__–::: Deepquest :::–__ » Archives

rss feed

Archives

December 2020 (90)

12-03: IDT PC Audio 1.0.6433.0 Unquoted Service Path (0)
12-03: WebDamn User Registration And Login System With User Panel SQL Injection (0)
12-03: Expanse Management System Cross Site Scripting (0)
12-03: aSc TimeTables 2021.6.2 Denial Of Service (0)
12-03: Under Construction Page With CPanel 1.0 SQL Injection (0)
12-03: EgavilanMedia User Registration And Login System With Admin Panel 1.0 CSRF (0)
12-03: Student Result Management System 1.0 SQL Injection (0)
12-03: ILIAS Learning Management System 4.3 Server-Side Request Forgery (0)
12-03: Pharmacy Store Management System 1.0 SQL Injection (0)
12-03: WonderCMS 3.1.3 Code Execution / Server-Side Request Forgery (0)
12-03: WonderCMS 3.1.3 Remote Code Execution (0)
12-03: PRTG Network Monitor 20.4.63.1412 Cross Site Scripting (0)
12-03: Bakeshop Online Ordering System 1.0 Cross Site Scripting (0)
12-03: Online News Portal System 1.0 Cross Site Scripting (0)
12-03: Local Service Search Engine Management System 1.0 SQL Injection (0)
12-03: DotCMS 20.11 Cross Site Scripting (0)
12-03: EgavilanMedia User Registration And Login System With Admin Panel 1.0 XSS (0)
12-03: NewsLister Cross Site Scripting (0)
12-03: Online Voting System Project In PHP Cross Site Scripting (0)
12-03: ChurchCRM 4.2.0 CSV Injection (0)
12-03: ChurchCRM 4.2.1 Cross Site Scripting (0)
12-03: WordPress WP-FileManager 6.8 Remote Code Execution (0)
12-03: Car Rental Management System 1.0 Local File Inclusion / SQL Injection (0)
12-03: Simple College Website 1.0 Local File Inclusion (0)
12-03: Ksix Zigbee Devices Playback Protection Bypass (0)
12-03: http://www.banchiangrai.m-society.go.th (0)
12-03: http://www.chiangrai.m-society.go.th (0)
12-03: http://www.anticorruption.m-society.go.th (0)
12-03: http://www.dsdhss.m-society.go.th (0)
12-03: http://www.angthong.m-society.go.th (0)
12-03: http://www.ubonratchathani.m-society.go.th (0)
12-03: http://www.lampang.m-society.go.th (0)
12-03: http://www.ratchaburi.m-society.go.th (0)
12-03: http://www.ayutthaya.m-society.go.th (0)
12-03: http://www.narathiwat.m-society.go.th (0)
12-03: http://www.lopburi.m-society.go.th (0)
12-03: http://www.lamphun.m-society.go.th (0)
12-03: http://www.rayong.m-society.go.th (0)
12-03: http://www.surin.m-society.go.th (0)
12-03: http://www.nakhonpathom.m-society.go.th (0)
12-03: http://www.nongkhai.m-society.go.th (0)
12-03: http://www.pattani.m-society.go.th (0)
12-03: [webapps] Invision Community 4.5.4 – 'Field Name' Stored Cross-Site Scripting (0)
12-03: [webapps] Sony BRAVIA Digital Signage 1.7.8 – System API Information Disclosure (0)
12-03: [webapps] Coastercms 5.8.18 – Stored XSS (0)
12-03: [webapps] Sony BRAVIA Digital Signage 1.7.8 – Unauthenticated Remote File Inclusion (0)
12-03: [webapps] mojoPortal forums 2.7.0.0 – 'Title' Persistent Cross-Site Scripting (0)
12-03: [webapps] Online Matrimonial Project 1.0 – Authenticated Remote Code Execution (0)
12-03: [webapps] EgavilanMedia Address Book 1.0 Exploit – SQLi Auth Bypass (0)
12-02: TypeSetter 5.1 Cross Site Request Forgery (0)
12-02: SciKit-Learn 0.23.2 Denial Of Service (0)
12-02: WordPress EventON Calendar 3.0.5 Cross Site Scripting (0)
12-02: eClass LMS 2.6 Shell Upload (0)
12-02: Packet Storm New Exploits For November, 2020 (0)
12-02: [webapps] Artworks Gallery 1.0 – Arbitrary File Upload RCE (Authenticated) (0)
12-02: [webapps] Expense Management System – 'description' Stored Cross Site Scripting (0)
12-02: [webapps] Artworks Gallery 1.0 – Arbitrary File Upload RCE (Authenticated) via Edit Profile (0)
12-02: [local] aSc TimeTables 2021.6.2 – Denial of Service (PoC) (0)
12-02: [webapps] Pharmacy Store Management System 1.0 – 'id' SQL Injection (0)
12-02: [local] IDT PC Audio 1.0.6433.0 – 'STacSV' Unquoted Service Path (0)
12-02: [webapps] Under Construction Page with CPanel 1.0 – SQL injection (0)
12-02: [webapps] WonderCMS 3.1.3 – 'Menu' Persistent Cross-Site Scripting (0)
12-02: [webapps] Local Service Search Engine Management System 1.0 – SQLi Authentication Bypass (0)
12-02: [webapps] Online News Portal System 1.0 – 'Title' Stored Cross Site Scripting (0)
12-02: [webapps] NewsLister – Authenticated Persistent Cross-Site Scripting (0)
12-02: [webapps] Bakeshop Online Ordering System 1.0 – 'Owner' Persistent Cross-site scripting (0)
12-02: [webapps] ILIAS Learning Management System 4.3 – SSRF (0)
12-02: [webapps] Online Voting System Project in PHP – 'username' Persistent Cross-Site Scripting (0)
12-02: [webapps] WonderCMS 3.1.3 – Authenticated Remote Code Execution (0)
12-02: [webapps] PRTG Network Monitor 20.4.63.1412 – 'maps' Stored XSS (0)
12-02: [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 – Stored Cross Site Scripting (0)
12-02: [webapps] WonderCMS 3.1.3 – Authenticated SSRF to Remote Remote Code Execution (0)
12-02: [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 – CSRF (0)
12-02: [webapps] Student Result Management System 1.0 – Authentication Bypass SQL Injection (0)
12-01: [local] Pearson Vue VTS 2.3.1911 Installer – VUEApplicationWrapper Unquoted Service Path (0)
12-01: [local] Global Registration Service 1.0.0.3 – 'GREGsvc.exe' Unquoted Service Path (0)
12-01: [local] EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' – Unquoted Service Path (0)
12-01: [webapps] Pandora FMS 7.0 NG 749 – Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020 (0)
12-01: [webapps] Social Networking Site – Authentication Bypass (SQli) (0)
12-01: [webapps] LEPTON CMS 4.7.0 – 'URL' Persistent Cross-Site Scripting (0)
12-01: [webapps] Medical Center Portal Management System 1.0 – 'login' SQL Injection (0)
12-01: [webapps] Multi Restaurant Table Reservation System 1.0 – Multiple Persistent XSS (0)
12-01: [webapps] Tailor Management System 1.0 – Unrestricted File Upload to Remote Code Execution (0)
12-01: [webapps] Setelsa Conacwin 3.7.1.2 – Local File Inclusion (0)
12-01: [local] 10-Strike Network Inventory Explorer 8.65 – Buffer Overflow (SEH) (0)
12-01: [webapps] Online Shopping Alphaware 1.0 – Error Based SQL injection (0)
12-01: [webapps] Pharmacy/Medical Store & Sale Point 1.0 – 'email' SQL Injection (0)
12-01: [webapps] Wordpress Plugin EventON Calendar 3.0.5 – Reflected Cross-Site Scripting (0)
12-01: [webapps] Joomla! Component GMapFP 3.5 – Unauthenticated Arbitrary File Upload (0)
12-01: [webapps] TypeSetter 5.1 – CSRF (Change admin e-mail) (0)

November 2020 (354)

11-30: YATinyWinFTP Denial Of Service (0)
11-30: Rejetto HttpFileServer 2.3.x Remote Command Execution (0)
11-30: Online Job Portal In PHP/PDO 1.0 SQL Injection (0)
11-30: WordPress Heroic Knowledge Base 3.0.1 SQL Injection (0)
11-30: ATX MiniCMTS200a Broadband Gateway 2.0 Credential Disclosure (0)
11-30: Intelbras Router RF 301K 1.1.2 Authentication Bypass (0)
11-30: https://paplu.go.th/o.htm (0)
11-30: [webapps] ATX MiniCMTS200a Broadband Gateway 2.0 – Credential Disclosure (0)
11-29: House Rental 1.0 SQL Injection (0)
11-29: BigBlueButton 2.2.29 Brute Force (0)
11-29: Foxit Reader 9.0.1.1049 Arbitrary Code Execution (0)
11-29: Pure-FTPd 1.0.48 Remote Denial Of Service (0)
11-29: Razer Chroma SDK Server 3.16.02 Race Condition (0)
11-29: BigBlueButton 2.2.29 E-mail Validation Bypass (0)
11-29: libupnp 1.6.18 Denial Of Service (0)
11-29: Fujitsu Eternus Storage DX200 S4 Broken Authentication (0)
11-29: ElkarBackup 1.3.3 Cross Site Scripting (0)
11-29: SAP Lumira 1.31 Cross Site Scripting (0)
11-29: Laravel Administrator 4 File Upload (0)
11-29: Moodle 3.8 Arbitary File Upload (0)
11-29: WordPress Age Gate 2.13.4 Open Redirect (0)
11-29: WordPress Wibar Theme 1.1.8 Cross Site Scripting (0)
11-29: WonderCMS 3.1.3 Cross Site Scripting (0)
11-29: WordPress Accesspress Social Icons Theme 1.7.9 SQL Injection (0)
11-29: ZTE Blade Vantage Z839 Emode.APK android.uid.system Privilege Escalation (0)
11-29: Best Support System 3.0.4 Cross Site Scripting (0)
11-29: Ruckus IoT Controller 1.5.1.0.21 Remote Code Execution (0)
11-29: Heroic Knowledge Base 3.0.1 Cross Site Scripting (0)
11-29: Apache NiFi API Remote Code Execution (0)
11-29: http://www.kerng.go.th/Anonime.txt (0)
11-27: http://www.sikhoraphumcity.go.th/o.txt (0)
11-27: http://nptedu.go.th/0day.html (0)
11-27: [local] Foxit Reader 9.0.1.1049 – Arbitrary Code Execution (0)
11-27: [webapps] Moodle 3.8 – Unrestricted File Upload (0)
11-27: [webapps] Acronis Cyber Backup 12.5 Build 16341 – Unauthenticated SSRF (0)
11-27: [webapps] FrozenNode Laravel-Administrator 4 – Unrestricted File Upload (Authenticated) (0)
11-27: [webapps] WonderCMS 3.1.3 – 'uploadFile' Stored Cross-Site Scripting (0)
11-27: [webapps] Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 – Remote Code Execution (0)
11-27: [webapps] Wordpress Theme Wibar 1.1.8 – 'Brand Component' Stored Cross Site Scripting (0)
11-27: [webapps] Wordpress Theme Accesspress Social Icons 1.7.9 – SQL injection (Authenticated) (0)
11-27: [local] SAP Lumira 1.31 – Stored Cross-Site Scripting (0)
11-26: Wondershare Driver Install Service Help 10.7.1.321 Unquoted Service Path (0)
11-26: osCommerce 2.3.4.1 Cross Site Scripting (0)
11-26: SyncBreeze 10.0.28 Remote Buffer Overflow (0)
11-26: WordPress Simple File List Unauthenticated Remote Code Execution (0)
11-26: Kong Gateway Admin API Remote Code Execution (0)
11-26: OpenMediaVault rpc.php Authenticated PHP Code Injection (0)
11-26: [dos] Pure-FTPd 1.0.48 – Remote Denial of Service (0)
11-25: Apache OpenMeetings 5.0.0 Denial Of Service (0)
11-25: nopCommerce Store 4.30 Cross Site Scripting (0)
11-25: OpenCart 3.0.3.6 Cross Site Scripting (0)
11-25: Seowon 130-SLC 1.0.11 Remote Code Execution (0)
11-25: ZeroShell 3.9.0 Remote Command Execution (0)
11-25: ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password (0)
11-25: http://reg-users.dft.go.th/kro.txt (0)
11-25: [webapps] SyncBreeze 10.0.28 – 'password' Remote Buffer Overflow (0)
11-25: [webapps] osCommerce 2.3.4.1 – 'title' Persistent Cross-Site Scripting (0)
11-25: [webapps] WonderCMS 3.1.3 – 'page' Persistent Cross-Site Scripting (0)
11-25: [local] Wondershare Driver Install Service help 10.7.1.321 – 'ElevationService' Unquote Service Path (0)
11-24: Boxoft Audio Converter 2.3.0 Buffer Overflow (0)
11-24: TP-Link TL-WA855RE V5_200415 Device Reset Authentication Bypass (0)
11-24: LifeRay 7.2.1 GA2 Cross Site Scripting (0)
11-24: http://www.sa-aat.go.th (0)
11-24: http://www.muangphoe.go.th (0)
11-24: http://jaroensuk.go.th (0)
11-24: http://www.sajorakhea.go.th (0)
11-24: [webapps] OpenCart 3.0.3.6 – 'subject' Stored Cross-Site Scripting (0)
11-24: [webapps] Apache OpenMeetings 5.0.0 – 'hostname' Denial of Service (0)
11-24: [webapps] nopCommerce Store 4.30 – 'name' Stored Cross-Site Scripting (0)
11-23: http://plai.go.th (0)
11-23: http://thaisamakee.go.th (0)
11-23: http://suppraya.go.th (0)
11-23: http://ploungthong.go.th (0)
11-23: http://donsailocal.go.th (0)
11-23: http://kwianhug.go.th (0)
11-23: http://wangkrajaelocal.go.th (0)
11-23: http://sarai.go.th (0)
11-23: http://prasuk.go.th (0)
11-23: http://kukasinglocal.go.th (0)
11-23: http://www.sreekaew.go.th (0)
11-23: http://klongtabchan.go.th (0)
11-23: http://tambonbansong.go.th (0)
11-23: http://abt-ladbualuang.go.th (0)
11-23: http://jakonglocal.go.th (0)
11-23: http://tungsawang.go.th (0)
11-23: http://niyomchai.go.th (0)
11-23: http://sao-sanjaorongthong.go.th (0)
11-23: http://dongbang.go.th (0)
11-23: http://bankangcity.go.th (0)
11-23: http://yangngam.go.th (0)
11-23: http://khamtonode.go.th (0)
11-23: http://bangkachai.go.th (0)
11-23: http://tungluang.go.th (0)
11-23: http://bankruatcity.go.th (0)
11-23: http://sungnoenabt.go.th (0)
11-23: http://khokkachai.go.th (0)
11-23: http://donong.go.th (0)
11-23: http://koksoong.go.th (0)
11-23: http://rmchaiyaphum.go.th (0)
11-23: http://chamkho-sm.go.th (0)
11-23: [webapps] VTiger v7.0 CRM – 'To' Persistent XSS (0)
11-23: [local] Boxoft Audio Converter 2.3.0 – '.wav' Buffer Overflow (SEH) (0)
11-22: http://dws.fpo.go.th/readme.htm (0)
11-21: https://phaiyai.go.th/bel.html (0)
11-21: Free MP3 CD Ripper 2.8 Buffer Overflow (0)
11-21: Zortam MP3 Media Studio 27.60 Remote Code Execution (0)
11-21: NetSurveillance Unauthorized Password Change (0)
11-21: Wonder CMS 3.1.3 Cross Site Scripting (0)
11-21: Boxoft Convert Master 1.3.0 Local Buffer Overflow (0)
11-21: IBM Tivoli Storage Manager 5.2.0.1 Buffer Overflow (0)
11-21: Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution (0)
11-21: Vtiger CRM 7.0 Cross Site Scripting (0)
11-21: Barco wePresent Hardcoded API Credentials (0)
11-21: Barco wePresent Admin Credential Exposure (0)
11-21: Barco wePresent Authentication Bypass (0)
11-21: Barco wePresent Undocumented SSH Interface (0)
11-21: Barco wePresent Global Hardcoded Root SSH Password (0)
11-21: Barco wePresent Insecure Firmware Image (0)
11-20: PESCMS TEAM 2.3.2 Cross Site Scripting (0)
11-20: xuucms 3 SQL Injection (0)
11-20: Fortinet FortiOS 6.0.4 Password Modification (0)
11-20: Gitlab 12.9.0 Arbitrary File Read (0)
11-20: M/Monit 3.7.4 Privilege Escalation (0)
11-20: M/Monit 3.7.4 Password Disclosure (0)
11-20: Nagios Log Server 2.1.7 Cross Site Scripting (0)
11-20: Internet Download Manager 6.38.12 Buffer Overflow (0)
11-20: Gemtek WVRTM-127ACN 01.01.02.141 Command Injection (0)
11-20: TestBox CFML Test Framework 4.1.0 Directory Traversal (0)
11-20: TestBox CFML Test Framework 4.1.0 Arbitrary File Write / Code Execution (0)
11-20: Sokrates SOWA SowaSQL Cross Site Scripting (0)
11-20: Oracle WebLogic Server Administration Console Handle Remote Code Execution (0)
11-20: [local] Zortam Mp3 Media Studio 27.60 – Remote Code Execution (SEH) (0)
11-20: [webapps] WonderCMS 3.1.3 – 'content' Persistent Cross-Site Scripting (0)
11-19: https://www.tphcp.go.th/ah.html (0)
11-19: Complaint Management System 1.0 Shell Upload (0)
11-19: WordPress Fancy Product Designer For WooCommerce Cross Site Scripting (0)
11-19: WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload (0)
11-19: Avaya Web License Manager XML Injection (0)
11-19: WordPress WP Forms 1.6.3.1 Cross SIte Scripting (0)
11-19: Zerologon Netlogon Privilege Escalation (0)
11-19: http://www.bokaew.go.th/z.php (0)
11-19: [webapps] M/Monit 3.7.4 – Password Disclosure (0)
11-19: [webapps] Gemtek WVRTM-127ACN 01.01.02.141 – Authenticated Arbitrary Command Injection (0)
11-19: [webapps] TestBox CFML Test Framework 4.1.0 – Directory Traversal (0)
11-19: [webapps] TestBox CFML Test Framework 4.1.0 – Arbitrary File Write and Remote Code Execution (0)
11-19: [remote] Genexis Platinum 4410 Router 2.1 – UPnP Credential Exposure (0)
11-19: [webapps] Gitlab 12.9.0 – Arbitrary File Read (Authenticated) (0)
11-19: [webapps] xuucms 3 – 'keywords' SQL Injection (0)
11-19: [webapps] Fortinet FortiOS 6.0.4 – Unauthenticated SSL VPN User Password Modification (0)
11-19: [webapps] M/Monit 3.7.4 – Privilege Escalation (0)
11-19: [webapps] PESCMS TEAM 2.3.2 – Multiple Reflected XSS (0)
11-18: Huawei LCD_Service 1.0.1.0 Unquoted Service Path (0)
11-18: Online Doctor Appointment Booking System PHP And MySQL 1.0 SQL Injection (0)
11-18: AIX 5.3L libc Buffer Overflow (0)
11-18: Online News Portal Local File Inclusion (0)
11-18: Medical Center Portal Management System SQL Injection (0)
11-18: Social Networking Site SQL Injection (0)
11-18: EgavilanMedia User Registration And Login System With Admin Panel SQL Injection (0)
11-18: Aerospike Database 5.1.0.3 Remote Command Execution (0)
11-18: Grocy Household Management Solution 2.7.1 Cross Site Scripting (0)
11-18: Apache Struts 2.5.20 Double OGNL Evaluation (0)
11-18: http://backoffice.onec.go.th (0)
11-18: http://www.nah.go.th/z.php (0)
11-18: http://envfund.onep.go.th/ay.htm (0)
11-18: [remote] ZeroLogon – Netlogon Elevation of Privilege (0)
11-18: [webapps] BigBlueButton 2.2.25 – Arbitrary File Disclosure and Server-Side Request Forgery (0)
11-18: [webapps] Wordpress Plugin WPForms 1.6.3.1 – Persistent Cross Site Scripting (Authenticated) (0)
11-17: Advanced System Care Service 13 Unquoted Service Path (0)
11-17: Pandora FMS 7.0 NG 749 SQL Injection (0)
11-17: KiteService 1.2020.1113.1 Unquoted Service Path (0)
11-17: Taskcafe 0.1.0 / 0.1.1 Cross Origin Resource Sharing (0)
11-17: Water Billing System 1.0 SQL Injection (0)
11-17: Super Store Finder 3.3 Cross Site Scripting (0)
11-17: Car Rental Management System 1.0 SQL Injection (0)
11-17: PMB 5.6 Local File Disclosure / Directory Traversal (0)
11-17: RED-V Super Digital Signage System RXV-A740R Log Information Disclosure (0)
11-17: Car Rental Management System 1.0 Shell Upload (0)
11-17: Cisco 7937G Denial Of Service / Privilege Escalation (0)
11-17: MailDepot 2033 2.3.3022 Cross Site Scripting (0)
11-17: SIGE 3.4.1 / 3.5.3 Pro Cross Site Scripting / Remote File Inclusion (0)
11-17: SugarCRM 6.5.18 Cross Site Scripting (0)
11-17: Fuel CMS 1.4 Remote Code Execution (0)
11-17: Kaa IoT Platform 1.2.0 Cross Site Scripting (0)
11-17: AIX 5.3L /usr/sbin/lquerypv Local Root Privilege Escalation (0)
11-17: Froxlor 0.10.16 Cross Site Scripting (0)
11-17: WordPress Buddypress 6.2.0 Cross Site Scripting (0)
11-17: SugarCRM 6.5.18 Cross Site Scripting (0)
11-17: Artworks Gallery 1.0 Shell Upload (0)
11-17: Apple Security Advisory 2020-11-13-3 (0)
11-17: Apple Security Advisory 2020-11-13-2 (0)
11-17: Apple Security Advisory 2020-11-13-4 (0)
11-17: Apple Security Advisory 2020-11-13-5 (0)
11-17: Apple Security Advisory 2020-11-13-6 (0)
11-17: Apple Security Advisory 2020-11-13-7 (0)
11-17: [webapps] Froxlor Froxlor Server Management Panel 0.10.16 – Persistent Cross-Site Scripting (0)
11-17: [local] Microsoft Internet Explorer 11 – Use-After-Free (0)
11-17: [webapps] WordPress Plugin Buddypress 6.2.0 – Persistent Cross-Site Scripting (0)
11-17: [webapps] EgavilanMedia User Registration & Login System with Admin Panel Exploit – SQLi Auth Bypass (0)
11-17: [webapps] SugarCRM 6.5.18 – Persistent Cross-Site Scripting (0)
11-17: [webapps] Online Doctor Appointment Booking System PHP and Mysql 1.0 – 'q' SQL Injection (0)
11-16: [webapps] Pandora FMS 7.0 NG 749 – 'CG Items' SQL Injection (Authenticated) (0)
11-16: [webapps] Car Rental Management System 1.0 – 'car_id' Sql Injection (0)
11-16: [remote] Cisco 7937G – DoS/Privilege Escalation (0)
11-16: [local] KiteService 1.2020.1113.1 – 'KiteService.exe' Unquoted Service Path (0)
11-16: [webapps] Water Billing System 1.0 – 'id' SQL Injection (Authenticated) (0)
11-16: [webapps] Car Rental Management System 1.0 – Remote Code Execution (Authenticated) (0)
11-16: [webapps] PMB 5.6 – 'chemin' Local File Disclosure (0)
11-16: [local] Atheros Coex Service Application 8.0.0.255 – 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path (0)
11-16: [webapps] Car Rental Management System 1.0 – 'id' SQL Injection (Authenticated) (0)
11-16: [webapps] User Registration & Login and User Management System 2.1 – Login Bypass SQL Injection (0)
11-16: [local] Advanced System Care Service 13 – 'AdvancedSystemCareService13' Unquoted Service Path (0)
11-16: [local] Logitech Solar Keyboard Service – 'L4301_Solar' Unquoted Service Path (0)
11-14: Anuko Time Tracker 1.19.23.5311 Password Reset (0)
11-14: Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting (0)
11-14: ReadyTalk Avian JVM FileOutputStream.write() Integer Overflow (0)
11-14: HorizontCMS 1.0.0-beta Shell Upload (0)
11-14: Citrix ADC NetScaler Local File Inclusion (0)
11-14: Bludit Panel Brute Forcer (0)
11-14: ASUS TM-AC1900 Arbitrary Command Execution (0)
11-13: Water Billing System 1.0 SQL Injection (0)
11-13: WordPress Good LMS 2.1.4 SQL Injection (0)
11-13: SaltStack Salt REST API Arbitrary Command Execution (0)
11-13: http://www.sskh.moph.go.th (0)
11-13: Google Patches Two More Chrome Zero Days (0)
11-13: [webapps] OpenCart Theme Journal 3.1.0 – Sensitive Data Exposure (0)
11-13: [local] IDT PC Audio 1.0.6425.0 – 'STacSV' Unquoted Service Path (0)
11-13: [local] SAntivirus IC 10.0.21.61 – 'SAntivirusIC' Unquoted Service Path (0)
11-13: [local] DigitalPersona 5.1.0.656 'DpHostW' – Unquoted Service Path (0)
11-13: [webapps] Apache Tomcat – AJP 'Ghostcat' File Read/Inclusion (Metasploit) (0)
11-13: [webapps] Touchbase.io 1.10 – Stored Cross Site Scripting (0)
11-13: [webapps] Bludit 3.9.2 – Authentication Bruteforce Bypass (Metasploit) (0)
11-13: [webapps] Citrix ADC NetScaler – Local File Inclusion (Metasploit) (0)
11-13: [webapps] ASUS TM-AC1900 – Arbitrary Command Execution (Metasploit) (0)
11-12: Joomla SIGE 3.4.1-FREE / 3.5.3-PRO RFI / Cross Site Scripting (0)
11-12: CMSUno 1.6.2 Remote Code Execution (0)
11-12: Customer Support System 1.0 SQL Injection (0)
11-12: Customer Support System 1.0 Cross Site Request Forgery (0)
11-12: Customer Support System 1.0 Cross Site Scripting (0)
11-12: Microsoft Windows Local Spooler Bypass (0)
11-12: http://pharmacy.huahinhospital.go.th (0)
11-12: http://therapy.huahinhospital.go.th (0)
11-12: Mysterious Bugs Were Used To Hack iPhones and Android Phones And No One Will Talk About It (0)
11-12: Microsoft November 2020 Patch Arrives With Fix For Windows Zero Day (0)
11-12: [webapps] Wordpress Plugin Good LMS 2.1.4 – 'id' Unauthenticated SQL Injection (0)
11-12: [webapps] Water Billing System 1.0 – 'username' and 'password' parameters SQL Injection (0)
11-11: Car Rental Management System 1.0 Shell Upload / SQL Injection (0)
11-11: ShoreTel Conferencing 19.46.1802.0 Cross Site Scripting (0)
11-11: Anuko Time Tracker 1.19.23.5325 CSV Injection (0)
11-11: WordPress File Manager 6.8 Remote Code Execution (0)
11-11: Rapid7 Metasploit Framework msfvenom APK Template Command Injection (0)
11-11: https://www.nakhonmaesotcity.go.th/readme.htm (0)
11-11: [webapps] CMSUno 1.6.2 – 'user' Remote Code Execution (Authenticated) (0)
11-11: [webapps] Customer Support System 1.0 – 'username' Authentication Bypass (0)
11-11: [webapps] Customer Support System 1.0 – Cross-Site Request Forgery (0)
11-11: [webapps] Customer Support System 1.0 – 'description' Stored XSS in The Admin Panel (0)
11-10: OKI sPSV Port Manager 1.0.41 Unquoted Service Path (0)
11-10: Syncplify.me Server! 5.0.37 Unquoted Service Path (0)
11-10: Magic Mouse 2 Utilities 2.20 Unquoted Service Path (0)
11-10: KMSpico 17.1.0.0 Unquoted Service Path (0)
11-10: Winstep 18.06.0096 Unquoted Service Path (0)
11-10: IPTInstaller 4.0.9 Unquoted Service Path (0)
11-10: Genexus Protection Server 9.6.4.2 Unquoted Service Path (0)
11-10: DigitalPersona 4.5.0.2213 Unquoted Service Path (0)
11-10: HP WMI Service 1.4.8.0 Unquoted Service Path (0)
11-10: Motorola Device Manager 2.4.5 Unquoted Path (0)
11-10: Motorola Device Manager 2.5.4 Unquoted Service Path (0)
11-10: Motorola Device Manager 2.5.4 Unquoted Service Path (0)
11-10: Realtek Andrea RT Filters 1.0.64.10 Unquoted Service Path (0)
11-10: iDeskService 3.0.2.1 Unquoted Service Path (0)
11-10: RealTimes Desktop Service 18.1.4 Unquoted Service Path (0)
11-10: DiskBoss 11.7.28 Unquoted Service Path (0)
11-10: Canon Inkjet Extended Survey Program 5.1.0.8 Unquoted Service Path (0)
11-10: SunSSH Solaris 10 x86 Remote Root (0)
11-10: Windows File Enumeration Intel Gathering Tool 2.2 (0)
11-10: Online Book Store 1.0 SQL Injection (0)
11-10: Deep Instinct Windows Agent 1.2.24.0 Unquoted Service Path (0)
11-10: Privacy Drive 3.17.0 Unquoted Service Path (0)
11-10: Joplin 1.2.6 Cross Site Scripting (0)
11-10: Chrome V8 Turbofan Type Confusion (0)
11-10: Chrome ConvertToJavaBitmap Heap Buffer Overflow (0)
11-10: http://www.sikhiu.go.th/stress.php (0)
11-10: Apple Security Advisory 2020-11-05-1 (0)
11-10: Apple Security Advisory 2020-11-05-2 (0)
11-10: Apple Security Advisory 2020-11-05-7 (0)
11-10: [webapps] Anuko Time Tracker 1.19.23.5325 – CSV/Formula Injection (0)
11-10: [webapps] ShoreTel Conferencing 19.46.1802.0 – Reflected Cross-Site Scripting (0)
11-10: [webapps] Car Rental Management System 1.0 – SQL injection + Arbitrary File Upload (0)
11-09: https://www.lomrad.go.th//images/fighter.gif (0)
11-09: https://www.maeprik-municipality.go.th//images/fighter.gif (0)
11-09: [local] MEMU PLAY 3.7.0 – 'MEmusvc' Unquoted Service Path (0)
11-09: [local] KMSpico 17.1.0.0 – 'Service KMSELDI' Unquoted Service Path (0)
11-09: [webapps] Genexis Platinum-4410 P4410-V2-1.28 – Broken Access Control and CSRF (0)
11-09: [local] Motorola Device Manager 2.5.4 – 'ForwardDaemon.exe ' Unquoted Service Path (0)
11-09: [local] Motorola Device Manager 2.5.4 – 'MotoHelperService.exe' Unquoted Service Path (0)
11-09: [local] Motorola Device Manager 2.4.5 – 'ForwardDaemon.exe ' Unquoted Service Path (0)
11-09: [local] Syncplify.me Server! 5.0.37 – 'SMWebRestServicev5' Unquoted Service Path (0)
11-09: [local] HP WMI Service 1.4.8.0 – 'HPWMISVC.exe' Unquoted Service Path (0)
11-09: [local] Genexus Protection Server 9.6.4.2 – 'protsrvservice' Unquoted Service Path (0)
11-09: [local] DigitalPersona 4.5.0.2213 – 'DpHostW' Unquoted Service Path (0)
11-09: [local] OKI sPSV Port Manager 1.0.41 – 'sPSVOpLclSrv' Unquoted Service Path (0)
11-09: [local] IPTInstaller 4.0.9 – 'PassThru Service' Unquoted Service Path (0)
11-09: [local] Realtek Andrea RT Filters 1.0.64.10 – 'AERTSr64.EXE' Unquoted Service Path (0)
11-09: [local] Winstep 18.06.0096 – 'Xtreme Service' Unquoted Service Path (0)
11-09: [webapps] SuiteCRM 7.11.15 – 'last_name' Remote Code Execution (Authenticated) (0)
11-09: [local] HP Display Assistant x64 Edition 3.20 – 'DTSRVC' Unquoted Service Path (0)
11-07: SmartBlog 2.0.1 Blind SQL Injection (0)
11-07: BlogEngine 3.3.8 Cross Site Scripting (0)
11-07: git-lfs Remote Code Execution (0)
11-07: Sentrifugo 3.2 Remote Code Execution (0)
11-07: Sentrifugo 3.2 Remote Code Execution (0)
11-07: CMSUno 1.6.2 Remote Code Execution (0)
11-07: Asterisk 17.6.0 / 17.5.1 Denial Of Service (0)
11-07: http://www.rayongpolice.go.th/bc7.html (0)
11-06: Apple Fixes Three iOS Zero Days Exploited In The Wild (0)
11-06: Amarok 2.8.0 Denial Of Service (0)
11-06: Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure (0)
11-06: iDS6 DSSPro Digital Signage System 6.2 Password Disclosure (0)
11-06: iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery (0)
11-06: iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass (0)
11-06: iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation (0)
11-06: [webapps] BlogEngine 3.3.8 – 'Content' Stored XSS (0)
11-06: [webapps] Sentrifugo Version 3.2 – 'announcements' Remote Code Execution (Authenticated) (0)
11-06: [webapps] Sentrifugo 3.2 – 'assets' Remote Code Execution (Authenticated) (0)
11-06: [webapps] SmartBlog 2.0.1 – 'id_post' Blind SQL injection (0)
11-06: [webapps] CMSUno 1.6.2 – 'lang' Remote Code Execution (Authenticated) (0)
11-05: Processwire CMS 2.4.0 Local File Inclusion (0)
11-05: PDW File Browser 1.3 Shell Upload (0)
11-05: School Log Management System 1.0 Code Execution / SQL Injection (0)
11-05: Student Attendance Management System 1.0 Code Execution / SQL Injection (0)
11-05: http://www.bdlh.go.th/ay.htm (0)
11-05: https://wangkata.go.th/lol.html (0)
11-05: [webapps] iDS6 DSSPro Digital Signage System 6.2 – Cross-Site Request Forgery (CSRF) (0)
11-04: Complaints Report Management System 1.0 SQL Injection / Remote Code Execution (0)
11-04: Joomla JomSocial 4.7.6 Cross Site Scripting (0)
11-04: Joomla Publisher 3.0.19 Cross Site Scripting (0)
11-04: [webapps] Student Attendance Management System 1.0 – 'username' SQL Injection / Remote Code Execution (0)
11-04: [webapps] School Log Management System 1.0 – 'username' SQL Injection / Remote Code Execution (0)
11-04: [webapps] Processwire CMS 2.4.0 – 'download' Local File Inclusion (0)
11-03: HealthMonitor 3.1 Unquoted Service Path (0)
11-03: Cobian Backup Service Unquoted Service Path (0)
11-03: Quick N Easy FTP Service 3.2 Unquoted Service Path (0)
11-03: Foxit Reader 9.7.1 Remote Command Execution (0)
11-03: Apache Flink 1.9.x Shell Upload (0)
11-03: Monitorr 1.7.6m Remote Code Execution (0)
11-03: Monitorr 1.7.6m Authorization Bypass (0)
11-03: Multi Restaurant Table Reservation System 1.0 Cross Site Scripting (0)
11-03: Multi Restaurant Table Reservation System 1.0 SQL Injection (0)
11-03: WordPress Simple File List 5.4 Shell Upload (0)
11-03: Packet Storm New Exploits For October, 2020 (0)
11-03: https://www.kpp2.go.th/ay.htm (0)
11-03: [webapps] Exploit Title: Complaints Report Management System 1.0 – 'username' SQL Injection / Remote Code Execution (0)
11-03: [webapps] Multi Restaurant Table Reservation System 1.0 – 'table_id' Unauthenticated SQL Injection (0)
11-02: [webapps] WordPress Plugin Simple File List 5.4 – Arbitrary File Upload (0)
11-02: [webapps] Apache Flink 1.9.x – File Upload RCE (Unauthenticated) (0)

