0.1 Cross Site Scripting (0)
05-11: OpenNetAdmin 18.1.1 Remote Command Execution (0)
05-11: AWS CloudShell Terminal Escape Injection / Remote Code Execution (0)
05-11: http://www.bpp1.go.th//images/fighter.gif (0)
05-11: [local] Odoo 12.0.20190101 – 'nssm.exe' Unquoted Service Path (0)
05-10: [webapps] Microweber CMS 1.1.20 – Remote Code Execution (Authenticated) (0)
05-10: [webapps] PHP Timeclock 1.04 – 'Multiple' Cross Site Scripting (XSS) (0)
05-10: [local] TFTP Broadband 4.3.0.1465 – 'tftpt.exe' Unquoted Service Path (0)
05-10: [local] BOOTP Turbo 2.0.0.1253 – 'bootpt.exe' Unquoted Service Path (0)
05-10: [local] DHCP Broadband 4.1.0.1503 – 'dhcpt.exe' Unquoted Service Path (0)
05-10: [webapps] Human Resource Information System 0.1 – 'First Name' Persistent Cross-Site Scripting (Authenticated) (0)
05-08: http://www.manangdalam.go.th/ngenk.htm (0)
05-08: Sandboxie 5.49.7 Denial Of Service (0)
05-08: Sandboxie Plus 0.7.4 Unquoted Service Path (0)
05-08: Voting System 1.0 SQL Injection (0)
05-08: Human Resource Information System 0.1 Remote Code Execution (0)
05-08: Voting System 1.0 Shell Upload (0)
05-08: Android Memory Disclosure / Out-Of-Bounds Write / Double-Free (0)
05-08: WifiHotSpot 1.0.0.0 Unquoted Service Path (0)
05-08: Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation (0)
05-08: macOS Gatekeeper Check Bypass (0)
05-07: Trojan.Win32.Agent.xdtv Insecure Permissions (0)
05-07: Packed.Win32.Black.d Unauthenticated Open Proxy (0)
05-07: Trojan.Win32.Siscos.bqe Insecure Permissions (0)
05-07: Backdoor.Win32.Floder.gqe Insecure Permissions (0)
05-07: Backdoor.Win32.NinjaSpy.c Code Execution (0)
05-07: Anote 1.0 Cross Site Scripting / Code Execution (0)
05-07: Markright 1.0 Cross Site Scripting / Code Execution (0)
05-07: Markdown-Explorer 0.1.1 Cross Site Scripting / Code Execution (0)
05-07: Freeter 1.2.1 Cross Site Scripting / Code Execution (0)
05-07: Markdownify 1.2.0 Cross Site Scripting / Code Execution (0)
05-07: Moeditor 0.2.0 Cross Site Scripting / Code Execution (0)
05-07: SnipCommand 0.1.0 Cross Site Scripting / Code Execution (0)
05-07: StudyMD 0.3.2 Cross Site Scripting / Code Execution (0)
05-07: Marky 0.0.1 Cross Site Scripting / Code Execution (0)
05-07: Tagstoo 2.0.1 Cross Site Scripting / Code Execution (0)
05-07: Xmind 2020 Cross Site Scripting / Code Execution (0)
05-07: Schlix CMS 2.2.6-6 Cross Site Scripting (0)
05-07: Schlix CMS 2.2.6-6 Remote Code Execution (0)
05-07: WordPress WP Super Edit 2.5.4 Arbitrary File Upload (0)
05-07: b2evolution 7-2-2 SQL Injection (0)
05-07: [local] WifiHotSpot 1.0.0.0 – 'WifiHotSpotService.exe' Unquoted Service Path (0)
05-07: [dos] Sandboxie 5.49.7 – Denial of Service (PoC) (0)
05-07: [webapps] Voting System 1.0 – Authentication Bypass (SQLI) (0)
05-07: [local] Epic Games Easy Anti-Cheat 4.0 – Local Privilege Escalation (0)
05-07: [local] Sandboxie Plus 0.7.4 – 'SbieSvc' Unquoted Service Path (0)
05-06: Internship Portal Management System 1.0 Shell Upload (0)
05-06: Shenzhen Skyworth RN510 Buffer Overflow (0)
05-06: Human Resource Information System 1.0 Authentication Bypass / Account Creation (0)
05-06: Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting (0)
05-06: Shenzhen Skyworth RN510 Information Disclosure (0)
05-06: GravCMS 1.10.7 Remote Command Execution (0)
05-06: [webapps] Wordpress Plugin WP Super Edit 2.5.4 – Remote File Upload (0)
05-06: [webapps] Schlix CMS 2.2.6-6 – Remote Code Execution (Authenticated) (0)
05-06: [webapps] Schlix CMS 2.2.6-6 – 'title' Persistent Cross-Site Scripting (Authenticated) (0)
05-05: Apple Security Advisory 2021-05-03-2 (0)
05-05: Apple Security Advisory 2021-05-03-1 (0)
05-05: Apple Security Advisory 2021-05-03-4 (0)
05-05: Apple Security Advisory 2021-05-03-3 (0)
05-05: Packet Storm New Exploits For April, 2021 (0)
05-05: GetSimple CMS Custom JS 0.1 CSRF / XSS / Code Execution (0)
05-05: Voting System 1.0 SQL Injection (0)
05-05: TYPO3 6.2.1 SQL Injection (0)
05-05: Gadget Works Online Ordering System 1.0 SQL Injection (0)
05-05: Gadget Works Online Ordering System 1.0 SQL Injection / Code Execution (0)
05-05: GitLab Community Edition (CE) 13.10.3 User Enumeration (0)
05-05: Epic Games Rocket League 1.95 Insecure Permissions (0)
05-05: Epic Games Rocket League 1.95 Stack Buffer Overrun (0)
05-05: Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution (0)
05-05: IGEL OS Secure VNC/Terminal Command Injection (0)
05-05: [webapps] Anote 1.0 – XSS to RCE (0)
05-05: [webapps] Markdownify 1.2.0 – XSS to RCE (0)
05-05: [webapps] Savsoft Quiz 5 – 'User Account Settings' Persistent Cross-Site Scripting (0)
05-05: [webapps] Markright 1.0 – XSS to RCE (0)
05-05: [webapps] Freeter 1.2.1 – XSS to RCE (0)
05-05: [webapps] StudyMD 0.3.2 – XSS to RCE (0)
05-05: [webapps] Moeditor 0.2.0 – XSS to RCE (0)
05-05: [webapps] Marky 0.0.1 – XSS to RCE (0)
05-05: [webapps] Tagstoo 2.0.1 – Stored XSS to RCE (0)
05-05: [webapps] SnipCommand 0.1.0 – XSS to RCE (0)
05-05: [webapps] Markdown Explorer 0.1.1 – XSS to RCE (0)
05-05: [webapps] Xmind 2020 – XSS to RCE (0)
05-04: [webapps] Internship Portal Management System 1.0 – Remote Code Execution Via File Upload (Unauthenticated) (0)
05-03: [webapps] GitLab Community Edition (CE) 13.10.3 – 'Sign_Up' User Enumeration (0)
05-03: [webapps] Piwigo 11.3.0 – 'language' SQL (0)
05-03: [webapps] GetSimple CMS Custom JS 0.1 – CSRF to XSS to RCE (0)
05-03: [webapps] Voting System 1.0 – Time based SQLI (Unauthenticated SQL injection) (0)
05-02: http://pbn3.go.th/1877.html (0)
05-01: Microsoft SAFER Bypass (0)
05-01: HEUR.Trojan.Win32.Bayrob.gen Insecure Permissions (0)
05-01: Worm.Win32.Delf.hu Insecure Permissions (0)
05-01: Backdoor.Win32.Agent.ggw Authentication Bypass (0)
05-01: GNU wget Arbitrary File Upload / Code Execution (0)
05-01: Backdoor.Win32.Agent.gmug Heap Corruption (0)
05-01: Backdoor.Win32.Agent.kte Buffer Overflow (0)
05-01: Moodle 3.6.1 Cross Site Scripting (0)
05-01: Backdoor.Win32.Agent.oj Buffer Overflow (0)
05-01: Microsoft Windows UAC Privilege Escalation (0)
05-01: Backdoor.Win32.Agent.oj Code Execution (0)
05-01: Piwigo 11.3.0 SQL Injection (0)
05-01: OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting (0)
05-01: Micro Focus Operations Bridge Reporter shrboadmin Default Password (0)
05-01: Micro Focus Operations Bridge Reporter Unauthenticated Command Injection (0)

April 2021 (265)

04-30: Fog Project 1.5.9 Shell Upload (0)
04-30: Cacti 1.2.12 SQL Injection / Remote Code Execution (0)
04-30: NodeBB Emoji 3.2.1 Arbitrary FIle Write (0)
04-30: [webapps] Moodle 3.6.1 – Persistent Cross-Site Scripting (XSS) (0)
04-29: http://www.rb2.go.th/admin/pic_title/1700400107041202104171618608639.jpg (0)
04-29: Apple Security Advisory 2021-04-26-1 (0)
04-29: Apple Security Advisory 2021-04-26-2 (0)
04-29: Apple Security Advisory 2021-04-26-3 (0)
04-29: Apple Security Advisory 2021-04-26-4 (0)
04-29: Apple Security Advisory 2021-04-26-6 (0)
04-29: Apple Security Advisory 2021-04-26-5 (0)
04-29: Apple Security Advisory 2021-04-26-7 (0)
04-29: Apple Security Advisory 2021-04-26-8 (0)
04-29: Apple Security Advisory 2021-04-26-9 (0)
04-29: Apple Security Advisory 2021-04-26-10 (0)
04-29: Trojan-Dropper.Win32.Dycler.vrp Insecure Permissions (0)
04-29: Trojan-Dropper.Win32.Injector.aobl Insecure Permissions (0)
04-29: Kirby CMS 3.5.3.1 Cross Site Scripting (0)
04-29: Backdoor.Win32.Agent.afq Missing Authentication (0)
04-29: GitHub Missing Audit Logging (0)
04-29: Backdoor.Win32.Agent.afq Directory Traversal (0)
04-29: Backdoor.Win32.Agent.afq Heap Corruption (0)
04-29: Android NFC Stack Out-Of-Bounds Write (0)
04-29: PFSense 2.5.0 Cross Site Scripting (0)
04-29: [webapps] FOGProject 1.5.9 – File Upload RCE (Authenticated) (0)
04-29: [webapps] Cacti 1.2.12 – 'filter' SQL Injection / Remote Code Execution (0)
04-28: http://mhkpeo.go.th/er.php (0)
04-28: [webapps] Kirby CMS 3.5.3.1 – 'file' Cross-Site Scripting (XSS) (0)
04-27: Montiorr 1.7.6m Cross Site Scripting (0)
04-27: Apache Druid 0.20.0 Remote Command Execution (0)
04-27: WordPress WPGraphQL 1.3.5 Denial Of Service (0)
04-27: VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution (0)
04-27: Kimai 1.14 CSV Injection (0)
04-27: [dos] WordPress Plugin WPGraphQL 1.3.5 – Denial of Service (0)
04-27: [webapps] Montiorr 1.7.6m – File Upload to XSS (0)
04-27: [webapps] Kimai 1.14 – CSV Injection (0)
04-26: Worm.Win32.Busan.k Insecure Transit (0)
04-26: Windows 10 Wi-Fi Drivers For Intel Wireless Adapters 22.30.0 Privilege Escalation (0)
04-26: SEO Panel 4.8.0 SQL Injection (0)
04-26: OpenPLC 3 Remote Code Execution (0)
04-26: Hasura GraphQL 1.3.3 Remote Code Execution (0)
04-26: [webapps] SEO Panel 4.8.0 – 'order_col' Blind SQL Injection (2) (0)
04-26: [webapps] OpenPLC 3 – Remote Code Execution (Authenticated) (0)
04-26: [webapps] Hasura GraphQL 1.3.3 – Remote Code Execution (0)
04-23: Moodle 3.10.3 Cross Site Scripting (0)
04-23: GetSimple CMS My SMTP Contact 1.1.1 CSRF/ XSS / Code Execution (0)
04-23: Document Management System 1.0 SQL Injection / Remote Code Execution (0)
04-23: DzzOffice 2.02.1 Cross Site Scripting (0)
04-23: Sipwise C5 NGCP CSC Cross Site Scripting (0)
04-23: Sipwise C5 NGCP CSC Cross Site Request Forgery (0)
04-23: [webapps] Sipwise C5 NGCP CSC – 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) (0)
04-23: [webapps] DzzOffice 2.02.1 – 'Multiple' Cross-Site Scripting (XSS) (0)
04-23: [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.2 – CSRF to Stored XSS to RCE (0)
04-23: [webapps] Moodle 3.10.3 – 'url' Persistent Cross Site Scripting (0)
04-22: CMS Made Simple 2.2.15 Cross Site Scripting (0)
04-22: HEUR.Trojan.Win32.Generic Insecure Permissions (0)
04-22: IM-Worm.Win32.Bropia.aa Insecure Permissions (0)
04-22: RemoteClinic 2.0 Cross Site Scripting (0)
04-22: Trojan-Dropper.Win32.Agent.xtp Insecure Permissions (0)
04-22: Backdoor.Win32.DarkKomet.artr Insecure Permissions (0)
04-22: OTRS 6.0.1 Remote Command Execution (0)
04-22: Packed.Win32.Black.d Unauthenticated Open Proxy (0)
04-22: BMD BMDWeb 2.0 Cross Site Scripting (0)
04-22: [webapps] CMS Made Simple 2.2.15 – 'title' Cross-Site Scripting (XSS) (0)
04-22: [webapps] OTRS 6.0.1 – Remote Command Execution (2) (0)
04-21: Cisco RV Authentication Bypass / Code Execution (0)
04-21: Phone Shop Sales Management System 1.0 Shell Upload (0)
04-21: Fibaro Home Center MITM / Missing Authentication / Code Execution (0)
04-21: Microsoft DiagHub Privilege Escalation (0)
04-21: Discourse 2.7.0 2FA Bypass (0)
04-21: Fast PHP Chat 1.3 SQL Injection (0)
04-21: Multilaser Router RE018 AC1200 Cross Site Request Forgery (0)
04-21: WordPress RSS For Yandex Turbo 1.29 Cross Site Scripting (0)
04-21: RemoteClinic 2 Cross Site Scripting (0)
04-21: rconfig 3.9.6 Shell Upload (0)
04-21: Hasura GraphQL 1.3.3 Arbitrary File Read (0)
04-21: Hasura GraphQL 1.3.3 Server-Side Request Forgery (0)
04-21: Adtran Personal Phone Manager 10.8.1 Persistent Cross Site Scripting (0)
04-21: Adtran Personal Phone Manager 10.8.1 Cross Site Scripting (0)
04-21: Tenda D151 / D301 Configuration Download (0)
04-21: OpenEMR 5.0.2.1 Remote Code Execution (0)
04-21: Hasura GraphQL 1.3.3 Denial Of Service (0)
04-21: Adtran Personal Phone Manager 10.8.1 DNS Exfiltration (0)
04-21: Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution (0)
04-21: Nagios XI 5.7.3 Remote Code Execution (0)
04-21: GravCMS 1.10.7 Remote Command Execution (0)
04-21: Zero-Day Vulns In SonicWall Email Security Are Being Exploited (0)
04-21: [remote] Tenda D151 & D301 – Configuration Download (Unauthenticated) (0)
04-21: [webapps] Discourse 2.7.0 – Rate Limit Bypass leads to 2FA Bypass (0)
04-21: [webapps] BlackCat CMS 1.3.6 – 'Multiple' Stored Cross-Site Scripting (XSS) (0)
04-21: [webapps] WordPress Plugin RSS for Yandex Turbo 1.29 – Stored Cross-Site Scripting (XSS) (0)
04-21: [webapps] Multilaser Router RE018 AC1200 – Cross-Site Request Forgery (Enable Remote Access) (0)
04-21: [webapps] Fast PHP Chat 1.3 – 'my_item_search' SQL Injection (0)
04-21: [webapps] RemoteClinic 2 – 'Multiple' Cross-Site Scripting (XSS) (0)
04-20: HEUR.Backdoor.Win32.Generic File Download (0)
04-20: Constructor.Win32.Bifrose.ag Buffer Overflow (0)
04-20: Trojan.Win32.Agentb.iofv Insecure Permissions (0)
04-20: Trojan.Win32.NanoBot.onh Insecure Permissions (0)
04-20: Trojan-Dropper.Win32.Agent.bjtzcp Insecure Permissions (0)
04-20: Trojan.Win32.Bayrob.dtrg Insecure Permissions (0)
04-20: WordPress Photo Gallery 1.5.69 Cross Site Scripting (0)
04-20: xscreensaver Raw Socket Leak (0)
04-20: Nagios XI 5.7.3 Remote Code Execution (0)
04-20: Trojan.Win32.Agent.hsm Insecure Permissions (0)
04-18: http://plc.go.th (0)
04-17: glFTPd 2.11a Denial Of Service (0)
04-17: GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution (0)
04-16: [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.1 – CSRF to RCE (0)
04-15: Native Church Website 1.0 Shell Upload (0)
04-15: Simple Student Information System 1.0 SQL Injection (0)
04-15: ExpressVPN VPN Router 1.0 Integer Overflow (0)
04-15: Chrome V8 JavaScript Engine Remote Code Execution (0)
04-15: Blitar Tourism 1.0 SQL Injection (0)
04-15: Microsoft Windows SCM Remote Access Check Limit Bypass Privilege Escalation (0)
04-15: Nagios XI getprofile.sh Remote Command Execution (0)
04-15: jQuery 1.2 Cross Site Scripting (0)
04-15: jQuery 1.0.3 Cross Site Scripting (0)
04-15: Digital Crime Report Management System 1.0 SQL Injection (0)
04-15: Trojan.Win32.Jorik.qje Insecure Permissions (0)
04-15: Genexis PLATINUM 4410 2.1 P4410-V2-1.28 Remote Command Execution (0)
04-15: MariaDB 10.2 Command Execution (0)
04-15: Trojan.Win32.Agent.zfgh Insecure Permissions (0)
04-15: CITSmart ITSM 9.1.2.22 LDAP Injection (0)
04-15: CITSmart ITSM 9.1.2.27 SQL Injection (0)
04-15: HEUR.Hoax.Win32.FrauDrop.gen Insecure Permissions (0)
04-15: Webmail Edition 5.2.22 XSS / Remote Code Execution (0)
04-15: Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting (0)
04-15: SMASH Rowhammer Proof Of Concept (0)
04-15: Tileserver-gl 3.0.0 Cross Site Scripting (0)
04-15: Horde Groupware Webmail 5.2.22 Cross Site Scripting (0)
04-15: htmly 2.8.0 Cross Site Scripting (0)
04-15: Backdoor.Win32.Zombam.h Buffer Overflow (0)
04-15: Nagios XI Remote Code Execution (0)
04-15: http://bantago.go.th/portal/datas/image/1618382873.gif (0)
04-15: [webapps] Tileserver-gl 3.0.0 – 'key' Reflected Cross-Site Scripting (XSS) (0)
04-15: [webapps] Horde Groupware Webmail 5.2.22 – Stored XSS (0)
04-14: http://kaendongmunic.go.th (0)
04-14: http://kampoo.go.th (0)
04-14: http://www.khaowrai.go.th (0)
04-14: http://www.banprue.go.th (0)
04-14: http://www.kokwan.go.th (0)
04-14: http://www.salaengthon.go.th (0)
04-14: http://tajong.go.th (0)
04-14: http://www.lahansai.go.th (0)
04-14: http://www.lamduan.go.th (0)
04-14: http://www.nongtakrong.go.th (0)
04-14: http://www.nonkhwang.go.th (0)
04-14: http://www.nonsuwanlocal.go.th (0)
04-14: http://www.phachanlocal.go.th (0)
04-14: http://www.pangkoolocal.go.th (0)
04-14: http://www.thaworn.go.th (0)
04-14: http://sakae.go.th (0)
04-14: http://www.hinlekfailocal.go.th (0)
04-14: http://www.lavia.go.th (0)
04-14: http://huatanonlocal.go.th (0)
04-14: http://sompoilocal.go.th (0)
04-14: http://lahansailocal.go.th (0)
04-14: http://www.hinlekfi.go.th (0)
04-14: http://www.watbost.go.th (0)
04-14: http://www.nongwangkudrung.go.th (0)
04-14: http://www.nonsuwan.go.th (0)
04-14: http://www.thungkraten.go.th (0)
04-14: http://salangpanlocal.go.th (0)
04-14: http://sadowlocal.go.th (0)
04-14: http://www.nangrong.go.th (0)
04-14: http://khoklam.go.th (0)
04-14: [webapps] jQuery 1.2 – Cross-Site Scripting (XSS) (0)
04-14: [webapps] Genexis PLATINUM 4410 2.1 P4410-V2-1.28 – RCE (0)
04-14: [webapps] CITSmart ITSM 9.1.2.27 – 'query' Time-based Blind SQL Injection (Authenticated) (0)
04-14: [webapps] CITSmart ITSM 9.1.2.22 – LDAP Injection (0)
04-14: [webapps] Digital Crime Report Management System 1.0 – SQL Injection (Authentication Bypass) (0)
04-13: http://www.nonpho.go.th/image_data/banner/image1_1616497078.gif (0)
04-13: http://www.nonnamtang.go.th/image_data/banner/image1_1616497333.gif (0)