October 2020 (342)

10-31: http://don.go.th/asu.php (0)
10-31: CSE Bookstore 1.0 Cross Site Scripting (0)
10-31: DedeCMS 5.8 Cross Site Scripting (0)
10-31: Agent Tesla Botnet Cross Site Scripting (0)
10-31: Citadel WebCit Session Hijacking (0)
10-31: Wondershare Dr.Fone 3.0.0 Unquoted Service Path (0)
10-31: Simple College Website 1.0 Code Execution / SQL Injection (0)
10-31: Microsoft Windows Kernel cng.sys Buffer Overflow (0)
10-31: Google Discloses Windows Zero-Day Exploited In The Wild (0)
10-30: Online Examination System 1.0 Cross Site Scripting (0)
10-30: Point Of Sales 1.0 Cross Site Scripting (0)
10-30: Mailman 2.1.23 Cross Site Scripting (0)
10-30: Icewarp WebMail 11.4.5.0 Cross Site Scripting (0)
10-30: Lot Reservation Management System 1.0 SQL Injection (0)
10-30: Lot Reservation Management System 1.0 Cross Site Scripting (0)
10-30: Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery (0)
10-30: Oracle WebLogic Server Remote Code Execution (0)
10-30: [webapps] Online Job Portal 1.0 – 'userid' SQL Injection (0)
10-30: [webapps] Citadel WebCit < 926 – Session Hijacking Exploit (0)
10-30: [webapps] DedeCMS v.5.8 – "keyword" Cross-Site Scripting (0)
10-30: [webapps] CSE Bookstore 1.0 – 'quantity' Persistent Cross-site Scripting (0)
10-29: IP Watcher 3.0.0.30 Unquoted Service Path (0)
10-29: Prey 1.9.6 Unquoted Service Path (0)
10-29: Program Access Controller 1.2.0.0 Unquoted Service Path (0)
10-29: EPSON 1.124 Unquoted Service Path (0)
10-29: Gym Management System 1.0 Cross Site Scripting (0)
10-29: Gym Management System 1.0 SQL Injection (0)
10-29: Point Of Sales 1.0 SQL Injection (0)
10-29: Online Library Management System 1.0 Shell Upload (0)
10-29: PackageKit File Existence Disclosure (0)
10-29: aptdaemon File Existence Disclosure (0)
10-29: Blueman Local Root / Privilege Escalation (0)
10-29: Nagios XI 5.7.3 Remote Command Injection (0)
10-29: CSE Bookstore 1.0 SQL Injection (0)
10-29: God Kings 0.60.1 Notification Spoofing (0)
10-29: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI (0)
10-29: FreeType Load_SBit_Png Heap Buffer Overflow (0)
10-29: [webapps] WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 – Unauthenticated RCE via GET request (0)
10-29: [webapps] Online Examination System 1.0 – 'name' Stored Cross Site Scripting (0)
10-29: [webapps] Mailman 1.x > 2.1.23 – Cross Site Scripting (XSS) (0)
10-28: Sphider Search Engine 1.3.6 Remote Code Execution (0)
10-28: Adtec Digital Products Hardcoded Credentials / Remote Root (0)
10-28: Sentrifugo 3.2 Shell Upload / Restriction Bypass (0)
10-28: TDM Digital Signage PC Player 4.1 Insecure File Permissions (0)
10-28: [webapps] CSE Bookstore 1.0 – Authentication Bypass (0)
10-28: [webapps] Nagios XI 5.7.3 – 'mibs.php' Remote Command Injection (Authenticated) (0)
10-27: CMS Made Simple 2.1.6 Server-Side Template Injection (0)
10-27: PDW File Browser 1.3 Cross Site Scripting (0)
10-27: InoERP 0.7.2 Remote Code Execution (0)
10-27: Online Health Care System 1.0 Cross Site Scripting (0)
10-27: Genexis Platinum-4410 Cross Site Scripting (0)
10-27: [webapps] Sphider Search Engine 1.3.6 – 'word_upper_bound' RCE (Authenticated) (0)
10-27: [webapps] Client Management System 1.0 – 'searchdata' SQL injection (0)
10-27: [webapps] Sentrifugo 3.2 – File Upload Restriction Bypass (Authenticated) (0)
10-27: [remote] Adtec Digital Multiple Products – Default Hardcoded Credentials Remote Root (0)
10-27: [local] TDM Digital Signage PC Player 4.1 – Insecure File Permissions (0)
10-26: https://baantarn.go.th/indonesia.php (0)
10-26: https://huayrai-lomsak.go.th/indonesia.php (0)
10-26: https://jaothong.go.th/indonesia.php (0)
10-26: https://jiktueng.go.th/indonesia.php (0)
10-26: https://kokglang.go.th/indonesia.php (0)
10-26: https://kongphon.go.th/indonesia.php (0)
10-26: https://kusuman.go.th/indonesia.php (0)
10-26: https://kutchim.go.th/indonesia.php (0)
10-26: https://muangna.go.th/indonesia.php (0)
10-26: https://nadi-suwan.go.th/indonesia.php (0)
10-26: https://numjuednoi.go.th/indonesia.php (0)
10-26: https://nontan-npm.go.th/indonesia.php (0)
10-26: https://pangku.go.th/indonesia.php (0)
10-26: https://ptrws.go.th/indonesia.php (0)
10-26: https://saphlee.go.th/indonesia.php (0)
10-26: https://sksm.go.th/indonesia.php (0)
10-26: https://sopprap.go.th/indonesia.php (0)
10-26: https://srangnoktha.go.th/indonesia.php (0)
10-26: https://tambonyom.go.th/indonesia.php (0)
10-26: https://thungnalao.go.th/indonesia.php (0)
10-26: [webapps] Genexis Platinum-4410 – 'SSID' Persistent XSS (0)
10-26: [webapps] InoERP 0.7.2 – Remote Code Execution (Unauthenticated) (0)
10-26: [webapps] Online Health Care System 1.0 – Multiple Cross Site Scripting (Stored) (0)
10-26: [webapps] PDW File Browser 1.3 – 'new_filename' Cross-Site Scripting (XSS) (0)
10-26: [webapps] CMS Made Simple 2.1.6 – 'cntnt01detailtemplate' Server-Side Template Injection (0)
10-25: https://changtoon.go.th/ind3x.php (0)
10-25: https://chorakhemak.go.th/ind3x.php (0)
10-25: https://khampalai.go.th/ind3x.php (0)
10-25: https://khok-sung.go.th/ind3x.php (0)
10-25: https://kudsimkoommai.go.th/ind3x.php (0)
10-25: https://kuewiang.go.th/ind3x.php (0)
10-25: https://namthiang.go.th/ind3x.php (0)
10-25: https://napasang.go.th/ind3x.php (0)
10-25: https://natal.go.th/ind3x.php (0)
10-25: https://nongkhunyai.go.th/ind3x.php (0)
10-25: https://obtkoksator.go.th/ind3x.php (0)
10-25: https://nt.go.th/ind3x.php (0)
10-25: https://phonbok.go.th/ind3x.php (0)
10-25: https://singburipao.go.th/ind3x.php (0)
10-25: https://somdet-ks.go.th/ind3x.php (0)
10-25: https://somwang.go.th/ind3x.php (0)
10-25: https://tambonmuang.go.th/ind3x.php (0)
10-25: https://tesbanbkl.go.th/ind3x.php (0)
10-25: https://tk.go.th/ind3x.php (0)
10-25: https://wangban.go.th/ind3x.php (0)
10-24: https://nongtaphan.go.th (0)
10-24: http://www.khoakanun.go.th (0)
10-23: https://webdev.excise.go.th/sad.htm (0)
10-23: http://hrm.excise.go.th/sad.htm (0)
10-23: http://nfe-bk.go.th/data1/ (0)
10-23: http://planfda.fda.moph.go.th/planweb/yuki.htm (0)
10-23: http://ejournal.nidtep.go.th/MBimg/ (0)
10-23: https://www.bph.banphotphisai.go.th/yuki.htm (0)
10-23: https://www.bph1.banphotphisai.go.th/yuki.htm (0)
10-23: https://www.survey.banphotphisai.go.th/yuki.htm (0)
10-23: https://www.banphotphisai.go.th/yuki.htm (0)
10-23: https://dptdds.dpt.go.th/yuki.htm (0)
10-23: http://kaengkhro.go.th/yuki.htm (0)
10-23: http://taxpak10.excise.go.th/yuki.htm (0)
10-23: http://kingrama10.dol.go.th/sad.htm (0)
10-23: A Short Tale Of Proxy Leakage (0)
10-23: [webapps] Car Rental Management System 1.0 – Arbitrary File Upload (0)
10-23: [webapps] Stock Management System 1.0 – 'brandId and categoriesId' SQL Injection (0)
10-23: [webapps] Ajenti 2.1.36 – Remote Code Execution (Authenticated) (0)
10-23: [webapps] Bludit 3.9.2 – Auth Bruteforce Bypass (0)
10-23: [webapps] Online Library Management System 1.0 – Arbitrary File Upload (0)
10-23: [webapps] TextPattern CMS 4.8.3 – Remote Code Execution (Authenticated) (0)
10-23: [webapps] User Registration & Login and User Management System 2.1 – SQL Injection (0)
10-23: [webapps] Point of Sales 1.0 – 'id' SQL Injection (0)
10-23: [webapps] Gym Management System 1.0 – Stored Cross Site Scripting (0)
10-23: [webapps] Gym Management System 1.0 – Authentication Bypass (0)
10-23: [webapps] School Faculty Scheduling System 1.0 – 'username' SQL Injection (0)
10-23: [webapps] Point of Sales 1.0 – 'username' SQL Injection (0)
10-23: [webapps] School Faculty Scheduling System 1.0 – 'id' SQL Injection (0)
10-23: [webapps] Lot Reservation Management System 1.0 – Cross-Site Scripting (Stored) (0)
10-23: [webapps] Gym Management System 1.0 – 'id' SQL Injection (0)
10-23: [webapps] Lot Reservation Management System 1.0 – Authentication Bypass (0)
10-22: Hrsale 2.0.0 Local File Inclusion (0)
10-22: School Faculty Scheduling System 1.0 Cross Site Scripting (0)
10-22: School Faculty Scheduling System 1.0 SQL Injection (0)
10-22: GOautodial 4.0 Shell Upload (0)
10-22: Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery (0)
10-22: Tiki Wiki CMS Groupware 21.1 Authentication Bypass (0)
10-22: Bludit 3.9.2 Bruteforce Mitigation Bypass (0)
10-22: BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery (0)
10-22: http://nongbualumphu.rid.go.th/main/ky.php (0)
10-22: http://sakonnakhon.rid.go.th/home/ky.php (0)
10-22: http://udonthani.rid.go.th/tmp/ky.php (0)
10-22: http://mahasarakham.rid.go.th/new/ky.php (0)
10-22: http://lumchae-omp.rid.go.th/tmp/ (0)
10-22: http://moonbon.rid.go.th/tmp/ (0)
10-22: http://nonthaburi.rid.go.th/tmp/ (0)
10-22: http://chaophraya-omp.rid.go.th/wp-content/ky.php (0)
10-22: http://lowerppn-omp.rid.go.th/2019/ky.php (0)
10-22: http://hydro-7.rid.go.th/OLDVERSION/INTEREST.html (0)
10-21: Google Patches Actively-Exploited Zero-Day Bug In Chrome Browser (0)
10-21: Hostel Management System 2.1 Cross Site Scripting (0)
10-21: Typesetter CMS 5.1 Remote Code Execution (0)
10-21: Comtrend AR-5387un Cross Site Scripting (0)
10-21: Textpattern CMS 4.6.2 Cross Site Request Forgery (0)
10-21: Loan Management System 1.0 Cross Site Scripting (0)
10-21: Rite CMS 2.2.1 Remote Code Execution (0)
10-21: WordPress SuperStoreFinder 6.1 CSRF / Shell Upload (0)
10-21: Apache Struts 2 Remote Code Execution (0)
10-21: Ultimate Project Manager CRM PRO 2.05 SQL Injection (0)
10-21: WordPress HS Brand Logo Slider 2.1 Shell Upload (0)
10-21: User Registration And Login And User Management System 2.1 Cross Site Scripting (0)
10-21: Visitor Management System In PHP 1.0 SQL Injection (0)
10-21: Linux / Unix su Privilege Escalation (0)
10-21: WordPress Rest Google Maps SQL Injection (0)
10-21: WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting (0)
10-21: Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization (0)
10-21: [webapps] Stock Management System 1.0 – 'Brand Name' Persistent Cross-Site Scripting (0)
10-21: [webapps] Stock Management System 1.0 – 'Categories Name' Persistent Cross-Site Scripting (0)
10-21: [webapps] Hrsale 2.0.0 – Local File Inclusion (0)
10-21: [webapps] Stock Management System 1.0 – 'Product Name' Persistent Cross-Site Scripting (0)
10-21: [webapps] GOautodial 4.0 – Authenticated Shell Upload (0)
10-21: [webapps] School Faculty Scheduling System 1.0 – Authentication Bypass POC (0)
10-21: [webapps] School Faculty Scheduling System 1.0 – Stored Cross Site Scripting POC (0)
10-20: Tourism Management System 1.0 Shell Upload (0)
10-20: Nagios XI 5.7.3 Cross Site Scripting (0)
10-20: Nagios XI 5.7.3 SQL Injection (0)
10-20: QRadar RemoteJavaScript Deserialization (0)
10-20: Online Student's Management System 1.0 Shell Upload (0)
10-20: Online Discussion Forum Site 1.0 Cross Site Scripting (0)
10-20: OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery (0)
10-20: Online Job Portal 1.0 Cross Site Scripting (0)
10-20: TinyMCE 5 HTML Injection (0)
10-20: Chrome XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers Use-After-Free (0)
10-20: HiSilicon Video Encoder 1.97 File Disclosure / Path Traversal (0)
10-20: ReQuest Serious Play Media Player 3.0 File Disclosure / Path Traversal (0)
10-20: HiSilicon Video Encoder Command Injection (0)
10-20: ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure (0)
10-20: HiSilicon Video Encoder Malicious Firmware Code Execution (0)
10-20: HiSilicon Video Encoder Backdoor Password (0)
10-20: ReQuest Serious Play F3 Media Server 7.0.3 Denial Of Service (0)
10-20: Jenkins 2.63 Sandbox Bypass (0)
10-20: HiSilicon Video Encoder Buffer Overflow / Denial Of Service (0)
10-20: FRITZ!Box 7.20 DNS Rebinding Protection Bypass (0)
10-20: ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution (0)
10-20: Mocha For Android Audio Interception (0)
10-20: Chrome WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList Use-After-Free (0)
10-20: Chrome USB::OnServiceConnectionError Use-After-Free (0)
10-20: Microsoft SharePoint SSI / ViewState Remote Code Execution (0)
10-20: http://thamuang101.go.th/new.html (0)
10-20: http://trat-edu.go.th/new.html (0)
10-20: http://bigdata.ednan1.go.th/new.html (0)
10-20: http://nb2.go.th/new.html (0)
10-20: [webapps] Visitor Management System in PHP 1.0 – SQL Injection (Authenticated) (0)
10-20: [webapps] Wordpress Plugin WP Courses < 2.0.29 – Broken Access Controls leading to Courses Content Disclosure (0)
10-20: [webapps] Loan Management System 1.0 – Multiple Cross Site Scripting (Stored) (0)
10-20: [webapps] Comtrend AR-5387un router – Persistent XSS (Authenticated) (0)
10-19: http://ocsb.go.th/u.htm (0)
10-19: http://newweb.ocsb.go.th/u.htm (0)
10-19: [webapps] Hostel Management System 2.1 – Cross Site Scripting (Multiple Fields) (0)
10-19: [webapps] Jenkins 2.63 – Sandbox bypass in pipeline: Groovy plug-in (0)
10-19: [webapps] HiSilicon Video Encoders – Unauthenticated RTSP buffer overflow (DoS) (0)
10-19: [webapps] HiSilicon video encoders – RCE via unauthenticated upload of malicious firmware (0)
10-19: [webapps] HiSilicon Video Encoders – Full admin access via backdoor password (0)
10-19: [webapps] HiSilicon Video Encoders – Unauthenticated file disclosure via path traversal (0)
10-19: [webapps] HiSilicon Video Encoders – RCE via unauthenticated command injection (0)
10-19: [webapps] Online Discussion Forum Site 1.0 – XSS in Messaging System (0)
10-19: [webapps] Online Job Portal 1.0 – Cross Site Scripting (Stored) (0)
10-19: [webapps] Online Student's Management System 1.0 – Remote Code Execution (Authenticated) (0)
10-19: [webapps] Nagios XI 5.7.3 – 'SNMP Trap Interface' Authenticated SQL Injection (0)
10-19: [webapps] Nagios XI 5.7.3 – 'Contact Templates' Persistent Cross-Site Scripting (0)
10-19: [webapps] Nagios XI 5.7.3 – 'Manage Users' Authenticated SQL Injection (0)
10-19: [webapps] Tourism Management System 1.0 – Arbitrary File Upload (0)
10-17: Employee Management System 1.0 Cross Site Scripting (0)
10-17: Employee Management System 1.0 SQL Injection (0)
10-17: Alumni Management System 1.0 SQL Injection (0)
10-17: aaPanel 6.6.6 Privilege Escalation (0)
10-17: CS-Cart 1.3.3 Remote Code Execution (0)
10-17: CS-Cart 1.3.3 Local File Inclusion (0)
10-17: Hotel Management System 1.0 Remote Code Execution (0)
10-17: Company Visitor Management System (CVMS) 1.0 SQL Injection (0)
10-16: Zoo Management System 1.0 SQL Injection (0)
10-16: Simple Grocery Store Sales And Inventory System 1.0 SQL Injection (0)
10-16: Microsoft Windows Uninitialized Variable Local Privilege Escalation (0)
10-16: [webapps] aaPanel 6.6.6 – Privilege Escalation & Remote Code Execution (Authenticated) (0)
10-16: [webapps] Restaurant Reservation System 1.0 – 'date' SQL Injection (Authenticated) (0)
10-16: [webapps] Company Visitor Management System (CVMS) 1.0 – Authentication Bypass (0)
10-16: [webapps] Employee Management System 1.0 – Cross Site Scripting (Stored) (0)
10-16: [webapps] Alumni Management System 1.0 – Authentication Bypass (0)
10-16: [webapps] Employee Management System 1.0 – Authentication Bypass (0)
10-15: Chrome MediaElementEventListener::UpdateSources Use-After-Free (0)
10-15: TimeClock Software 1.01 SQL Injection (0)
10-15: NodeBB Forum 1.14.2 Account Takeover (0)
10-15: Guild Wars 2 Insecure Folder Permissions (0)
10-15: [webapps] rConfig 3.9.5 – Remote Code Execution (Unauthenticated) (0)
10-15: [webapps] Vehicle Parking Management System 1.0 – Authentication Bypass (0)
10-14: berliCRM 1.0.24 SQL Injection (0)
10-14: Battle.Net 1.27.1.12428 Insecure File Permissions (0)
10-14: xls2csv 0.95 Overflow / Memory Leak (0)
10-14: https://roiet1.go.th/o.htm (0)
10-14: http://md.go.th/gsh.html (0)
10-14: [local] Guild Wars 2 – Insecure Folder Permissions (0)
10-14: [webapps] NodeBB Forum 1.12.2-1.14.2 – Account Takeover (0)
10-13: http://nonsamran.go.th (0)
10-13: http://tungkula.go.th (0)
10-13: http://naleng.go.th (0)
10-13: Online Student's Management System SQL Injection (0)
10-13: Cisco ASA / FTD 9.6.4.42 Path Traversal (0)
10-13: SEO Panel 4.6.0 Remote Code Execution (0)
10-13: Kentico CMS 9.0-12.0.49 Cross Site Scripting (0)
10-13: openMAINT 1.1-2.4.2 Arbitrary File Upload (0)
10-13: DynPG 4.9.1 Cross Site Scripting (0)
10-13: Sage DPW 2020_06_000 / 2020_06_001 XSS / File Upload (0)
10-13: JioChat For Android Audio Sniffing (0)
10-13: [local] Battle.Net 1.27.1.12428 – Insecure File Permissions (0)
10-13: [webapps] berliCRM 1.0.24 – 'src_record' SQL Injection (0)
10-12: [webapps] Cisco ASA and FTD 9.6.4.42 – Path Traversal (0)
10-12: [webapps] Liman 0.7 – Cross-Site Request Forgery (Change Password) (0)
10-12: [webapps] MedDream PACS Server 6.8.3.751 – Remote Code Execution (Unauthenticated) (0)
10-12: [webapps] Online Students Management System 1.0 – 'username' SQL Injections (0)
10-12: [webapps] Small CRM 2.0 – 'email' SQL Injection (0)
10-10: Twitter Analytics Open Redirect (0)
10-10: Garfield Petshop 2020-10-01 Cross Site Request Forgery (0)
10-10: Atlassian Products Cross Site Scripting (0)
10-09: http://panghinfon.go.th (0)
10-09: Textpattern CMS 4.6.2 Cross Site Scripting (0)
10-09: Seat Reservation System 1.0 Cross Site Scripting (0)
10-09: D-Link DSR-250N Denial Of Service (0)
10-09: [webapps] openMAINT 1.1-2.4.2 – Arbitrary File Upload (0)
10-09: [webapps] DynPG 4.9.1 – Persistent Cross-Site Scripting (Authenticated) (0)
10-09: [webapps] Kentico CMS 9.0-12.0.49 – Persistent Cross Site Scripting (0)
10-08: Karel IP Phone IP1211 Web Management Panel Directory Traversal (0)
10-08: EasyPMS 1.0.0 Authentication Bypass (0)
10-08: Liman 0.7 Cross Site Request Forgery (0)
10-08: BACnet Test Server 1.01 Remote Denial Of Service (0)
10-08: EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse (0)
10-08: [webapps] D-Link DSR-250N 3.12 – Denial of Service (PoC) (0)
10-08: [webapps] SEO Panel 4.6.0 – Remote Code Execution (0)
10-07: Krpano Panorama Viewer 1.20.8 Cross Site Scripting (0)
10-07: Hashicorp Vault AWS IAM Integration Authentication Bypass (0)
10-07: Hashicorp Vault GCP IAM Integration Authentication Bypass (0)
10-07: http://www.klonghok.go.th (0)
10-07: Tenda Router Zero-Days Emerge In Spyware Botnet Campaign (0)
10-07: [dos] BACnet Test Server 1.01 – Remote Denial of Service (PoC) (0)
10-07: [webapps] Textpattern CMS 4.6.2 – 'body' Persistent Cross-Site Scripting (0)
10-06: SpamTitan 7.07 Remote Code Execution (0)
10-06: Restaurant Reservation System 1.0 SQL Injection (0)
10-06: [webapps] EasyPMS 1.0.0 – Authentication Bypass (0)
10-06: [webapps] Karel IP Phone IP1211 Web Management Panel – Directory Traversal (0)
10-05: [webapps] SpamTitan 7.07 – Unauthenticated Remote Code Execution (0)
10-05: [webapps] MOVEit Transfer 11.1.1 – 'token' Unauthenticated SQL Injection (0)
10-03: MedDream PACS Server 6.8.3.751 Remote Code Execution (0)
10-03: Photo Share Website 1.0 Cross Site Scripting (0)
10-03: Checkmk 1.6.0p16 Local Privilege Escalation (0)
10-03: FusionAuth-SAMLv2 0.2.3 Message Forging (0)
10-03: MailDepot 2032 SP2 (2.2.1242) Authorization Bypass (0)
10-03: Platinum Mobile 1.0.4.850 Authorization Bypass (0)
10-03: udisks / Linux Kernel romfs Leakage (0)
10-02: Packet Storm New Exploits For September, 2020 (0)
10-02: Typesetter CMS 5.1 Cross Site Scripting (0)
10-02: WebsiteBaker 2.12.2 SQL Injection (0)
10-02: SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration (0)
10-02: MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials (0)
10-02: SpinetiX Fusion Digital Signage 3.4.8 Cross Site Request Forgery (0)
10-02: GetSimple CMS 3.3.16 Cross Site Scripting (0)
10-02: CMS Made Simple 2.2.14 Cross Site Scripting (0)
10-02: SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure (0)
10-02: SpinetiX Fusion Digital Signage 3.4.8 Path Traversal (0)
10-02: BrightSign Digital Signage Diagnostic Web Server 8.2.26 Server-Side Request Forgery (0)
10-02: Sony IPELA Network Camera Remote Stack Buffer Overflow (0)
10-02: Safari Type Confusion / Sandbox Escape (0)
10-02: [webapps] Photo Share Website 1.0 – Persistent Cross-Site Scripting (0)
10-02: [webapps] MedDream PACS Server 6.8.3.751 – Remote Code Execution (Authenticated) (0)
10-01: Corona Exposure Notifications API Data Leakage (0)
10-01: BearShare Lite 5.2.5 Buffer Overflow (0)
10-01: WebsiteBaker 2.12.2 Remote Code Execution (0)
10-01: Qiata FTA 1.70.19 Cross Site Scripting (0)
10-01: DOMOS 5.8 Command Injection (0)
10-01: MailDepot 2032 SP2 Session Expiration (0)
10-01: Cisco AnyConnect Privilege Escalation (0)
10-01: [webapps] Typesetter CMS 5.1 – 'Site Title' Persistent Cross-Site Scripting (0)
10-01: [webapps] GetSimple CMS 3.3.16 – Persistent Cross-Site Scripting (Authenticated) (0)
10-01: [webapps] WebsiteBaker 2.12.2 – 'display_name' SQL Injection (authenticated) (0)
10-01: [webapps] MonoCMS Blog 1.0 – Arbitrary File Deletion (Authenticated) (0)
10-01: [webapps] SpinetiX Fusion Digital Signage 3.4.8 – Cross-Site Request Forgery (Add Admin) (0)
10-01: [webapps] SpinetiX Fusion Digital Signage 3.4.8 – Username Enumeration (0)
10-01: [webapps] BrightSign Digital Signage Diagnostic Web Server 8.2.26 – File Delete Path Traversal (0)
10-01: [webapps] SpinetiX Fusion Digital Signage 3.4.8 – Database Backup Disclosure (0)
10-01: [remote] Sony IPELA Network Camera 1.82.01 – 'ftpclient.cgi' Remote Stack Buffer Overflow (0)
10-01: [webapps] CMS Made Simple 2.2.14 – Persistent Cross-Site Scripting (Authenticated) (0)
10-01: [webapps] BrightSign Digital Signage Diagnostic Web Server 8.2.26 – Server-Side Request Forgery (Unauthenticated) (0)

September 2020 (188)

09-30: CloudMe 1.11.2 Buffer Overflow (0)
09-29: http://lowerppn-omp.rid.go.th/2019/z3.html (0)
09-29: http://chaophraya-omp.rid.go.th/wp-content/z3.html (0)
09-29: http://huaimong-omp.rid.go.th/2013/z3.html (0)
09-29: http://sakonnakhon.rid.go.th/home/z3.html (0)
09-29: http://khonkaen.rid.go.th/new/z3.html (0)
09-29: http://mahasarakham.rid.go.th/new/z3.html (0)
09-29: http://thapsalao-omp.rid.go.th/wp_thapsalao/ (0)
09-29: http://office.phatthalung2.go.th/2563/laysen/246.jpg (0)
09-29: https://moesuphan.go.th/myoffice/laysen/34.jpg (0)
09-29: http://info.ska2.go.th/myoffice/bannakhuanlang/laysen/30.jpg (0)
09-29: http://myoffice.edurng.go.th/laysen/27.jpg (0)
09-29: http://myoffice.nonpeo.go.th/laysen/32.jpg (0)
09-29: http://yala.nfe.go.th/tyata/web1/file_editor/logs.txt (0)
09-29: MaraCMS 7.5 Remote Code Execution (0)
09-29: Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call (0)
09-29: MSI Ambient Link Driver 1.0.0.8 Privilege Escalation (0)
09-29: Joplin 1.0.245 Cross Site Scripting / Code Execution (0)
09-29: Mida eFramework 2.8.9 Remote Code Execution (0)
09-29: [local] CloudMe 1.11.2 – Buffer Overflow ROP (DEP,ASLR) (0)
09-29: [local] BearShare Lite 5.2.5 – 'Advanced Search'Buffer Overflow in (PoC) (0)
09-29: [webapps] WebsiteBaker 2.12.2 – Remote Code Execution (0)
09-28: [webapps] Joplin 1.0.245 – Arbitrary Code Execution (PoC) (0)
09-28: [local] MSI Ambient Link Driver 1.0.0.8 – Local Privilege Escalation (0)
09-28: [webapps] Mida eFramework 2.8.9 – Remote Code Execution (0)
09-26: Anchor CMS 0.12.7 Cross Site Scripting (0)
09-26: BigTree CMS 4.4.10 Remote Code Execution (0)
09-26: Apple Security Advisory 2020-09-24-1 (0)
09-25: Simple Online Food Ordering System 1.0 SQL Injection (0)
09-25: [webapps] B-swiss 3 Digital Signage System 3.6.5 – Database Disclosure (0)
09-25: [webapps] B-swiss 3 Digital Signage System 3.6.5 – Cross-Site Request Forgery (Add Maintenance Admin) (0)
09-25: [webapps] Anchor CMS 0.12.7 – Persistent Cross-Site Scripting (Authenticated) (0)
09-25: [webapps] BigTree CMS 4.4.10 – Remote Code Execution (0)
09-24: Online Food Ordering System 1.0 Remote Code Execution (0)
09-24: [webapps] Visitor Management System in PHP 1.0 – Persistent Cross-Site Scripting (0)
09-24: [webapps] Simple Online Food Ordering System 1.0 – 'id' SQL Injection (Unauthenticated) (0)
09-23: Seat Reservation System 1.0 Shell Upload (0)
09-23: Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution (0)
09-23: Flatpress Add Blog 1.0.3 Cross Site Scripting (0)
09-23: GoogleCloudPlatform OSConfig Privilege Escalation (0)
09-23: Seat Reservation System 1.0 SQL Injection (0)
09-23: Visitor Management System In PHP 1.0 SQL Injection (0)
09-23: Visitor Management System In PHP 1.0 Cross Site Scripting (0)
09-23: Jenkins 2.56 CLI Deserialization / Code Execution (0)
09-23: Artica Proxy 4.30.000000 Authentication Bypass / Command Injection (0)
09-23: [webapps] Online Food Ordering System 1.0 – Remote Code Execution (0)
09-22: B-swiss 3 Digital Signage System 3.6.5 Database Disclosure (0)
09-22: B-swiss 3 Digital Signage System 3.6.5 Cross Site Request Forgery (0)
09-22: ForensiTAppxService 2.2.0.4 Unquoted Service Path (0)
09-22: B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution (0)
09-22: VyOS restricted-shell Escape / Privilege Escalation (0)
09-22: Online Shop Project 1.0 SQL Injection (0)
09-22: Seat Reservation System 1.0 SQL Injection (0)
09-22: BlackCat CMS 1.3.6 Cross Site Request Forgery (0)
09-22: Mida eFramework 2.9.0 Backdoor Access (0)
09-22: [webapps] Flatpress Add Blog 1.0.3 – Persistent Cross-Site Scripting (0)
09-22: [webapps] Comodo Unified Threat Management Web Console 2.7.0 – Remote Code Execution (0)
09-21: [webapps] B-swiss 3 Digital Signage System 3.6.5 – Remote Code Execution (0)
09-21: [webapps] Mida eFramework 2.9.0 – Back Door Access (0)
09-21: [webapps] Seat Reservation System 1.0 – 'id' SQL Injection (0)
09-21: [local] ForensiTAppxService 2.2.0.4 – 'ForensiTAppxService.exe' Unquoted Service Path (0)
09-21: [webapps] BlackCat CMS 1.3.6 – Cross-Site Request Forgery (0)
09-21: [webapps] Online Shop Project 1.0 – 'p' SQL Injection (0)
09-19: http://www.wanghos.go.th (0)
09-19: D-Link DGS-1210-28 Denial Of Service (0)
09-19: SpamTitan 7.07 Remote Code Execution (0)
09-19: Mantis Bug Tracker 2.3.0 Remote Code Execution (0)
09-19: Navy Federal Cross Site Scripting (0)
09-19: TP-Link Cloud Cameras NCXXX Bonjour Command Injection (0)
09-19: Apple Security Advisory 2020-09-16-1 (0)
09-19: Apple Security Advisory 2020-09-16-2 (0)
09-19: Apple Security Advisory 2020-09-16-3 (0)
09-19: Apple Security Advisory 2020-09-16-4 (0)
09-19: Apple Security Advisory 2020-09-16-5 (0)
09-18: Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution (0)
09-18: Microsoft SQL Server Reporting Services 2016 Remote Code Execution (0)
09-18: Microsoft Spooler Local Privilege Elevation (0)
09-18: [webapps] Mantis Bug Tracker 2.3.0 – Remote Code Execution (Unauthenticated) (0)
09-18: [webapps] SpamTitan 7.07 – Remote Code Execution (Authenticated) (0)
09-17: Zerologon Proof Of Concept (0)
09-17: Piwigo 2.10.1 Cross Site Scripting (0)
09-17: Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery (0)
09-17: 1CRM 8.6.7 Insecure Direct Object Reference (0)
09-17: Mida Solutions eFramework ajaxreq.php Command Injection (0)
09-17: [remote] Microsoft SQL Server Reporting Services 2016 – Remote Code Execution (0)
09-16: http://chaleang.go.th/cl.html (0)
09-16: Tailor MS 1.0 Cross Site Scripting (0)
09-16: ThinkAdmin 6 Arbitrary File Read (0)
09-16: [webapps] Piwigo 2.10.1 – Cross Site Scripting (0)
09-16: [local] Windows TCPIP Finger Command – C2 Channel and Bypassing Security Software (0)
09-15: Microsoft Windows Finger Security Bypass / C2 Channel (0)
09-15: Linux expand_downwards() / munmap() Race Condition (0)
09-15: RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting (0)
09-15: Rapid7 Nexpose Installer 6.6.39 Unquoted Service Path (0)
09-15: RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery (0)
09-15: Pearson Vue VTS 2.3.1911 Unquoted Service Path (0)
09-15: Joomla! paGO Commerce 2.5.9.0 SQL Injection (0)
09-15: [webapps] Tailor MS 1.0 – Reflected Cross-Site Scripting (0)
09-15: [webapps] ThinkAdmin 6 – Arbitrarily File Read (0)
09-14: [local] Pearson Vue VTS 2.3.1911 Installer – 'VUEApplicationWrapper' Unquoted Service Path (0)
09-14: [local] Rapid7 Nexpose Installer 6.6.39 – 'nexposeengine' Unquoted Service Path (0)
09-14: [webapps] RAD SecFlow-1v SF_0290_2.3.01.26 – Cross-Site Request Forgery (Reboot) (0)
09-14: [webapps] RAD SecFlow-1v SF_0290_2.3.01.26 – Persistent Cross-Site Scripting (0)
09-12: CuteNews 2.1.2 Remote Code Execution (0)
09-12: Tiandy IPC / NVR 9.12.7 Credential Disclosure (0)
09-12: ZTE F602W CAPTCHA Bypass (0)
09-12: Mobile Shop System 1.0 SQL Injection (0)
09-12: Gnome Fonts Viewer 3.34.0 Heap Corruption (0)
09-12: Microsoft Internet Explorer 11 Use-After-Free (0)
09-12: Tea LaTex 1.0 Remote Code Execution (0)
09-12: VTENEXT 19 CE Remote Code Execution (0)
09-12: DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation (0)
09-11: Input Director 1.4.3 Unquoted Service Path (0)
09-11: ShareMouse 5.0.43 Unquoted Service Path (0)
09-11: Scopia XT Desktop 8.3.915.4 Cross Site Request Forgery (0)
09-11: Audio Playback Recorder 3.2.2 Local Buffer Overflow (0)
09-11: IlchCMS 2.1.37 Cross Site Scripting (0)
09-11: [local] Internet Explorer 11 – Use-After-Free (0)
09-11: [webapps] Tea LaTex 1.0 – Remote Code Execution (Unauthenticated) (0)
09-11: [webapps] VTENEXT 19 CE – Remote Code Execution (0)
09-11: [local] Gnome Fonts Viewer 3.34.0 – Heap Corruption (0)
09-10: [webapps] ZTE Router F602W – Captcha Bypass (0)
09-10: [webapps] CuteNews 2.1.2 – Remote Code Execution (0)
09-10: [webapps] Tiandy IPC and NVR 9.12.7 – Credential Disclosure (0)
09-09: Yaws 2.0.7 XML Injection / Command Injection (0)
09-09: Microsoft Windows CloudExperienceHostBroker Privilege Escalation (0)
09-09: Qualcomm Adreno GPU Ringbuffer Corruption / Protected Mode Bypass (0)
09-09: Microsoft Windows StorageFolder Marshaled Object Access Check Bypass / Privilege Escalation (0)
09-09: http://thepsathit.go.th/doc/ghi.html (0)
09-09: http://abtnongyang.go.th/doc/ghi.html (0)
09-09: http://bungor.go.th/doc/ghi.html (0)
09-09: http://bunlung.go.th/doc/ghi.html (0)
09-09: http://chaecity.go.th/doc/ghi.html (0)
09-09: http://kongyang.go.th/doc/ghi.html (0)
09-09: http://jakkarat.go.th/doc/ghi.html (0)
09-09: http://nbk.go.th/doc/ghi.html (0)
09-09: http://udomsap.go.th/doc/ghi.html (0)
09-09: http://tambolsamrong.go.th/doc/ghi.html (0)
09-09: [webapps] Scopia XT Desktop 8.3.915.4 – Cross-Site Request Forgery (change admin password) (0)
09-09: [local] Audio Playback Recorder 3.2.2 – Local Buffer Overflow (SEH) (0)
09-09: [webapps] Tailor Management System – 'id' SQL Injection (0)
09-09: [local] Input Director 1.4.3 – 'Input Director' Unquoted Service Path (0)
09-08: Cabot 0.11.12 Cross Site Scripting (0)
09-08: Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload (0)
09-08: Grocy 2.7.1 Cross Site Scripting (0)
09-08: Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation (0)
09-08: macOS cfprefsd Arbitrary File Write / Local Privilege Escalation (0)
09-08: [local] ShareMouse 5.0.43 – 'ShareMouse Service' Unquoted Service Path (0)
09-07: [webapps] ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated) (0)
09-07: [webapps] grocy 2.7.1 – Persistent Cross-Site Scripting (0)
09-07: [webapps] Cabot 0.11.12 – Persistent Cross-Site Scripting (0)
09-06: https://www.pattawee.go.th/U72.html (0)
09-05: http://www.roiet.go.th (0)
09-05: COVR 3902 1.01B0 Hardcoded Credentials (0)
09-05: Hyland OnBase SQL Injection (0)
09-05: Nord VPN 6.31.13.0 Unquoted Service Path (0)
09-05: SiteMagic CMS 4.4.2 Shell Upload (0)
09-05: Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks (0)
09-05: Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks (0)
09-05: Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell (0)
09-05: Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks (0)
09-05: Pulse Secure Windows Client Privilege Escalation (0)
09-05: ManageEngine Applications Manager Authenticated Remote Code Execution (0)
09-04: http://www.1tambon1school.go.th/data/-.txt (0)
09-04: [local] Nord VPN-6.31.13.0 – 'nordvpn-service' Unquoted Service Path (0)
09-03: Go CGI / FastCGI Transport Cross Site Scripting (0)
09-03: [local] BarracudaDrive v6.5 – Insecure Folder Permissions (0)
09-03: [webapps] SiteMagic CMS 4.4.2 – Arbitrary File Upload (Authenticated) (0)
09-03: [webapps] Daily Tracker System 1.0 – Authentication Bypass (0)
09-03: [webapps] BloodX CMS 1.0 – Authentication Bypass (0)
09-03: [webapps] Savsoft Quiz Enterprise Version 5.5 – Persistent Cross-Site Scripting (0)
09-02: Packet Storm New Exploits For August, 2020 (0)
09-02: Bagisto Credential Disclosure (0)
09-02: Sagemcom F@ST 5280 Privilege Escalation (0)
09-02: Rebar3 3.13.2 Command Injection (0)
09-02: Kamailio 5.4.0 Header Smuggling (0)
09-02: Mara CMS 7.5 Remote Code Execution (0)
09-02: moziloCMS 2.0 Cross Site Scripting (0)
09-02: [webapps] Stock Management System 1.0 – Cross-Site Request Forgery (Change Username) (0)
09-01: TP-Link WDR4300 Remote Code Execution (0)
09-01: Online Book Store 1.0 SQL Injection (0)
09-01: BlazeDVD 7.0 Professional Buffer Overflow (0)
09-01: Fuel CMS 1.4.8 SQL Injection (0)
09-01: CMS Made Simple 2.2.14 Shell Upload (0)
09-01: https://www.dft.go.th/laZy.txt (0)
09-01: Cisco Warns Of Actively Exploited IOS XR Zero Day (0)
09-01: [webapps] Mara CMS 7.5 – Remote Code Execution (Authenticated) (0)
09-01: [webapps] moziloCMS 2.0 – Persistent Cross-Site Scripting (Authenticated) (0)