04-13: vsftpd 2.3.4 Backdoor Command Execution (0)
04-13: http://www.spin.dss.go.th/bas/public/site/images/lex/xixi.gif (0)
04-13: [webapps] ExpressVPN VPN Router 1.0 – Router Login Panel's Integer Overflow (0)
04-13: [webapps] Blitar Tourism 1.0 – Authentication Bypass SQLi (0)
04-13: [webapps] Simple Student Information System 1.0 – SQL Injection (Authentication Bypass) (0)
04-12: [remote] vsftpd 2.3.4 – Backdoor Command Execution (0)
04-10: PrestaShop 1.7.6.7 SQL Injection (0)
04-10: Google Chrome SimplfiedLowering Integer Overflow (0)
04-09: CMSimple 5.2 Cross Site Scripting (0)
04-09: Trojan.Win32.Hosts2.yqf Insecure Permissions (0)
04-09: Trojan-Downloader.Win32.Genome.omht Insecure Permissions (0)
04-09: Trojan-Downloader.Win32.Genome.qiw Insecure Permissions (0)
04-09: Composr 10.0.36 Shell Upload (0)
04-09: Trojan.Win32.Hotkeychick.d Insecure Permissions (0)
04-09: Linux Kernel 5.4 BleedingTooth Remote Code Execution (0)
04-09: Backdoor.Win32.Hupigon.das Unauthenticated Open Proxy (0)
04-09: D-Link DSL-320B-D1 Pre-Authentication Buffer Overflow (0)
04-09: Check Point Identity Agent Arbitrary File Write (0)
04-09: DMA Radius Manager 4.4.0 Cross Site Request Forgery (0)
04-09: Backdoor.Win32.Small.n Code Execution (0)
04-09: Tableau Server Open Redirection (0)
04-09: http://www.nongian.go.th/e0f.txt (0)
04-09: https://www.bangwuakanarak.go.th/e0f.txt (0)
04-09: [webapps] PrestaShop 1.7.6.7 – 'location' Blind Sql Injection (0)
04-08: Google Chrome 81.0.4044 V8 Remote Code Execution (0)
04-08: Google Chrome 86.0.4240 V8 Remote Code Execution (0)
04-08: Atlassian Jira Service Desk 4.9.1 Cross Site Scripting (0)
04-08: Dell OpenManage Server Administrator 9.4.0.0 File Read (0)
04-08: Composr CMS 10.0.36 Cross Site Scripting (0)
04-08: Ignition 2.5.1 Remote Code Execution (0)
04-08: Monospace Directus Headless CMS File Upload / Rule Bypass (0)
04-08: iOS / macOS Radio Proximity Kernel Memory Corruption (0)
04-08: Gitea Git Hooks Remote Code Execution (0)
04-08: Gogs Git Hooks Remote Code Execution (0)
04-08: [remote] Linux Kernel 5.4 – 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution (0)
04-08: [webapps] Composr 10.0.36 – Remote Code Execution (0)
04-08: [webapps] DMA Radius Manager 4.4.0 – Cross-Site Request Forgery (CSRF) (0)
04-08: [webapps] CMSimple 5.2 – 'External' Stored XSS (0)
04-07: Google Chrome 86.0.4240 V8 Remote Code Execution (0)
04-07: Google Chrome 81.0.4044 V8 Remote Code Execution (0)
04-07: Trojan-Downloader.Win32.FraudLoad.xevn Insecure Permissions (0)
04-07: Mini Mouse 9.3.0 Local File Inclusion / Path Traversal (0)
04-07: Pulse Secure VPN Arbitrary Command Execution (0)
04-07: OpenBSD OpenSMTPD 6.6 Remote Code Execution (0)
04-07: Ignition 2.5.1 Remote Code Execution (0)
04-07: Apache OFBiz SOAP Java Deserialization (0)
04-07: [webapps] Atlassian Jira Service Desk 4.9.1 – Unrestricted File Upload to XSS (0)
04-07: [webapps] Composr CMS 10.0.36 – Cross Site Scripting (0)
04-06: Rockstar Service Insecure File Permissions (0)
04-06: Simple Food Website 1.0 SQL Injection (0)
04-06: Simple Traffic Offense System 1.0 Cross Site Scripting (0)
04-06: Basic Shopping Cart 1.0 SQL Injection (0)
04-06: Trojan.Win32.Sharer.h Code Execution (0)
04-06: OpenEMR 4.1.0 SQL Injection (0)
04-06: Trojan.Win32.Sharer.h Man-In-The-Middle (0)
04-06: Mini Mouse 9.2.0 Remote Code Execution (0)
04-06: Mini Mouse 9.2.0 Path Traversal (0)
04-06: Trojan.Win32.Sharer.h Buffer Overflow / Denial Of Service / Heap Corruption (0)
04-06: [webapps] Mini Mouse 9.3.0 – Local File inclusion / Path Traversal (0)
04-06: [remote] Google Chrome 86.0.4240 V8 – Remote Code Execution (0)
04-06: [remote] Google Chrome 81.0.4044 V8 – Remote Code Execution (0)
04-05: [webapps] Mini Mouse 9.2.0 – Remote Code Execution (0)
04-05: [webapps] OpenEMR 4.1.0 – 'u' SQL Injection (0)
04-05: [webapps] Basic Shopping Cart 1.0 – Authentication Bypass (0)
04-05: [webapps] Simple Food Website 1.0 – Authentication Bypass (0)
04-05: [local] Rockstar Service – Insecure File Permissions (0)
04-04: Facebook Data Leak Per Countries (0)
04-03: ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation (0)
04-03: F5 BIG-IP 16.0.x Remote Code Execution (0)
04-02: Latrix 0.6.0 SQL Injection (0)
04-02: Company Crime Tracking Software 1.0 Cross Site Scripting (0)
04-02: phpPgAdmin 7.13.0 Command Execution (0)
04-02: School Registration And Fee System 1.0 SQL Injection (0)
04-02: School Registration And Fee System 1.0 Cross Site Scripting (0)
04-02: ScadaBR 1.0 Shell Upload (0)
04-02: SaltStack Salt API Unauthenticated Remote Command Execution (0)
04-02: F5 iControl Server-Side Request Forgery / Remote Command Execution (0)
04-02: Packet Storm New Exploits For March, 2021 (0)
04-02: Trojan-Downloader.Win32.Delf.oxz Insecure Permissions (0)
04-02: Trojan-Downloader.Win32.Delf.ur Insecure Permissions (0)
04-02: Trojan-Downloader.Win32.Delf.nzg Insecure Permissions (0)
04-02: ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation (0)
04-02: [webapps] ZBL EPON ONU Broadband Router 1.0 – Remote Privilege Escalation (0)
04-01: Zabbix 3.4.7 Cross Site Scripting (0)
04-01: CourseMS 2.1 Cross Site Scripting (0)
04-01: DD-WRT 45723 Buffer Overflow (0)
04-01: IRC-Worm.Win32.Silentium.a Insecure Permissions (0)
04-01: Backdoor.Win32.Burbul.b Authentication Bypass / Man-In-The-Middle (0)
04-01: [webapps] phpPgAdmin 7.13.0 – COPY FROM PROGRAM Command Execution (Authenticated) (0)
04-01: [webapps] ScadaBR 1.0 – Arbitrary File Upload (Authenticated) (2) (0)
04-01: [webapps] ScadaBR 1.0 – Arbitrary File Upload (Authenticated) (1) (0)
04-01: [webapps] Latrix 0.6.0 – 'txtaccesscode' SQL Injection (0)

March 2021 (358)

03-31: Moodle 3.10.3 Cross Site Scripting (0)
03-31: Id Card Generator 1.0 Cross Site Scripting (0)
03-31: WordPress WP Super Cache 1.7.1 Remote Code Execution (0)
03-31: Backdoor.Win32.Delf.zs Code Execution (0)
03-31: Concrete5 8.5.4 Cross Site Scripting (0)
03-31: Novel Boutique House-plus 3.5.1 Arbitrary File Download (0)
03-31: vsftpd 3.0.3 Denial Of Service (0)
03-31: Equipment Inventory System 1.0 Cross Site Scripting (0)
03-31: Budget Management System 1.0 Cross Site Scripting (0)
03-31: Project Expense Monitoring System 1.0 SQL Injection (0)
03-31: Project Expense Monitoring System 1.0 Authentication Bypass (0)
03-31: SyncBreeze 10.1.16 Buffer Overflow (0)
03-31: Health Center Patient Record Management System 1.0 SQL Injection (0)
03-31: Health Center Patient Record Management System 1.0 Cross Site Scripting (0)
03-31: IRC-Worm.Win32.Jane.a Authentication Bypass / Code Execution (0)
03-31: GetSimple CMS 3.3.16 Cross Site Scripting / Shell Upload (0)
03-31: IRC-Worm.Win32.Jane.a Authentication Bypass / Man-In-The-Middle (0)
03-31: Openlitespeed 1.7.9 Cross Site Scripting (0)
03-31: http://www.secondarycm.go.th/Fighter.html (0)
03-31: [webapps] CourseMS 2.1 – 'name' Stored XSS (0)
03-31: [webapps] Zabbix 3.4.7 – Stored XSS (0)
03-31: [dos] DD-WRT 45723 – UPNP Buffer Overflow (PoC) (0)
03-30: [webapps] GetSimple CMS 3.3.16 – Reflected XSS to RCE (0)
03-30: [webapps] Openlitespeed 1.7.9 – 'Notes' Stored Cross-Site Scripting (0)
03-29: Apple Security Advisory 2021-03-26-1 (0)
03-29: Apple Security Advisory 2021-03-26-2 (0)
03-29: Apple Security Advisory 2021-03-26-3 (0)
03-29: [webapps] SyncBreeze 10.1.16 – XML Parsing Stack-based Buffer Overflow (0)
03-29: [webapps] Budget Management System 1.0 – 'Budget title' Stored XSS (0)
03-29: [webapps] Equipment Inventory System 1.0 – 'multiple' Stored XSS (0)
03-29: [webapps] Concrete5 8.5.4 – 'name' Stored XSS (0)
03-29: [remote] vsftpd 3.0.3 – Remote Denial of Service (0)
03-29: [webapps] TP-Link Devices – 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated) (0)
03-29: [webapps] WordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated) (0)
03-29: [webapps] Novel Boutique House-plus 3.5.1 – Arbitrary File Download (0)
03-27: Moodle Atto Editor Cross Site Scripting (0)
03-27: Development Kamel KCFinder 1.7 Shell Upload (0)
03-27: Backdoor.Win32.Kwak.12 Denial Of Service (0)
03-27: Backdoor.Win32.Kwak.12 Authentication Bypass / Man-In-The-Middle (0)
03-27: GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting (0)
03-27: Regis Inventory And Monitoring System 1.0 Cross Site Scripting (0)
03-27: Backdoor.Win32.Kwak.12 Authentication Bypass (0)
03-27: TP-Link Cross Site Scripting (0)
03-27: Backdoor.Win32.Kwak.12 Authentication Bypass / Code Execution (0)
03-27: SAP Solution Manager 7.2 Remote Command Execution (0)
03-27: http://www.krabungnok.go.th (0)
03-27: http://www.thungchanghan.go.th (0)
03-27: https://www.srilakor.go.th (0)
03-27: https://www.dnp.go.th/National_park.asp (0)
03-27: http://www.mkb-ph.go.th/poop.php (0)
03-27: https://www.rangam.go.th (0)
03-27: http://yangkhum.go.th/poop.php (0)
03-27: https://www.maeyom.go.th/content-24-286.html (0)
03-27: http://angthong.nfe.go.th/iran.html (0)
03-27: http://www.tasaban-maemoh.go.th/silence.html (0)
03-27: http://www.pa-ngew.go.th/silence.html (0)
03-27: http://phutthaisonglocal.go.th/pentest.php (0)
03-26: Worm.Win32.Ngrbot.abpr Insecure Permissions (0)
03-26: Dolibarr ERP/CRM 11.0.4 Bypass / Code Execution (0)
03-26: Moodle 3.10.3 Cross Site Scripting (0)
03-26: Ovidentia 6 SQL Injection (0)
03-26: Worm.Win32.Recyl.dp Insecure Permissions (0)
03-26: Worm.Win32.Ngrbot.acno Insecure Permissions (0)
03-26: Genexis Platinum-4410 P4410-V2-1.31A Cross Site Scripting (0)
03-26: Backdoor.Win32.DarkKomet.gozu Insecure Permissions (0)
03-26: Linksys EA7500 2.0.8.194281 Cross Site Scripting (0)
03-26: FortiLogger Arbitrary File Upload (0)
03-26: [webapps] Moodle 3.10.3 – 'label' Persistent Cross Site Scripting (0)
03-26: [webapps] Regis Inventory And Monitoring System 1.0 – 'Item List' Stored XSS (0)
03-26: [webapps] GetSimple CMS Custom JS Plugin 0.1 – CSRF to Persistent XSS (0)
03-25: https://chaneang.go.th (0)
03-25: WordPress MapifyLite 3.3 Cross Site Scripting (0)
03-25: Virus.Win32.Sality.gen Insecure Permissions (0)
03-25: Ext2Fsd 0.68 Unquoted Service Path (0)
03-25: Worm.Win32.Detnat.c Insecure Permissions (0)
03-25: Codiad 2.8.4 Remote Code Execution (0)
03-25: Intel RST User Interface / Driver Privilege Escalation (0)
03-25: Trojan-Dropper.Win32.Dycler.yhb Insecure Permissions (0)
03-25: Online Faculty Clearance System 1.0 Cross Site Scripting (0)
03-25: Online Faculty Clearance System 1.0 Shell Upload (0)
03-25: https://blueflag.dit.go.th/dr.txt (0)
03-25: https://noonid.dit.go.th/dr.txt (0)
03-25: https://thongfah.dit.go.th/dr.txt (0)
03-25: https://lowpricemap.dit.go.th/dr.txt (0)
03-25: http://projectdol2.dol.go.th/read.txt (0)
03-25: http://cems.diw.go.th/read.txt (0)
03-25: [webapps] Dolibarr ERP/CRM 11.0.4 – File Upload Restrictions Bypass (Authenticated RCE) (0)
03-25: [webapps] Genexis Platinum-4410 P4410-V2-1.31A – 'start_addr' Persistent Cross-Site Scripting (0)
03-25: [webapps] Linksys EA7500 2.0.8.194281 – Cross-Site Scripting (0)
03-25: [webapps] Ovidentia 6 – 'id' SQL injection (Authenticated) (0)
03-24: MyBB 1.8.25 SQL Injection (0)
03-24: WordPress Mapplic-Lite 1.0 SSRF / Cross Site Scripting (0)
03-24: WordPress Mapplic 6.1 SSRF / Cross Site Scripting (0)
03-24: Hi-Rez Studios 5.1.6.3 Unquoted Service Path (0)
03-24: ELAN Touchpad 15.2.13.1_X64_WHQL Unquoted Service Path (0)
03-24: ActivIdentity 8.2 Unquoted Service Path (0)
03-24: Elodea Event Collector 4.9.3 Unquoted Service Path (0)
03-24: Online Reviewer Management System 1.0 SQL Injection (0)
03-24: Online Reviewer Management System 1.0 Cross Site Scripting (0)
03-24: Online Reviewer Management System 1.0 Shell Upload (0)
03-24: Hotel And Lodge Management System 1.0 Cross Site Scripting (0)
03-24: WordPress GiveWP 2.9.7 Cross Site Scripting (0)
03-24: Advantech iView Unauthenticated Remote Code Execution (0)
03-24: Microsoft Exchange ProxyLogon Remote Code Execution (0)
03-24: [local] Ext2Fsd v0.68 – 'Ext2Srv' Unquoted Service Path (0)
03-23: CMS Made Simple 2.2.15 SQL Injection (0)
03-23: CMS Made Simple 2.2.15 Shell Upload (0)
03-23: Winpakpro 4.8 Unquoted Service Path (0)
03-23: SAPSetup Automatic Workstation Update Service 750 Unquoted Service Path (0)
03-23: Zoom 5.4.3 (54779.1115) / 5.5.4 (13142.0301) Information Disclosure (0)
03-23: Trojan-Dropper.Win32.Dycler.vrp Insecure Permissions (0)
03-23: WordPress Delightful Downloads Jquery File Tree 1.6.6 Path Traversal (0)
03-23: OSAS Traverse Extension 11 Unquoted Service Path (0)
03-23: HEUR.Trojan.Win32.Generic Insecure Permissions (0)
03-23: Trojan-Dropper.Win32.Delf.da Buffer Overflow (0)
03-23: MyBB 1.8.25 Remote Command Execution (0)
03-23: ProFTPD 1.3.7a Denial Of Service (0)
03-23: Trojan-Dropper.Win32.Demp.rft Insecure Permissions (0)
03-23: MacPaw Encrypto 1.0.1 Unquoted Service Path (0)
03-23: [webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (0)
03-23: [webapps] Hotel And Lodge Management System 1.0 – 'Customer Details' Stored XSS (0)
03-23: [webapps] MyBB 1.8.25 – Poll Vote Count SQL Injection (0)
03-22: [dos] ProFTPD 1.3.7a – Remote Denial of Service (0)
03-22: [webapps] MyBB 1.8.25 – Chained Remote Command Execution (0)
03-22: [local] SAPSetup Automatic Workstation Update Service 750 – 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path (0)
03-22: [remote] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 – Weak Default WiFi Password Algorithm (0)
03-22: [local] MacPaw Encrypto 1.0.1 – 'Encrypto Service' Unquoted Service Path (0)
03-22: [webapps] WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 – Path Traversal (0)
03-22: [local] Winpakpro 4.8 – 'ScheduleService' Unquoted Service Path (0)
03-22: [local] Winpakpro 4.8 – 'WPCommandFileService' Unquoted Service Path (0)
03-22: [local] Winpakpro 4.8 – 'GuardTourService' Unquoted Service Path (0)
03-20: Plone CMS 5.2.3 Cross Site Scripting (0)
03-20: LiveZilla Server 8.0.1.0 Cross Site Scripting (0)
03-20: Boonex Dolphin 7.4.2 Cross Site Scripting (0)
03-20: Profiling System For Human Resource Management 1.0 Remote Code Execution (0)
03-20: Eclipse Mosquitto MQTT Broker 2.0.9 Unquoted Service Path (0)
03-20: VestaCP 0.9.8 Command Injection (0)
03-20: SOYAL Biometric Access Control System 5.0 Master Code Disclosure (0)
03-20: SOYAL Biometric Access Control System 5.0 Weak Default Credentials (0)
03-20: SOYAL Biometric Access Control System 5.0 Cross Site Request Forgery (0)
03-20: SOYAL 701Server 9.0.1 Insecure Permissions (0)
03-20: SOYAL 701Client 9.0.1 Insecure Permissions (0)
03-20: VMware View Planner 4.6 Remote Code Execution (0)
03-20: Win32k ConsoleControl Offset Confusion (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authentication Bypass (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-Coded Credentails / Shell Access (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Remote Code Execution (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insecure Direct Object Reference (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Factory Reset (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Privilege Escalation (0)
03-20: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration (0)
03-20: Expert Hackers Used 11 Zero Days To Infect Windows, iOS, And Android Users (0)
03-19: FastStone Image Viewer 7.5 Buffer Overflow (0)
03-19: Microsoft Exchange 2019 SSRF / Arbitrary File Write (0)
03-19: Sony PlayStation 4 Jailbreaking Information (0)
03-19: VestaCP 0.9.8 Cross Site Scripting (0)
03-19: rConfig 3.9.6 Shell Upload (0)
03-19: VFS For Git 1.0.21014.1 Unquoted Service Path (0)
03-19: SEO Panel 4.8.0 SQL Injection (0)
03-19: Hestia Control Panel 1.3.2 Arbitrary File Write (0)
03-19: Adobe Reader CoolType Arbitrary Stack Manipulation (0)
03-19: https://ksvrhospital.go.th/ohct.php (0)
03-19: [webapps] Plone CMS 5.2.3 – 'Title' Stored XSS (0)
03-19: [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 – Authentication Bypass (0)
03-19: [remote] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 – Hard coded Credentials Shell Access (0)
03-19: [webapps] LiveZilla Server 8.0.1.0 – 'Accept-Language' Reflected XSS (0)
03-19: [webapps] Boonex Dolphin 7.4.2 – 'width' Stored XSS (0)