August 2020 (225)

08-31: [webapps] CMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated) (0)
08-31: [webapps] Mara CMS 7.5 – Reflective Cross-Site Scripting (0)
08-31: [local] BlazeDVD 7.0 Professional – '.plf' Local Buffer Overflow (SEH,ASLR,DEP) (0)
08-31: [webapps] Fuel CMS 1.4.8 – 'fuel_replace_id' SQL Injection (Authenticated) (0)
08-31: [webapps] Online Book Store 1.0 – 'id' SQL Injection (0)
08-29: Nagios Log Server 2.1.6 Cross Site Scripting (0)
08-29: SUPERAntiSpyware Professional X Trial Privilege Escalation (0)
08-29: WordPress Autoptimize 2.7.6 Shell Upload (0)
08-29: Symphony CMS 3.0.0 Cross Site Scripting (0)
08-28: Eikon Thomson Reuters 4.0.42144 File Permissions (0)
08-28: ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password (0)
08-28: [webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation (0)
08-28: [webapps] SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting (0)
08-28: [webapps] Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting (0)
08-28: [webapps] Online Shopping Alphaware 1.0 – 'id' SQL Injection (0)
08-27: [webapps] Wordpress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated) (0)
08-27: [local] ASX to MP3 converter 3.1.3.7.2010.11.05 – '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC) (0)
08-27: [webapps] Mida eFramework 2.9.0 – Remote Code Execution (0)
08-26: Ericom Access Server 9.2.0 Server-Side Request Forgery (0)
08-26: LimeSurvey 4.3.10 Cross Site Scripting (0)
08-26: Linux CoW Incorrect Access Grant (0)
08-26: Chrome NewFixedArray Missing Array Size Check (0)
08-26: [webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Directory Traversal (0)
08-26: [webapps] Ericom Access Server x64 9.2.0 – Server-Side Request Forgery (0)
08-24: http://noph.go.th/1.php (0)
08-24: [webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Authentication Bypass (0)
08-24: [webapps] LimeSurvey 4.3.10 – 'Survey Menu' Persistent Cross-Site Scripting (0)
08-22: PNPSCADA 2.200816204020 SQL Injection (0)
08-22: ElkarBackup 1.3.3 Cross Site Scripting (0)
08-22: Joomla Adagency 6.1.2 Cross Site Scripting (0)
08-22: WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass (0)
08-22: OX App Suite / OX Documents XSS / SSRF / Bypass (0)
08-22: Seowon SlC 130 Router Remote Code Execution (0)
08-22: Microsoft Windows CmpDoReDoCreateKey Arbitrary Registry Key Creation Privilege Escalation (0)
08-22: Microsoft Windows CmpDoReadTxRBigLogRecord Memory Corruption Privilege Escalation (0)
08-22: Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure (0)
08-22: Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover (0)
08-22: Eibiz i-Media Server Digital Signage 3.8.0 File Path Traversal (0)
08-22: Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass (0)
08-21: Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal (0)
08-21: [webapps] Seowon SlC 130 Router – Remote Code Execution (0)
08-21: [webapps] Complaint Management System 1.0 – 'cid' SQL Injection (0)
08-20: Pharmacy Medical Store And Sale Point 1.0 SQL Injection (0)
08-20: [webapps] PNPSCADA 2.200816204020 – 'interf' SQL Injection (Authenticated) (0)
08-20: [webapps] ElkarBackup 1.3.3 – Persistent Cross-Site Scripting (0)
08-19: vBulletin 5.6.2 Persistent Cross Site Scripting (0)
08-19: Tailor Management System 1.0 Persistent Cross Site Scripting (0)
08-19: WordPress Change Login Logo 1.0.1 Persistent Cross Site Scripting (0)
08-19: WordPress Click To Top 1.2.7 Persistent Cross Site Scripting (0)
08-19: D-Link Central WiFi Manager CWM(100) Remote Code Execution (0)
08-19: WordPress Elegant Testimonial 1.1.6 Persistent Cross Site Scripting (0)
08-19: [webapps] Ruijie Networks Switch eWeb S29_RGOS 11.4 – Directory Traversal (0)
08-18: https://www.bdn.go.th/o.txt (0)
08-18: http://newweb.mnre.go.th/o.txt (0)
08-18: Wordpress Easy Media Download 1.1.4 Cross Site Scripting (0)
08-18: WordPress NextGen Gallery Sell Photo 1.0.5 Cross Site Scripting (0)
08-18: Bludit 3.9.2 Authentication Bruteforce Mitigation Bypass (0)
08-18: Microsoft SharePoint Server 2019 Remote Code Execution (0)
08-18: WordPress Responsive Lightbox2 1.0.2 Cross Site Scripting (0)
08-18: WordPress Colorbox Lightbox 1.1.2 Cross Site Scripting (0)
08-18: XenForo 2.1.10 Patch 2 Cross Site Scripting (0)
08-18: WordPress Fancybox Lightbox 1.0.1 Cross Site Scripting (0)
08-18: Samsung Android Skia Qmage Image Codec Heap Buffer Overflow (0)
08-18: Apache OFBiz XML-RPC Java Deserialization (0)
08-18: Geutebruck testaction.cgi Remote Command Execution (0)
08-18: [webapps] Savsoft Quiz 5 – Stored Cross-Site Scripting (0)
08-18: [webapps] Pharmacy Medical Store and Sale Point 1.0 – 'catid' SQL Injection (0)
08-17: https://nsw2.go.th (0)
08-17: [webapps] QiHang Media Web Digital Signage 3.0.9 – Remote Code Execution (Unauthenticated) (0)
08-17: [webapps] QiHang Media Web Digital Signage 3.0.9 – Unauthenticated Arbitrary File Deletion (0)
08-17: [webapps] QiHang Media Web Digital Signage 3.0.9 – Cleartext Credential Disclosure (0)
08-17: [webapps] Microsoft SharePoint Server 2019 – Remote Code Execution (0)
08-17: [webapps] QiHang Media Web Digital Signage 3.0.9 – Unauthenticated Arbitrary File Disclosure (0)
08-17: [webapps] Bludit 3.9.2 – Authentication Bruteforce Mitigation Bypass (0)
08-16: http://www.tambonnongbuaban.go.th/contact.php (0)
08-16: https://www.maungfai.go.th/contact.php (0)
08-16: https://www.taladkhwan.go.th/contact.php (0)
08-16: https://www.talan.go.th/contact.php (0)
08-16: http://www.papae.go.th/contact.php (0)
08-16: http://www.dontanphasuk.go.th/contact.php (0)
08-16: http://www.nangew.go.th/contact.php (0)
08-16: https://www.khaokawcity.go.th/contact.php (0)
08-16: http://www.sritia.go.th/contact.php (0)
08-16: http://www.lamphaya.go.th/contact.php (0)
08-16: http://www.huahinksn.go.th/contact.php (0)
08-16: http://www.wangsammor.go.th/contact.php (0)
08-16: https://www.bankho-muk.go.th/contact.php (0)
08-16: http://www.pakpayoon.go.th/contact.php (0)
08-16: http://www.sawatloengnoktha.go.th/contact.php (0)
08-16: http://www.thakhanon.go.th/contact.php (0)
08-16: http://www.tallian.go.th/contact.php (0)
08-16: http://www.naduangmunicipality.go.th/contact.php (0)
08-16: http://www.sumranrath.go.th/contact.php (0)
08-16: http://www.phuengdad.go.th/contact.php (0)
08-16: http://www.cheangpeng.go.th/contact.php (0)
08-16: http://www.khunyuamlocal.go.th/contact.php (0)
08-16: http://www.raikhing.go.th/contact.php (0)
08-16: http://www.abtpujud.go.th/contact.php (0)
08-16: http://www.nongkhaimunicipality.go.th/contact.php (0)
08-16: http://www.bukrang.go.th/contact.php (0)
08-16: https://www.phopitak.go.th/contact.php (0)
08-16: http://www.nongyai-kalasin.go.th/contact.php (0)
08-16: https://www.thapchang.go.th/contact.php (0)
08-16: http://www.obttoom.go.th/contact.php (0)
08-16: http://www.chiangkhamlocal.go.th/contact.php (0)
08-16: https://www.nazang.go.th/contact.php (0)
08-16: http://www.amphoetakbai.go.th/contact.php (0)
08-16: http://www.bankoh-utt.go.th/contact.php (0)
08-16: http://www.khuangpao.go.th/contact.php (0)
08-16: http://www.ssm.go.th/contact.php (0)
08-16: http://www.sansuk101.go.th/contact.php (0)
08-16: http://www.banloung.go.th/contact.php (0)
08-16: http://www.fanghospital.go.th/contact.php (0)
08-15: Artica Proxy 4.3.0 Authentication Bypass (0)
08-15: Android App Zygotes Improper Guarding (0)
08-15: WordPress Sell Photo 1.0.5 Cross Site Scripting (0)
08-15: Safari Webkit For iOS 7.1.2 JIT Optimization Bug (0)
08-14: http://www.takesa2.go.th/z.htm (0)
08-14: CMS Made Simple 2.2.14 Shell Upload (0)
08-14: vBulletin 5.6.2 Cross Site Scripting (0)
08-14: Online Shopping System SQL Injection (0)
08-14: Online Book Store SQL Injection (0)
08-14: Online Book Store Cross Site Scripting (0)
08-14: Car Rental Script SQL Injection (0)
08-14: Car Rental Script Cross Site Scripting (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Password Disclosure (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Credential Disclosure (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure (0)
08-14: QiHang Media Web Digital Signage 3.0.9 Remote Code Execution (0)
08-14: GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery (0)
08-14: Microsoft Windows AppContainer Enterprise Authentication Capability Bypass (0)
08-14: vBulletin 5.x Remote Code Execution (0)
08-13: Fuel CMS 1.4.7 SQL Injection (0)
08-13: SugarCRM Cross Site Scripting (0)
08-13: SugarCRM SQL Injection (0)
08-13: Avian JVM 1.2.0 Integer Overflow (0)
08-13: Avian JVM 1.2.0 Silent Return (0)
08-13: [webapps] GetSimple CMS Plugin Multi User 1.8.2 – Cross-Site Request Forgery (Add Admin) (0)
08-13: [webapps] Artica Proxy 4.3.0 – Authentication Bypass (0)
08-12: flatCore CMS 1.5.5 Cross Site Scripting / Arbitrary File Upload (0)
08-12: Orion Application Server 1.5.2b Cross Site Scripting (0)
08-12: BarcodeOCR 19.3.6 Unquoted Service Path (0)
08-12: House Rental 1.0 SQL Injection (0)
08-12: BarracudaDrive 6.5 Local Privilege Escalation (0)
08-12: Tailor MS 1.0 Cross Site Scripting (0)
08-12: Warehouse Inventory System 1.0 Cross Site Request Forgery (0)
08-12: Cisco 7937G All-In-One Exploiter (0)
08-12: Cisco 7937G Privilege Escalation (0)
08-12: Cisco 7937G Denial Of Service (0)
08-12: ManageEngine ADSelfService Plus 6000 Remote Code Execution (0)
08-12: vBulletin 5.x Remote Code Execution (0)
08-12: vBulletin 5.x Remote Code Execution (0)
08-12: Travel Management System 1.0 SQL Injection (0)
08-12: Travel Management System 1.0 Remote Code Execution (0)
08-12: [webapps] CMS Made Simple 2.2.14 – Authenticated Arbitrary File Upload (0)
08-12: [webapps] vBulletin 5.6.2 – 'widget_tabbedContainer_tab_panel' Remote Code Execution (0)
08-11: http://suratpeo.go.th (0)
08-11: [webapps] Fuel CMS 1.4.7 – 'col' SQL Injection (Authenticated) (0)
08-10: [local] BarcodeOCR 19.3.6 – 'BarcodeOCR' Unquoted Service Path (0)
08-10: [webapps] ManageEngine ADSelfService Build prior to 6003 – Remote Code Execution (Unauthenticated) (0)
08-10: [webapps] Warehouse Inventory System 1.0 – Cross-Site Request Forgery (Change Admin Password) (0)
08-08: CodeMeter 6.60 Unquoted Service Path (0)
08-08: Tailor Management System 1.0 SQL Injection (0)
08-08: Car Rental Management System 1.0 Cross Site Scripting (0)
08-07: Online Shopping Alphaware 1.0 Insecure Direct Object Reference (0)
08-07: Online Shopping Alphaware 1.0 Cross Site Scripting (0)
08-07: Online Shopping Alphaware 1.0 SQL Injection (0)
08-07: ACTi NVR3 Standard / Professional Server 3.0.12.42 Denial Of Service (0)
08-07: QlikView 12.50.20000.0 Denial Of Service (0)
08-07: Curfew e-Pass Management System 1.0 SQL Injection (0)
08-07: Daily Expenses Management System 1.0 Cross Site Scripting (0)
08-07: Daily Expenses Management System 1.0 Cross SIte Request Forgery (0)
08-07: Daily Expenses Management System 1.0 SQL Injection (0)
08-07: Online Shopping Alphaware 1.0 Cross Site Request Forgery (0)
08-07: Online Shopping Alphaware 1.0 Arbitrary File Upload (0)
08-07: Online Shopping Alphaware 1.0 Unauthorized Administrative Access (0)
08-07: Victor CMS 1.0 SQL Injection (0)
08-07: Docker Privileged Container Escape (0)
08-07: [webapps] Daily Expenses Management System 1.0 – 'item' SQL Injection (0)
08-07: [webapps] All-Dynamics Digital Signage System 2.0.2 – Cross-Site Request Forgery (Add Admin) (0)
08-06: http://mueang.trang.doae.go.th (0)
08-06: [webapps] Victor CMS 1.0 – 'Search' SQL Injection (0)
08-05: Car Rental Management System 1.0 Cross Site Scripting (0)
08-05: Car Rental Management System 1.0 Remote Code Execution (0)
08-05: Pi-hole 4.3.2 Remote Code Execution (0)
08-05: RTSP For iOS 1.0 Denial Of Service (0)
08-05: Daily Expenses Management System 1.0 SQL Injection (0)
08-05: Mocha Telnet Lite For iOS 4.2 Denial Of Service (0)
08-05: Gantt-Chart For Jira 5.5.3 Missing Privilege Check (0)
08-05: Gantt-Chart For Jira 5.5.4 Cross Site Scripting (0)
08-05: Documalis Free PDF Editor 5.7.2.26 / Documalis Free PDF Scanner 5.7.2.122 Buffer Overflow (0)
08-05: [webapps] Stock Management System 1.0 – Authentication Bypass (0)
08-05: [dos] QlikView 12.50.20000.0 – 'FTP Server Address' Denial of Service (PoC) (0)
08-05: [dos] ACTi NVR3 Standard or Professional Server 3.0.12.42 – Denial of Service (PoC) (0)
08-04: Online Bike Rental 1.0 Shell Upload (0)
08-04: All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF (0)
08-04: All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation (0)
08-04: CloudMe 1.11.2 SEH Buffer Overflow (0)
08-04: BacklinkSpeed 2.4 Buffer Overflow (0)
08-04: Packet Storm New Exploits For July, 2020 (0)
08-04: AtMail Email Server Appliance 6.4 XSS / CSRF / Code Execution (0)
08-04: OpenEMR 5.0.1 Remote Code Execution (0)
08-04: Mara CMS 7.5 Cross Site Scripting (0)
08-04: Umbraco CMS 7.12.4 Remote Code Execution (0)
08-04: Stock Management System 1.0 SQL Injection (0)
08-04: Stock Management System 1.0 Cross Site Scripting (0)
08-04: Stock Management System 1.0 Cross Site Scripting (0)
08-04: Stock Management System 1.0 Cross Site Request Forgery (0)
08-04: Microsoft Windows Win32k Privilege Escalation (0)
08-04: October CMS Build 465 XSS / File Read / File Deletion / CSV Injection (0)
08-04: [webapps] Daily Expenses Management System 1.0 – 'username' SQL Injection (0)
08-04: [dos] RTSP for iOS 1.0 – 'IP Address' Denial of Service (PoC) (0)
08-04: [dos] Mocha Telnet Lite for iOS 4.2 – 'User' Denial of Service (PoC) (0)
08-04: [webapps] Pi-hole 4.3.2 – Remote Code Execution (Authenticated) (0)
08-03: Setup UGEEK UPS3 HAT on Raspberry (0)
08-02: Daily Tracker System 1.0 SQL Injection (0)
08-02: Daily Tracker System 1.0 Cross Site Scripting (0)
08-02: Online Bike Rental 1.0 Shell Upload (0)
08-02: Online Shopping Alphaware 1.0 SQL Injection (0)
08-02: CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow (0)
08-02: SharePoint DataSet / DataTable Deserialization (0)
08-02: FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation (0)
08-02: iOS Page Protection Layer (PPL) Bypass (0)
08-01: SigInt OS 1.1 hd install fix (0)

July 2020 (208)

07-31: Namirial SIGNificant SignAnyWhere 6.10.x Cross Site Scripting (0)
07-30: Cisco ASA / FTD Remote File Disclosure (0)
07-30: Cisco Adaptive Security Appliance Software 9.11 Local File Inclusion (0)
07-30: Cisco Adaptive Security Appliance Software 9.7 Arbitrary File Deletion (0)
07-30: WordPress Maintenance Mode By SeedProd 5.1.1 Cross Site Scripting (0)
07-30: Baldr Botnet Panel Shell Upload (0)
07-30: [webapps] Online Shopping Alphaware 1.0 – Authentication Bypass (0)
07-29: [webapps] Cisco Adaptive Security Appliance Software 9.7 – Unauthenticated Arbitrary File Deletion (0)
07-29: [webapps] Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 – Persistent Cross-Site Scripting (0)
07-28: http://www.phuho.go.th/Admin/IMG/20200422032710.html (0)
07-28: http://rdhsj.moph.go.th/ojs/public/site/images/owned/Owned.JPG (0)
07-28: Nidesoft DVD Ripper 5.2.18 Local Buffer Overflow (0)
07-28: DiskBoss 7.7.14 Local Buffer Overflow (0)
07-28: GOautodial 4.0 Cross Site Scripting (0)
07-28: Socusoft Photo To Video Converter Professional 8.07 Buffer Overflow (0)
07-28: ManageEngine Applications Manager 13 SQL Injection (0)
07-28: INNEO Startup TOOLS 2018 M040 13.0.70.3804 Remote Code Execution (0)
07-28: Port Forwarding Wizard 4.8.0 Buffer Overflow (0)
07-28: Free MP3 CD Ripper 2.8 Buffer Overflow (0)
07-28: Calavera UpLoader 3.5 Denial Of Service (0)
07-28: WordPress Email Subscribers And Newsletters 4.2.2 File Disclosure (0)
07-28: WordPress Email Subscribers And Newsletters 4.2.2 SQL Injection (0)
07-28: Bludit 3.9.2 Directory Traversal (0)
07-28: LibreHealth 2.0.0 Remote Code Execution (0)
07-28: MAMP PRO 4.2.0 Local Privilege Escalation (0)
07-28: Microsoft Windows Unsafe Handling Practices (0)
07-28: Koken CMS 0.22.24 Shell Upload (0)
07-28: Bio Star 2.8.2 Local File Inclusion (0)
07-28: F5 Big-IP 13.1.3 Build 0.0.6 Local File Inclusion (0)
07-28: Sickbeard 0.1 Cross Site Request Forgery (0)
07-28: eGroupWare 1.14 Remote Command Execution (0)
07-28: docPrint Pro 8.0 Buffer Overflow (0)
07-28: Ruby On Rails 5.0.1 Remote Code Execution (0)
07-28: Virtual Airlines Manager 2.6.2 Cross Site Scripting (0)
07-28: pfSense 2.4.4-p3 Cross Site Request Forgery (0)
07-28: Socket.io-file 2.0.31 Arbitrary File Upload (0)
07-28: [webapps] Cisco Adaptive Security Appliance Software 9.11 – Local File Inclusion (0)
07-27: [webapps] eGroupWare 1.14 – 'spellchecker.php' Remote Command Execution (0)
07-26: HackRF One/ Portapack hints (0)
07-26: [webapps] Webtareas 2.1p – Arbitrary File Upload (Authenticated) (0)
07-26: [webapps] UBICOD Medivision Digital Signage 1.5.1 – Cross-Site Request Forgery (Add Admin) (0)
07-26: [local] Port Forwarding Wizard 4.8.0 – Buffer Overflow (SEH) (0)
07-26: [webapps] PandoraFMS 7.0 NG 746 – Persistent Cross-Site Scripting (0)
07-26: [webapps] Koken CMS 0.22.24 – Arbitrary File Upload (Authenticated) (0)
07-26: [webapps] elaniin CMS – Authentication Bypass (0)
07-26: [webapps] LibreHealth 2.0.0 – Authenticated Remote Code Execution (0)
07-26: [webapps] Online Course Registration 1.0 – Unauthenticated Remote Code Execution (0)
07-26: [webapps] WordPress Plugin Email Subscribers & Newsletters 4.2.2 – 'hash' SQL Injection (Unauthenticated) (0)
07-26: [webapps] Bludit 3.9.2 – Directory Traversal (0)
07-26: [dos] Calavera UpLoader 3.5 – 'FTP Logi' Denial of Service (PoC + SEH Overwrite) (0)
07-26: [webapps] WordPress Plugin Email Subscribers & Newsletters 4.2.2 – Unauthenticated File Download (0)
07-26: [local] Free MP3 CD Ripper 2.8 – Stack Buffer Overflow (SEH + Egghunter) (0)
07-26: [local] Socusoft Photo to Video Converter Professional 8.07 – 'Output Folder' Buffer Overflow (SEH Egghunter) (0)
07-26: [webapps] GOautodial 4.0 – Persistent Cross-Site Scripting (Authenticated) (0)
07-26: [local] DiskBoss 7.7.14 – 'Reports and Data Directory' Buffer Overflow (SEH Egghunter) (0)
07-26: [local] Nidesoft DVD Ripper 5.2.18 – Local Buffer Overflow (SEH) (0)
07-26: [local] Frigate Professional 3.36.0.9 – 'Pack File' Buffer Overflow (SEH Egghunter) (0)
07-25: Snes9K 0.09z Local Buffer Overflow (0)
07-25: Newsportal 3 SQL Injection (0)
07-24: Online Book Store 1.0 Code Execution (0)
07-24: FTPDummy! 4.80 Local Buffer Overflow (0)
07-24: EternalBlueC EternalBlue Suite (0)
07-23: Sophos VPN Web Panel 2020 Denial Of Service (0)
07-23: WordPress NexosReal Estate Theme 1.7 Cross Site Scripting / SQL Injection (0)
07-23: Docsify.js 4.11.4 Cross Site Scripting (0)
07-23: ZenTao Pro 8.8.2 Remote Code Execution (0)
07-23: [local] Snes9K 0.09z – 'Port Number' Buffer Overflow (SEH) (0)
07-23: [local] FTPDummy 4.80 – Local Buffer Overflow (SEH) (0)
07-23: [webapps] UBICOD Medivision Digital Signage 1.5.1 – Authorization Bypass (0)
07-22: LibreHealth 2.0.0 Remote Code Execution (0)
07-22: Daily Expense Tracker 1.0 SQL Injection (0)
07-22: Plexus anblick Digital Signage Management 3.1.13 Open Redirect (0)
07-22: Employee Record Management System 1.1 SQL Injection (0)
07-22: Company Visitor Management System (CVMS) 1.0 SQL Injection (0)
07-22: UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery (0)
07-22: Directory Management System (DMS) 1.0 SQL Injection (0)
07-22: UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation (0)
07-22: usrsctp Stack Buffer Overflow (0)
07-22: SIGRed Windows DNS Denial Of Service (0)
07-22: [local] NetPCLinker 1.0.0.0 – Buffer Overflow (SEH Egghunter) (0)
07-20: http://www.police7.go.th/police7_newSite/images/memPic/blackcoder.html (0)
07-20: https://www3.nrct.go.th/ma.txt (0)
07-20: http://www.secondary35.go.th/ay.htm (0)
07-19: CMSUno 1.6 Cross Site Request Forgery (0)
07-19: Simple Startup Manager 1.17 Buffer Overflow (0)
07-19: PMB 5.6 Cross Site Scripting (0)
07-19: Sonar Qube 8.3.1 Unquoted Service Path (0)
07-19: Plex Unpickle Dict Windows Remote Code Execution (0)
07-18: Apple Security Advisory 2020-07-15-1 (0)
07-18: Apple Security Advisory 2020-07-15-2 (0)
07-18: Apple Security Advisory 2020-07-15-3 (0)
07-18: Apple Security Advisory 2020-07-15-4 (0)
07-18: Apple Security Advisory 2020-07-15-5 (0)
07-18: Online Course Registration 1.0 Remote Code Execution (0)
07-18: Vehicle Parking Management System 1.0 SQL Injection (0)
07-18: Wing FTP Server 6.3.8 Remote Code Execution (0)
07-18: Infor Storefront B2B 1.0 SQL Injection (0)
07-18: Web Based Online Hotel Booking System 0.1.0 SQL Injection (0)
07-18: Online Farm Management System 0.1.0 Cross Site Scripting (0)
07-17: [webapps] CMSUno 1.6 – Cross-Site Request Forgery (Change Admin Password) (0)
07-17: [local] Sonar Qube 8.3.1 – 'SonarQube Service' Unquoted Service Path (0)
07-17: [local] Simple Startup Manager 1.17 – 'File' Local Buffer Overflow (PoC) (0)
07-16: V-SOL OLTs Backdoor / Privilege Escalation (0)
07-16: Verint Impact 360 15.1 Script Insertion / HTML Injection (0)
07-16: Verint Impact 360 15.1 Open Redirect (0)
07-16: Verint Impact 360 15.1 Cross Site Request Forgery (0)
07-16: Checker CVE-2020-5902 (0)
07-16: Client Management System 1.0 SQL Injection (0)
07-16: Teachers Record Management System 1.0 SQL Injection (0)
07-16: Cyber Cafe Management System SQL Injection (0)
07-16: BSA Radar 1.6.7234.24750 Local File Inclusion (0)
07-16: Apartment Visitors Management System Project 1.0 SQL Injection (0)
07-16: Trend Micro Web Security Remote Code Execution (0)
07-16: Zyxel Armor X1 WAP6806 Directory Traversal (0)
07-16: Oracle Solaris 11 Device Driver Utility 1.3.1 Race Condition (0)
07-16: [webapps] Wing FTP Server 6.3.8 – Remote Code Execution (Authenticated) (0)
07-16: [webapps] RiteCMS 2.2.1 – Remote Code Execution (0)
07-15: [webapps] Zyxel Armor X1 WAP6806 – Directory Traversal (0)
07-15: [webapps] SuperMicro IPMI WebInterface 03.40 – Cross-Site Request Forgery (Add Admin) (0)
07-14: Park Ticketing Management System 1.0 SQL Injection (0)
07-14: Online Polling System SQL Injection (0)
07-14: User Registration And Login And User Management System 2.1 SQL Injection (0)
07-14: Small CRM 2.0 SQL Injection (0)
07-14: Curfew e-Pass Management System 1.0 SQL Injection (0)
07-14: Online Birth Certificate System 1.0 SQL Injection / Code Execution (0)
07-14: [webapps] Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 – Remote Code Execution (Metasploit) (0)
07-14: [webapps] BSA Radar 1.6.7234.24750 – Local File Inclusion (0)
07-13: Responsive Online Blog 1.0 SQL Injection (0)
07-13: Liferay Portal Remote Code Execution (0)
07-13: Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution (0)
07-13: http://donphothong.go.th/y.php (0)
07-13: http://civil.sakaeocity.go.th/pr.php (0)
07-13: http://www.samtambon.go.th/silence.html (0)
07-13: http://secondary34.go.th/robh.htm (0)
07-13: [webapps] Park Ticketing Management System 1.0 – 'viewid' SQL Injection (0)
07-13: [webapps] Park Ticketing Management System 1.0 – Authentication Bypass (0)
07-11: Barangay Management System 1.0 SQL Injection (0)
07-11: HelloWeb 2.0 Arbitrary File Download (0)
07-11: Webtareas 2.1 / 2.1p Cross Site Scripting (0)
07-11: Impress CMS 1.4.0 Cross Site Scripting (0)
07-11: Pandora FMS 7.0 NG 746 Script Insertion / Code Execution (0)
07-11: Pandora FMS 7.0 NG 7XX Remote Command Execution (0)
07-10: PHP 7.4 FFI disable_functions Bypass (0)
07-10: BSA Radar 1.6.7234.24750 Cross Site Request Forgery (0)
07-10: SuperMicro IPMI 03.40 Cross Site Request Forgery (0)
07-10: Savsoft Quiz 5 Cross Site Scripting (0)
07-10: Webtareas 2.1 / 2.1p File Upload / Information Disclosure (0)
07-10: WordPress Power's WHOIS Domain Check 0.9.31 Cross Site Scripting (0)
07-10: Microsoft OneDrive 19.232.1124.0010 DLL Hijacking (0)
07-10: Impress CMS 1.4.0 Code Execution / SQL Injection (0)
07-10: Colin Percival's bsdiff 4.3 Memory Corruption (0)
07-10: Rittal Products Bypass / Command Injection / Privilege Escalation (0)
07-10: [remote] Aruba ClearPass Policy Manager 6.7.0 – Unauthenticated Remote Command Execution (0)
07-10: [webapps] Barangay Management System 1.0 – Authentication Bypass (0)
07-10: [webapps] HelloWeb 2.0 – Arbitrary File Download (0)
07-09: [webapps] Savsoft Quiz 5 – Persistent Cross-Site Scripting (0)
07-09: [webapps] Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 – Persistent Cross-Site Scripting (0)
07-09: [local] FrootVPN 4.8 – 'frootvpn' Unquoted Service Path (0)
07-08: Sickbeard 0.1 Command Injection (0)
07-08: BIG-IP TMUI Remote Code Execution (0)
07-08: BIG-IP TMUI Remote Code Execution (0)
07-08: Sony PS4 / FreeBSD ip6_setpktopt Local Privilege Escalation (0)
07-08: Online Shopping Portal 3.1 SQL Injection (0)
07-08: CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure (0)
07-08: F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution (0)
07-08: ClearPass Policy Manager Unauthenticated Remote Command Execution (0)
07-08: http://mlds.go.th/z.htm (0)
07-08: [webapps] BSA Radar 1.6.7234.24750 – Cross-Site Request Forgery (Change Password) (0)
07-08: [webapps] SuperMicro IPMI 03.40 – Cross-Site Request Forgery (Add Admin) (0)
07-07: File Management System 1.1 Cross Site Scripting (0)
07-07: RiteCMS 2.2.1 Remote Code Execution (0)
07-07: WhatsApp android-gif-drawable Double-Free (0)
07-07: Grafana 7.0.1 Denial Of Service (0)
07-07: Microsoft Windows MSHTA.EXE .HTA File XML Injection (0)
07-07: Nagios XI 5.6.12 Remote Code Execution (0)
07-07: Fire Web Server 0.1 Denial Of Service (0)
07-07: rauLink Software Domotica Web 2.0 SQL Injection (0)
07-07: RSA IG+L Aveksa 7.1.1 Remote Code Execution (0)
07-07: openSIS 7.4 Unauthenticated PHP Code Execution (0)
07-07: [webapps] Joomla! J2 JOBS 1.3.0 – 'sortby' Authenticated SQL Injection (0)
07-07: [webapps] Sickbeard 0.1 – Remote Command Injection (0)
07-07: [webapps] Online Shopping Portal 3.1 – 'email' SQL Injection (0)
07-06: [webapps] RSA IG&L Aveksa 7.1.1 – Remote Code Execution (0)
07-06: [webapps] RiteCMS 2.2.1 – Authenticated Remote Code Execution (0)
07-06: [webapps] File Management System 1.1 – Persistent Cross-Site Scripting (0)
07-04: Android o2 Business 1.2.0 Open Redirect (0)
07-04: AppleiOS 13.5.1 Resource Exposure (0)
07-03: macOS Privacy Protection Bypass (0)
07-03: EQDKP Plus CMS 2.3.29 Cross Site Scripting (0)
07-02: Online Shopping Portal 3.1 SQL Injection / Shell Upload (0)
07-02: FTPShell Server 6.90 Buffer Overflow (0)
07-02: Joomla J2 JOBS 1.3.0 SQL Injection (0)
07-02: PHP-Fusion 9.03.60 PHP Object Injection (0)
07-02: e-learning PHP Script 0.1.0 SQL Injection (0)
07-02: Packet Storm New Exploits For June, 2020 (0)
07-02: [webapps] ZenTao Pro 8.8.2 – Command Injection (0)
07-02: [webapps] WhatsApp Remote Code Execution – Paper (0)
07-01: Victor CMS 1.0 Cross Site Scripting (0)
07-01: Reside Property Management 3.0 SQL Injection (0)
07-01: ATutor 2.2.4 Directory Traversal / Remote Code Execution (0)
07-01: Cellebrite EPR Decryption Hardcoded AES Key Material (0)
07-01: openSIS 7.4 Incorrect Access Control (0)
07-01: openSIS 7.4 Local File Inclusion (0)
07-01: openSIS 7.4 SQL Injection (0)
07-01: [webapps] Online Shopping Portal 3.1 – Authentication Bypass (0)
07-01: [webapps] PHP-Fusion 9.03.60 – PHP Object Injection (0)
07-01: [webapps] e-learning Php Script 0.1.0 – 'search' SQL Injection (0)
07-01: [local] RM Downloader 2.50.60 2006.06.23 – 'Load' Local Buffer Overflow (EggHunter) (SEH) (PoC) (0)

June 2020 (187)

06-30: Fire Web Server Pre-Alpha Denial Of Service (0)
06-30: KiteService 1.2020.618.0 Unquoted Service Path (0)
06-30: OpenEMR 5.0.1 Remote Code Execution (0)
06-30: Windscribe 1.83 Unquoted Service Path (0)
06-30: NetPCLinker 1.0.0.0 Buffer Overflow (0)
06-30: Bolt CMS 3.7.0 Authenticated Remote Code Execution (0)
06-30: [webapps] Reside Property Management 3.0 – 'profile' SQL Injection (0)
06-30: [webapps] Victor CMS 1.0 – 'user_firstname' Persistent Cross-Site Scripting (0)
06-26: BSA Radar 1.6.7234.24750 Cross Site Scripting (0)
06-26: NETGEAR R6700v3 Password Reset / Remote Code Execution (0)
06-26: Cisco AnyConnect Path Traversal / Privilege Escalation (0)
06-26: ASUS Aura Sync 1.07.71 Privilege Escalation (0)
06-26: Windows Print Spooler Privilege Escalation (0)
06-26: FHEM 6.0 Local File Inclusion (0)
06-26: Online Student Enrollment System 1.0 Shell Upload (0)
06-26: iOS / macOS Wifi Proximity Kernel Double-Free (0)
06-26: Inductive Automation Ignition Remote Code Execution (0)
06-26: Microsoft: Patch Your Exchange Servers, They're Under Attack (0)
06-26: [local] KiteService 1.2020.618.0 – Unquoted Service Path (0)
06-26: [webapps] OpenEMR 5.0.1 – 'controller' Remote Code Execution (0)
06-26: [local] Windscribe 1.83 – 'WindscribeService' Unquoted Service Path (0)
06-25: http://huorua.go.th/d_finance/new_finance/hacked.pdf (0)
06-25: [remote] mySCADA myPRO 7 – Hardcoded Credentials (0)
06-25: [webapps] FHEM 6.0 – Local File Inclusion (0)
06-24: LanSpy 2.0.1.159 Stack Buffer Overflow (0)
06-24: Code Blocks 20.03 Denial Of Service (0)
06-24: Lansweeper 7.2 Default Account / Remote Code Execution (0)
06-24: GilaCMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting (0)
06-24: Qmail Local Privilege Escalation / Remote Code Execution (0)
06-24: Online Student Enrollment System 1.0 Cross Site Request Forgery (0)
06-24: Responsive Online Blog 1.0 SQL Injection (0)
06-24: [webapps] BSA Radar 1.6.7234.24750 – Persistent Cross-Site Scripting (0)
06-23: Frigate 2.02 Denial Of Service (0)
06-23: Mereo 1.9.4 Denial Of Service (0)
06-23: Trend Micro Web Security (Virtual Appliance) Remote Code Execution (0)
06-23: Online Student Enrollment System 1.0 Arbitrary File Upload (0)
06-23: FileRun 2019.05.21 Cross Site Scripting (0)
06-23: WebPort 1.19.1 Cross Site Scripting (0)
06-23: Odoo 12.0 Local File Inclusion (0)
06-23: Student Enrollment 1.0 Remote Code Execution (0)
06-23: [local] Lansweeper 7.2 – Incorrect Access Control (0)
06-23: [dos] Code Blocks 20.03 – Denial Of Service (PoC) (0)
06-23: [webapps] Online Student Enrollment System 1.0 – Cross-Site Request Forgery (Add Student) (0)
06-23: [webapps] Responsive Online Blog 1.0 – 'id' SQL Injection (0)
06-22: [webapps] WebPort 1.19.1 – Reflected Cross-Site Scripting (0)
06-22: [webapps] Online Student Enrollment System 1.0 – Unauthenticated Arbitrary File Upload (0)
06-22: [webapps] Odoo 12.0 – Local File Inclusion (0)
06-22: [webapps] Student Enrollment 1.0 – Unauthenticated Remote Code Execution (0)
06-22: [webapps] FileRun 2019.05.21 – Reflected Cross-Site Scripting (0)
06-20: Beauty Parlour Management System 1.0 SQL Injection (0)
06-20: Four Zero-Days Spotted In Attacks On Researchers' Fake Networks (0)
06-19: College-Management-System-Php 1.0 SQL Injection (0)
06-19: Code Blocks 17.12 Local Buffer Overflow (0)
06-19: OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal (0)
06-19: Cayin CMS NTP Server 11.0 Remote Code Execution (0)
06-19: Gila CMS 1.1.18.1 SQL Injection / Shell Upload (0)
06-19: Cayin xPost 2.5 SQL Injection / Remote Code Execution (0)
06-19: Agent Tesla Panel Remote Code Execution (0)
06-18: http://necvep.go.th/1.php (0)
06-18: [webapps] Beauty Parlour Management System 1.0 – Authentication Bypass (0)
06-17: MJML 4.6.2 Path Traversal (0)
06-17: SOS JobScheduler 1.13.3 Stored Password Decryption (0)
06-17: Gila CMS 1.11.8 SQL Injection (0)
06-17: TP-LINK Cloud Cameras NCXXX Stack Overflow (0)
06-17: Netgear R7000 Router Remote Code Execution (0)
06-17: Arista Restricted Shell Escape / Privilege Escalation (0)
06-17: Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution (0)
06-17: Theft Of CIA's Vault 7 Secrets Tied To Woefully Lax Security (0)
06-17: [webapps] College-Management-System-Php 1.0 – Authentication Bypass (0)
06-16: http://reo10.moe.go.th/vz.txt (0)
06-16: OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation (0)
06-16: OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery (0)
06-16: SmarterMail 16 Arbitrary File Upload (0)
06-16: Sysax MultiServer 6.90 Cross Site Scripting (0)
06-16: PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection (0)
06-16: GOG GalaxyClientService Privilege Escalation (0)
06-16: 10-Strike Bandwidth Monitor 3.9 Unquoted Service Path (0)
06-16: Documalis Free PDF Editor Buffer Overflow (0)
06-16: Documalis Free PDF Scanner Buffer Overflow (0)
06-16: Neon LMS Shell Upload (0)
06-16: [webapps] Gila CMS 1.11.8 – 'query' SQL Injection (0)
06-16: [local] Bandwidth Monitor 3.9 – 'Svc10StrikeBandMontitor' Unquoted Service Path (0)
06-15: [webapps] Netgear R7000 Router – Remote Code Execution (0)
06-15: [remote] SOS JobScheduler 1.13.3 – Stored Password Decryption (0)
06-13: Frigate Professional 3.36.0.9 Buffer Overflow (0)
06-12: CallStranger UPnP Vulnerability Checker (0)
06-12: SMBleed / SMBGhost Pre-Authentication Remote Code Execution Proof Of Concept (0)
06-12: SMBleed Uninitialized Kernel Memory Read Proof Of Concept (0)
06-12: Background Intelligent Transfer Service Privilege Escalation (0)
06-12: [webapps] Sysax MultiServer 6.90 – Reflected Cross Site Scripting (0)
06-12: [webapps] SmarterMail 16 – Arbitrary File Upload (0)
06-11: Sistem Informasi Pengumuman Kelulusan Online 1.0 CSRF (0)
06-11: LinuxKI Toolset 6.01 Remote Command Execution (0)
06-11: Microsoft Windows Privilege Escalation / Code Execution (0)
06-11: [local] Frigate Professional 3.36.0.9 – 'Find Computer' Local Buffer Overflow (SEH) (PoC) (0)
06-10: Virtual Airlines Manager 2.6.2 SQL Injection (0)
06-10: Bludit 3.9.12 Directory Traversal (0)
06-10: Bandwidth Monitor 3.9 Full ROP Buffer Overflow (0)
06-10: WebUntis 2020.12.1 Cross Site Scripting (0)
06-10: Joomla J2 Store 3.3.11 SQL Injection (0)
06-10: CipherMail Community Virtual Appliance 4.6.2 Code Execution (0)
06-10: Pydio Cells 2.0.4 XSS / File Write / Code Execution (0)
06-10: [webapps] Virtual Airlines Manager 2.6.2 – 'id' SQL Injection (0)
06-10: [webapps] Joomla J2 Store 3.3.11 – 'filter_order_Dir' SQL Injection (Authenticated) (0)
06-10: [webapps] Sistem Informasi Pengumuman Kelulusan Online 1.0 – Cross-Site Request Forgery (Add Admin) (0)
06-10: [local] 10-Strike Bandwidth Monitor 3.9 – Buffer Overflow (SEH,DEP,ASLR) (0)
06-10: [remote] HFS Http File Server 2.3m Build 300 – Buffer Overflow (PoC) (0)
06-09: Online-Exam-System 2015 SQL Injection (0)
06-09: NeonLMS 4.6 Shell Upload (0)
06-09: Virtual Airlines Manager 2.6.2 SQL Injection (0)
06-09: Quick Player 1.3 Buffer Overflow (0)
06-09: Frigate 3.36.0.9 Local Buffer Overflow (0)
06-09: 10-Strike Bandwidth Monitor 3.9 Buffer Overflow (0)
06-09: HFS Http File Server 2.3m Build 300 Buffer Overflow (0)
06-09: [webapps] Virtual Airlines Manager 2.6.2 – 'airport' SQL Injection (0)
06-09: [webapps] Bludit 3.9.12 – Directory Traversal (0)
06-08: [local] Frigate 3.36.0.9 – 'Command Line' Local Buffer Overflow (SEH) (PoC) (0)
06-08: [webapps] Virtual Airlines Manager 2.6.2 – 'notam' SQL Injection (0)
06-08: [webapps] Kyocera Printer d-COPIA253MF – Directory Traversal (PoC) (0)
06-06: Quick Player 1.3 Denial Of Service (0)
06-06: Online Course Registration 1.0 SQL Injection (0)
06-06: Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure (0)
06-06: Cisco UCS Director Cloupia Script Remote Code Execution (0)
06-06: Avaya IP Office 11 Insecure Transit / Password Disclosure (0)
06-06: WinGate 9.4.1.5998 Insecure Permissions / Privilege Escalation (0)
06-05: http://www.lerdsin.go.th (0)
06-05: AirControl 1.4.2 Remote Code Execution (0)
06-05: IObit Uninstaller 9.5.0.15 Unquoted Service Path (0)
06-05: Clinic Management System 1.0 Remote Code Execution (0)
06-05: Navigate CMS 2.8.7 SQL Injection (0)
06-05: Oriol Espinal CMS 1.0 SQL Injection (0)
06-05: Hostel Management System 2.0 SQL Injection (0)
06-05: Clinic Management System 1.0 Shell Upload (0)
06-05: Underconstructionpage Cross Site Scripting (0)
06-05: D-Link DIR-615 T1 20.10 CAPTCHA Bypass (0)
06-05: Secure Computing SnapGear Management Console SG560 3.1.5 CSRF (0)
06-05: Online Marriage Registration System 1.0 Remote Code Execution (0)
06-05: Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write (0)
06-05: Navigate CMS 2.8.7 Directory Traversal (0)
06-05: NeonLMS Learning Management System PHP Laravel Script 4.6 File Download (0)
06-05: NeonLMS Learning Management System PHP Laravel Script 4.6 XSS (0)
06-05: Cayin Signage Media Player 3.0 Root Remote Command Injection (0)
06-05: Navigate CMS 2.8.7 Cross Site Request Forgery (0)
06-05: Cayin Content Management Server 11.0 Root Remote Command Injection (0)
06-05: VMWare vCloud Director 9.7.0.15498291 Remote Code Execution (0)
06-05: Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection (0)
06-05: WebLogic Server Deserialization Remote Code Execution (0)
06-05: WordPress Drag And Drop Multi File Uploader Remote Code Execution (0)
06-05: [webapps] Online-Exam-System 2015 – 'feedback' SQL Injection (0)
06-05: [webapps] Online Course Registration 1.0 – Authentication Bypass (0)
06-04: Clinic Management System 1.0 SQL Injection (0)
06-04: vCloud Director 9.7.0.15498291 Remote Code Execution (0)
06-04: OpenCart 3.0.3.2 Cross Site Scripting (0)
06-04: Bluetooth Impersonation Attack (BIAS) Proof Of Concept (0)
06-04: JSC JIT Out-Of-Bounds Access (0)
06-04: Sabberworm PHP CSS Code Injection (0)
06-04: Apache Tomcat CVE-2020-9484 Proof Of Concept (0)
06-04: Node.js Hostname Verification Bypass (0)
06-04: Apple Security Advisory 2020-06-01-1 (0)
06-04: Apple Security Advisory 2020-06-01-2 (0)
06-04: Apple Security Advisory 2020-06-01-3 (0)
06-04: Apple Security Advisory 2020-06-01-4 (0)
06-04: [webapps] Online Marriage Registration System 1.0 – Remote Code Execution (0)
06-04: [webapps] D-Link DIR-615 T1 20.10 – CAPTCHA Bypass (0)
06-04: [webapps] Navigate CMS 2.8.7 – Authenticated Directory Traversal (0)
06-04: [webapps] VMWAre vCloud Director 9.7.0.15498291 – Remote Code Execution (0)
06-04: [webapps] Clinic Management System 1.0 – Authenticated Arbitrary File Upload (0)
06-04: [webapps] Navigate CMS 2.8.7 – Cross-Site Request Forgery (Add Admin) (0)
06-04: [webapps] Navigate CMS 2.8.7 – ''sidx' SQL Injection (Authenticated) (0)
06-04: [webapps] Oriol Espinal CMS 1.0 – 'id' SQL Injection (0)
06-04: [local] IObit Uninstaller 9.5.0.15 – 'IObit Uninstaller Service' Unquoted Service Path (0)
06-04: [webapps] Clinic Management System 1.0 – Unauthenticated Remote Code Execution (0)
06-04: [webapps] Hostel Management System 2.0 – 'id' SQL Injection (Unauthenticated) (0)
06-04: [webapps] AirControl 1.4.2 – PreAuth Remote Code Execution (0)
06-03: VMware vCenter Server 6.7 Authentication Bypass (0)
06-03: QuickBox Pro 2.1.8 Remote Code Execution (0)
06-03: Microsoft Windows SMBGhost Remote Code Execution (0)
06-03: vBulletin 5.6.1 SQL Injection (0)
06-02: WordPress BBPress 2.5 Privilege Escalation (0)
06-02: We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection (0)
06-02: We-Com OpenData CMS 2.0 SQL Injection (0)
06-02: Avast Array.prototype.toString Out-Of-Bounds Copy (0)
06-02: Packet Storm New Exploits For May, 2020 (0)
06-02: [remote] vCloud Director 9.7.0.15498291 – Remote Code Execution (0)
06-02: [remote] Microsoft Windows – 'SMBGhost' Remote Code Execution (0)
06-01: [webapps] QuickBox Pro 2.1.8 – Authenticated Remote Code Execution (0)
06-01: [webapps] Wordpress Plugin BBPress 2.5 – Unauthenticated Privilege Escalation (0)