03-19: [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 – Command Injection (Authenticated) (0)
03-19: [local] SOYAL 701 Client 9.0.1 – Insecure Permissions (0)
03-19: [local] SOYAL 701 Server 9.0.1 – Insecure Permissions (0)
03-19: [webapps] SOYAL Biometric Access Control System 5.0 – Master Code Disclosure (0)
03-19: [webapps] SOYAL Biometric Access Control System 5.0 – 'Change Admin Password' CSRF (0)
03-19: [local] Eclipse Mosquitto MQTT broker 2.0.9 – 'mosquitto' Unquoted Service Path (0)
03-19: [webapps] VestaCP 0.9.8 – 'v_sftp_licence' Command Injection (0)
03-19: [local] BRAdmin Professional 3.75 – 'BRA_Scheduler' Unquoted Service Path (0)
03-19: [webapps] Profiling System for Human Resource Management 1.0 – Remote Code Execution (Unauthenticated) (0)
03-18: WoWonder Social Network Platform 3.1 SQL Injection (0)
03-18: Trojan-Dropper.Win32.Delf.p Missing Authentication (0)
03-18: Trojan-Dropper.Win32.Delf.p Buffer Overflow (0)
03-18: CuteNews 2.1.2 Shell Upload (0)
03-18: VestaCP 0.9.8 Cross Site Request Forgery (0)
03-18: Backdoor.Win32.Agent.mzn Buffer Overflow (0)
03-18: [webapps] Hestia Control Panel 1.3.2 – Arbitrary File Write (0)
03-18: [webapps] SEO Panel 4.8.0 – 'order_col' Blind SQL Injection (0)
03-18: [webapps] rConfig 3.9.6 – Arbitrary File Upload to Remote Code Execution (Authenticated) (0)
03-18: [webapps] VestaCP 0.9.8 – 'v_interface' Add IP Stored XSS (0)
03-18: [local] VFS for Git 1.0.21014.1 – 'GVFS.Service' Unquoted Service Path (0)
03-17: Alphaware E-Commerce System 1.0 Shell Upload / SQL Injection (0)
03-17: GeoGebra Classic 5.0.631.0-d Denial Of Service (0)
03-17: GeoGebra CAS Calculator 6.0.631.0 Denial Of Service (0)
03-17: GeoGebra 3D Calculator 5.0.511.0 Denial Of Service (0)
03-17: Microsoft Windows Containers DP API Cryptography Flaw (0)
03-17: GeoGebra Graphing Calculator 6.0.631.0 Denial Of Service (0)
03-17: [webapps] VestaCP 0.9.8 – File Upload CSRF (0)
03-17: [webapps] WoWonder Social Network Platform 3.1 – 'event_id' SQL Injection (0)
03-16: Google Warns Mac, Windows Users Of Chrome Zero-Day Flaw (0)
03-16: Trojan-Proxy.Win32.Wimain Buffer Overflow (0)
03-16: Backdoor.Win32.Zombam.l Buffer Overflow (0)
03-16: Zenario CMS 8.8.53370 SQL Injection (0)
03-16: MagpieRSS 0.72 Code Execution / Server-Side Request Forgery (0)
03-16: Monitoring Of Students Cyber Accounts System 1.0 Cross Site Scripting (0)
03-16: rConfig 3.9.6 Local File Inclusion (0)
03-16: QNAP QVR Client 5.0.0.13230 Unquoted Service Path (0)
03-16: openMAINT 2.1-3.3-b Cross Site Scripting (0)
03-16: Trojan-Dropper.Win32.Delf.xk Denial Of Service (0)
03-16: Trojan.Win32.Scar.dxir Insecure Permissions (0)
03-16: Realtek Wireless LAN Utility 700.1631 Unquoted Service Path (0)
03-16: eBeam Education Suite 2.5.0.9 Unquoted Service Path (0)
03-16: Interactive Suite 3.6 Unquoted Service Path (0)
03-16: VoIPmonitor WEB GUI 24.55 Cross Site Scripting (0)
03-16: Windows Server 2012 SrClient DLL Hijacking (0)
03-16: SonLogger 4.2.3.3 SuperAdmin Account Creation / Information Disclosure (0)
03-16: SonLogger 4.2.3.3 Shell Upload (0)
03-16: Trojan.Win32.Siscos.bqe Insecure Permissions (0)
03-16: Online News Portal 1.0 SQL Injection (0)
03-16: Online News Portal 1.0 Cross Site Scripting (0)
03-16: macOS CoreGraphics Integer Overflow / Out-Of-Bounds Write (0)
03-16: VoIPmonitor 27.5 Missing Memory Protections (0)
03-16: VoIPmonitor 27.6 Buffer Overflow (0)
03-16: ExpressionEngine 6.0.2 PHP Code Injection (0)
03-16: [local] GeoGebra 3D Calculator 5.0.511.0 – Denial of Service (PoC) (0)
03-16: [local] GeoGebra CAS Calculato‪r‬ 6.0.631.0 – Denial of Service (PoC) (0)
03-16: [local] GeoGebra Classic 5.0.631.0-d – Denial of Service (PoC) (0)
03-16: [webapps] Alphaware E-Commerce System 1.0 – Unauthenicated Remote Code Execution (File Upload + SQL injection) (0)
03-16: [local] GeoGebra Graphing Calculato‪r‬ 6.0.631.0 – Denial Of Service (PoC) (0)
03-15: https://royalrain.go.th/Morocco.html (0)
03-15: [webapps] Sonlogger 4.2.3.3 – SuperAdmin Account Creation / Information Disclosure (0)
03-15: [local] Interactive Suite 3.6 – 'eBeam Stylus Driver' Unquoted Service Path (0)
03-15: [local] eBeam education suite 2.5.0.9 – 'eBeam Device Service' Unquoted Service Path (0)
03-15: [local] Realtek Wireless LAN Utility 700.1631 – 'Realtek11nSU' Unquoted Service Path (0)
03-15: [webapps] rConfig 3.9.6 – 'path' Local File Inclusion (Authenticated) (0)
03-15: [local] QNAP QVR Client 5.0.0.13230 – 'QVRService' Unquoted Service Path (0)
03-15: [webapps] MagpieRSS 0.72 – 'url' Command Injection and Server Side Request Forgery (0)
03-15: [webapps] Zenario CMS 8.8.53370 – 'id' Blind SQL Injection (0)
03-13: Vembu BDR 4.2.0.1 U1 Unquoted Service Path (0)
03-13: D-Link DIR-3060 1.11b04 Command Injection (0)
03-13: QCubed 3.1.1 PHP Object Injection (0)
03-13: QCubed 3.1.1 SQL Injection (0)
03-13: Monitoring System (Dashboard) 1.0 Shell Upload (0)
03-13: Monitoring System (Dashboard) 1.0 SQL Injection (0)
03-13: Monitoring Of Students Cyber Accounts System 1.0 SQL Injection (0)
03-13: QCubed 3.1.1 Cross Site Scripting (0)
03-13: ForkCMS PHP Object Injection (0)
03-13: Microsoft Windows Kernel NtGdiGetDeviceCapsAll Race Condition / Use-After-Free (0)
03-13: Apache OFBiz XML-RPC Java Deserialization (0)
03-12: MyBB OUGC Feedback 1.8.22 Cross Site Scripting (0)
03-12: Trojan-Spy.Win32.KeyLogger.qt Insecure Permissions (0)
03-12: Nsasoft Hardware Software Inventory 1.6.4.0 Denial Of Service (0)
03-12: Trojan-Dropper.Win32.Hamer.10 Denial Of Service (0)
03-12: F5 Big IP TMM uri_normalize_host Information Disclosure / Out-Of-Bounds Write (0)
03-12: F5 Big IP ASM is_hdr_criteria_matches Buffer Overflow (0)
03-12: [local] Vembu BDR 4.2.0.1 U1 – Multiple Unquoted Service Paths (0)
03-12: [webapps] Monitoring System (Dashboard) 1.0 – File Upload RCE (Authenticated) (0)
03-12: [webapps] Monitoring System (Dashboard) 1.0 – 'uname' SQL Injection (0)
03-11: Atlassian JIRA 8.11.1 User Enumeration (0)
03-11: Microsoft Windows Containers AppSilo Object Manager Privilege Escalation (0)
03-11: Microsoft Windows Containers Privilege Escalation (0)
03-11: WEBIM 10.2.55 Cross Site Scripting (0)
03-11: Microsoft Windows Containers Host Registry Privilege Escalation (0)
03-11: NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation (0)
03-11: [webapps] MyBB OUGC Feedback Plugin 1.8.22 – Cross-Site Scripting (0)
03-11: [webapps] NuCom 11N Wireless Router 5.07.90 – Remote Privilege Escalation (0)
03-10: Pingzapper 2.3.1 Unquoted Service Path (0)
03-10: Configuration Tool 1.6.53 Unquoted Service Path (0)
03-10: Print Job Accounting 4.4.10 Unquoted Service Path (0)
03-10: Backdoor.Win32.Antilam.14.o Code Execution (0)
03-10: Backdoor.Win32.GTbot.c Insecure Permissions (0)
03-10: GLPI 9.5.3 Unsafe Reflection (0)
03-10: Joomla Matukio Events 7.0.5 Cross Site Scripting (0)
03-10: Joomla JCK Editor 6.4.4 SQL Injection (0)
03-10: Backdoor.Win32.Agent.bjev Insecure Permissions (0)
03-10: Hotel And Lodge Management System 1.0 Shell Upload (0)
03-10: WordPress SuperStoreFinder / SuperInteractiveMaps 6.3 SQL Injection (0)
03-10: VMware vCenter Server File Upload / Remote Code Execution (0)
03-10: bVPN 2.5.1 Unquoted Service Path (0)
03-10: Emerson Smart Wireless Gateway 1420 4.6.59 Privilege Escalation (0)
03-10: Emerson Smart Wireless Gateway 1420 4.6.59 Missing Authentication (0)
03-10: Froala 3.2.6-1 Cross Site Scripting (0)
03-10: FreeLAN 2.2 Unquoted Service Path (0)
03-10: Sandboxie Plus 0.7.2 Unquoted Service Path (0)
03-10: Golden FTP Server 4.70 Buffer Overflow (0)
03-10: Microsoft Windows WindowsCodecsRaw!COlympusE300LoadRaw Out-Of-Bounds Write (0)
03-10: HPE Systems Insight Manager AMF Deserialization Remote Code Execution (0)
03-10: Sticky Notes Apps Using JavaScript 1.0 Cross Site Scripting (0)
03-10: OpenCMS 11.0.2 Shell Upload (0)
03-10: OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection (0)
03-10: Apple Security Advisory 2021-03-08-1 (0)
03-10: Apple Security Advisory 2021-03-08-2 (0)
03-10: Apple Security Advisory 2021-03-08-3 (0)
03-10: Apple Security Advisory 2021-03-08-4 (0)
03-10: [webapps] Atlassian JIRA 8.11.1 – User Enumeration (0)
03-09: [remote] Golden FTP Server 4.70 – 'PASS' Buffer Overflow (2) (0)
03-09: [local] FreeLAN 2.2 – 'FreeLAN Service' Unquoted Service Path (0)
03-08: [webapps] Joomla JCK Editor 6.4.4 – 'parent' SQL Injection (2) (0)
03-08: [webapps] Hotel and Lodge Management System 1.0 – Remote Code Execution (Unauthenticated) (0)
03-08: [local] Configuration Tool 1.6.53 – 'OpLclSrv' Unquoted Service Path (0)
03-08: [local] Pingzapper 2.3.1 – 'PingzapperSvc' Unquoted Service Path (0)
03-08: [local] Print Job Accounting 4.4.10 – 'OkiJaSvc' Unquoted Service Path (0)
03-07: http://iud.phitsanulok3.go.th/ina.htm (0)
03-06: http://tamkrataitong.go.th/ownd.htm (0)
03-06: CatDV 9.2 Authentication Bypass (0)
03-06: Fluig 1.7.0 Path Traversal (0)
03-06: Microsoft Windows RRAS Service MIBEntryGet Overflow (0)
03-05: e107 CMS 2.3.0 Cross Site Request Forgery (0)
03-05: Web Based Quiz System 1.0 SQL Injection (0)
03-05: Online Ordering System 1.0 Shell Upload (0)
03-05: Online Ordering System 1.0 SQL Injection (0)
03-05: Textpattern CMS 4.8.4 Cross Site Scripting (0)
03-05: Textpattern CMS 4.9.0-dev Cross Site Scripting (0)
03-05: Textpattern CMS 4.8.3 Remote Code Execution (0)
03-05: Accellion Zero Day Claims A New Victim In Qualys (0)
03-05: [webapps] Fluig 1.7.0 – Path Traversal (0)
03-05: [remote] CatDV 9.2 – RMI Authentication Bypass (0)
03-04: http://report.dgr.go.th/sign_src/doc_signs/ (0)
03-04: http://eservice.dgr.go.th/booking/ (0)
03-04: Backdoor.Win32.DarkKomet.irv Insecure Permissions (0)
03-04: AnyDesk 5.5.2 Remote Code Execution (0)
03-04: Local Services Search Engine Management System 1.0 SQL Injection (0)
03-04: Local Services Search Engine Management System 1.0 Cross Site Scripting (0)
03-04: Backdoor.Win32.BO2K.ab Buffer Overflow (0)
03-04: Backdoor.Win32.BO2K.09.b Code Execution (0)
03-04: Doctor Appointment System 1.0 SQL Injection (0)
03-04: Doctor Appointment System 1.0 Blind SQL Injection (0)
03-04: [webapps] Online Ordering System 1.0 – Arbitrary File Upload to Remote Code Execution (0)
03-04: [webapps] e107 CMS 2.3.0 – CSRF (0)
03-03: TinyTinyRSS Remote Code Execution (0)
03-03: Web Based Quiz System 1.0 Cross Site Scripting (0)
03-03: Profiling System For Human Resource Management 1.0 Cross Site Scripting (0)
03-03: Zen Cart 1.5.7b Remote Code Execution (0)
03-03: CASAP Automated Enrollment System 1.1 SQL Injection (0)
03-03: Web Based Quiz System 1.0 Cross Site Scripting (0)
03-03: [remote] AnyDesk 5.5.2 – Remote Code Execution (0)
03-03: [webapps] Local Services Search Engine Management System (LSSMES) 1.0 – 'name' Persistent Cross-Site Scripting (XSS) (0)
03-03: [webapps] Local Services Search Engine Management System (LSSMES) 1.0 – Blind & Error based SQL injection (Authenticated) (0)
03-02: https://buathongcity.go.th/tmp/senius.html (0)
03-02: http://bgepa.dgr.go.th/2558/templates/ (0)
03-02: http://procurement.dgr.go.th/egp/ (0)
03-02: WiFi Mouse 1.7.8.5 Remote Code Execution (0)
03-02: Backdoor.Win32.RemoteManipulator.fdo Insecure Permissions (0)
03-02: VMware vCenter Server 7.0 Arbitrary File Upload (0)
03-02: Covid-19 Contact Tracing System 1.0 Code Execution (0)
03-02: Online Catering Reservation System 1.0 Code Execution (0)
03-02: Trojan-Spy.Win32.Stealer.osh Insecure Permissions (0)
03-02: Concrete5 8.5.4 Cross Site Scripting (0)
03-02: FortiLogger 4.4.2.2 Arbitrary File Upload (0)
03-02: Packet Storm New Exploits For February, 2021 (0)
03-02: [webapps] Zen Cart 1.5.7b – Remote Code Execution (Authenticated) (0)
03-02: [webapps] Tiny Tiny RSS – Remote Code Execution (0)
03-02: [webapps] Web Based Quiz System 1.0 – 'name' Persistent/Stored Cross-Site Scripting (0)
03-02: [webapps] Web Based Quiz System 1.0 – 'MCQ options' Persistent/Stored Cross-Site Scripting (0)
03-01: [webapps] VMware vCenter Server 7.0 – Unauthenticated File Upload (0)
03-01: [webapps] FortiLogger 4.4.2.2 – Unauthenticated Arbitrary File Upload (Metasploit) (0)
03-01: [remote] WiFi Mouse 1.7.8.5 – Remote Code Execution (0)

February 2021 (278)

02-27: WordPress Under Construction, Coming Soon, And Maintenance Mode 1.1.1 SSRF / XSS (0)
02-27: Simple Employee Records System 1.0 Shell Upload (0)
02-27: Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal (0)
02-27: Nagios XI 5.7.5 Remote Code Execution (0)
02-27: LightCMS 1.3.4 Cross Site Scripting (0)
02-27: Squid 4.14 / 5.0.5 Code Execution / Double Free (0)
02-27: Trojan-Dropper.Win32.Daws.etlm Unauthenticated Reboot (0)
02-27: Trojan-Spy.Win32.SpyEyes.elr Insecure Permissions (0)
02-27: Backdoor.Win32.Azbreg.amw Insecure Permissions (0)
02-27: Trojan.Win32.Hotkeychick.am Insecure Permissions (0)
02-27: Remote Desktop Web Access Authentication Timing Attack (0)
02-27: Zenphoto CMS 1.5.7 Shell Upload (0)
02-27: Triconsole 3.75 Cross Site Scripting (0)
02-27: VisualWare MyConnection Server 11.x Remote Code Execution (0)
02-27: Online Catering Reservation System 1.0 SQL Injection (0)
02-27: Trojan-Dropper.Win32.Daws.etlm Unauthenticated Reboot (0)
02-27: Doctor Appointment System 1.0 Cross Site Scripting (0)
02-27: Trojan-Proxy.Win32.Delf.ai Buffer Overflow (0)
02-27: Chrome DataElement Out-Of-Bounds Read (0)
02-27: Microsoft DirectWrite fsg_ExecuteGlyph Buffer Overflow (0)
02-27: Package Control Arbitrary File Write (0)
02-26: Backdoor.Win32.Wollf.h Missing Authentication (0)
02-26: ASUS Remote Link 1.1.2.13 Remote Code Execution (0)
02-26: Vehicle Parking Management System 1.0 Cross Site Scripting (0)
02-26: Trojan.Win32.Gofot.htx Buffer Overflow (0)
02-26: [webapps] Triconsole 3.75 – Reflected XSS (0)
02-26: [webapps] Simple Employee Records System 1.0 – File Upload RCE (Unauthenticated) (0)
02-25: http://sahathat.go.th/obec/web1/file_editor/logs.txt (0)
02-25: SpotAuditor 5.3.5 Denial Of Service (0)
02-25: Backdoor.Win32.Agent.xs Insecure Permissions (0)
02-25: LogonExpert 8.1 Unquoted Service Path (0)
02-25: Softros LAN Messenger 9.6.4 Unquoted Service Path (0)
02-25: SLMail 5.1.0.4420 Remote Code Execution (0)
02-25: Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation (0)
02-25: VMware vCenter 6.5 / 7.0 Remote Code Execution Proof Of Concept (0)
02-25: Backdoor.Win32.Agent.xw Denial Of Service / Null Pointer (0)
02-25: Python jsonpickle 2.0.0 Remote Code Execution (0)
02-25: LayerBB 1.1.4 SQL Injection (0)
02-25: Backdoor.Win32.Delf.adag Hardcoded Credentials / Traversal (0)
02-25: Unified Remote 3.9.0.2463 Remote Code Execution (0)
02-25: [remote] ASUS Remote Link 1.1.2.13 – Remote Code Execution (0)
02-24: eChat 1.0 SQL Injection (0)
02-24: Monica 2.19.1 Cross Site Scripting (0)
02-24: HFS (HTTP File Server) 2.3.x Remote Code Execution (0)
02-24: Batflat CMS 1.3.6 Cross Site Scripting (0)
02-24: Apache Flink JAR Upload Java Code Execution (0)
02-24: https://jobok.go.th/ina.htm (0)
02-24: https://www.kohsathon.go.th/ina.htm (0)
02-24: [dos] Product Key Explorer 4.2.7 – 'multiple' Denial of Service (PoC) (0)
02-24: [local] Softros LAN Messenger 9.6.4 – 'SoftrosSpellChecker' Unquoted Service Path (0)
02-24: [remote] Unified Remote 3.9.0.2463 – Remote Code Execution (0)
02-24: [local] LogonExpert 8.1 – 'LogonExpertSvc' Unquoted Service Path (0)
02-24: [remote] python jsonpickle 2.0.0 – Remote Code Execution (0)
02-24: [dos] SpotAuditor 5.3.5 – 'multiple' Denial Of Service (PoC) (0)
02-23: Apache MyFaces 2.x Cross Site Request Forgery (0)
02-23: Trojan-Proxy.Win32.Daemonize.i Denial Of Service (0)
02-23: Backdoor.Win32.Inject.tyq Insecure Permissions (0)
02-23: Backdoor.Win32.Ketch.h Buffer Overflow (0)
02-23: Trojan.Win32.Pincav.cmfl Insecure Permissions (0)
02-23: Trojan.Win32.Pluder.o Insecure Permissions (0)
02-23: Backdoor.Win32.DarkKomet.irv Insecure Permissions (0)
02-23: [remote] HFS (HTTP File Server) 2.3.x – Remote Command Execution (3) (0)
02-23: [webapps] Monica 2.19.1 – 'last_name' Stored XSS (0)
02-23: [webapps] Batflat CMS 1.3.6 – 'multiple' Stored XSS (0)
02-21: http://www.cs.moe.go.th/1.php (0)
02-20: https://www.priest-hospital.go.th/galau.html (0)