May 2020 (345)

05-30: PanaceaSoft Shell Upload (0)
05-30: WordPress Multi-Scheduler 1.0.0 Cross Site Request Forgery (0)
05-30: Crystal Shard http-protection 0.2.0 IP Spoofing Bypass (0)
05-30: Apple Security Advisory 2020-05-26-2 (0)
05-30: Apple Security Advisory 2020-05-26-1 (0)
05-30: Apple Security Advisory 2020-05-26-6 (0)
05-30: Apple Security Advisory 2020-05-26-7 (0)
05-30: Apple Security Advisory 2020-05-26-3 (0)
05-30: Apple Security Advisory 2020-05-26-8 (0)
05-30: Apple Security Advisory 2020-05-26-5 (0)
05-30: Apple Security Advisory 2020-05-26-9 (0)
05-30: Apple Security Advisory 2020-05-26-10 (0)
05-30: Apple Security Advisory 2020-05-26-11 (0)
05-30: Apple Security Advisory 2020-05-26-4 (0)
05-29: Kuicms PHP EE 2.0 Cross Site Scripting (0)
05-29: Online Marriage Registration System 1.0 Cross Site Scripting (0)
05-29: LimeSurvey 4.1.11 Cross Site Scripting (0)
05-29: osTicket 1.14.1 Cross Site Scripting (0)
05-29: NOKIA VitalSuite SPM 2020 SQL Injection (0)
05-29: EyouCMS 1.4.6 Cross Site Scripting (0)
05-29: Online-Exam-System 2015 SQL Injection (0)
05-29: QNAP QTS And Photo Station 6.0.3 Remote Command Execution (0)
05-29: Firefox Default Content Process DACL Sandbox Escape (0)
05-29: Pi-Hole 4.3.2 DHCP MAC OS Command Execution (0)
05-29: [webapps] Crystal Shard http-protection 0.2.0 – IP Spoofing Bypass (0)
05-29: [webapps] WordPress Plugin Multi-Scheduler 1.0.0 – Cross-Site Request Forgery (Delete User) (0)
05-28: BIND TSIG Denial Of Service (0)
05-28: WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload (0)
05-28: StreamRipper32 2.6 Buffer Overflow (0)
05-28: Pi-hole 4.4.0 Remote Code Execution (0)
05-28: http://www3.djop.moj.go.th/X-m3n.html (0)
05-28: http://www.tambonbandua.go.th/activity/images/ (0)
05-28: http://www.thayai.go.th/activity/images/ (0)
05-28: [webapps] QNAP QTS and Photo Station 6.0.3 – Remote Command Execution (0)
05-28: [webapps] Online-Exam-System 2015 – 'fid' SQL Injection (0)
05-28: [webapps] EyouCMS 1.4.6 – Persistent Cross-Site Scripting (0)
05-28: [webapps] NOKIA VitalSuite SPM 2020 – 'UserName' SQL Injection (0)
05-27: WordPress Form Maker 5.4.1 SQL Injection (0)
05-27: GoldWave 5.70 Buffer Overflow (0)
05-27: Victor CMS 1.0 Cross Site Scripting (0)
05-27: Online Discussion Forum Site 1.0 Remote Code Execution (0)
05-27: OpenEMR Remote Code Execution (0)
05-27: Joomla XCloner Backup 3.5.3 Local File Disclosure (0)
05-27: Pi-Hole 3.3 Command Execution (0)
05-27: [webapps] Kuicms PHP EE 2.0 – Persistent Cross-Site Scripting (0)
05-27: [webapps] osTicket 1.14.1 – 'Ticket Queue' Persistent Cross-Site Scripting (0)
05-27: [webapps] LimeSurvey 4.1.11 – 'Permission Roles' Persistent Cross-Site Scripting (0)
05-27: [webapps] Online Marriage Registration System 1.0 – Persistent Cross-Site Scripting (0)
05-27: [webapps] osTicket 1.14.1 – 'Saved Search' Persistent Cross-Site Scripting (0)
05-26: [webapps] WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 – Remote Code Execution (0)
05-26: [webapps] Joomla! Plugin XCloner Backup 3.5.3 – Local File Inclusion (Authenticated) (0)
05-26: [local] StreamRipper32 2.6 – Buffer Overflow (PoC) (0)
05-26: [webapps] Open-AudIT 3.3.0 – Reflective Cross-Site Scripting (Authenticated) (0)
05-26: [webapps] OpenEMR 5.0.1 – Remote Code Execution (0)
05-26: [webapps] Pi-hole 4.4.0 – Remote Code Execution (Authenticated) (0)
05-25: Composr CMS 10.0.30 Cross Site Scripting (0)
05-25: PHP-Fusion 9.03.50 Cross Site Scripting (0)
05-25: OpenEDX Ironwood 2.5 Remote Code Execution (0)
05-25: Forma.LMS 5.6.40 Cross Site Request Forgery (0)
05-25: AbsoluteTelnet 11.21 Denial Of Service (0)
05-25: WebLogic Server Deserialization Remote Code Execution (0)
05-25: Gym Management System 1.0 Remote Code Execution (0)
05-25: Qualys Security Advisory – Qmail Remote Code Execution (0)
05-25: VUPlayer 2.49 .m3u Local Buffer Overflow (0)
05-25: Druva inSync Windows Client 6.6.3 Local Privilege Escalation (0)
05-25: Synology DiskStation Manager smart.cgi Remote Command Execution (0)
05-25: Plesk / myLittleAdmin ViewState .NET Deserialization (0)
05-25: Apple Security Advisory 2020-05-20-1 (0)
05-25: http://charoenrat.go.th (0)
05-25: [webapps] Online Discussion Forum Site 1.0 – Remote Code Execution (0)
05-25: [local] GoldWave – Buffer Overflow (SEH Unicode) (0)
05-25: [remote] Plesk/myLittleAdmin – ViewState .NET Deserialization (Metasploit) (0)
05-25: [webapps] Wordpress Plugin Form Maker 5.4.1 – 's' SQL Injection (Authenticated) (0)
05-22: [remote] WebLogic Server – Deserialization RCE – BadAttributeValueExpException (Metasploit) (0)
05-22: [webapps] Gym Management System 1.0 – Unauthenticated Remote Code Execution (0)
05-22: [local] Druva inSync Windows Client 6.6.3 – Local Privilege Escalation (0)
05-22: [webapps] Dolibarr 11.0.3 – Persistent Cross-Site Scripting (0)
05-22: [dos] Konica Minolta FTP Utility 1.0 – 'NLST' Denial of Service (PoC) (0)
05-22: [dos] Filetto 1.0 – 'FEAT' Denial of Service (PoC) (0)
05-22: [dos] Konica Minolta FTP Utility 1.0 – 'LIST' Denial of Service (PoC) (0)
05-22: [local] VUPlayer 2.49 .m3u – Local Buffer Overflow (DEP,ASLR) (0)
05-21: Craft CMS 3 vCard 1.0.0 Remote Code Execution (0)
05-21: CloudMe 1.11.2 SEH / DEP / ASLR Buffer Overflow (0)
05-21: http://ecocenter.diw.go.th/87.html (0)
05-21: [webapps] forma.lms 5.6.40 – Cross-Site Request Forgery (Change Admin Email) (0)
05-21: [dos] AbsoluteTelnet 11.21 – 'Username' Denial of Service (PoC) (0)
05-20: Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service (0)
05-20: Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization (0)
05-20: [webapps] CraftCMS 3 vCard Plugin 1.0.0 – Remote Code Execution (0)
05-19: Mikrotik Router Monitoring System 1.2.3 SQL Injection (0)
05-19: Konica Minolta FTP Utility 1.0 Denial Of Service (0)
05-19: Filetto 1.0 Denial Of Service (0)
05-19: HP LinuxKI 6.01 Remote Command Injection (0)
05-19: Forma.LMS The E-Learning Suite 2.3.0.2 Cross Site Scripting (0)
05-19: Online Examination System 1.0 SQL Injection (0)
05-19: Online Healthcare Patient Record Management System 1.0 SQL Injection (0)
05-19: Online Healthcare Management System 1.0 SQL Injection (0)
05-19: Online Chatting System 1.0 SQL Injection (0)
05-19: WordPress Ajax Load More 5.3.1 SQL Injection (0)
05-19: Oracle Hospitality RES 3700 5.7 Remote Code Execution (0)
05-19: Pi-Hole heisenbergCompensator Blocklist OS Command Execution (0)
05-19: Dolibarr 11.0.3 Cross Site Scripting (0)
05-19: Victor CMS 1.0 Cross Site Scripting (0)
05-19: Victor CMS 1.0 SQL Injection (0)
05-19: qdPM 9.1 Cross Site Scripting (0)
05-19: Submitty 20.04.01 Cross Site Scripting (0)
05-19: NukeViet VMS 4.4.00 Cross Site Request Forgery (0)
05-19: PHP-Fusion 9.03.50 SQL Injection (0)
05-19: Victor CMS 1.0 Shell Upload (0)
05-19: [remote] Pi-Hole – heisenbergCompensator Blocklist OS Command Execution (Metasploit) (0)
05-19: [webapps] Victor CMS 1.0 – Authenticated Arbitrary File Upload (0)
05-19: [webapps] Victor CMS 1.0 – 'comment_author' Persistent Cross-Site Scripting (0)
05-19: [webapps] NukeViet VMS 4.4.00 – Cross-Site Request Forgery (Change Admin Password) (0)
05-19: [webapps] Submitty 20.04.01 – Persistent Cross-Site Scripting (0)
05-19: [webapps] php-fusion 9.03.50 – 'ctype' SQL Injection (0)
05-19: [webapps] Victor CMS 1.0 – 'cat_id' SQL Injection (0)
05-19: [webapps] qdPM 9.1 – 'cfg[app_app_name]' Persistent Cross-Site Scripting (0)
05-18: [remote] HP LinuxKI 6.01 – Remote Command Injection (0)
05-18: [webapps] Online Healthcare management system 1.0 – Authentication Bypass (0)
05-18: [webapps] Mikrotik Router Monitoring System 1.2.3 – 'community' SQL Injection (0)
05-18: [webapps] Online Healthcare Patient Record Management System 1.0 – Authentication Bypass (0)
05-18: [webapps] online Chatting System 1.0 – 'id' SQL Injection (0)
05-18: [webapps] Monstra CMS 3.0.4 – Authenticated Arbitrary File Upload (0)
05-18: [webapps] Oracle Hospitality RES 3700 5.7 – Remote Code Execution (0)
05-18: [webapps] forma.lms The E-Learning Suite 2.3.0.2 – Persistent Cross-Site Scripting (0)
05-18: [webapps] Wordpress Plugin Ajax Load More 5.3.1 – '#1' Authenticated SQL Injection (0)
05-18: [webapps] Online Examination System 1.0 – 'eid' SQL Injection (0)
05-16: vBulletin 5.6.1 SQL Injection (0)
05-16: ManageEngine Service Desk 10.0 Cross Site Scripting (0)
05-16: SecureCRT Memory Corruption (0)
05-16: ACal 2.2.6 Remote Code Execution (0)
05-16: Microsoft Windows Task Scheduler Security Feature Bypass (0)
05-16: ManageEngine AssetExplorer Authenticated Command Execution (0)
05-16: http://odpc1.ddc.moph.go.th/LPHJ/public/site/images/zbi/Ma.gif (0)
05-15: Subrion CMS 4.2.1 Cross Site Scripting (0)
05-15: Subrion CMS 4.2.1 Cross Site Request Forgery (0)
05-15: Dameware Remote Support 12.1.1.273 Buffer Overflow (0)
05-15: Netlink XPON 1GE WiFi V2801RGW Remote Command Execution (0)
05-15: E-Commerce System 1.0 Remote Code Execution (0)
05-15: Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation (0)
05-15: https://www.sansalee.go.th/coli.txt (0)
05-15: iOS Exploits Prices Crash Significantly (0)
05-15: [webapps] vBulletin 5.6.1 – 'nodeId' SQL Injection (0)
05-15: [webapps] ManageEngine Service Desk 10.0 – Cross-Site Scripting (0)
05-14: Remote Desktop Audit 2.3.0.157 Buffer Overflow (0)
05-14: Tryton 5.4 Cross Site Scripting (0)
05-14: Sellacious eCommerce Shop Cross Site Scripting (0)
05-14: http://yardfon.go.th/images/mendy.txt (0)
05-14: [webapps] E-Commerce System 1.0 – Unauthenticated Remote Code Execution (0)
05-14: [local] Dameware Remote Support 12.1.1.273 – Buffer Overflow (SEH) (0)
05-14: [webapps] Netlink XPON 1GE WiFi V2801RGW – Remote Command Execution (0)
05-14: [webapps] Complaint Management System 1.0 – 'username' SQL Injection (0)
05-13: Chrome Typer::Visitor::TypeInductionVariablePhi Type Inference (0)
05-13: Orchard Core RC1 Cross Site Scripting (0)
05-13: WordPress ChopSlider3 3.4 SQL Injection (0)
05-13: TylerTech Eagle 2018.3.11 Remote Code Execution (0)
05-13: macOS 320.whatis Script Privilege Escalation (0)
05-13: CuteNews 2.1.2 Authenticated Shell Upload (0)
05-13: Cisco Digital Network Architecture Center 1.3.1.4 Cross Site Scripting (0)
05-13: qdPM 9.1 Arbitrary File Upload (0)
05-13: LanSend 3.2 Buffer Overflow (0)
05-13: Adobe DNG SDK dng_lossless_decoder::DecodeImage Out-Of-Bounds Read (0)
05-13: Adobe DNG SDK Memory Corruption (0)
05-13: SaltStack Salt Master/Minion Unauthenticated Remote Code Execution (0)
05-13: Netsweeper WebAdmin unixlogin.php Python Code Injection (0)
05-13: Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation (0)
05-13: [local] Remote Desktop Audit 2.3.0.157 – Buffer Overflow (SEH) (0)
05-12: Kartris 1.6 Arbitrary File Upload (0)
05-12: Pi-hole 4.4 Remote Code Execution (0)
05-12: Pi-hole 4.4 Remote Code Execution / Privilege Escalation (0)
05-12: Online AgroCulture Farm Management System 1.0 SQL Injection (0)
05-12: Victor CMS 1.0 SQL Injection (0)
05-12: CuteNews 2.1.2 Arbitrary File Deletion (0)
05-12: Complaint Management System 1.0 SQL Injection (0)
05-12: LibreNMS 1.46 SQL Injection (0)
05-12: [local] MacOS 320.whatis Script – Privilege Escalation (0)
05-12: [local] LanSend 3.2 – Buffer Overflow (SEH) (0)
05-12: [webapps] Cisco Digital Network Architecture Center 1.3.1.4 – Persistent Cross-Site Scripting (0)
05-12: [webapps] CuteNews 2.1.2 – Authenticated Arbitrary File Upload (0)
05-12: [webapps] ChopSlider3 Wordpress Plugin3.4 – 'id' SQL Injection (0)
05-12: [webapps] qdPM 9.1 – Arbitrary File Upload (0)
05-12: [webapps] Orchard Core RC1 – Persistent Cross-Site Scripting (0)
05-11: [webapps] LibreNMS 1.46 – 'search' SQL Injection (0)
05-11: [webapps] Complaint Management System 1.0 – Authentication Bypass (0)
05-11: [webapps] Online AgroCulture Farm Management System 1.0 – 'uname' SQL Injection (0)
05-11: [webapps] Victor CMS 1.0 – 'post' SQL Injection (0)
05-11: [webapps] OpenZ ERP 3.6.60 – Persistent Cross-Site Scripting (0)
05-11: [local] SolarWinds MSP PME Cache Service 1.1.14 – Insecure File Permissions (0)
05-11: [webapps] Sentrifugo CMS 3.2 – Persistent Cross-Site Scripting (0)
05-11: [webapps] CuteNews 2.1.2 – Arbitrary File Deletion (0)
05-11: [webapps] Kartris 1.6 – Arbitrary File Upload (0)
05-10: cpCommerce v1.2.8 – (id_document) Blind SQL Injection (0)
05-10: [webapps] Pi-hole < 4.4 – Remote Code Execution / Privileges Escalation (0)
05-10: [webapps] Pi-hole < 4.4 – Remote Code Execution (0)
05-09: ManageEngine DataSecurity Plus Path Traversal / Code Execution (0)
05-09: Tiny MySQL Cross Site Scripting (0)
05-09: Qik Chat 3.0 Command Injection (0)
05-09: WordPress ChopSlider 3 SQL Injection (0)
05-09: WebTareas 2.0p8 Cross Site Scripting (0)
05-09: ManageEngine DataSecurity Plus Authentication Bypass (0)
05-09: WordPress Dosimple Theme 2.0 Cross Site Scripting (0)
05-09: Creative Zone SQL Injection (0)
05-09: ManageEngine Asset Explorer Windows Agent Remote Code Execution (0)
05-09: Service Tracing Privilege Escalation (0)
05-09: Microsoft Windows NtUserMNDragOver Local Privilege Escalation (0)
05-09: Samsung Android Remote Code Execution (0)
05-09: Linux futex+VFS Use-After-Free (0)
05-09: Linux 5.6 IORING_OP_MADVISE Race Condition (0)
05-09: http://e-mining.dpim.go.th/java.html (0)
05-09: http://www.nanual.go.th/m-1.html (0)
05-09: https://www.phanomphrailocal.go.th/m-1.html (0)
05-09: http://www.koksawang.go.th/m-1.html (0)
05-09: http://www.hora.go.th/m-1.html (0)
05-09: http://pnpmuni.go.th/m-1.html (0)
05-08: Online AgroCulture Farm Management System 1.0 SQL Injection (0)
05-08: School File Management System 1.0 SQL Injection (0)
05-08: SolarWinds MSP PME Cache Service Insecure File Permissions / Code Execution (0)
05-08: Sentrifugo CMS 3.2 Cross Site Scripting (0)
05-08: Car Park Management System 1.0 SQL Injection (0)
05-08: iChat 1.6 Cross Site Scripting (0)
05-08: KeeWeb 1.14.0 HTML Injection (0)
05-08: OpenZ ERP 3.6.60 Cross Site Scripting (0)
05-08: Online Clothing Store 1.0 Arbitrary File Upload (0)
05-08: Create-Project Manager 1.07 Cross Site Scripting / HTML Injection (0)
05-08: Draytek VigorAP Cross Site Scripting (0)
05-08: LANCOM WLAN Controller Cross Site Scripting (0)
05-08: http://www.manangdalam.go.th/y.htm (0)
05-08: http://www.danmakhamtiahospital.go.th (0)
05-08: http://www.khamhai.go.th/m-1.html (0)
05-08: http://srinonngam.go.th/m-1.html (0)
05-08: http://www.narathiwat2.go.th/m-1.html (0)
05-08: http://www.yaplonglocal.go.th/m-1.html (0)
05-08: Sellacious eCommerce – Multiple Persistent Vulnerabilities (0)
05-08: http://phoyai.go.th/m-1.html (0)
05-08: http://www.chanuwan.go.th/m-1.html (0)
05-08: http://keelek.go.th/m-1.html (0)
05-08: http://www.dongdang.go.th/m-1.html (0)
05-08: http://www.phochai.go.th/m-1.html (0)
05-08: http://www.nom101.go.th/m-1.html (0)
05-08: http://www.sawang.go.th/m-1.html (0)
05-08: http://kutnamsai.go.th/m-1.html (0)
05-08: http://wareesawat.go.th/m-1.html (0)
05-08: http://www.khoyai.go.th/m-1.html (0)
05-08: http://www.toomsisaket.go.th/m-1.html (0)
05-08: http://www.srakaew-phanomphai.go.th/m-1.html (0)
05-08: http://www.mueangnoi.go.th/m-1.html (0)
05-08: http://www.nongphok101.go.th/m-1.html (0)
05-08: http://thawatburi.go.th/m-1.html (0)
05-08: [dos] Extreme Networks Aerohive HiveOS 11.0 – Remote Denial of Service (PoC) (0)
05-07: GitLab 12.9.0 Arbitrary File Read (0)
05-07: i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion (0)
05-07: Booked Scheduler 2.7.7 Directory Traversal (0)
05-07: MPC Sharj 3.11.1 Arbitrary File Download (0)
05-07: Pisay Online E-Learning System 1.0 SQL Injection / Code Execution (0)
05-07: YesWiki cercopitheque 2020.04.18.1 SQL Injection (0)
05-07: webTareas 2.0.p8 Arbitrary File Deletion (0)
05-07: Online Clothing Store 1.0 SQL Injection (0)
05-07: Online Clothing Store 1.0 Cross Site Scripting (0)
05-07: Extreme Networks Aerohive HiveOS 11.x Denial Of Service (0)
05-07: Kentico CMS 12.0.14 Remote Command Execution (0)
05-07: Draytek VigorAP – (RADIUS) Persistent XSS Vulnerability (0)
05-07: Creative Zone – (id) Remote SQL Injection Vulnerability (0)
05-07: Wordpress Theme Dosimple v2.0 – XSS Web Vulnerability (0)
05-07: Tiny MySQL – Cross Site Scripting Vulnerability (0)
05-07: [webapps] Online AgroCulture Farm Management System 1.0 – 'pid' SQL Injection (0)
05-07: [webapps] Pisay Online E-Learning System 1.0 – Remote Code Execution (0)
05-07: [webapps] Online Clothing Store 1.0 – Arbitrary File Upload (0)
05-07: [webapps] School File Management System 1.0 – 'username' SQL Injection (0)
05-07: [webapps] Draytek VigorAP 1000C – Persistent Cross-Site Scripting (0)
05-07: [dos] FlashGet 1.9.6 – Denial of Service (PoC) (0)
05-07: [webapps] Car Park Management System 1.0 – Authentication Bypass (0)
05-06: OpenZ v3.6.60 ERP – Employee Persistent XSS Vulnerability (0)
05-06: KeeWeb v1.14.0 – (Notes) Html Inject Web Vulnerability (0)
05-06: Oracle Database 11g Release 2 Unquoted Service Path (0)
05-06: Online Scheduling System 1.0 SQL Injection (0)
05-06: PhreeBooks ERP 5.2.5 Remote Command Execution (0)
05-06: SimplePHPGal 0.7 Remote File Inclusion (0)
05-06: WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting (0)
05-06: NEC Electra Elite IPK II WebPro 01.03.01 Session Enumeration (0)
05-06: Saltstack 3000.1 Remote Code Execution (0)
05-06: webERP 4.15.1 Backup Disclosure (0)
05-06: ATutor LMS 2.2.4 Weak Password Reset Hash (0)
05-06: TrixBox CE 2.8.0.4 Command Execution (0)
05-06: IBM Data Risk Manager 2.0.3 Default Password (0)
05-06: IBM Data Risk Manager 2.0.3 Remote Code Execution (0)
05-06: http://www.laoluang101.go.th/datafile/JT.html (0)
05-06: [webapps] GitLab 12.9.0 – Arbitrary File Read (0)
05-06: [webapps] webTareas 2.0.p8 – Arbitrary File Deletion (0)
05-06: [webapps] Online Clothing Store 1.0 – 'username' SQL Injection (0)
05-06: [webapps] Booked Scheduler 2.7.7 – Authenticated Directory Traversal (0)
05-06: [webapps] i-doit Open Source CMDB 1.14.1 – Arbitrary File Deletion (0)
05-06: [webapps] YesWiki cercopitheque 2020.04.18.1 – 'id' SQL Injection (0)
05-06: [webapps] Online Clothing Store 1.0 – Persistent Cross-Site Scripting (0)
05-05: xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control (0)
05-05: OpenSSL signature_algorithms_cert Denial Of Service (0)
05-05: TP-LINK Cloud Cameras NCXXX Bonjour Command Injection (0)
05-05: TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key (0)
05-05: TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection (0)
05-05: FlashGet 1.9.6 Buffer Overflow Proof Of Concept (0)
05-05: iJoomla AdAgency 6.0.9 SQL Injection (0)
05-05: BlogEngine 3.3 XML Injection (0)
05-05: osTicket 1.14.1 Cross Site Scripting (0)
05-05: Fishing Reservation System SQL Injection (0)
05-05: BoltWire 6.03 Local File Inclusion (0)
05-05: HP Performance Monitoring xglance Privilege Escalation (0)
05-05: Veeam ONE Agent .NET Deserialization (0)
05-05: Outline Service 1.3.3 Unquoted Service Path (0)
05-05: Frigate 3.36 SEH Buffer Overflow (0)
05-05: addressbook 9.0.0.1 SQL Injection (0)
05-05: File Explorer 1.4 Access Bypass (0)
05-05: Sentrifugo v3.2 CMS – Persistent XSS Web Vulnerability (0)
05-05: Qik Chat v3.0 iOS – (Name) Command Inject Vulnerability (0)
05-05: [webapps] NEC Electra Elite IPK II WebPro 01.03.01 – Session Enumeration (0)
05-05: [webapps] SimplePHPGal 0.7 – Remote File Inclusion (0)
05-05: [webapps] BlogEngine 3.3 – 'syndication.axd' XML External Entity Injection (0)
05-05: [webapps] webERP 4.15.1 – Unauthenticated Backup File Access (0)
05-05: [webapps] Online Scheduling System 1.0 – 'username' SQL Injection (0)
05-05: [local] Oracle Database 11g Release 2 – 'OracleDBConsoleorcl' Unquoted Service Path (0)
05-05: [webapps] Fishing Reservation System 7.5 – 'uid' SQL Injection (0)
05-05: [remote] Saltstack 3000.2 – Remote Code Execution (0)
05-04: File Explorer v1.4 iOS – Multiple Persistent Vulnerabilities (0)
05-04: Fishing Reservation System – SQL Injection Vulnerabilities (0)
05-04: [webapps] addressbook 9.0.0.1 – 'id' SQL Injection (0)
05-04: [local] Frigate 3.36 – Buffer Overflow (SEH) (0)
05-04: [local] Outline Service 1.3.3 – 'Outline Service ' Unquoted Service Path (0)
05-04: [webapps] osTicket 1.14.1 – Persistent Authenticated Cross-Site Scripting (0)
05-04: [webapps] BoltWire 6.03 – Local File Inclusion (0)
05-03: FlashGet v1.9.6 – Remote Buffer Overflow Vulnerability (0)
05-03: iJoomla com_adagency v6.0.9 – SQL Injection Vulnerabilities (0)
05-03: Joomla com_content v1.5 – Blind SQL-Injection Vulnerability (0)
05-02: VirtualTablet Server 3.0.2 Denial Of Service (0)
05-02: Online Scheduling System 1.0 Cross Site Scripting (0)
05-02: Online Scheduling System 1.0 Authentication Bypass (0)
05-02: PHP-Fusion 9.03.50 Cross Site Scripting (0)
05-02: Apache OFBiz 17.12.03 Cross Site Request Forgery (0)
05-02: Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access (0)
05-02: Packet Storm New Exploits For April, 2020 (0)
05-02: http://lpa.nfe.go.th/gotcha.php (0)
05-01: ChemInv 1 Cross Site Scripting (0)
05-01: HardDrive 2.1 Arbitrary File Upload (0)
05-01: [webapps] Super Backup 2.0.5 for iOS – Directory Traversal (0)
05-01: [webapps] Online Scheduling System 1.0 – Persistent Cross-Site Scripting (0)
05-01: [dos] VirtualTablet Server 3.0.2 – Denial of Service (PoC) (0)
05-01: [webapps] php-fusion 9.03.50 – Persistent Cross-Site Scripting (0)
05-01: [webapps] ChemInv 1.0 – Authenticated Persistent Cross-Site Scripting (0)