02-20: Neo LMS / Matrix LMS Cross Site Scripting (0)
02-20: OpenText Content Server 20.3 Cross Site Scripting (0)
02-20: Backdoor.Win32.DarkKomet.bhfh Insecure Permissions (0)
02-20: Backdoor.Win32.DarkKomet.apcc Insecure Permissions (0)
02-20: Comment System 1.0 Cross Site Scripting (0)
02-20: Backdoor.Win32.Bionet.10 Anonymous Login (0)
02-20: Beauty Parlour Management System 1.0 SQL Injection (0)
02-20: Beauty Parlour Management System 1.0 Cross Site Scripting (0)
02-20: Online Exam System With Timer 1.0 SQL Injection (0)
02-20: dataSIMS Avionics ARINC 664-1 4.5.3 Buffer Overflow (0)
02-20: Firejail TOCTOU Race Condition (0)
02-19: Gitea 1.12.5 Remote Code Execution (0)
02-19: Backdoor.Win32.Agent.aak Hardcoded Credentials (0)
02-19: Backdoor.Win32.Agent.aak Code Execution / Cross Site Request Forgery (0)
02-19: Apport 2.20 Privilege Escalation (0)
02-19: Batflat CMS 1.3.6 Remote Code Execution (0)
02-19: Backdoor.Win32.Agent.aak Buffer Overflow (0)
02-19: [local] dataSIMS Avionics ARINC 664-1 – Local Buffer Overflow (PoC) (0)
02-19: [webapps] Online Exam System With Timer 1.0 – 'email' SQL injection Auth Bypass (0)
02-19: [webapps] Comment System 1.0 – 'multiple' Stored Cross-Site Scripting (0)
02-19: [webapps] PEEL Shopping 9.3.0 – 'Comments/Special Instructions' Stored Cross-Site Scripting (0)
02-18: Faulty Evaluation System 1.0 Cross Site Scripting (0)
02-18: Billing Management System 2.0 SQL Injection (0)
02-18: [webapps] Batflat CMS 1.3.6 – Remote Code Execution (Authenticated) (0)
02-18: [local] Apport 2.20 – Local Privilege Escalation (0)
02-18: [webapps] Gitea 1.12.5 – Remote Code Execution (Authenticated) (0)
02-17: http://phibuncity.go.th/27.html (0)
02-17: Online Internship Management System 1.0 SQL Injection (0)
02-17: Backdoor.Win32.Cabrotor.21 Insecure Permissions (0)
02-17: Trojan-Spy.Win32.WinSpy.wlt Insecure Permissions (0)
02-17: AgataSoft PingMaster Pro 2.1 Denial Of Service (0)
02-17: Backdoor.Win32.Azbreg.aant Insecure Permissions (0)
02-17: Backdoor.Win32.Bifrose.ahvb Insecure Permissions (0)
02-17: CASAP Automated Enrollment System 1.0 Cross Site Scripting (0)
02-17: Nsauditor 3.2.2.0 Denial Of Service (0)
02-17: Backdoor.Win32.Indexer.a Hardcoded Credentials (0)
02-17: Managed Switch Port Mapping Tool 2.85.2 Denial Of Service (0)
02-17: BlackCat CMS 1.3.6 Cross Site Scripting (0)
02-17: Backdoor.Win32.Indexer.a Denial Of Service (0)
02-17: Backdoor.Win32.Burbul.b Anonymous Login (0)
02-17: [webapps] Billing Management System 2.0 – 'email' SQL injection Auth Bypass (0)
02-17: [webapps] Faulty Evaluation System 1.0 – 'multiple' Stored Cross-Site Scripting (0)
02-16: http://www.thagoob.go.th (0)
02-16: https://www.huayyangkham.go.th/me.html (0)
02-16: http://www.dongsing.go.th (0)
02-16: http://www.nongtadyai.go.th (0)
02-16: http://nongyueng.go.th (0)
02-16: http://www.secpt.go.th (0)
02-16: http://ss-muni.go.th (0)
02-16: http://www.tabakban.go.th (0)
02-16: http://www.plubpla101.go.th (0)
02-16: Backdoor.Win32.Backlash.101 Missing Authentication (0)
02-16: TestLink 1.9.20 Shell Upload (0)
02-16: Tasks 9.7.3 Insecure Permissions (0)
02-16: Backdoor.Win32.Cafeini.08.b Missing Authentication (0)
02-16: Klog Server 2.4.1 Command Injection (0)
02-16: Micro Focus Operations Bridge Manager Local Privilege Escalation (0)
02-16: [dos] Nsauditor 3.2.2.0 – 'Event Description' Denial of Service (PoC) (0)
02-16: [dos] AgataSoft PingMaster Pro 2.1 – Denial of Service (PoC) (0)
02-16: [dos] Managed Switch Port Mapping Tool 2.85.2 – Denial of Service (PoC) (0)
02-16: [webapps] Online Internship Management System 1.0 – 'email' SQL injection Auth Bypass (0)
02-16: [webapps] BlackCat CMS 1.3.6 – 'Display name' Cross Site Scripting (XSS) (0)
02-15: http://www.huaitoei.go.th/nkri.txt (0)
02-15: [local] Tasks 9.7.3 – Insecure Permissions (0)
02-15: [webapps] Teachers Record Management System 1.0 – 'searchteacher' SQL Injection (0)
02-15: [webapps] TestLink 1.9.20 – Unrestricted File Upload (Authenticated) (0)
02-14: http://www.phayumoph.go.th/nkri.txt (0)
02-14: http://bkpw.go.th/nkri.txt (0)
02-14: https://maeteep-ngao.go.th/nkri.txt (0)
02-13: PDFCOMPLETE Corporate Edition 4.1.45 Unquoted Service Path (0)
02-13: School File Management System 1.0 Cross Site Scripting (0)
02-13: School Event Attendance Monitoring System 1.0 Cross Site Scripting (0)
02-13: SolarWinds Serv-U FTP Server 15.2.1 Path Traversal (0)
02-13: SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting (0)
02-13: http://www.srisamran-sm.go.th/me.html (0)
02-13: Apple Security Advisory 2021-02-09-1 (0)
02-12: Huawei MBAMainService Unquoted Service Path (0)
02-12: PEEL Shopping 9.3.0 Cross Site Scripting (0)
02-12: Backdoor.Win32.Augudor.a Code Execution (0)
02-12: Openlitespeed WebServer 1.7.8 Command Injection (0)
02-12: Online Marriage Registration System 1.0 Remote Code Execution (0)
02-12: Backdoor.Win32.BackAttack.18 Missing Authentication (0)
02-12: [webapps] School Event Attendance Monitoring System 1.0 – 'Item Name' Stored Cross-Site Scripting (0)
02-12: [webapps] School File Management System 1.0 – 'multiple' Stored Cross-Site Scripting (0)
02-12: [local] PDFCOMPLETE Corporate Edition 4.1.45 – 'pdfcDispatcher' Unquoted Service Path (0)
02-11: Node.JS Remote Code Execution (0)
02-11: Backdoor.Win32.Aphexdoor.LiteSock Buffer Overflow (0)
02-11: Online Car Rental 1.0 Shell Upload (0)
02-11: b2evolution CMS 6.11.6 Open Redirection (0)
02-11: b2evolution CMS 6.11.6 Cross Site Scripting (0)
02-11: Adobe Magento Commerce Cross Site Scripting (0)
02-11: Microsoft Windows Server Silo Registry Key Symbolic Link Privilege Escalation (0)
02-11: Micro Focus Operations Bridge Manager Remote Code Execution (0)
02-11: https://www.mayo.go.th/manis.htm (0)
02-11: [webapps] Openlitespeed WebServer 1.7.8 – Command Injection (Authenticated) (2) (0)
02-11: [webapps] b2evolution 6.11.6 – 'tab3' Reflected XSS (0)
02-11: [webapps] b2evolution 6.11.6 – 'redirect_to' Open Redirect (0)
02-11: [webapps] PEEL Shopping 9.3.0 – 'address' Stored Cross-Site Scripting (0)
02-10: WordPress Supsystic Contact Form 1.7.5 XSS / SQL Injection (0)
02-10: Email-Worm.Win32.Sircam.eb Insecure Permissions (0)
02-10: Trojan.Win32.Delf.uq Insecure Permissions (0)
02-10: Trojan-Spy.Win32.SpyEyes.awow Insecure Permissions (0)
02-10: WordPress Supsystic Backup 2.3.9 Local File Inclusion (0)
02-10: Trojan-Spy.Win32.WebCenter.a Information Disclosure (0)
02-10: Trojan-Spy.Win32.WinSpy.vwl Insecure Permissions (0)
02-10: Alt-N MDaemon Webmail 20.0.0 Cross Site Scripting (0)
02-10: Backdoor.Win32.Wollf.15 Missing Authentication (0)
02-10: Millewin 13.39.028 Unquoted Service Path / Insecure Permissions (0)
02-10: SmartFoxServer 2X 2.17.0 God Mode Console WebSocket Cross Site Scripting (0)
02-10: Unibox Cross Site Request Forgery (0)
02-10: SmartFoxServer 2X 2.17.0 Credential Disclosure (0)
02-10: Unibox 2.4 CSRF / Remote Code Execution (0)
02-10: SmartFoxServer 2X 2.17.0 Remote Code Execution (0)
02-10: Adobe Connect 10 Username Disclosure (0)
02-10: Online Car Rental System 1.0 Cross Site Scripting (0)
02-10: Doctor Appointment System 1.0 SQL Injection (0)
02-10: Epson USB Display 1.6.0.0 Unquoted Service Path (0)
02-10: AnyTXT Searcher 1.2.394 Unquoted Service Path (0)
02-10: Trojan.Win32.Cafelom.bu Heap Corruption (0)
02-10: Discord Probot Arbitrary File Upload (0)
02-10: Backdoor.Win32.NetTerrorist Authentication Bypass / Code Execution (0)
02-10: Chrome SkBitmapOperations::UnPreMultiply Heap Buffer Overflow (0)
02-10: Chrome ClipboardWin::WriteBitmap Heap Buffer Overflow (0)
02-10: [webapps] b2evolution 6.11.6 – 'plugin name' Stored XSS (0)
02-09: https://king9.nrct.go.th/0x48.htm (0)
02-09: [webapps] Adobe Connect 10 – Username Disclosure (0)
02-09: [local] Epson USB Display 1.6.0.0 – 'EMP_UDSA' Unquote Service Path (0)
02-09: [local] AnyTXT Searcher 1.2.394 – 'ATService' Unquoted Service Path (0)
02-09: [webapps] Online Car Rental System 1.0 – Stored Cross Site Scripting (0)
02-08: Google Chrome Zero-Day Afflicts Windows, Mac Users (0)
02-08: [webapps] WordPress Plugin Supsystic Backup 2.3.9 – Local File Inclusion (0)
02-08: [webapps] WordPress Plugin Supsystic Ultimate Maps 1.1.12 – 'sidx' SQL injection (0)
02-08: [local] SmartFoxServer 2X 2.17.0 – Credentials Disclosure (0)
02-08: [local] AMD Fuel Service – 'Fuel.service' Unquote Service Path (0)
02-08: [webapps] SmartFoxServer 2X 2.17.0 – God Mode Console WebSocket XSS (0)
02-08: [webapps] WordPress Plugin Supsystic Data Tables Generator 1.9.96 – Multiple Vulnerabilities (0)
02-08: [webapps] WordPress Plugin Supsystic Digital Publications 1.6.9 – Multiple Vulnerabilities (0)
02-08: [local] Microsoft Internet Explorer 11 32-bit – Use-After-Free (0)
02-08: [webapps] WordPress Plugin Supsystic Newsletter 1.5.5 – 'sidx' SQL injection (0)
02-08: [webapps] WordPress Plugin Supsystic Membership 1.4.7 – 'sidx' SQL injection (0)
02-08: [webapps] Alt-N MDaemon webmail 20.0.0 – 'Contact name' Stored Cross Site Scripting (XSS) (0)
02-08: [webapps] Alt-N MDaemon webmail 20.0.0 – 'file name' Stored Cross Site Scripting (XSS) (0)
02-08: [webapps] YetiShare File Hosting Script 5.1.0 – 'url' Server-Side Request Forgery (0)
02-08: [local] SmartFoxServer 2X 2.17.0 – God Mode Console Remote Code Execution (0)
02-08: [webapps] WordPress Plugin Supsystic Contact Form 1.7.5 – Multiple Vulnerabilities (0)
02-08: [webapps] WordPress Plugin Supsystic Pricing Table 1.8.7 – Multiple Vulnerabilities (0)
02-08: [local] Millewin 13.39.146.1 – Local Privilege Escalation (0)
02-08: [webapps] WordPress Plugin Welcart e-Commerce 2.0.0 – 'search[order_column][0]' SQL injection (0)
02-08: [webapps] Jenzabar 9.2.2 – 'query' Reflected XSS. (0)
02-06: http://www.tumbonbanduea.go.th/index.php (0)
02-06: Apple Safari Remote Code Execution (0)
02-06: Apple CoreText libType1Scaler.dylib Memory Disclosure (0)
02-06: Apple CoreText libType1Scaler.dylib Buffer Overflow (0)
02-06: Apple CoreText libFontParser.dylib Stack Corruption (0)
02-06: Apple CoreText libType1Scaler.dylib Out-Of-Bounds Write / Integer Overflow (0)
02-05: https://www.angt.go.th/Mr_Sakib.php (0)
02-05: https://www.nonglong.go.th/-.txt (0)
02-05: [webapps] SEO Panel 4.6.0 – Remote Code Execution (2) (0)
02-05: [webapps] PhreeBooks 5.2.3 ERP – Remote Code Execution (2) (0)
02-05: [webapps] LiteSpeed Web Server Enterprise 5.4.11 – Command Injection (Authenticated) (0)
02-04: Car Rental Project 2.0 Shell Upload (0)
02-04: Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation (0)
02-04: Backdoor.Win32.NetBull.11.b Remote Buffer Overflow (0)
02-04: Pixelimity 1.0 Cross Site Request Forgery (0)
02-04: Backdoor.Win32.RemoteManipulator.brr Insecure Permissions (0)
02-03: Student Record System 4.0 SQL Injection (0)
02-03: Solaris 10 1/13 dtprintinfo Local Privilege Escalation (0)
02-03: Backdoor.Win32.Buterat.cxq Insecure Permissions (0)
02-03: Backdoor.Win32.Celine Missing Authentication (0)
02-03: Backdoor.Win32.Xyligan.blp Insecure Permissions (0)
02-03: YARA 4.0.3 Denial Of Service / Information Disclosure (0)
02-03: Hackers Are Exploiting A Critical Zero Day In Devices From SonicWall (0)
02-03: Apple Security Advisory 2021-02-01-1 (0)
02-03: Apple Security Advisory 2021-02-01-2 (0)
02-03: Apple Security Advisory 2021-02-01-3 (0)
02-03: Apple Security Advisory 2021-02-01-4 (0)
02-03: [local] Sudo 1.9.5p1 – 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2) (0)
02-03: [local] Sudo 1.9.5p1 – 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1) (0)
02-03: [webapps] Car Rental Project 2.0 – Arbitrary File Upload to Remote Code Execution (0)
02-03: [webapps] Pixelimity 1.0 – 'password' Cross-Site Request Forgery (0)
02-02: bloofoxCMS 0.5.2.1 Cross Site Request Forgery (0)
02-02: H8 SSRMS Insecure Direct Object Reference (0)
02-02: Klog Server 2.4.1 Command Injection (0)
02-02: Backdoor.Win32.Anaptix.bd Insecure Permissions (0)
02-02: Zoo Management System 1 SQL Injection (0)
02-02: WordPress 5.0.0 Remote Code Execution (0)
02-02: MyBB Thread Redirect 0.2.1 Cross Site Scripting (0)
02-02: MyBB Trending Widget 1.2 Cross Site Scripting (0)
02-02: MyBB Delete Account 1.4 Cross Site Scripting (0)
02-02: User Management System 1 SQL Injection (0)
02-02: Online Reviewer System 1.0 SQL Injection / Shell Upload (0)
02-02: Vehicle Parking Tracker System 1.0 Cross Site Scripting (0)
02-02: Online Reviewer System 1.0 SQL Injection (0)
02-02: Roundcube Webmail 1.2 File Disclosure (0)
02-02: Park Ticketing Management System 1 SQL Injection (0)
02-02: Sudo Buffer Overflow / Privilege Escalation (0)
02-02: GPG libgcrypt Heap Buffer Overflow (0)
02-02: Packet Storm New Exploits For January, 2021 (0)
02-02: [local] Solaris 10 1/13 (SPARC) – 'dtprintinfo' Local Privilege Escalation (3) (0)
02-02: [local] Solaris 10 1/13 (SPARC) – 'dtprintinfo' Local Privilege Escalation (1) (0)
02-02: [local] Solaris 10 1/13 (Intel) – 'dtprintinfo' Local Privilege Escalation (3) (0)
02-02: [local] Solaris 10 1/13 (Intel) – 'dtprintinfo' Local Privilege Escalation (2) (0)
02-02: [local] Solaris 10 1/13 (SPARC) – 'dtprintinfo' Local Privilege Escalation (2) (0)
02-02: [webapps] Student Record System 4.0 – 'cid' SQL Injection (0)
02-01: http://www.suwaree.go.th/hack3d.txt (0)
02-01: [webapps] bloofoxCMS 0.5.2.1 – CSRF (Add user) (0)
02-01: [webapps] MyBB Trending Widget Plugin 1.2 – Cross-Site Scripting (0)
02-01: [webapps] Park Ticketing Management System 1.0 – 'viewid' SQL Injection (0)
02-01: [webapps] User Management System 1.0 – 'uid' SQL Injection (0)
02-01: [webapps] MyBB Delete Account Plugin 1.4 – Cross-Site Scripting (0)
02-01: [webapps] MyBB Thread Redirect Plugin 0.2.1 – Cross-Site Scripting (0)
02-01: [webapps] Zoo Management System 1.0 – 'anid' SQL Injection (0)

January 2021 (394)

01-30: MyBB Hide Thread Content 1.0 Information Disclosure (0)
01-30: Backdoor.Win32.Zetronic Denial Of Service (0)
01-30: Backdoor.Win32.Zhangpo Denial Of Service (0)
01-30: Home Assistant Community Store 1.10.0 Path Traversal (0)
01-30: Quick.CMS 6.7 Remote Code Execution (0)
01-30: Backdoor.Win32.Mhtserv.b Missing Authentication (0)
01-30: Online Grading System 1.0 SQL Injection (0)
01-30: BloofoxCMS 0.5.2.1 Cross Site Scripting (0)
01-30: Online Voting System 1.0 Authorization Bypass (0)
01-30: Backdoor.Win32.MiniBlackLash Denial Of Service (0)
01-30: Packed.Win32.Katusha.o Insecure Permissions (0)
01-30: Metasploit Framework 6.0.11 Command Injection (0)
01-30: http://www.prachuap.go.th/vin.txt (0)
01-29: EgavilanMedia PHPCRUD 1.0 Cross Site Scripting (0)
01-29: CMSUno 1.6.2 Remote Code Execution (0)
01-29: jQuery UI 1.12.1 Denial Of Service (0)
01-29: WordPress SuperForms 4.9 Shell Upload (0)
01-29: Chamilo LMS 1.11.14 Cross Site Scripting (0)
01-29: Micro Focus UCMDB Remote Code Execution (0)
01-29: PRTG Network Monitor Remote Code Execution (0)
01-29: http://paknamprasae.rayongpolice.go.th/bc7.html (0)
01-29: [webapps] Quick.CMS 6.7 – Remote Code Execution (Authenticated) (0)
01-29: [webapps] Online Grading System 1.0 – 'uname' SQL Injection (0)
01-29: [webapps] BloofoxCMS 0.5.2.1 – 'text' Stored Cross Site Scripting (0)
01-28: Openlitespeed Web Server 1.7.8 Command Injection (0)
01-28: Backdoor.Win32.DarkKomet.apbb Insecure Permissions (0)
01-28: Backdoor.Win32.Wollf.14 Missing Authentication (0)
01-28: Constructor.Win32.SpyNet.a Remote Password Leak (0)
01-28: Revive Adserver 5.1.0 Cross Site Scripting (0)
01-28: STVS ProVision 5.9.10 File Disclosure (0)
01-28: STVS ProVision 5.9.10 Cross Site Scripting (0)
01-28: STVS ProVision 5.9.10 Cross Site Request Forgery (0)
01-28: Sudo Heap-Based Buffer Overflow (0)
01-28: [dos] jQuery UI 1.12.1 – Denial of Service (DoS) (0)
01-28: [webapps] CMSUno 1.6.2 – 'lang/user' Remote Code Execution (Authenticated) (0)
01-28: [webapps] EgavilanMedia PHPCRUD 1.0 – 'Full Name' Stored Cross Site Scripting (0)
01-27: Apple Patches Three Actively Exploited Zero Days (0)
01-27: Apple Security Advisory 2021-01-26-1 (0)
01-27: Apple Security Advisory 2021-01-26-2 (0)
01-27: Apple Security Advisory 2021-01-26-3 (0)
01-27: Apple Security Advisory 2021-01-26-4 (0)
01-27: http://www.sirinhospital.go.th/indonesia.htm (0)
01-27: http://www.reo11.go.th/indonesia.htm (0)
01-27: https://nakoonyai.go.th/indonesia.htm (0)
01-27: SonicWall SSL-VPN Shellshock Remote Code Execution (0)
01-27: Simple College Website 1.0 SQL Injection (0)
01-27: Simple College Website 1.0 Cross Site Scripting (0)
01-27: Daily Expense Tracker System 1.0 Cross Site Scripting (0)
01-27: Backdoor.Win32.Wollf.c Hardcoded Backdoor Password (0)
01-27: Tenda AC5 AC1200 Wireless Cross Site Scripting (0)
01-27: Simple Public Chat Room 1.0 SQL Injection (0)
01-27: Klog Server 2.4.1 Command Injection (0)
01-27: Cemetery Mapping And Information System 1.0 SQL Injection (0)
01-27: Simple Public Chat Room 1.0 Cross Site Scripting (0)
01-27: Oracle WebLogic Server 12.2.1.0 Remote Code Execution (0)
01-27: Former LulzSec Hacker Releases SonicWall VPN Zero-Day (0)
01-27: [webapps] Openlitespeed Web Server 1.7.8 – Command Injection (Authenticated) (0)
01-27: [webapps] STVS ProVision 5.9.10 – Cross-Site Request Forgery (Add Admin) (0)
01-27: [webapps] STVS ProVision 5.9.10 – File Disclosure (Authenticated) (0)
01-26: MyBB Timeline 1.0 Cross Site Request Forgery / Cross Site Scripting (0)
01-26: Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect (0)
01-26: Collabtive 3.1 Cross Site Scripting (0)
01-26: Backdoor.Win32.Kraimer.11 Missing Authentication (0)
01-26: Backdoor.Win32.Noknok.60 Insecure Permissions (0)
01-26: CASAP Automated Enrollment System 1.0 Cross Site Scripting (0)
01-26: CASAP Automated Enrollment System 1.0 Cross Site Scripting (0)
01-26: Backdoor.Win32.Noknok.50 Insecure Permissions (0)
01-26: Backdoor.Win32.Jokerdoor Insecure Permissions (0)
01-26: Library System 1.0 SQL Injection (0)
01-26: Trojan.Win32.Xocry.ff Insecure Permissions (0)
01-26: Backdoor.Win32.Wollf.16 Hardcoded Password (0)
01-26: PEAR Archive_Tar Arbitrary File Write (0)
01-26: MobileIron MDM Hessian-Based Java Deserialization Remote Code Execution (0)
01-26: Backdoor.Win32.DarkKomet.bhfh Insecure Permissions (0)
01-26: SonicWall Says It Was Hacked Using Zero-Days In Its Own Products (0)
01-26: [webapps] Oracle WebLogic Server 12.2.1.0 – RCE (Unauthenticated) (0)
01-26: [webapps] Tenda AC5 AC1200 Wireless – 'WiFi Name & Password' Stored Cross Site Scripting (0)
01-26: [webapps] Simple College Website 1.0 – 'full' Stored Cross Site Scripting (0)
01-26: [webapps] Simple College Website 1.0 – 'name' Sql Injection (Authentication Bypass) (0)
01-26: [webapps] Cemetry Mapping and Information System 1.0 – 'user_email' Sql Injection (Authentication Bypass) (0)
01-25: [webapps] Library System 1.0 – 'category' SQL Injection (0)
01-25: [webapps] CASAP Automated Enrollment System 1.0 – 'route' Stored XSS (0)
01-25: [webapps] CASAP Automated Enrollment System 1.0 – 'First Name' Stored XSS (0)
01-25: [webapps] MyBB Timeline Plugin 1.0 – Cross-Site Scripting / CSRF (0)
01-25: [webapps] Collabtive 3.1 – 'address' Persistent Cross-Site Scripting (0)
01-24: http://www.chaisatarn.go.th/Vz.txt (0)
01-23: Oracle WebLogic Server 14.1.1.0 Remote Code Execution (0)
01-23: Selea Targa IP OCR-ANPR Camera Cross Site Scripting (0)
01-23: Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite (0)
01-23: CASAP Automated Enrollment System 1.0 Authentication Bypass (0)
01-23: Selea Targa IP OCR-ANPR Camera Directory Traversal (0)
01-23: Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery (0)
01-23: Selea Targa IP OCR-ANPR Camera Cross Site Request Forgery (0)
01-23: Selea Targa IP OCR-ANPR Camera Stream Disclosure (0)
01-23: Backdoor.Win32.Hupigon.adef Remote Stack Buffer Overflow (0)
01-23: ERPNext 12.14.0 SQL Injection (0)
01-23: Selea Targa IP OCR-ANPR Camera Remote Code Execution (0)
01-23: Atlassian Confluence 6.12.1 Template Injection (0)
01-23: Selea CarPlateServer 4.0.1.6 Local Privilege Escalation (0)
01-23: Selea CarPlateServer 4.0.1.6 Remote Program Execution (0)
01-22: http://phpmyadmin.ayutthaya2.go.th/image.html (0)
01-22: Backdoor.Win32.Zxman Missing Authentication (0)
01-22: Backdoor.Win32.Onalf Missing Authentication (0)
01-22: Online Documents Sharing Platform 1.0 SQL Injection (0)
01-22: Apartment Visitors Management System 1.0 SQL Injection (0)
01-22: Backdoor.Win32.WinShell.30 Remote Stack Buffer Overflow / Missing Authentication (0)
01-22: Nagios XI 5.7.5 Cross Site Scripting (0)
01-22: Backdoor.Win32.Verify.f Missing Authentication (0)
01-22: Anchor CMS 0.12.7 Cross Site Request Forgery (0)
01-22: Backdoor.Win32.Xel Remote Authentication Buffer Overflow (0)
01-22: Simple JobBoard Authenticated File Read (0)
01-22: [webapps] ERPNext 12.14.0 – SQL Injection (Authenticated) (0)
01-22: [webapps] CASAP Automated Enrollment System 1.0 – Authentication Bypass (0)
01-22: [webapps] Selea CarPlateServer (CPS) 4.0.1.6 – Remote Program Execution (0)
01-22: [webapps] Library System 1.0 – Authentication Bypass Via SQL Injection (0)
01-22: [webapps] Oracle WebLogic Server 14.1.1.0 – RCE (Authenticated) (0)
01-22: [webapps] Selea Targa IP OCR-ANPR Camera – 'addr' Remote Code Execution (Unauthenticated) (0)
01-22: [webapps] Selea Targa IP OCR-ANPR Camera – CSRF Add Admin (0)
01-22: [webapps] Selea Targa IP OCR-ANPR Camera – RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated) (0)
01-22: [webapps] Selea Targa IP OCR-ANPR Camera – Directory Traversal File Disclosure (Unauthenticated) (0)
01-22: [webapps] Selea Targa IP OCR-ANPR Camera – Multiple SSRF (Unauthenticated) (0)
01-22: [webapps] Selea Targa IP OCR-ANPR Camera – 'files_list' Remote Stored XSS (0)
01-22: [webapps] Selea Targa IP OCR-ANPR Camera – Developer Backdoor Config Overwrite (0)
01-22: [local] Selea CarPlateServer (CPS) 4.0.1.6 – Local Privilege Escalation (0)
01-21: http://www.nondangsao.go.th/robots.txt (0)
01-21: Church Rota 2.6.4 Shell Upload (0)
01-21: Voting System 1.0 Shell Upload (0)
01-21: Backdoor.Win32.Zombam.geq Remote Buffer Overflow (0)
01-21: Backdoor.Win32.Whirlpool.10 Remote Stack Buffer Overflow (0)
01-21: Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 XSS (0)
01-21: Backdoor.Win32.Whisper.b Remote Stack Corruption (0)
01-21: [webapps] Wordpress Plugin Simple Job Board 2.9.3 – Authenticated File Read (Metasploit) (0)
01-21: [webapps] Nagios XI 5.7.5 – Multiple Persistent Cross-Site Scripting (0)
01-21: [webapps] Apartment Visitors Management System 1.0 – 'email' SQL Injection (0)
01-21: [webapps] Online Documents Sharing Platform 1.0 – 'user' SQL Injection (0)
01-20: osTicket 1.14.2 Server-Side Request Forgery (0)
01-20: Newfuture Trojan V.1.0 BETA 1 Insecure Permissions (0)
01-20: Constructor.Win32.SMWG.a Insecure Permissions (0)
01-20: Constructor.Win32.SMWG.c Insecure Permissions (0)
01-20: Email-Worm.Win32.Agent.gi Remote Stack Buffer Overflow (0)
01-20: Backdoor.Win32.NetBull.11.a Remote Buffer Overflow (0)
01-20: [webapps] Voting System 1.0 – File Upload RCE (Authenticated Remote Code Execution) (0)
01-20: [webapps] Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 – Stored XSS (0)
01-20: [webapps] ChurchRota 2.6.4 – RCE (Authenticated) (0)
01-19: http://p1.go.th/vin.txt (0)
01-19: ZynOS rom-0 Flaw Scanner (0)
01-19: Backdoor.Win32.Nucleroot.bi MaskPE 2.0 Local Buffer Overflow (0)
01-19: Xwiki CMS 12.10.2 Cross Site Scripting (0)
01-19: Backdoor.Win32.Nucleroot.t MaskPE 1.6 Local Buffer Overflow (0)
01-19: Backdoor.Win32.Latinus.b Remote Buffer Overflow (0)
01-19: Life Insurance Management System 1.0 SQL Injection (0)
01-19: Life Insurance Management System 1.0 Shell Upload (0)
01-19: Backdoor.Win32.Whgrx Remote Stack Buffer Overflow (0)
01-19: Backdoor.Win32.Mnets Remote Stack Buffer Overflow (0)
01-19: Inteno IOPSYS 3.16.4 Root Filesystem Access (0)
01-19: Cisco UCS Manager 2.2(1d) Remote Command Execution (0)
01-19: Microsoft Spooler Local Privilege Elevation (0)
01-19: [webapps] osTicket 1.14.2 – SSRF (0)
01-18: http://www.raikee.go.th/indonesia.txt (0)
01-18: [webapps] Life Insurance Management System 1.0 – File Upload RCE (Authenticated) (0)
01-18: [webapps] Inteno IOPSYS 3.16.4 – root filesystem access via sambashare (Authenticated) (0)
01-18: [webapps] Xwiki CMS 12.10.2 – Cross Site Scripting (XSS) (0)
01-18: [webapps] Cisco UCS Manager 2.2(1d) – Remote Command Execution (0)
01-18: [webapps] Life Insurance Management System 1.0 – 'client_id' SQL Injection (0)
01-17: http://www.sungmen.go.th/asu.txt (0)
01-17: http://tambonsantisuk.go.th/asu.txt (0)
01-17: http://kaokum.go.th/asu.txt (0)
01-17: http://ksm.go.th/asu.txt (0)
01-17: http://trobon.go.th/asu.txt (0)
01-16: http://thatnoi.go.th/peler.txt (0)
01-16: http://www.naklanghospital.go.th/asu.txt (0)
01-16: http://www.sakhrai.go.th/bots.txt (0)
01-16: http://www.pmnobt.go.th/vin.txt (0)
01-16: PHP-Fusion 9.03.90 Cross Site Request Forgery (0)
01-16: Online Hotel Reservation System 1.0 Cross Site Scripting (0)
01-16: WordPress Easy Contact Form 1.1.7 Cross Site Scripting (0)
01-16: Online Hotel Reservation System 1.0 SQL Injection (0)
01-16: Online Hotel Reservation System 1.0 Cross Site Request Forgery (0)
01-16: EyesOfNetwork 5.3 Remote Code Execution (0)
01-16: Backdoor.Win32.Ncx.bt Remote Stack Buffer Overflow (0)
01-16: E-Learning System 1.0 SQL Injection / Shell Upload (0)
01-16: Alumni Management System 1.0 Cross Site Scripting (0)
01-16: Netsia SEBA+ 0.16.1 Authentcation Bypass / Add Root User (0)
01-15: http://phrommat.go.th/z.htm (0)
01-15: http://wangpang.go.th/z.htm (0)
01-15: http://www.waengnoi.go.th/vin.txt (0)
01-15: Nagios XI 5.7.x Remote Code Execution (0)
01-15: Online Shopping Cart 1.0 SQL Injection (0)
01-15: Backdoor.Win32.Ketch.i Remote Stack Buffer Overflow (0)
01-15: Laravel 8.4.2 Remote Code Execution (0)
01-15: Cisco RV110W 1.2.1.7 Denial Of Service (0)
01-15: Backdoor.Win32.Ketch.a Remote Stack Buffer Overflow (0)
01-15: http://www.nakhank.go.th/manis.htm (0)
01-15: Hackers Used 4 Zero-Days To Infect Windows And Android Devices (0)
01-15: [webapps] E-Learning System 1.0 – Authentication Bypass & RCE POC (0)
01-15: [webapps] Online Hotel Reservation System 1.0 – 'person' time-based SQL Injection (0)
01-15: [webapps] Online Hotel Reservation System 1.0 – 'id' Time-based SQL Injection (0)
01-15: [webapps] Online Hotel Reservation System 1.0 – 'description' Stored Cross-site Scripting (0)
01-15: [webapps] WordPress Plugin Easy Contact Form 1.1.7 – 'Name' Stored Cross-Site Scripting (XSS) (0)
01-15: [webapps] Online Hotel Reservation System 1.0 – Cross-site request forgery (CSRF) (0)
01-15: [webapps] PHP-Fusion CMS 9.03.90 – Cross-Site Request Forgery (Delete admin shoutbox message) (0)
01-14: http://kaongiw.go.th/vin.txt (0)
01-14: Erlang Cookie Remote Code Execution (0)
01-14: Backdoor.Win32.Kurbadur.a Remote Stack Buffer Overflow (0)
01-14: Envira Gallery Lite 1.8.3.2 Cross Site Scripting (0)
01-14: FiberHome HG6245D Disclosure / Bypass / Privilege Escalation / DoS (0)
01-14: Pepperl+Fuchs IO-Link Master Series 1.36 CSRF / XSS / Command Injection (0)
01-14: flatCore CMS XSS / File Disclosure / SQL Injection (0)
01-14: Online Hotel Reservation 1.0 SQL Injection (0)
01-14: Online Movie Streaming 1.0 SQL Injection (0)
01-14: http://maisnk.go.th/vin.txt (0)
01-14: [webapps] Cisco RV110W 1.2.1.7 – 'vpn_account' Denial of Service (PoC) (0)
01-14: [webapps] Online Shopping Cart System 1.0 – 'id' SQL Injection (0)
01-14: [webapps] Nagios XI 5.7.X – Remote Code Exection RCE (Authenticated) (0)
01-14: [webapps] Laravel 8.4.2 debug mode – Remote code execution (0)
01-14: [webapps] Online Movie Streaming 1.0 – Admin Authentication Bypass (0)
01-13: https://www.ponsai.go.th/vin.txt (0)
01-13: http://nongpanta.go.th/z.htm (0)
01-13: http://phetchabun2.go.th/bots.txt (0)
01-13: http://esanpt1.go.th/z.htm (0)
01-13: Backdoor.Win32.Zombam.a Remote Stack Buffer Overflow (0)
01-13: SmartAgent 3.1.0 Privilege Escalation (0)
01-13: Cemetery Mapping And Information System 1.0 SQL Injection (0)
01-13: Gila CMS 2.0.0 Remote Code Execution (0)
01-13: WordPress AIT CSV Import/Export 3.0.3 Shell Upload (0)
01-13: Cloud Filter Arbitrary File Creation / Privilege Escalation (0)
01-13: http://www.banon-ngao.go.th/z.htm (0)
01-13: http://bgr11.dgr.go.th/bots.txt (0)
01-13: http://bgr12.dgr.go.th/bots.txt (0)
01-13: [remote] Erlang Cookie – Remote Code Execution (0)
01-12: Backdoor.Win32.Ketch.b Remote Stack Buffer Overflow (0)
01-12: Cemetery Mapping And Information System 1.0 Cross Site Scripting (0)
01-12: Backdoor.Win32.Levelone.a Remote Stack Buffer Overflow (0)
01-12: EyesOfNetwork 5.3 Local File Inclusion (0)
01-12: PortableKanban 4.3.6578.38136 Encrypted Password Disclosure (0)
01-12: Gentoo Linux Security Advisory 202101-03 (0)
01-12: OpenCart 3.0.36 Cross Site Request Forgery (0)
01-12: Backdoor.Win32.Levelone.b Remote Stack Buffer Overflow (0)
01-12: Prestashop 1.7.7.0 SQL Injection (0)
01-12: EyesOfNetwork 5.3 Remote Code Execution / Privilege Escalation (0)
01-12: Anchor CMS 0.12.7 Cross Site Scripting (0)
01-12: Coturn 4.5.1.x Access Control Bypass (0)
01-12: WordPress Custom Global Variables 1.0.5 Cross Site Scripting (0)
01-12: [webapps] SmartAgent 3.1.0 – Privilege Escalation (0)
01-12: [webapps] Cemetry Mapping and Information System 1.0 – Multiple SQL Injections (0)
01-12: [webapps] Gila CMS 2.0.0 – Remote Code Execution (Unauthenticated) (0)
01-11: http://www.abtbungkla.go.th/test.php (0)
01-11: [webapps] OpenCart 3.0.36 – ATO via Cross Site Request Forgery (0)
01-11: [webapps] WordPress Plugin Custom Global Variables 1.0.5 – 'name' Stored Cross-Site Scripting (XSS) (0)
01-11: [webapps] Cemetry Mapping and Information System 1.0 – Multiple Stored Cross-Site Scripting (0)
01-11: [webapps] EyesOfNetwork 5.3 – RCE & PrivEsc (0)
01-11: [webapps] EyesOfNetwork 5.3 – LFI (0)
01-11: [webapps] Anchor CMS 0.12.7 – 'markdown' Stored Cross-Site Scripting (0)
01-10: http://plapak.go.th/z.htm (0)
01-10: http://www.nongtakong.go.th/z.htm (0)
01-10: http://www.kusawd.go.th (0)
01-10: http://chaiwattana.go.th (0)
01-09: http://thakasuem.go.th (0)
01-09: http://www.kamkoksoong.go.th (0)
01-09: http://srakoo.go.th (0)
01-09: http://nonsaat.go.th (0)
01-09: ECSIMAGING PACS 6.21.5 Remote Code Execution (0)
01-09: iBall-Baton WRA150N File Disclosure (0)
01-09: Employee Record System 1.0 Shell Upload (0)
01-09: Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal (0)
01-09: WordPress Autoptimize Shell Upload (0)
01-09: Life Insurance Management System 1.0 Cross Site Scripting (0)
01-09: Cockpit CMS Remote Code Execution (0)
01-09: OX App Suite / OX Documents 7.10.x XSS / SSRF (0)
01-09: Curfew e-Pass Management System 1.0 Cross Site Scripting (0)
01-09: ECSIMAGING PACS 6.21.5 SQL Injection (0)
01-09: dnsrecon 0.10.0 CSV Injection (0)
01-09: Online Doctor Appointment System 1.0 Cross Site Scripting (0)
01-09: Backdoor.Win32.Agent.dcbh Insecure Permissions / Privilege Escalation (0)
01-09: Cockpit 234 Server-Side Request Forgery (0)
01-09: Backdoor.Win32.Xtreme.yvp Insecure Permissions / Privilege Escalation (0)
01-09: WordPress wpDiscuz 7.0.4 Shell Upload (0)
01-09: Backdoor.Win32.NinjaSpy.c Remote Stack Buffer Overflow (0)
01-08: PaperStream IP (TWAIN) 1.42.0.5685 Local Privilege Escalation (0)
01-08: Gitea 1.7.5 Remote Code Execution (0)
01-08: H2 Database 1.4.199 JNI Code Execution (0)
01-08: Sonatype Nexus 3.21.1 Remote Code Execution (0)
01-08: Rocket.Chat 3.7.1 Email Address Enumeration (0)
01-08: [webapps] Wordpress Plugin wpDiscuz 7.0.4 – Unauthenticated Arbitrary File Upload (Metasploit) (0)
01-08: [webapps] WordPress Plugin Autoptimize 2.7.6 – Authenticated Arbitrary File Upload (Metasploit) (0)
01-08: [local] dnsrecon 0.10.0 – CSV Injection (0)
01-08: [webapps] Apache Flink 1.11.0 – Unauthenticated Arbitrary File Read (Metasploit) (0)
01-08: [webapps] Cockpit Version 234 – Server-Side Request Forgery (Unauthenticated) (0)
01-08: [webapps] Online Doctor Appointment System 1.0 – Multiple Stored XSS (0)
01-08: [webapps] Life Insurance Management System 1.0 – Multiple Stored XSS (0)
01-07: Advanced Webhost Billing System 3.7.0 Cross Site Request Forgery (0)
01-07: dirsearch 0.4.1 CSV Injection (0)
01-07: IObit Uninstaller 10 Pro Unquoted Service Path (0)