April 2020 (344)

04-30: Andrea ST Filters Service 1.0.64.7 Unquoted Service Path (0)
04-30: School ERP Pro 1.0 SQL Injection (0)
04-30: School ERP Pro 1.0 Remote Code Execution (0)
04-30: School ERP Pro 1.0 Arbitrary File Read (0)
04-30: Open-AudIT 3.2.2 Command Injection / SQL Injection (0)
04-30: Open-AudIT Professional 3.3.1 Remote Code Execution (0)
04-30: NVIDIA Update Service Daemon 1.0.21 Unquoted Service Path (0)
04-30: Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload (0)
04-30: EmEditor 19.8 Insecure File Permissions (0)
04-30: hits script 1.0 SQL Injection (0)
04-30: Druva inSync Windows Client 6.5.2 Privilege Escalation (0)
04-30: Apache Shiro 1.2.4 Remote Code Execution (0)
04-30: POS PHP v17.5 – (Employees) Persistent Web Vulnerability (0)
04-30: Super Backup v2.0.5 iOS – Directory Traversal Vulnerability (0)
04-29: CloudMe 1.11.2 Buffer Overflow (0)
04-29: Source Engine CS:GO Build 4937372 Arbitrary Code Execution (0)
04-29: Project Open CMS 5.0.3 Cross Site Scripting / SQL Injection (0)
04-29: POS PHP 17.5 Cross Site Scripting (0)
04-29: Easy Transfer 1.7 Cross Site Scripting / Directory Traversal (0)
04-29: File Sharing And Chat 1.0 Denial Of Service (0)
04-29: Internet Download Manager 6.37.11.1 Buffer Overflow (0)
04-29: Transfer Master 3.3 Denial Of Service (0)
04-29: File Explorer 1.4 Information Disclosure (0)
04-29: Chrome ReadableStream::Close Out-Of-Bounds Access (0)
04-29: HardDrive v2.1 iOS – Arbitrary File Upload Vulnerability (0)
04-29: OpenCATS v0.9.4-3 – Multiple Cross Site Web Vulnerabilities (0)
04-29: Microsoft Windows 2012 R2 (x64) – (MMC) DoS Vulnerability (0)
04-29: [webapps] hits script 1.0 – 'item_name' SQL Injection (0)
04-29: [local] Internet Download Manager 6.37.11.1 – Stack Buffer Overflow (PoC) (0)
04-29: [webapps] Easy Transfer 1.7 for iOS – Directory Traversal (0)
04-29: [webapps] School ERP Pro 1.0 – Arbitrary File Read (0)
04-29: [webapps] Open-AudIT Professional 3.3.1 – Remote Code Execution (0)
04-29: [local] Andrea ST Filters Service 1.0.64.7 – 'Andrea ST Filters Service ' Unquoted Service Path (0)
04-28: jQuery html() Cross Site Scripting (0)
04-28: Open-AudIT 3.3.0 Cross Site Scripting (0)
04-28: Netis E1+ 1.2.32533 Hardcoded Backdoor Account (0)
04-28: PHP-Fusion 9.03.50 Arbitrary File Upload (0)
04-28: Netis E1+ 1.2.32533 Password Leak (0)
04-28: Geeklog 2.2.1 Cross Site Scripting (0)
04-28: Online Shopping System Advanced 1.0 SQL Injection (0)
04-28: Online Course Registration 2.0 SQL Injection (0)
04-28: Maian Support Helpdesk 4.3 Cross Site Request Forgery (0)
04-28: Geeklog 2.2.1 SQL Injection (0)
04-28: Docker-Credential-Wincred.exe Privilege Escalation (0)
04-28: File Explorer v1.4 iOS – Information Disclosure Vulnerability (0)
04-28: Transfer Master v3.3 iOS – Denial of Service Vulnerability (0)
04-28: POS PHP v17.5 – Persistent Cross Site Web Vulnerability (0)
04-28: IDM v6.37.11.1 – Stack Buffer Overflow Vulnerabilities (0)
04-28: [webapps] School ERP Pro 1.0 – Remote Code Execution (0)
04-28: [local] NVIDIA Update Service Daemon 1.0.21 – 'nvUpdatusService' Unquoted Service Path (0)
04-28: [webapps] School ERP Pro 1.0 – 'es_messagesid' SQL Injection (0)
04-28: [remote] CloudMe 1.11.2 – Buffer Overflow (PoC) (0)
04-28: [local] Docker-Credential-Wincred.exe – Privilege Escalation (Metasploit) (0)
04-27: Project Open v5.0.3 CMS – Multiple Web Vulnerabilities (0)
04-27: File Sharing & Chat v1.0 iOS – Denial of Service Vulnerability (0)
04-27: Easy Transfer v1.7 iOS – Multiple Web Vulnerabilities (0)
04-27: [webapps] Netis E1+ V1.2.32533 – Unauthenticated WiFi Password Leak (0)
04-27: [webapps] PHP-Fusion 9.03.50 – 'Edit Profile' Arbitrary File Upload (0)
04-27: [local] Source Engine CS:GO BuildID: 4937372 – Arbitrary Code Execution (0)
04-27: [webapps] Maian Support Helpdesk 4.3 – Cross-Site Request Forgery (Add Admin) (0)
04-27: [webapps] Online Course Registration 2.0 – Authentication Bypass (0)
04-27: [webapps] Online shopping system advanced 1.0 – 'p' SQL Injection (0)
04-27: [webapps] Netis E1+ 1.2.32533 – Backdoor Account (root) (0)
04-25: Popcorn Time 6.2 Unquoted Service Path (0)
04-25: EspoCRM 5.8.5 Privilege Escalation (0)
04-25: Edimax EW-7438RPn 1.13 Remote Code Execution (0)
04-25: Air Sender 1.0.2 Arbitrary File Upload (0)
04-25: Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution (0)
04-24: Apple Disputes Recent iOS Zero Day Claim (0)
04-24: User Management System 2.0 Cross Site Scripting (0)
04-24: User Management System 2.0 SQL Injection (0)
04-24: Complaint Management System 4.2 Cross Site Scripting (0)
04-24: AMD Radeon DirectX 11 Driver 8.17.10.0871 Memory Corruption (0)
04-24: Complaint Management System 4.2 SQL Injection (0)
04-24: Complaint Management System 4.2 Cross Site Request Forgery (0)
04-24: Zen Load Balancer 3.10.1 Directory Traversal (0)
04-24: WebRTC FEC Extension Processing Out-Of-Bounds Write (0)
04-24: Chrome AudioArray::Allocate Data Race / Out-Of-Bounds Access (0)
04-24: WebRTC Layer Info Out-Of-Bounds Write (0)
04-24: WebKit AudioArray::allocate Data Race / Out-Of-Bounds Access (0)
04-24: Air Sender v1.0.2 iOS – Arbitrary File Upload Vulnerability (0)
04-24: Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks (0)
04-24: [webapps] Furukawa Electric ConsciusMAP 2.8.1 – Remote Code Execution (0)
04-24: [local] Popcorn Time 6.2 – 'Update service' Unquoted Service Path (0)
04-24: [webapps] Edimax EW-7438RPn 1.13 – Remote Code Execution (0)
04-24: [webapps] EspoCRM 5.8.5 – Privilege Escalation (0)
04-23: Edimax EW-7438RPn Cross Site Request Forgery (0)
04-23: Edimax EW-7438RPn Information Disclosure (0)
04-23: RM Downloader 3.1.3.2.2010.06.13 Buffer Overflow (0)
04-23: http://cheewan.go.th/def.html (0)
04-23: SuperBackup v2.0.5 – Multiple Site Scripting Vulnerabilities (0)
04-23: [webapps] Complaint Management System 4.2 – Persistent Cross-Site Scripting (0)
04-23: [webapps] Sky File 2.1.0 iOS – Directory Traversal (0)
04-23: [webapps] Zen Load Balancer 3.10.1 – Directory Traversal (Metasploit) (0)
04-23: [webapps] Complaint Management System 4.2 – Cross-Site Request Forgery (Delete User) (0)
04-23: [webapps] Complaint Management System 4.2 – Authentication Bypass (0)
04-23: [webapps] User Management System 2.0 – Persistent Cross-Site Scripting (0)
04-23: [webapps] User Management System 2.0 – Authentication Bypass (0)
04-22: Folder Lock 3.4.5 Cross Site Scripting (0)
04-22: IBM Data Risk Manager Authentication Bypass / Command Injection / File Download (0)
04-22: CSZ CMS 1.2.7 Cross Site Scripting (0)
04-22: CSZ CMS 1.2.7 HTML Injection (0)
04-22: IQrouter 3.3.1 Remote Code Execution (0)
04-22: NSClient++ 0.5.2.35 Authenticated Remote Code Execution (0)
04-22: Spiderman2 2.1.1 Buffer Overflow (0)
04-22: jizhi CMS 1.6.7 Arbitrary File Download (0)
04-22: Sysaid 20.1.11 b26 Remote Command Execution (0)
04-22: PMB 5.6 SQL Injection (0)
04-22: P5 FNIP-8x16A/FNIP-4xSH CSRF / Cross Site Scripting (0)
04-22: Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption (0)
04-22: haproxy hpack-tbl.c Out-Of-Bounds Write (0)
04-22: Mahara 19.10.2 Cross Site Scripting (0)
04-22: Sky File 2.1.0 Cross Site Scripting / Directory Traversal (0)
04-22: QRadar Community Edition 7.3.1.6 Default Credentials (0)
04-22: QRadar Community Edition 7.3.1.6 Server Side Request Forgery (0)
04-22: QRadar Community Edition 7.3.1.6 CSRF / Weak Access Control (0)
04-22: QRadar Community Edition 7.3.1.6 Cross Site Scripting (0)
04-22: QRadar Community Edition 7.3.1.6 Insecure File Permissions (0)
04-22: QRadar Community Edition 7.3.1.6 PHP Object Injection (0)
04-22: QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation (0)
04-22: QRadar Community Edition 7.3.1.6 Authorization Bypass (0)
04-22: QRadar Community Edition 7.3.1.6 Path Traversal (0)
04-22: Cisco AnyConnect Secure Mobility Client 4.8.01090 Privilege Escalation (0)
04-22: Air Share v1.2 iOS – Multiple Cross Site Web Vulnerabilities (0)
04-22: [webapps] Mahara 19.10.2 CMS – Persistent Cross-Site Scripting (0)
04-22: [webapps] Edimax EW-7438RPn – Information Disclosure (WiFi Password) (0)
04-22: [local] RM Downloader 3.1.3.2.2010.06.13 – 'Load' Buffer Overflow (SEH) (0)
04-22: [webapps] Edimax EW-7438RPn – Cross-Site Request Forgery (MAC Filtering) (0)
04-21: Atomic Alarm Clock 6.3 Unquoted Service Path (0)
04-21: Rubo DICOM Viewer 2.0 Buffer Overflow (0)
04-21: Atomic Alarm Clock 6.3 Stack Overflow (0)
04-21: ALLPlayer 7.6 Buffer Overflow (0)
04-21: Nsauditor 3.2.1.0 Buffer Overflow (0)
04-21: Xinfire TV Player 6.0.1.2 Buffer Overflow (0)
04-21: Xinfire DVD Player 5.5.0.0 Buffer Overflow (0)
04-21: Centreon 19.10.5 SQL Injection (0)
04-21: Sky File v2.1.0 iOS – Multiple Web Vulnerabilities (0)
04-21: Mahara v19.10.2 CMS – Persistent Cross Site Vulnerability (0)
04-21: [webapps] PMB 5.6 – 'logid' SQL Injection (0)
04-21: [webapps] CSZ CMS 1.2.7 – Persistent Cross-Site Scripting (0)
04-21: [remote] Neowise CarbonFTP 1.4 – Insecure Proprietary Password Encryption (0)
04-21: [webapps] P5 FNIP-8x16A FNIP-4xSH 1.0.20 – Cross-Site Request Forgery (Add Admin) (0)
04-21: [webapps] jizhi CMS 1.6.7 – Arbitrary File Download (0)
04-21: [webapps] NSClient++ 0.5.2.35 – Authenticated Remote Code Execution (0)
04-21: [local] Oracle Solaris Common Desktop Environment 1.6 – Local Privilege Escalation (0)
04-21: [webapps] IQrouter 3.3.1 Firmware – Remote Code Execution (0)
04-21: [webapps] CSZ CMS 1.2.7 – 'title' HTML Injection (0)
04-20: Folder Lock v3.4.5 iOS – Multiple Web Vulnerabilities (0)
04-20: Phpgurukul User Registration v2.0 – Multiple Vulnerabilities (0)
04-20: [remote] Unraid 6.8.0 – Auth Bypass PHP Code Execution (Metasploit) (0)
04-20: [local] Atomic Alarm Clock x86 6.3 – 'AtomicAlarmClock' Unquoted Service Path (0)
04-20: [local] Rubo DICOM Viewer 2.0 – Buffer Overflow (SEH) (0)
04-20: [local] Nsauditor 3.2.1.0 – Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite)) (0)
04-20: [webapps] Fork CMS 5.8.0 – Persistent Cross-Site Scripting (0)
04-20: [webapps] Centreon 19.10.5 – 'id' SQL Injection (0)
04-20: [local] Atomic Alarm Clock 6.3 – Stack Overflow (Unicode+SEH) (0)
04-19: Bundeswehr Karriere – Cross Site Scripting Vulnerability (0)
04-18: Easy MPEG To DVD Burner 1.7.11 Buffer Overflow (0)
04-18: Cisco IP Phone 11.7 Denial Of Service (0)
04-18: Playable 9.18 Script Insertion / Arbitrary File Upload (0)
04-18: Code Blocks 16.01 Buffer Overflow (0)
04-18: TAO Open Source Assessment Platform 3.3.0 RC02 Cross Site Scripting (0)
04-18: SMACom 1.2.0 Insecure Transit / Password Disclosure (0)
04-18: Metasploit Libnotify Arbitrary Command Execution (0)
04-18: Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution (0)
04-18: Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution (0)
04-18: Swift File Transfer Mobile Cross Site Scripting / Information Disclosure (0)
04-18: Fork CMS 5.8.0 Script Insertion (0)
04-18: Common Desktop Environment 1.6 Local Privilege Escalation (0)
04-18: Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow (0)
04-18: Oracle Solaris 11.x / 10 whodo / w Buffer Overflow (0)
04-17: http://www.rb2.go.th/admin/pic_title/1700400107041202004171587057757.jpg (0)
04-17: Swift File Transfer Mobile – Multiple Web Vulnerabilities (0)
04-17: Fork CMS v5.8.0 – Multiple Persistent Web Vulnerbilities (0)
04-17: Nexus Repository Manager 3.21.1-01 Remote Code Execution (0)
04-17: Microsoft Windows Unquoted Service Path Privilege Escalation (0)
04-17: [local] Code Blocks 16.01 – Buffer Overflow (SEH) UNICODE (0)
04-17: [remote] Nexus Repository Manager – Java EL Injection RCE (Metasploit) (0)
04-16: Pinger 1.0 Remote Code Execution (0)
04-16: BlazeDVD 7.0.2 Buffer Overflow (0)
04-16: Bundeswehr Karriere Cross Site Scripting (0)
04-16: DedeCMS 7.5 SP2 Cross Site Scripting (0)
04-16: DedeCMS 7.5 SP2 Persistent Cross Site Scripting (0)
04-16: SuperBackup 2.0.5 Persistent Cross Site Scripting (0)
04-16: File Transfer iFamily 2.1 Directory Traversal (0)
04-16: Macs Framework 1.14f Cross Site Scripting / SQL Injection (0)
04-16: SeedDMS 5.1.18 Persistent Cross Site Scripting (0)
04-16: AirDisk Pro 5.5.3 Persistent Cross Site Scripting (0)
04-16: Microsoft Windows NtFilterToken ParentTokenId Incorrect Setting Privilege Escalation (0)
04-16: Microsoft Windows SE_SERVER_SECURITY Security Descriptor Owner Privilege Escalation (0)
04-16: Git Credential Helper Protocol Newline Injection (0)
04-16: Liferay Portal Java Unmarshalling Remote Code Execution (0)
04-16: TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution (0)
04-16: Playable v9.18 iOS – Multiple Web Vulnerabilities (0)
04-16: TAO AP v3.3.0 RC02 – Multiple Web Vulnerabilities (0)
04-16: [remote] Apache Solr – Remote Code Execution via Velocity Template (Metasploit) (0)
04-16: [remote] DotNetNuke – Cookie Deserialization Remote Code Execution (Metasploit) (0)
04-16: [remote] PlaySMS – index.php Unauthenticated Template Injection Code Execution (Metasploit) (0)
04-16: [remote] Pandora FMS – Ping Authenticated Remote Code Execution (Metasploit) (0)
04-16: [remote] Liferay Portal – Java Unmarshalling via JSONWS RCE (Metasploit) (0)
04-16: [remote] ThinkPHP – Multiple PHP Injection RCEs (Metasploit) (0)
04-16: [remote] TP-Link Archer A7/C7 – Unauthenticated LAN Remote Code Execution (Metasploit) (0)
04-16: [local] VMware Fusion – USB Arbitrator Setuid Privilege Escalation (Metasploit) (0)
04-15: Free Desktop Clock 3.0 Stack Overflow (0)
04-15: Subex ROC Partner Settlement 10.5 Insecure Direct Object Reference (0)
04-15: Webtateas 2.0 Arbitrary File Read (0)
04-15: Huawei HG630 2 Router Authentication Bypass (0)
04-15: WSO2 API Manager Carbon Interface 3.0.0 File Delete (0)
04-15: WordPress Media Library Assistant 2.81 Local File Inclusion (0)
04-15: B64dec 1.1.2 Buffer Overflow (0)
04-15: WSO2 API Manager Carbon Interface 3.0.0 Cross Site Scripting (0)
04-15: TVT NVMS 1000 Directory Traversal (0)
04-15: Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution (0)