01-07: IPeakCMS 3.5 SQL Injection (0)
01-07: Expense Tracker 1.0 Cross Site Scripting (0)
01-07: WordPress WP24 Domain Check 1.6.2 Cross Site Scripting (0)
01-07: Responsive E-Learning System 1.0 Shell Upload (0)
01-07: Responsive E-Learning System 1.0 Cross Site Scripting (0)
01-07: WordPress Litespeed Cache 3.6 Cross Site Scripting (0)
01-07: Newgen Correspondence Management System eGov 12.0 Insecure Direct Object Reference (0)
01-07: WinAVR 20100110 Insecure Folder Permissions (0)
01-07: NTLM BITS SYSTEM Token Impersonation (0)
01-07: IPS Community Suite 4.5.4 SQL Injection (0)
01-07: [webapps] CRUD Operation 1.0 – Multiple Stored XSS (0)
01-07: [webapps] ECSIMAGING PACS 6.21.5 – SQL injection (0)
01-07: [webapps] iBall-Baton WRA150N Rom-0 Backup – File Disclosure (Sensitive Information) (0)
01-07: [webapps] Curfew e-Pass Management System 1.0 – Stored XSS (0)
01-07: [webapps] Cockpit CMS 0.6.1 – Remote Code Execution (0)
01-07: [webapps] Employee Record System 1.0 – Unrestricted File Upload to Remote Code Execution (0)
01-07: [webapps] ECSIMAGING PACS 6.21.5 – Remote code execution (0)
01-06: http://www.tessabantak.go.th (0)
01-06: Backdoor.Win32.Zombam.k Stack Buffer Overflow (0)
01-06: sar2html 3.2.1 Remote Code Execution (0)
01-06: CMS Made Simple 2.2.15 Remote Command Execution (0)
01-06: Subrion CMS 4.2.1 Cross Site Scripting (0)
01-06: Incom CMS 2.0 File Upload (0)
01-06: House Rental And Property Listing 1.0 Cross Site Scripting (0)
01-06: Intel Matrix Storage Event Monitor 8.0.0.1039 Unquoted Service Path (0)
01-06: Click2Magic 1.1.5 Cross Site Scripting (0)
01-06: EgavilanMedia User Registration And Login System With Admin Panel 1.0 XSS (0)
01-06: CSZ CMS 1.2.9 Cross Site Scripting (0)
01-06: Fluentd TD-agent 4.0.1 Insecure Folder Permission (0)
01-06: Responsive FileManager 9.13.4 Path Traversal (0)
01-06: Baby Care System 1.0 Cross Site Scripting (0)
01-06: Responsive ELearning System 1.0 SQL Injection (0)
01-06: Resumes Management And Job Application Website 1.0 SQL Injection (0)
01-06: Klog Server 2.4.1 Command Injection (0)
01-06: WordPress Stripe Payments 2.0.39 Cross Site Scripting (0)
01-06: WordPress WP-Paginate 2.1.3 Cross Site Scripting (0)
01-06: Online Learning Management System 1.0 Remote Command Execution (0)
01-06: Online Movie Streaming 1.0 SQL Injection (0)
01-06: PLANEX CS-QP50F-ING2 Remote Configuration Disclosure (0)
01-06: Node.js TLSWrap Use-After-Free (0)
01-06: SpamTitan 7.07 Command Injection (0)
01-06: [local] PaperStream IP (TWAIN) 1.42.0.5685 – Local Privilege Escalation (0)
01-06: [local] WinAVR Version 20100110 – Insecure Folder Permissions (0)
01-06: [webapps] Newgen Correspondence Management System (corms) eGov 12.0 – IDOR (0)
01-06: [webapps] Advanced Webhost Billing System 3.7.0 – Cross-Site Request Forgery (CSRF) (0)
01-06: [webapps] WordPress Plugin WP24 Domain Check 1.6.2 – 'fieldnameDomain' Stored Cross Site Scripting (0)
01-06: [webapps] Responsive E-Learning System 1.0 – Stored Cross Site Scripting (0)
01-06: [webapps] Responsive E-Learning System 1.0 – Unrestricted File Upload to RCE (0)
01-06: [webapps] Expense Tracker 1.0 – 'Expense Name' Stored Cross-Site Scripting (0)
01-06: [webapps] WordPress Plugin litespeed cache 3.6 – 'server_ip' Cross-Site Scripting (0)
01-06: [local] IObit Uninstaller 10 Pro – Unquoted Service Path (0)
01-06: [webapps] IPeakCMS 3.5 – Boolean-based blind SQLi (0)
01-06: [local] dirsearch 0.4.1 – CSV Injection (0)
01-05: http://www.wanyai.go.th (0)
01-05: Easy CD And DVD Cover Creator 4.13 Denial Of Service (0)
01-05: 4images 1.7.11 Cross Site Scripting (0)
01-05: Hyland Enterprise Search 11.2.2 Cross Site Scripting (0)
01-05: Gotenberg 6.2.0 Traversal / Code Execution / Insecure Permissions (0)
01-05: Trojan.Win32.Antavka.bz Insecure Permissions / Privilege Escalation (0)
01-05: Win32 Backdoor 2019-02-ARTRADOWNLOADER SEH Buffer Overflow (0)
01-05: Mantis Bug Tracker 2.24.3 SQL Injection (0)
01-05: Resumes Management And Job Application Website 1.0 Shell Upload (0)
01-05: Backdoor.Win32.Infexor.b Remote SEH Stack Buffer Overflow (0)
01-05: Trojan.Win32.Barjac Remote Stack Buffer Overflow (0)
01-05: Curfew e-Pass Management 1.0 Cross Site Scripting (0)
01-05: Knockpy 4.1.1 CSV Injection (0)
01-05: Trojan.Win32.Bayrob.cgau Insecure Permissions / Privilege Escalation (0)
01-05: Email-Worm.Win32.Zhelatin.ago Remote Stack Buffer Overflow (0)
01-05: Trojan:Win32/Alyak.B Remote Stack Corruption (0)
01-05: Resumes Management And Job Application Website 1.0 Cross Site Scripting (0)
01-05: BACKDOOR.WIN32.ADVERBOT Remote Stack Corruption (0)
01-05: BACKDOOR.WIN32.REMOTEMANIPULATOR Insecure Permissions (0)
01-05: Backdoor.Win32.Zombam.j Remote Stack Buffer Overflow (0)
01-05: Rock RMS File Upload / Account Takeover / Information Disclosure (0)
01-05: CRUD Operation Software 1.0 Cross Site Scripting (0)
01-05: HEUR.RISKTOOL.WIN32.BITMINER.GEN Remote Memory Corruption / Null Pointer (0)
01-05: TROJAN.WIN32.JORIK.DMSPAMMER.SZ Remote Memory Corruption (0)
01-05: Phorpiex Insecure Permissions / Privilege Escalation (0)
01-05: BACKDOOR.WIN32.BNLITE Remote Heap Corruption (0)
01-05: [webapps] Responsive ELearning System 1.0 – 'id' Sql Injection (0)
01-05: [webapps] Online Movie Streaming 1.0 – Authentication Bypass (0)
01-05: [webapps] WordPress Plugin WP-Paginate 2.1.3 – 'preset' Stored XSS (0)
01-05: [webapps] WordPress Plugin Stripe Payments 2.0.39 – 'AcceptStripePayments-settings[currency_code]' Stored XSS (0)
01-05: [webapps] Resumes Management and Job Application Website 1.0 – Authentication Bypass (Sql Injection) (0)
01-05: [webapps] IncomCMS 2.0 – Insecure File Upload (0)
01-05: [webapps] House Rental and Property Listing 1.0 – Multiple Stored XSS (0)
01-05: [local] Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 – 'IAANTMON' Unquoted Service Path (0)
01-04: [local] Knockpy 4.1.1 – CSV Injection (0)
01-04: [webapps] Advanced Comment System 1.0 – 'ACS_path' Path Traversal (0)
01-04: [webapps] 4images v1.7.11 – 'Profile Image' Stored Cross-Site Scripting (0)
01-04: [webapps] Mantis Bug Tracker 2.24.3 – 'access' SQL Injection (0)
01-04: [webapps] Wordpress Core 5.2.2 – 'post previews' XSS (0)
01-04: [webapps] sar2html 3.2.1 – 'plot' Remote Code Execution (0)
01-04: [dos] Easy CD & DVD Cover Creator 4.13 – Denial of Service (PoC) (0)
01-04: [local] MiniTool ShadowMaker 3.2 – 'MTAgentService' Unquoted Service Path (0)
01-02: Packet Storm New Exploits For December, 2020 (0)
01-02: Packet Storm New Exploits For 2020 (0)
01-01: qdPM 9.1 PHP Object Injection (0)
01-01: Openpilot Default SSH Key Scanner (0)
01-01: Zoom 4.6.239.20200613 Meeting Connector Post-Auth Remote Root (0)
01-01: https://dopatak.go.th/bipolar.htm (0)

December 2020 (418)

12-31: EgavilanMedia My To Do List 1.0 Cross Site Scripting (0)
12-30: URVE Software Build 24.03.2020 Authentication Bypass / Remote Code Execution (0)
12-30: Philips Hue Denial Of Service (0)
12-30: URVE Software Build 24.03.2020 Missing Authorization (0)
12-30: URVE Software Build 24.03.2020 Information Disclosure (0)
12-30: CHMSC Elearning System 1.0 SQL Injection (0)
12-30: SEOPanel 4.6.0 Cross Site Scripting (0)
12-30: Cassandra Web 0.5.0 Remote File Read (0)
12-30: HPE Edgeline Infrastructure Manager Improper Authorization (0)
12-29: https://taepalai.go.th/index.htm (0)
12-27: https://www.mabkhapattana.go.th (0)
12-26: http://mmhs.go.th (0)
12-25: GitLab 11.4.7 Remote Code Execution (0)
12-25: WordPress WP-PostRatings 1.86 Cross Site Scripting (0)
12-25: WordPress Adning Advertising 1.5.5 Shell Upload (0)
12-25: Arteco Web Client DVR/NVR Session Hijacking (0)
12-25: Apache Struts 2 Forced Multi OGNL Evaluation (0)
12-25: Windows Zero-Day Still Circulating After Faulty Fix (0)
12-24: WordPress Epsilon Framework SSRF / Denial of Service (0)
12-24: TerraMaster TOS 4.2.06 Remote Code Execution (0)
12-24: 10-Strike Network Inventory Explorer Pro 9.05 Buffer Overflow (0)
12-24: TerraMaster TOS 4.2.06 Remote Code Execution (0)
12-24: Baby Care System 1.0 SQL Injection (0)
12-24: Class Scheduling System 1.0 Cross Site Scripting (0)
12-24: Online Learning Management System 1.0 SQL Injection (0)
12-24: Online Learning Management System 1.0 Cross Site Scripting (0)
12-24: Sales And Inventory System For Grocery Store 1.0 Cross Site Scripting (0)
12-24: usrsctp COOKIE-ECHO Use-After-Free (0)
12-24: Microsoft Windows splWOW64 Privilege Escalation (0)
12-24: [webapps] Apartment Visitors Management System 1.0 – Authentication Bypass (0)
12-24: [webapps] WordPress Plugin Adning Advertising 1.5.5 – Arbitrary File Upload (0)
12-23: http://www.bayaolocal.go.th/datas/slides/owned.gif (0)
12-23: Sony Playstation 4 ValidationMessage::buildBubbleTree() Use-After-Free (0)
12-23: Sony Playstation 4 ValidationMessage::buildBubbleTree() Use-After-Free (0)
12-23: Online Marriage Registration System 1.0 SQL Injection (0)
12-23: Stratodesk NoTouch Center Privilege Escalation (0)
12-23: Victor CMS 1.0 Shell Upload (0)
12-23: Pandora FMS 7.0 NG 750 SQL Injection (0)
12-23: Faculty Evaluation System 1.0 Cross Site Scripting (0)
12-23: SUPREMO 4.1.3.2348 Privilege Escalation (0)
12-23: Artworks Gallery Management System 1.0 SQL Injection (0)
12-23: Android Studio Privilege Escalation (0)
12-23: CSE Bookstore 1.0 SQL Injection (0)
12-23: WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal (0)
12-23: Webmin 1.962 Remote Command Execution (0)
12-23: Library Management System 3.0 Cross Site Scripting (0)
12-23: Multi Branch School Management System 3.5 Cross Site Scripting (0)
12-23: Linux TIOCSPGRP Broken Locking (0)
12-23: [webapps] Baby Care System 1.0 – 'roleid' SQL Injection (0)
12-23: [webapps] TerraMaster TOS 4.2.06 – Unauthenticated Remote Code Execution (Metasploit) (0)
12-23: [webapps] Wordpress Epsilon Framework Multiple Themes – Unauthenticated Function Injection (0)
12-23: [webapps] Online Learning Management System 1.0 – 'id' SQL Injection (0)
12-23: [webapps] Online Learning Management System 1.0 – Multiple Stored XSS (0)
12-23: [webapps] Online Learning Management System 1.0 – Authentication Bypass (0)
12-23: [webapps] Class Scheduling System 1.0 – Multiple Stored XSS (0)
12-22: Academy LMS 4.3 Cross Site Scripting (0)
12-22: Spiceworks 7.5 HTTP Header Injection (0)
12-22: WordPress Contact Form 7 5.3.1 Shell Upload (0)
12-22: Spotweb 1.4.9 SQL Injection (0)
12-22: SCO Openserver 5.0.7 Cross Site Scripting (0)
12-22: SCO Openserver 5.0.7 Command Injection (0)
12-22: Queue Management System 4.0.0 Cross Site Scripting (0)
12-22: Point Of Sale System 1.0 Cross Site Scripting (0)
12-22: [webapps] Pandora FMS 7.0 NG 750 – 'Network Scan' SQL Injection (Authenticated) (0)
12-22: [webapps] WordPress Plugin W3 Total Cache – Unauthenticated Arbitrary File Read (Metasploit) (0)
12-22: [webapps] Victor CMS 1.0 – File Upload To RCE (0)
12-21: [webapps] SCO Openserver 5.0.7 – 'section' Reflected XSS (0)
12-21: [webapps] SCO Openserver 5.0.7 – 'outputform' Command Injection (0)
12-21: [webapps] Point of Sale System 1.0 – Multiple Stored XSS (0)
12-21: [webapps] Flexmonster Pivot Table & Charts 2.7.17 – 'Remote JSON' Reflected XSS (0)
12-21: [webapps] Flexmonster Pivot Table & Charts 2.7.17 – 'To remote CSV' Reflected XSS (0)
12-21: [webapps] Flexmonster Pivot Table & Charts 2.7.17 – 'Remote Report' Reflected XSS (0)
12-21: [webapps] Flexmonster Pivot Table & Charts 2.7.17 – 'To OLAP' Reflected XSS (0)
12-21: [webapps] Spiceworks 7.5 – HTTP Header Injection (0)
12-21: [webapps] Academy-LMS 4.3 – Stored XSS (0)
12-21: [webapps] Spotweb 1.4.9 – 'search' SQL Injection (0)
12-21: [webapps] Queue Management System 4.0.0 – "Add User" Stored XSS (0)
12-21: [webapps] Wordpress Plugin Contact Form 7 5.3.1 – Unrestricted File Upload (0)
12-20: Alumni Management System 1.0 Shell Upload (0)
12-20: Point Of Sale System 1.0 SQL Injection (0)
12-20: Smart Hospital 3.1 Cross Site Scripting (0)
12-20: Alumni Management System 1.0 SQL Injection (0)
12-20: SyncBreeze 10.0.28 Denial Of Service (0)
12-20: Jenkins 2.251 / LTS 2.235.3 Cross Site Scripting (0)
12-20: Alumni Management System 1.0 Cross Site Scripting (0)
12-20: WordPress Yet Another Stars Rating PHP Object Injection (0)
12-20: Pulse Secure VPN Remote Code Execution (0)
12-20: Xeroneit Library Management System 3.1 Cross Site Scripting (0)
12-20: WordPress Duplicator 1.3.26 Directory Traversal / File Read (0)
12-19: http://sakarat.go.th (0)
12-18: http://huathalae.go.th/index.php (0)
12-18: Seotoaster 3.2.0 Cross Site Scripting (0)
12-18: Dolibarr ERP-CRM 12.0.3 Remote Code Execution (0)
12-18: Interview Management System 1.0 Cross Site Scripting (0)
12-18: Interview Management System 1.0 SQL Injection (0)
12-18: Medical Center Portal Management System 1.0 SQL Injection (0)
12-18: Customer Support System 1.0 Cross Site Scripting (0)
12-18: Customer Support System 1.0 SQL Injection (0)
12-18: WordPress Simple Social Buttons 3.1.1 Cross Site Scripting (0)
12-18: Alumni Management System 1.0 Blind SQL Injection (0)
12-18: Linksys RE6500 1.0.11.001 Remote Code Execution (0)
12-18: Content Management System 1.0 Cross Site Scripting (0)
12-18: Content Management System 1.0 SQL Injection (0)
12-18: Alumni Management System 1.0 Cross Site Scripting (0)
12-18: Victor CMS 1.0 SQL Injection (0)
12-18: Online Tours And Travels Management System 1.0 SQL Injection (0)
12-18: Employee Record System 1.0 Cross Site Scripting (0)
12-18: Online Health Card System 1.0 SQL Injection (0)
12-18: PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting (0)
12-18: Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution (0)
12-18: Nxlog Community Edition 2.10.2150 Denial Of Service (0)
12-18: Flexmonster Pivot Table And Charts 2.7.17 Cross Site Scripting (0)
12-18: Library Management System 1.0 SQL Injection (0)
12-18: Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow (0)
12-18: [webapps] Wordpress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (Metasploit) (0)
12-18: [webapps] Alumni Management System 1.0 – "Course Form" Stored XSS (0)
12-18: [webapps] Alumni Management System 1.0 – Unrestricted File Upload To RCE (0)
12-18: [webapps] Alumni Management System 1.0 – 'id' SQL Injection (0)
12-18: [webapps] Point of Sale System 1.0 – Authentication Bypass (0)
12-17: Apple Security Advisory 2020-12-14-1 (0)
12-17: Apple Security Advisory 2020-12-14-2 (0)
12-17: Apple Security Advisory 2020-12-14-3 (0)
12-17: Apple Security Advisory 2020-12-14-5 (0)
12-17: Apple Security Advisory 2020-12-14-6 (0)
12-17: Apple Security Advisory 2020-12-14-7 (0)
12-17: Apple Security Advisory 2020-12-14-8 (0)
12-17: Apple Security Advisory 2020-12-14-9 (0)
12-17: Apple Security Advisory 2020-12-14-4 (0)
12-17: GitLab 11.4.7 Remote Code Execution (0)
12-17: Grav CMS 1.6.30 Cross Site Scripting (0)
12-17: Raysync 3.3.3.8 Remote Code Execution (0)
12-17: Magic Home Pro 1.5.1 Authentication Bypass (0)
12-17: PrestaShop ProductComments 4.2.0 SQL Injection (0)
12-17: macOS ImageIO Out-Of-Bounds Write (0)
12-17: http://naphobuntharik.policeubon.go.th (0)
12-17: http://napopiboon.policeubon.go.th (0)
12-17: http://natan.policeubon.go.th (0)
12-17: http://nayia.policeubon.go.th (0)
12-17: http://nonkung.policeubon.go.th (0)
12-17: http://phibunmangsahan.policeubon.go.th (0)
12-17: http://phosai.policeubon.go.th (0)
12-17: http://samrong.policeubon.go.th (0)
12-17: http://sawangwirawong.policeubon.go.th (0)
12-17: http://sirindhorn.policeubon.go.th (0)
12-17: http://srimueangmai.policeubon.go.th (0)
12-17: http://tansum.policeubon.go.th (0)
12-17: http://trakanphuetphon.policeubon.go.th (0)
12-17: http://thungsiudom.policeubon.go.th (0)
12-17: http://ueatyai.policeubon.go.th (0)
12-17: http://warinchamrap.policeubon.go.th (0)
12-17: [webapps] Employee Record System 1.0 – Multiple Stored XSS (0)
12-17: [webapps] Content Management System 1.0 – 'email' SQL Injection (0)
12-17: [webapps] Dolibarr ERP-CRM 12.0.3 – Remote Code Execution (Authenticated) (0)
12-17: [webapps] Interview Management System 1.0 – Stored XSS in Add New Question (0)
12-17: [webapps] Online Tours & Travels Management System 1.0 – "id" SQL Injection (0)