04-15: MOVEit Transfer 11.1.1 SQL Injection (0)
04-15: Cellebrite UFED 7.29 Hardcoded ADB Authentication Keys (0)
04-15: Oracle WebLogic Server 12.2.1.4.0 Remote Code Execution (0)
04-15: ThinkPHP 5.0.23 Remote Code Execution (0)
04-15: Vesta Control Panel Authenticated Remote Code Execution (0)
04-15: Matrix42 Workspace Management 9.1.2.2765 Cross Site Scripting (0)
04-15: SuperBackup v2.0.5 iOS – (VCF) Persistent XSS Vulnerability (0)
04-15: AirDisk Pro v5.5.3 iOS – Multiple Persistent Web Vulnerabilities (0)
04-15: SeedDMS v5.1.18 – Multiple Persistent Web Vulnerabilities (0)
04-15: Bundeswehr Karriere – Cross Site Scripting Vulnerability (0)
04-15: [webapps] Macs Framework 1.14f CMS – Persistent Cross-Site Scripting (0)
04-15: [webapps] SeedDMS 5.1.18 – Persistent Cross-Site Scripting (0)
04-15: [webapps] Pinger 1.0 – Remote Code Execution (0)
04-15: [webapps] AirDisk Pro 5.5.3 for iOS – Persistent Cross-Site Scripting (0)
04-15: [webapps] SuperBackup 2.0.5 for iOS – Persistent Cross-Site Scripting (0)
04-14: http://petburi.go.th (0)
04-14: File Transfer iFamily v2.1 – Directory Traversal Vulnerability (0)
04-14: Macs Framework v1.14f CMS – Multiple Web Vulnerabilities (0)
04-14: [local] B64dec 1.1.2 – Buffer Overflow (SEH Overflow + Egg Hunter) (0)
04-13: https://opec.go.th (0)
04-13: [local] Free Desktop Clock x86 Venetian Blinds Zipper 3.0 – Unicode Stack Overflow (SEH) (0)
04-13: [webapps] WSO2 3.1.0 – Arbitrary File Delete (0)
04-13: [webapps] Webtateas 2.0 – Arbitrary File Read (0)
04-13: [webapps] TVT NVMS 1000 – Directory Traversal (0)
04-13: [webapps] Huawei HG630 2 Router – Authentication Bypass (0)
04-11: Photoscape Textarea Denial Of Service (0)
04-11: AbsoluteTelnet 11.12 Denial Of Service (0)
04-11: Zen Load Balancer 3.10.1 Directory Traversal (0)
04-11: Windscribe 1.83 Build 20 Unquoted Service Path (0)
04-11: Xeroneit Library Management System 3.0 SQL Injection (0)
04-11: Linux 5.3 Insecure Root Path Handling (0)
04-11: Linux Omitted TID Increment (0)
04-10: NagiosXI 5.6.11 address Remote Code Execution (0)
04-10: Symantec Web Gateway 5.0.2.8 Remote Code Execution (0)
04-10: NagiosXI 5.6.11 start / end / step Remote Code Execution (0)
04-10: Centreon 19.11 SQL Injection (0)
04-10: NagiosXL 5.6.11 orderby SQL Injection (0)
04-10: Symantec Web Gateway 5.0.2.8 Remote Code Execution (0)
04-10: netABuse Insufficient Windows Authentication Logic Scanner (0)
04-10: http://www.spin.dss.go.th/bas/public/site/images/gonzofficial28/Simsimi.gif (0)
04-10: [dos] AbsoluteTelnet 11.12 – 'SSH1/username' Denial of Service (PoC) (0)
04-10: [local] Windscribe 1.83 – 'WindscribeService' Unquoted Service Path (0)
04-09: DedeCMS v7.5 SP2 – Multiple Persistent Web Vulnerabilities (0)
04-09: NagiosXI 5.6 Remote Command Execution (0)
04-09: Symantec Web Gateway 5.0.2.8 Remote Command Execution (0)
04-09: NagiosXI 5.6.11 Remote Command Execution (0)
04-09: ManageEngine 14 Remote Code Execution (0)
04-09: Django 3.0 Cross Site Request Forgery (0)
04-09: Symantec Web Gateway 5.0.2.8 Remote Code Execution (0)
04-09: Amcrest Dahua NVR Camera IP2M-841 Denial Of Service (0)
04-09: Centreon 19.10-3.el7 SQL Injection (0)
04-08: DedeCMS v7.5 SP2 – Multiple Cross Site Web Vulnerabilities (0)
04-08: Bundeswehr Karriere – Cross Site Scripting Vulnerability (0)
04-08: dnsmasq-utils 2.79-1 Denial Of Service (0)
04-08: ZOC Terminal 7.25.5 Denial Of Service (0)
04-08: Roaring Trade In Zero-Days Means More Vulns Are Falling Into The Hands Of State Spies (0)
04-08: [webapps] Amcrest Dahua NVR Camera IP2M-841 – Denial of Service (PoC) (0)
04-08: [webapps] Django 3.0 – Cross-Site Request Forgery Token Bypass (0)
04-07: LimeSurvey 4.1.11 Path Traversal (0)
04-07: Memu Play 7.1.3 Insecure Folder Permissions (0)
04-07: Nsauditor 3.2.0.0 Denial Of Service (0)
04-07: WordPress Hotel Booking System Pro 1.1 Cross Site Scripting (0)
04-07: Online Hotel Booking System Pro 1.3 Cross Site Scripting (0)
04-07: Product Key Explorer 4.2.2.0 Denial Of Service (0)
04-07: Triologic Media Player 8 Buffer Overflow (0)
04-07: WordPress Car Rental System 1.3 Cross Site Scripting (0)
04-07: Frigate 3.3.6 Denial Of Service (0)
04-07: Car Rental System 2.6 Cross Site Scripting (0)
04-07: UltraVNC Launcher 1.2.4.0 Denial Of Service (0)
04-07: UltraVNC Viewer 1.2.4.0 Denial Of Service (0)
04-07: UltraVNC Launcher 1.2.4.0 Denial Of Service (0)
04-07: SpotAuditor 5.3.4 Denial Of Service (0)
04-07: ZOC Terminal 7.25.5 Denial Of Service (0)
04-07: WhatsApp Desktop 0.3.9308 Cross Site Scripting (0)
04-07: Vanguard 2.1 Cross Site Scripting (0)
04-07: Bolt CMS 3.7.0 Remote Code Execution (0)
04-07: pfSense 2.4.4-P3 User Manager Cross Site Scripting (0)
04-07: PlaySMS index.php Unauthenticated Template Injection Code Execution (0)
04-07: Pandora FMS Ping Authenticated Remote Code Execution (0)
04-07: SMBv3 Compression Buffer Overflow (0)
04-07: Vesta Control Panel Authenticated Remote Code Execution (0)
04-07: LimeSurvey 4.1.11 Cross Site Scripting (0)
04-07: Microsoft Windows Net Use Insufficent Authentication (0)
04-07: [dos] dnsmasq-utils 2.79-1 – 'dhcp_release' Denial of Service (PoC) (0)
04-07: [dos] ZOC Terminal 7.25.5 – 'Script' Denial of Service (PoC) (0)
04-06: http://samutprakan1.go.th/lo.php (0)
04-06: http://www.maeku.go.th (0)
04-06: [webapps] LimeSurvey 4.1.11 – 'File Manager' Path Traversal (0)
04-06: [webapps] Bolt CMS 3.7.0 – Authenticated Remote Code Execution (0)
04-06: [webapps] WhatsApp Desktop 0.3.9308 – Persistent Cross-Site Scripting (0)
04-06: [local] Triologic Media Player 8 – '.m3l' Buffer Overflow (Unicode) (SEH) (0)
04-06: [webapps] Vesta Control Panel 0.9.8-26 – Authenticated Remote Code Execution (Metasploit) (0)
04-06: [dos] UltraVNC Viewer 1.2.4.0 – 'VNCServer' Denial of Service (PoC) (0)
04-06: [dos] ZOC Terminal v7.25.5 – 'Private key file' Denial of Service (PoC) (0)
04-06: [webapps] LimeSurvey 4.1.11 – 'Survey Groups' Persistent Cross-Site Scripting (0)
04-06: [dos] UltraVNC Launcher 1.2.4.0 – 'Password' Denial of Service (PoC) (0)
04-06: [dos] Frigate 3.36 – Denial of Service (PoC) (0)
04-06: [dos] UltraVNC Launcher 1.2.4.0 – 'RepeaterHost' Denial of Service (PoC) (0)
04-06: [dos] Nsauditor 3.2.0.0 – 'Name' Denial of Service (PoC) (0)
04-06: [dos] SpotAuditor 5.3.4 – 'Name' Denial of Service (PoC) (0)
04-06: [dos] Product Key Explorer 4.2.2.0 – 'Key' Denial of Service (PoC) (0)
04-06: [local] Memu Play 7.1.3 – Insecure Folder Permissions (0)
04-05: http://songphinongmunic.go.th (0)
04-04: Pandora FMS 7.0NG Remote Code Execution (0)
04-04: http://www.ictc.ops.go.th/images/ (0)
04-04: http://www.finance.ops.go.th/modules/ (0)
04-04: http://www.singburihosp.go.th/gotcha.gif (0)
04-03: http://aya1.go.th/lo.php (0)
04-03: DiskBoss 7.7.14 Local Buffer Overflow (0)
04-03: Oracle Coherence Fusion Middleware Remote Code Execution (0)
04-03: MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution (0)
04-03: multiOTP 5.0.4.4 Remote Code Execution (0)
04-03: AIDA64 Engineer 6.20.5300 Buffer Overflow (0)
04-03: Apache Solr 8.3.0 Velocity Template Remote Code Execution (0)
04-03: VMware Fusion USB Arbitrator Setuid Privilege Escalation (0)
04-03: DotNetNuke Cookie Deserialization Remote Code Execution (0)
04-03: [webapps] Pandora FMS 7.0NG – 'net_tools.php' Remote Code Execution (0)
04-03: [local] AIDA64 Engineer 6.20.5300 – 'Report File' filename Buffer Overflow (SEH) (0)
04-02: https://www.phanathos.go.th/ITA/KiLL3R.html (0)
04-02: KandNconcepts Club CMS 1.1 / 1.2 Cross Site Scripting / SQL Injection (0)
04-02: DiskBoss 7.7.14 Denial Of Service (0)
04-02: 10Strike LANState 9.32 Host Check hostname Buffer Overflow (0)
04-02: Packet Storm New Exploits For March, 2020 (0)
04-02: [local] DiskBoss 7.7.14 – 'Input Directory' Local Buffer Overflow (PoC) (0)
04-01: Grandstream UCM6200 Series WebSocket 1.0.20.20 SQL Injection (0)
04-01: Grandstream UCM6200 Series CTI Interface SQL Injection (0)
04-01: FlashFXP 4.2.0 Build 1730 Denial Of Service (0)
04-01: DrayTek Vigor2960 / Vigor3900 / Vigor300B Remote Command Execution (0)
04-01: Microsoft Windows 10 SMB 3.1.1 Local Privilege Escalation (0)
04-01: [local] 10Strike LANState 9.32 – 'Force Check' Buffer Overflow (SEH) (0)
04-01: [dos] DiskBoss 7.7.14 – Denial of Service (PoC) (0)

March 2020 (260)

03-31: Odin Secure FTP Expert 7.6.3 Site Info Denial Of Service (0)
03-31: DesignMasterEvents CMS 1.0 SQL Injection / Cross Site Scripting (0)
03-31: WordPress Event-Registration 5.43 Arbitrary File Upload (0)
03-31: Zen Load Balancer 3.10.1 Remote Code Execution (0)
03-31: Joomla Fabrik 3.9.11 Directory Traversal (0)
03-31: 10-Strike Network Inventory Explorer 9.03 Buffer Overflow (0)
03-31: [remote] DLINK DWL-2600 – Authenticated Remote Command Injection (Metasploit) (0)
03-31: [webapps] Grandstream UCM6200 Series CTI Interface – 'user_password' SQL Injection (0)
03-31: [dos] FlashFXP 4.2.0 Build 1730 – Denial of Service (PoC) (0)
03-30: Redis Replication Code Execution (0)
03-30: [remote] Multiple DrayTek Products – Pre-authentication Remote Root Code Execution (0)
03-30: [webapps] Joomla! com_fabrik 3.9.11 – Directory Traversal (0)
03-30: [dos] Odin Secure FTP Expert 7.6.3 – 'Site Info' Denial of Service (PoC) (0)
03-29: Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting (0)
03-29: FreeCommander XE 2020 Pathname Buffer Overflow (0)
03-29: rConfig 3.9.4 searchField Remote Code Execution (0)
03-29: codeBeamer 9.5 Cross Site Scripting (0)
03-29: DLINK DWL-2600 Authenticated Remote Command Injection (0)
03-29: IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution (0)
03-29: Micro Focus Vibe 4.0.6 HTML Injection (0)
03-29: Micro Focus Vibe 4.0.6 Cross Site Scripting (0)
03-28: Apple Security Advisory 2020-03-25-1 (0)
03-28: Apple Security Advisory 2020-03-25-2 (0)
03-28: http://www.foreignaffairs.m-society.go.th/zx.htm (0)
03-28: http://www.minister.m-society.go.th/zx.htm (0)
03-28: https://tsd.m-society.go.th/zx.htm (0)
03-28: http://www.dl.m-society.go.th/zx.htm (0)
03-28: Soluzione Globale Ecommerce CMS 1 SQL Injection (0)
03-28: WordPress StatTraq 1.3.0 SQL Injection (0)
03-28: Easy RM To MP3 Converter 2.7.3.700 Local Buffer Overflow (0)
03-28: Jinfornet Jreport 15.6 Directory Traversal (0)
03-28: Everest 5.50.2100 Denial Of Service (0)
03-28: ECK Hotel 1.0 Cross Site Request Forgery (0)
03-27: Centreo 19.10.8 Remote Code Execution (0)
03-27: TP-Link Archer C50 V3 Denial of Service (0)
03-27: Linux PTRACE_TRACEME Local Root (0)
03-27: SharePoint Workflows XOML Injection (0)
03-27: [dos] Everest 5.50.2100 – 'Open File' Denial of Service (PoC) (0)
03-27: [local] Easy RM to MP3 Converter 2.7.3.700 – 'Input' Local Buffer Overflow (SEH) (0)
03-27: [webapps] ECK Hotel 1.0 – Cross-Site Request Forgery (Add Admin) (0)
03-26: SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection (0)
03-26: Joomla GMapFP 3.30 Arbitrary File Upload (0)
03-26: AVAST SecureLine 5.5.522.0 Unquoted Service Path (0)
03-26: Android Bluetooth Remote Denial Of Service (0)
03-26: HP ThinPro 6.x / 7.x Information Disclosure (0)
03-26: 10-Strike Network Inventory Explorer 8.54 Unquoted Service Path (0)
03-26: HP ThinPro 6.x / 7.x Filter Bypass (0)
03-26: HP ThinPro 6.x / 7.x Privilege Escalation (0)
03-26: 10-Strike Network Inventory Explorer 8.54 Buffer Overflow (0)
03-26: LeptonCMS 4.5.0 Cross Site Scripting (0)
03-26: HP ThinPro 6.x / 7.x Citrix Command Injection (0)
03-26: HP ThinPro 6.x / 7.x Privileged Command Injection (0)
03-26: http://renew.dede.go.th/Ali.txt (0)
03-26: [webapps] Centreo 19.10.8 – 'DisplayServiceStatus' Remote Code Execution (0)
03-26: [webapps] TP-Link Archer C50 3 – Denial of Service (PoC) (0)
03-25: Apple Security Advisory 2020-03-24-1 (0)
03-25: Apple Security Advisory 2020-03-24-2 (0)
03-25: Apple Security Advisory 2020-03-24-3 (0)
03-25: Apple Security Advisory 2020-03-24-4 (0)
03-25: Apple Security Advisory 2020-03-24-5 (0)
03-25: Apple Security Advisory 2020-03-24-6 (0)
03-25: Apple Security Advisory 2020-03-24-7 (0)
03-25: Veyon 4.3.4 Unquoted Service Path (0)
03-25: UliCMS 2020.1 Cross Site Scripting (0)
03-25: WordPress WPForms 1.5.9 Cross Site Scripting (0)
03-25: UCM6202 1.0.18.13 Remote Command Injection (0)
03-25: [webapps] LeptonCMS 4.5.0 – Persistent Cross-Site Scripting (0)
03-25: [webapps] Joomla! Component GMapFP 3.30 – Arbitrary File Upload (0)
03-25: [local] AVAST SecureLine 5.5.522.0 – 'SecureLine' Unquoted Service Path (0)
03-24: Microsoft Warns Of Windows Zero-Day Exploited In The Wild (0)
03-24: ProficySCADA For iOS 5.0.25920 Denial Of Service (0)
03-24: Google Chrome 80.0.3987.87 Denial Of Service (0)
03-24: CyberArk PSMP 10.9.1 Policy Restriction Bypass (0)
03-24: EnovaNet Chateau-Thierry FormaLog WebService02 eChampagne 7.0 Cross Site Scripting / SQL Injection (0)
03-24: rConfig 3.9.4 Remote Command Injection (0)
03-24: Joomla HDWPlayer 4.2 SQL Injection (0)
03-24: FIBARO System Home Center 5.021 Remote File Inclusion / XSS (0)
03-24: Horde 5.2.22 CSV Import Code Execution (0)
03-24: [webapps] UCM6202 1.0.18.13 – Remote Command Injection (0)
03-24: [local] Veyon 4.3.4 – 'VeyonService' Unquoted Service Path (0)
03-24: [webapps] Wordpress Plugin WPForms 1.5.9 – Persistent Cross-Site Scripting (0)
03-24: [webapps] UliCMS 2020.1 – Persistent Cross-Site Scripting (0)
03-23: http://nonpho.go.th (0)
03-23: http://laopruan.go.th (0)
03-23: http://nonnamtang.go.th (0)
03-23: [webapps] rConfig 3.9.4 – 'search.crud.php' Remote Command Injection (0)
03-23: [remote] CyberArk PSMP 10.9.1 – Policy Restriction Bypass (0)
03-23: [dos] Google Chrome 80.0.3987.87 – Heap-Corruption Remote Denial of Service (PoC) (0)
03-23: [dos] ProficySCADA for iOS 5.0.25920 – 'Password' Denial of Service (PoC) (0)
03-23: [webapps] FIBARO System Home Center 5.021 – Remote File Include (0)
03-22: http://secondary41.go.th/Ali.txt (0)
03-21: Exagate Sysguard 6001 Cross Site Request Forgery (0)
03-21: VMware Fusion 11.5.2 Privilege Escalation (0)
03-20: http://www4.diw.go.th/