12-17: [webapps] Customer Support System 1.0 – 'id' SQL Injection (0)
12-17: [webapps] Medical Center Portal Management System 1.0 – 'id' SQL Injection (0)
12-17: [webapps] Customer Support System 1.0 – "First Name" & "Last Name" Stored XSS (0)
12-17: [webapps] Interview Management System 1.0 – 'id' SQL Injection (0)
12-17: [webapps] Content Management System 1.0 – 'id' SQL Injection (0)
12-17: [webapps] Linksys RE6500 1.0.11.001 – Unauthenticated RCE (0)
12-17: [webapps] Content Management System 1.0 – 'First Name' Stored XSS (0)
12-16: Online Marriage Registration System 1.0 Remote Code Execution (0)
12-16: Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal (0)
12-16: Task Management System 1.0 Local File Inclusion (0)
12-16: PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting (0)
12-16: libbabl 0.1.62 Broken Double-Free Detection (0)
12-16: Gitlab 11.4.7 Remote Code Execution (0)
12-16: Alumni Management System 1.0 Shell Upload (0)
12-16: Solaris SunSSH 11.0 x86 libpam Remote Root (0)
12-16: Qualcomm Adreno GPU PID Reuse Mapping Leak (0)
12-16: Microsoft Windows DrawIconEx Local Privilege Escalation (0)
12-16: [webapps] Raysync 3.3.3.8 – RCE (0)
12-16: [webapps] Grav CMS 1.6.30 Admin Plugin 1.9.18 – 'Page Title' Persistent Cross-Site Scripting (0)
12-16: [webapps] GitLab 11.4.7 – Remote Code Execution (Authenticated) (0)
12-15: http://buriram4.go.th (0)
12-15: https://www.sukhothai1.go.th (0)
12-15: http://www.banchop.go.th (0)
12-15: http://banmaeka.go.th/info.php (0)
12-15: http://policeubon.go.th/owned.htm (0)
12-15: Seacms 11.1 Remote Command Execution (0)
12-15: Seacms 11.1 Local File Inclusion (0)
12-15: Seacms 11.1 Cross Site Scripting (0)
12-15: Rukovoditel 2.6.1 Cross Site Request Forgery (0)
12-15: WordPress Total Upkeep 1.14.9 Backup Disclosure (0)
12-15: MiniWeb HTTP Server 0.8.19 Buffer Overflow (0)
12-15: System Explorer 7.0.0 Unquoted Service Path (0)
12-15: Rumble Mail Server 0.51.3135 Cross Site Scripting (0)
12-15: Macally WIFISD2-2A82 2.000.010 Privilege Escalation (0)
12-15: LibreNMS 1.46 SQL Injection (0)
12-15: usrsctp pending_reply_queue Out-Of-Bounds Access (0)
12-15: usrsctp HMAC Generation Out-Of-Bounds Access (0)
12-15: [webapps] Task Management System 1.0 – 'page' Local File Inclusion (0)
12-14: https://www.hanjoth.go.th (0)
12-14: https://ppnr.go.th (0)
12-14: https://suanmon.go.th (0)
12-14: [webapps] Gitlab 11.4.7 – Remote Code Execution (0)
12-14: [webapps] Rumble Mail Server 0.51.3135 – 'username' Stored XSS (0)
12-14: [webapps] Macally WIFISD2-2A82 2.000.010 – Guest to Root Privilege Escalation (0)
12-14: [webapps] Rukovoditel 2.6.1 – Cross-Site Request Forgery (Change password) (0)
12-14: [webapps] LibreNMS 1.46 – MAC Accounting Graph Authenticated SQL Injection (0)
12-14: [webapps] Rumble Mail Server 0.51.3135 – 'domain and path' Stored XSS (0)
12-14: [webapps] Rumble Mail Server 0.51.3135 – 'servername' Stored XSS (0)
12-14: [webapps] WordPress Plugin Total Upkeep 1.14.9 – Database and Files Backup Download (0)
12-14: [webapps] Seacms 11.1 – 'file' Local File Inclusion (0)
12-14: [webapps] Seacms 11.1 – 'checkuser' Stored XSS (0)
12-14: [local] System Explorer 7.0.0 – 'SystemExplorerHelpService' Unquoted Service Path (0)
12-14: [webapps] Seacms 11.1 – 'ip and weburl' Remote Command Execution (0)
12-14: [webapps] MiniWeb HTTP Server 0.8.19 – Buffer Overflow (PoC) (0)
12-13: WordPress DirectoriesPro 1.3.45 Cross Site Scripting (0)
12-13: OpenAsset Digital Asset Management IP Access Control Bypass (0)
12-13: Onilne Bus Booking System Project 1.0 Cross Site Scripting (0)
12-13: OpenAsset Digital Asset Management Cross Site Scripting (0)
12-13: Advanced Component System (ACS) 1.0 Path Traversal (0)
12-13: OpenAsset Digital Asset Management Insecure Direct Object Reference (0)
12-13: OpenAsset Digital Asset Management Cross Site Request Forgery (0)
12-13: OpenAsset Digital Asset Management SQL Injection (0)
12-12: http://korat3.go.th/vz.txt (0)
12-12: Supply Chain Management System SQL Injection (0)
12-12: Jenkins 2.235.3 Cross Site Scripting (0)
12-12: Medical Center Portal Management System 1.0 Cross Site Scripting (0)
12-12: Courier Management System 1.0 SQL Injection (0)
12-12: Courier Management System 1.0 Cross Site Scripting (0)
12-12: Dolibarr 12.0.3 SQL Injection / Remote Code Execution (0)
12-12: Rukovoditel 2.6.1 Shell Upload / Local File Inclusion (0)
12-12: Aerospike Database UDF Lua Code Execution (0)
12-11: PDF Complete 3.5.310.2002 Unquoted Service Path (0)
12-11: Library Management System 2.0 SQL Injection (0)
12-11: Openfire 4.6.0 Cross Site Scripting (0)
12-11: Barcodes Generator 1.0 Cross Site Scripting (0)
12-11: WordPress Popup Builder 3.69.6 Cross Site Scripting (0)
12-11: OpenCart 3.0.3.6 Cross Site Request Forgery (0)
12-11: BigtreeCMS 4.4.11 Cross Site Scripting (0)
12-11: GitLab File Read Remote Code Execution (0)
12-11: [webapps] Medical Center Portal Management System 1.0 – Multiple Stored XSS (0)
12-11: [webapps] Openfire 4.6.0 – 'users' Stored XSS (0)
12-11: [webapps] Openfire 4.6.0 – 'groupchatJID' Stored XSS (0)
12-11: [webapps] Jenkins 2.235.3 – 'tooltip' Stored Cross-Site Scripting (0)
12-11: [webapps] Openfire 4.6.0 – 'sql' Stored XSS (0)
12-10: http://dds.bangkok.go.th/owned.html (0)
12-10: http://huaithapthan.sisaket.doae.go.th (0)
12-10: http://phusing.sisaket.doae.go.th (0)
12-10: http://sirattana.sisaket.doae.go.th (0)
12-10: http://psschool.obec.go.th/007.html (0)
12-10: D-Link Zero Days Allow For Remote Takeover (0)
12-10: Dup Scout Enterprise 10.0.18 Buffer Overflow (0)
12-10: Employee Performance Evaluation System 1.0 Insecure Direct Object Reference (0)
12-10: SmarterMail 6985 Remote Code Execution (0)
12-10: Task Management System 1.0 SQL Injection (0)
12-10: Task Management System 1.0 Shell Upload (0)
12-10: Task Management System 1.0 Cross Site Scripting (0)
12-10: Tibco ObfuscationEngine 5.11 Fixed Key Password Decryption (0)
12-10: Microsoft Windows Cloud Filter Arbitrary File Creation / Privilege Escalation (0)
12-10: Microsoft Windows Cloud Filter HsmpAccessCheck Bypass / Privilege Escalation (0)
12-10: Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess Registry Key Creation / Privilege Escalation (0)
12-10: Microsoft Windows WOF FSCTL_SET_REPARSE_POINT_EX Cached Signing Level Bypass (0)
12-10: [webapps] WordPress Plugin Popup Builder 3.69.6 – Multiple Stored Cross Site Scripting (0)
12-10: [webapps] Openfire 4.6.0 – 'path' Stored XSS (0)
12-10: [webapps] OpenCart 3.0.3.6 – Cross Site Request Forgery (0)
12-10: [webapps] Barcodes generator 1.0 – 'name' Stored Cross Site Scripting (0)
12-10: [webapps] Library Management System 2.0 – Auth Bypass SQL Injection (0)
12-10: [local] PDF Complete 3.5.310.2002 – 'pdfsvc.exe' Unquoted Service Path (0)
12-09: Online Bus Booking System Project Using PHP MySQL 1.0 SQL Injection (0)
12-09: Student Management System Project PHP 1.0 Cross Site Scripting (0)
12-09: Online Bus Ticket Reservation 1.0 SQL Injection (0)
12-09: Employee Performance Evaluation System 1.0 Cross Site Scripting (0)
12-09: Druva inSync Windows Client 6.6.3 Privilege Escalation (0)
12-09: Dup Scout Enterprise 10.0.18 Buffer Overflow (0)
12-09: FlexDotnetCMS 1.5.8 Arbitrary ASP File Upload (0)
12-09: [webapps] Task Management System 1.0 – Unrestricted File Upload to Remote Code Execution (0)
12-09: [remote] Dup Scout Enterprise 10.0.18 – 'sid' Remote Buffer Overflow (SEH) (0)
12-09: [remote] SmarterMail Build 6985 – Remote Code Execution (0)
12-08: Rumble Mail Server 0.51.3135 Unquoted Service Path (0)
12-08: Kite 1.2020.1119.0 Unquoted Service Path (0)
12-08: Cyber Cafe Management System 1.0 Cross Site Scripting (0)
12-08: RarmaRadio 2.72.5 Denial Of Service (0)
12-08: TapinRadio 2.13.7 Denial Of Service (0)
12-08: Savsoft Quiz 5 Cross Site Scripting (0)
12-08: vBulletin 5.6.3 Cross Site Scripting (0)
12-08: ProCaster LE-32F430 GStreamer souphttpsrc libsoup/2.51.3 Stack Overflow (0)
12-08: Apache 2.4.43 mod_http2 Memory Corruption (0)
12-08: Google Duo Race Condition (0)
12-08: Linux io_uring SUID Boundary Access Violation (0)
12-08: Facebook Messenger For Android Forced Answer (0)
12-08: [webapps] Online Bus Ticket Reservation 1.0 – SQL Injection (0)
12-07: [webapps] vBulletin 5.6.3 – 'group' Cross Site Scripting (0)
12-07: [dos] RarmaRadio 2.72.5 – Denial of Service (PoC) (0)
12-07: [dos] TapinRadio 2.13.7 – Denial of Service (PoC) (0)
12-07: [local] Kite 1.2020.1119.0 – 'KiteService' Unquoted Service Path (0)
12-07: [webapps] Cyber Cafe Management System Project (CCMS) 1.0 – Persistent Cross-Site Scripting (0)
12-07: [local] Rumble Mail Server 0.51.3135 – 'rumble_win32.exe' Unquoted Service Path (0)
12-06: http://personnel.obec.go.th/vbs.txt (0)
12-04: Online Matrimonial Project 1.0 Remote Code Execution (0)
12-04: mojoPortal Forums 2.7.0.0 Cross Site Scripting (0)
12-04: Invision Community 4.5.4 Cross Site Scripting (0)
12-04: Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure (0)
12-04: Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference (0)
12-04: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion (0)
12-04: IDT PC Audio 1.0.6499.0 Unquoted Service Path (0)
12-04: Testa Online Test Management System 3.4.7 SQL Injection (0)
12-04: Chromium 83 CSP Bypass (0)
12-04: Savsoft Quiz 5 Cross Site Scripting (0)
12-04: Forma LMS 2.3 Cross Site Scripting (0)
12-04: Composr CMS 10.0.34 Cross Site Scripting (0)
12-04: WordPress Canto 1.3.0 Server-Side Request Forgery (0)
12-04: Phpscript SGH 0.1.0 SQL Injection (0)
12-04: Laravel Nova 3.7.0 Denial Of Service (0)
12-04: CMS Made Simple 2.2.15 Cross Site Scripting (0)
12-04: Zabbix 5.0.0 Cross Site Scripting (0)
12-04: MiniCMS 1.10 Cross Site Scripting (0)
12-04: Huawei HedEx Lite (DM) Path Traversal (0)
12-04: VestaCP 0.9.8-26 Cross Site Scripting (0)
12-04: VestaCP 0.9.8-26 Session Validation (0)
12-04: VestaCP 0.9.8-26 Token Session (0)
12-04: Perfex CRM 2.4.4 Cross Site Scripting (0)
12-04: CCt99 Chichen Tech CMS 1.0 SQL Injection (0)
12-04: Super Backup 2.0.5 Directory Traversal (0)
12-04: [webapps] CMS Made Simple 2.2.15 – Stored Cross-Site Scripting via SVG File Upload (Authenticated) (0)
12-04: [webapps] Laravel Nova 3.7.0 – 'range' DoS (0)
12-04: [webapps] Forma LMS 2.3 – 'First & Last Name' Stored Cross-Site Scripting (0)
12-04: [webapps] Savsoft Quiz 5 – 'field_title' Stored Cross-Site Scripting (0)
12-04: [local] Chromium 83 – Full CSP Bypass (0)
12-04: [webapps] Testa Online Test Management System 3.4.7 – 'q' SQL Injection (0)
12-04: [webapps] Phpscript-sgh 0.1.0 – Time Based Blind SQL Injection (0)
12-04: [webapps] MiniCMS 1.10 – 'content box' Stored XSS (0)
12-04: [webapps] Composr CMS 10.0.34 – 'banners' Persistent Cross Site Scripting (0)
12-04: [local] IDT PC Audio 1.0.6499.0 – 'STacSV' Unquoted Service Path (0)
12-04: [webapps] Wordpress Plugin Canto 1.3.0 – Blind SSRF (Unauthenticated) (0)
12-03: IDT PC Audio 1.0.6433.0 Unquoted Service Path (0)
12-03: WebDamn User Registration And Login System With User Panel SQL Injection (0)
12-03: Expanse Management System Cross Site Scripting (0)
12-03: aSc TimeTables 2021.6.2 Denial Of Service (0)
12-03: Under Construction Page With CPanel 1.0 SQL Injection (0)
12-03: EgavilanMedia User Registration And Login System With Admin Panel 1.0 CSRF (0)
12-03: Student Result Management System 1.0 SQL Injection (0)
12-03: ILIAS Learning Management System 4.3 Server-Side Request Forgery (0)
12-03: Pharmacy Store Management System 1.0 SQL Injection (0)
12-03: WonderCMS 3.1.3 Code Execution / Server-Side Request Forgery (0)
12-03: WonderCMS 3.1.3 Remote Code Execution (0)
12-03: PRTG Network Monitor 20.4.63.1412 Cross Site Scripting (0)
12-03: Bakeshop Online Ordering System 1.0 Cross Site Scripting (0)
12-03: Online News Portal System 1.0 Cross Site Scripting (0)
12-03: Local Service Search Engine Management System 1.0 SQL Injection (0)
12-03: DotCMS 20.11 Cross Site Scripting (0)
12-03: EgavilanMedia User Registration And Login System With Admin Panel 1.0 XSS (0)
12-03: NewsLister Cross Site Scripting (0)
12-03: Online Voting System Project In PHP Cross Site Scripting (0)
12-03: ChurchCRM 4.2.0 CSV Injection (0)
12-03: ChurchCRM 4.2.1 Cross Site Scripting (0)
12-03: WordPress WP-FileManager 6.8 Remote Code Execution (0)
12-03: Car Rental Management System 1.0 Local File Inclusion / SQL Injection (0)
12-03: Simple College Website 1.0 Local File Inclusion (0)
12-03: Ksix Zigbee Devices Playback Protection Bypass (0)
12-03: http://www.banchiangrai.m-society.go.th (0)
12-03: http://www.chiangrai.m-society.go.th (0)
12-03: http://www.anticorruption.m-society.go.th (0)
12-03: http://www.dsdhss.m-society.go.th (0)
12-03: http://www.angthong.m-society.go.th (0)
12-03: http://www.ubonratchathani.m-society.go.th (0)
12-03: http://www.lampang.m-society.go.th (0)
12-03: http://www.ratchaburi.m-society.go.th (0)
12-03: http://www.ayutthaya.m-society.go.th (0)
12-03: http://www.narathiwat.m-society.go.th (0)
12-03: http://www.lopburi.m-society.go.th (0)
12-03: http://www.lamphun.m-society.go.th (0)
12-03: http://www.rayong.m-society.go.th (0)
12-03: http://www.surin.m-society.go.th (0)
12-03: http://www.nakhonpathom.m-society.go.th (0)
12-03: http://www.nongkhai.m-society.go.th (0)
12-03: http://www.pattani.m-society.go.th (0)
12-03: [webapps] Invision Community 4.5.4 – 'Field Name' Stored Cross-Site Scripting (0)
12-03: [webapps] Sony BRAVIA Digital Signage 1.7.8 – System API Information Disclosure (0)
12-03: [webapps] Coastercms 5.8.18 – Stored XSS (0)
12-03: [webapps] Sony BRAVIA Digital Signage 1.7.8 – Unauthenticated Remote File Inclusion (0)
12-03: [webapps] mojoPortal forums 2.7.0.0 – 'Title' Persistent Cross-Site Scripting (0)
12-03: [webapps] Online Matrimonial Project 1.0 – Authenticated Remote Code Execution (0)
12-03: [webapps] EgavilanMedia Address Book 1.0 Exploit – SQLi Auth Bypass (0)
12-02: TypeSetter 5.1 Cross Site Request Forgery (0)
12-02: SciKit-Learn 0.23.2 Denial Of Service (0)
12-02: WordPress EventON Calendar 3.0.5 Cross Site Scripting (0)
12-02: eClass LMS 2.6 Shell Upload (0)
12-02: Packet Storm New Exploits For November, 2020 (0)
12-02: [webapps] Artworks Gallery 1.0 – Arbitrary File Upload RCE (Authenticated) (0)
12-02: [webapps] Expense Management System – 'description' Stored Cross Site Scripting (0)
12-02: [webapps] Artworks Gallery 1.0 – Arbitrary File Upload RCE (Authenticated) via Edit Profile (0)
12-02: [local] aSc TimeTables 2021.6.2 – Denial of Service (PoC) (0)
12-02: [webapps] Pharmacy Store Management System 1.0 – 'id' SQL Injection (0)
12-02: [local] IDT PC Audio 1.0.6433.0 – 'STacSV' Unquoted Service Path (0)
12-02: [webapps] Under Construction Page with CPanel 1.0 – SQL injection (0)
12-02: [webapps] WonderCMS 3.1.3 – 'Menu' Persistent Cross-Site Scripting (0)
12-02: [webapps] Local Service Search Engine Management System 1.0 – SQLi Authentication Bypass (0)
12-02: [webapps] Online News Portal System 1.0 – 'Title' Stored Cross Site Scripting (0)
12-02: [webapps] NewsLister – Authenticated Persistent Cross-Site Scripting (0)
12-02: [webapps] Bakeshop Online Ordering System 1.0 – 'Owner' Persistent Cross-site scripting (0)
12-02: [webapps] ILIAS Learning Management System 4.3 – SSRF (0)
12-02: [webapps] Online Voting System Project in PHP – 'username' Persistent Cross-Site Scripting (0)
12-02: [webapps] WonderCMS 3.1.3 – Authenticated Remote Code Execution (0)
12-02: [webapps] PRTG Network Monitor 20.4.63.1412 – 'maps' Stored XSS (0)
12-02: [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 – Stored Cross Site Scripting (0)
12-02: [webapps] WonderCMS 3.1.3 – Authenticated SSRF to Remote Remote Code Execution (0)
12-02: [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 – CSRF (0)
12-02: [webapps] Student Result Management System 1.0 – Authentication Bypass SQL Injection (0)
12-01: [local] Pearson Vue VTS 2.3.1911 Installer – VUEApplicationWrapper Unquoted Service Path (0)
12-01: [local] Global Registration Service 1.0.0.3 – 'GREGsvc.exe' Unquoted Service Path (0)
12-01: [local] EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' – Unquoted Service Path (0)
12-01: [webapps] Pandora FMS 7.0 NG 749 – Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020 (0)
12-01: [webapps] Social Networking Site – Authentication Bypass (SQli) (0)
12-01: [webapps] LEPTON CMS 4.7.0 – 'URL' Persistent Cross-Site Scripting (0)
12-01: [webapps] Medical Center Portal Management System 1.0 – 'login' SQL Injection (0)
12-01: [webapps] Multi Restaurant Table Reservation System 1.0 – Multiple Persistent XSS (0)
12-01: [webapps] Tailor Management System 1.0 – Unrestricted File Upload to Remote Code Execution (0)
12-01: [webapps] Setelsa Conacwin 3.7.1.2 – Local File Inclusion (0)
12-01: [local] 10-Strike Network Inventory Explorer 8.65 – Buffer Overflow (SEH) (0)
12-01: [webapps] Online Shopping Alphaware 1.0 – Error Based SQL injection (0)
12-01: [webapps] Pharmacy/Medical Store & Sale Point 1.0 – 'email' SQL Injection (0)
12-01: [webapps] Wordpress Plugin EventON Calendar 3.0.5 – Reflected Cross-Site Scripting (0)
12-01: [webapps] Joomla! Component GMapFP 3.5 – Unauthenticated Arbitrary File Upload (0)
12-01: [webapps] TypeSetter 5.1 – CSRF (Change admin e-mail) (0)

November 2020 (354)

11-30: YATinyWinFTP Denial Of Service (0)
11-30: Rejetto HttpFileServer 2.3.x Remote Command Execution (0)
11-30: Online Job Portal In PHP/PDO 1.0 SQL Injection (0)
11-30: WordPress Heroic Knowledge Base 3.0.1 SQL Injection (0)
11-30: ATX MiniCMTS200a Broadband Gateway 2.0 Credential Disclosure (0)
11-30: Intelbras Router RF 301K 1.1.2 Authentication Bypass (0)
11-30: https://paplu.go.th/o.htm (0)
11-30: [webapps] ATX MiniCMTS200a Broadband Gateway 2.0 – Credential Disclosure (0)
11-29: House Rental 1.0 SQL Injection (0)
11-29: BigBlueButton 2.2.29 Brute Force (0)
11-29: Foxit Reader 9.0.1.1049 Arbitrary Code Execution (0)
11-29: Pure-FTPd 1.0.48 Remote Denial Of Service (0)
11-29: Razer Chroma SDK Server 3.16.02 Race Condition (0)
11-29: BigBlueButton 2.2.29 E-mail Validation Bypass (0)
11-29: libupnp 1.6.18 Denial Of Service (0)
11-29: Fujitsu Eternus Storage DX200 S4 Broken Authentication (0)
11-29: ElkarBackup 1.3.3 Cross Site Scripting (0)
11-29: SAP Lumira 1.31 Cross Site Scripting (0)
11-29: Laravel Administrator 4 File Upload (0)
11-29: Moodle 3.8 Arbitary File Upload (0)
11-29: WordPress Age Gate 2.13.4 Open Redirect (0)
11-29: WordPress Wibar Theme 1.1.8 Cross Site Scripting (0)
11-29: WonderCMS 3.1.3 Cross Site Scripting (0)
11-29: WordPress Accesspress Social Icons Theme 1.7.9 SQL Injection (0)
11-29: ZTE Blade Vantage Z839 Emode.APK android.uid.system Privilege Escalation (0)
11-29: Best Support System 3.0.4 Cross Site Scripting (0)
11-29: Ruckus IoT Controller 1.5.1.0.21 Remote Code Execution (0)
11-29: Heroic Knowledge Base 3.0.1 Cross Site Scripting (0)
11-29: Apache NiFi API Remote Code Execution (0)
11-29: http://www.kerng.go.th/Anonime.txt (0)
11-27: http://www.sikhoraphumcity.go.th/o.txt (0)
11-27: http://nptedu.go.th/0day.html (0)
11-27: [local] Foxit Reader 9.0.1.1049 – Arbitrary Code Execution (0)
11-27: [webapps] Moodle 3.8 – Unrestricted File Upload (0)
11-27: [webapps] Acronis Cyber Backup 12.5 Build 16341 – Unauthenticated SSRF (0)
11-27: [webapps] FrozenNode Laravel-Administrator 4 – Unrestricted File Upload (Authenticated) (0)
11-27: [webapps] WonderCMS 3.1.3 – 'uploadFile' Stored Cross-Site Scripting (0)
11-27: [webapps] Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 – Remote Code Execution (0)
11-27: [webapps] Wordpress Theme Wibar 1.1.8 – 'Brand Component' Stored Cross Site Scripting (0)
11-27: [webapps] Wordpress Theme Accesspress Social Icons 1.7.9 – SQL injection (Authenticated) (0)
11-27: [local] SAP Lumira 1.31 – Stored Cross-Site Scripting (0)
11-26: Wondershare Driver Install Service Help 10.7.1.321 Unquoted Service Path (0)
11-26: osCommerce 2.3.4.1 Cross Site Scripting (0)
11-26: SyncBreeze 10.0.28 Remote Buffer Overflow (0)
11-26: WordPress Simple File List Unauthenticated Remote Code Execution (0)
11-26: Kong Gateway Admin API Remote Code Execution (0)
11-26: OpenMediaVault rpc.php Authenticated PHP Code Injection (0)
11-26: [dos] Pure-FTPd 1.0.48 – Remote Denial of Service (0)
11-25: Apache OpenMeetings 5.0.0 Denial Of Service (0)
11-25: nopCommerce Store 4.30 Cross Site Scripting (0)
11-25: OpenCart 3.0.3.6 Cross Site Scripting (0)
11-25: Seowon 130-SLC 1.0.11 Remote Code Execution (0)
11-25: ZeroShell 3.9.0 Remote Command Execution (0)
11-25: ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password (0)
11-25: http://reg-users.dft.go.th/kro.txt (0)
11-25: [webapps] SyncBreeze 10.0.28 – 'password' Remote Buffer Overflow (0)
11-25: [webapps] osCommerce 2.3.4.1 – 'title' Persistent Cross-Site Scripting (0)
11-25: [webapps] WonderCMS 3.1.3 – 'page' Persistent Cross-Site Scripting (0)
11-25: [local] Wondershare Driver Install Service help 10.7.1.321 – 'ElevationService' Unquote Service Path (0)
11-24: Boxoft Audio Converter 2.3.0 Buffer Overflow (0)
11-24: TP-Link TL-WA855RE V5_200415 Device Reset Authentication Bypass (0)
11-24: LifeRay 7.2.1 GA2 Cross Site Scripting (0)
11-24: http://www.sa-aat.go.th (0)
11-24: http://www.muangphoe.go.th (0)
11-24: http://jaroensuk.go.th (0)
11-24: http://www.sajorakhea.go.th (0)
11-24: [webapps] OpenCart 3.0.3.6 – 'subject' Stored Cross-Site Scripting (0)
11-24: [webapps] Apache OpenMeetings 5.0.0 – 'hostname' Denial of Service (0)
11-24: [webapps] nopCommerce Store 4.30 – 'name' Stored Cross-Site Scripting (0)
11-23: http://plai.go.th (0)
11-23: http://thaisamakee.go.th (0)
11-23: http://suppraya.go.th (0)
11-23: http://ploungthong.go.th (0)
11-23: http://donsailocal.go.th (0)
11-23: http://kwianhug.go.th (0)
11-23: http://wangkrajaelocal.go.th (0)
11-23: http://sarai.go.th (0)
11-23: http://prasuk.go.th (0)
11-23: http://kukasinglocal.go.th (0)
11-23: http://www.sreekaew.go.th (0)
11-23: http://klongtabchan.go.th (0)
11-23: http://tambonbansong.go.th (0)
11-23: http://abt-ladbualuang.go.th (0)
11-23: http://jakonglocal.go.th (0)
11-23: http://tungsawang.go.th (0)
11-23: http://niyomchai.go.th (0)
11-23: http://sao-sanjaorongthong.go.th (0)
11-23: http://dongbang.go.th (0)
11-23: http://bankangcity.go.th (0)
11-23: http://yangngam.go.th (0)
11-23: http://khamtonode.go.th (0)
11-23: http://bangkachai.go.th (0)
11-23: http://tungluang.go.th (0)
11-23: http://bankruatcity.go.th (0)
11-23: http://sungnoenabt.go.th (0)
11-23: http://khokkachai.go.th (0)
11-23: http://donong.go.th (0)
11-23: http://koksoong.go.th (0)
11-23: http://rmchaiyaphum.go.th (0)
11-23: http://chamkho-sm.go.th (0)
11-23: [webapps] VTiger v7.0 CRM – 'To' Persistent XSS (0)
11-23: [local] Boxoft Audio Converter 2.3.0 – '.wav' Buffer Overflow (SEH) (0)
11-22: http://dws.fpo.go.th/readme.htm (0)
11-21: https://phaiyai.go.th/bel.html (0)
11-21: Free MP3 CD Ripper 2.8 Buffer Overflow (0)
11-21: Zortam MP3 Media Studio 27.60 Remote Code Execution (0)
11-21: NetSurveillance Unauthorized Password Change (0)
11-21: Wonder CMS 3.1.3 Cross Site Scripting (0)
11-21: Boxoft Convert Master 1.3.0 Local Buffer Overflow (0)
11-21: IBM Tivoli Storage Manager 5.2.0.1 Buffer Overflow (0)
11-21: Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution (0)
11-21: Vtiger CRM 7.0 Cross Site Scripting (0)
11-21: Barco wePresent Hardcoded API Credentials (0)
11-21: Barco wePresent Admin Credential Exposure (0)
11-21: Barco wePresent Authentication Bypass (0)
11-21: Barco wePresent Undocumented SSH Interface (0)
11-21: Barco wePresent Global Hardcoded Root SSH Password (0)
11-21: Barco wePresent Insecure Firmware Image (0)
11-20: PESCMS TEAM 2.3.2 Cross Site Scripting (0)
11-20: xuucms 3 SQL Injection (0)
11-20: Fortinet FortiOS 6.0.4 Password Modification (0)
11-20: Gitlab 12.9.0 Arbitrary File Read (0)
11-20: M/Monit 3.7.4 Privilege Escalation (0)
11-20: M/Monit 3.7.4 Password Disclosure (0)
11-20: Nagios Log Server 2.1.7 Cross Site Scripting (0)
11-20: Internet Download Manager 6.38.12 Buffer Overflow (0)
11-20: Gemtek WVRTM-127ACN 01.01.02.141 Command Injection (0)
11-20: TestBox CFML Test Framework 4.1.0 Directory Traversal (0)
11-20: TestBox CFML Test Framework 4.1.0 Arbitrary File Write / Code Execution (0)
11-20: Sokrates SOWA SowaSQL Cross Site Scripting (0)
11-20: Oracle WebLogic Server Administration Console Handle Remote Code Execution (0)
11-20: [local] Zortam Mp3 Media Studio 27.60 – Remote Code Execution (SEH) (0)
11-20: [webapps] WonderCMS 3.1.3 – 'content' Persistent Cross-Site Scripting (0)
11-19: https://www.tphcp.go.th/ah.html (0)
11-19: Complaint Management System 1.0 Shell Upload (0)
11-19: WordPress Fancy Product Designer For WooCommerce Cross Site Scripting (0)
11-19: WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload (0)
11-19: Avaya Web License Manager XML Injection (0)
11-19: WordPress WP Forms 1.6.3.1 Cross SIte Scripting (0)
11-19: Zerologon Netlogon Privilege Escalation (0)
11-19: http://www.bokaew.go.th/z.php (0)
11-19: [webapps] M/Monit 3.7.4 – Password Disclosure (0)
11-19: [webapps] Gemtek WVRTM-127ACN 01.01.02.141 – Authenticated Arbitrary Command Injection (0)
11-19: [webapps] TestBox CFML Test Framework 4.1.0 – Directory Traversal (0)
11-19: [webapps] TestBox CFML Test Framework 4.1.0 – Arbitrary File Write and Remote Code Execution (0)
11-19: [remote] Genexis Platinum 4410 Router 2.1 – UPnP Credential Exposure (0)
11-19: [webapps] Gitlab 12.9.0 – Arbitrary File Read (Authenticated) (0)
11-19: [webapps] xuucms 3 – 'keywords' SQL Injection (0)
11-19: [webapps] Fortinet FortiOS 6.0.4 – Unauthenticated SSL VPN User Password Modification (0)
11-19: [webapps] M/Monit 3.7.4 – Privilege Escalation (0)
11-19: [webapps] PESCMS TEAM 2.3.2 – Multiple Reflected XSS (0)
11-18: Huawei LCD_Service 1.0.1.0 Unquoted Service Path (0)
11-18: Online Doctor Appointment Booking System PHP And MySQL 1.0 SQL Injection (0)
11-18: AIX 5.3L libc Buffer Overflow (0)
11-18: Online News Portal Local File Inclusion (0)
11-18: Medical Center Portal Management System SQL Injection (0)
11-18: Social Networking Site SQL Injection (0)
11-18: EgavilanMedia User Registration And Login System With Admin Panel SQL Injection (0)
11-18: Aerospike Database 5.1.0.3 Remote Command Execution (0)
11-18: Grocy Household Management Solution 2.7.1 Cross Site Scripting (0)
11-18: Apache Struts 2.5.20 Double OGNL Evaluation (0)
11-18: http://backoffice.onec.go.th (0)
11-18: http://www.nah.go.th/z.php (0)
11-18: http://envfund.onep.go.th/ay.htm (0)
11-18: [remote] ZeroLogon – Netlogon Elevation of Privilege (0)
11-18: [webapps] BigBlueButton 2.2.25 – Arbitrary File Disclosure and Server-Side Request Forgery (0)
11-18: [webapps] Wordpress Plugin WPForms 1.6.3.1 – Persistent Cross Site Scripting (Authenticated) (0)
11-17: Advanced System Care Service 13 Unquoted Service Path (0)
11-17: Pandora FMS 7.0 NG 749 SQL Injection (0)
11-17: KiteService 1.2020.1113.1 Unquoted Service Path (0)
11-17: Taskcafe 0.1.0 / 0.1.1 Cross Origin Resource Sharing (0)
11-17: Water Billing System 1.0 SQL Injection (0)
11-17: Super Store Finder 3.3 Cross Site Scripting (0)
11-17: Car Rental Management System 1.0 SQL Injection (0)
11-17: PMB 5.6 Local File Disclosure / Directory Traversal (0)
11-17: RED-V Super Digital Signage System RXV-A740R Log Information Disclosure (0)
11-17: Car Rental Management System 1.0 Shell Upload (0)
11-17: Cisco 7937G Denial Of Service / Privilege Escalation (0)
11-17: MailDepot 2033 2.3.3022 Cross Site Scripting (0)
11-17: SIGE 3.4.1 / 3.5.3 Pro Cross Site Scripting / Remote File Inclusion (0)
11-17: SugarCRM 6.5.18 Cross Site Scripting (0)
11-17: Fuel CMS 1.4 Remote Code Execution (0)
11-17: Kaa IoT Platform 1.2.0 Cross Site Scripting (0)
11-17: AIX 5.3L /usr/sbin/lquerypv Local Root Privilege Escalation (0)
11-17: Froxlor 0.10.16 Cross Site Scripting (0)
11-17: WordPress Buddypress 6.2.0 Cross Site Scripting (0)
11-17: SugarCRM 6.5.18 Cross Site Scripting (0)
11-17: Artworks Gallery 1.0 Shell Upload (0)
11-17: Apple Security Advisory 2020-11-13-3 (0)
11-17: Apple Security Advisory 2020-11-13-2 (0)
11-17: Apple Security Advisory 2020-11-13-4 (0)
11-17: Apple Security Advisory 2020-11-13-5 (0)
11-17: Apple Security Advisory 2020-11-13-6 (0)
11-17: Apple Security Advisory 2020-11-13-7 (0)
11-17: [webapps] Froxlor Froxlor Server Management Panel 0.10.16 – Persistent Cross-Site Scripting (0)
11-17: [local] Microsoft Internet Explorer 11 – Use-After-Free (0)
11-17: [webapps] WordPress Plugin Buddypress 6.2.0 – Persistent Cross-Site Scripting (0)
11-17: [webapps] EgavilanMedia User Registration & Login System with Admin Panel Exploit – SQLi Auth Bypass (0)
11-17: [webapps] SugarCRM 6.5.18 – Persistent Cross-Site Scripting (0)
11-17: [webapps] Online Doctor Appointment Booking System PHP and Mysql 1.0 – 'q' SQL Injection (0)
11-16: [webapps] Pandora FMS 7.0 NG 749 – 'CG Items' SQL Injection (Authenticated) (0)
11-16: [webapps] Car Rental Management System 1.0 – 'car_id' Sql Injection (0)
11-16: [remote] Cisco 7937G – DoS/Privilege Escalation (0)
11-16: [local] KiteService 1.2020.1113.1 – 'KiteService.exe' Unquoted Service Path (0)
11-16: [webapps] Water Billing System 1.0 – 'id' SQL Injection (Authenticated) (0)
11-16: [webapps] Car Rental Management System 1.0 – Remote Code Execution (Authenticated) (0)
11-16: [webapps] PMB 5.6 – 'chemin' Local File Disclosure (0)
11-16: [local] Atheros Coex Service Application 8.0.0.255 – 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path (0)
11-16: [webapps] Car Rental Management System 1.0 – 'id' SQL Injection (Authenticated) (0)
11-16: [webapps] User Registration & Login and User Management System 2.1 – Login Bypass SQL Injection (0)
11-16: [local] Advanced System Care Service 13 – 'AdvancedSystemCareService13' Unquoted Service Path (0)
11-16: [local] Logitech Solar Keyboard Service – 'L4301_Solar' Unquoted Service Path (0)
11-14: Anuko Time Tracker 1.19.23.5311 Password Reset (0)
11-14: Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting (0)
11-14: ReadyTalk Avian JVM FileOutputStream.write() Integer Overflow (0)
11-14: HorizontCMS 1.0.0-beta Shell Upload (0)
11-14: Citrix ADC NetScaler Local File Inclusion (0)
11-14: Bludit Panel Brute Forcer (0)
11-14: ASUS TM-AC1900 Arbitrary Command Execution (0)
11-13: Water Billing System 1.0 SQL Injection (0)
11-13: WordPress Good LMS 2.1.4 SQL Injection (0)
11-13: SaltStack Salt REST API Arbitrary Command Execution (0)
11-13: http://www.sskh.moph.go.th (0)
11-13: Google Patches Two More Chrome Zero Days (0)
11-13: [webapps] OpenCart Theme Journal 3.1.0 – Sensitive Data Exposure (0)
11-13: [local] IDT PC Audio 1.0.6425.0 – 'STacSV' Unquoted Service Path (0)
11-13: [local] SAntivirus IC 10.0.21.61 – 'SAntivirusIC' Unquoted Service Path (0)
11-13: [local] DigitalPersona 5.1.0.656 'DpHostW' – Unquoted Service Path (0)
11-13: [webapps] Apache Tomcat – AJP 'Ghostcat' File Read/Inclusion (Metasploit) (0)
11-13: [webapps] Touchbase.io 1.10 – Stored Cross Site Scripting (0)
11-13: [webapps] Bludit 3.9.2 – Authentication Bruteforce Bypass (Metasploit) (0)
11-13: [webapps] Citrix ADC NetScaler – Local File Inclusion (Metasploit) (0)
11-13: [webapps] ASUS TM-AC1900 – Arbitrary Command Execution (Metasploit) (0)
11-12: Joomla SIGE 3.4.1-FREE / 3.5.3-PRO RFI / Cross Site Scripting (0)
11-12: CMSUno 1.6.2 Remote Code Execution (0)
11-12: Customer Support System 1.0 SQL Injection (0)
11-12: Customer Support System 1.0 Cross Site Request Forgery (0)
11-12: Customer Support System 1.0 Cross Site Scripting (0)
11-12: Microsoft Windows Local Spooler Bypass (0)
11-12: http://pharmacy.huahinhospital.go.th (0)
11-12: http://therapy.huahinhospital.go.th (0)
11-12: Mysterious Bugs Were Used To Hack iPhones and Android Phones And No One Will Talk About It (0)
11-12: Microsoft November 2020 Patch Arrives With Fix For Windows Zero Day (0)
11-12: [webapps] Wordpress Plugin Good LMS 2.1.4 – 'id' Unauthenticated SQL Injection (0)
11-12: [webapps] Water Billing System 1.0 – 'username' and 'password' parameters SQL Injection (0)
11-11: Car Rental Management System 1.0 Shell Upload / SQL Injection (0)
11-11: ShoreTel Conferencing 19.46.1802.0 Cross Site Scripting (0)
11-11: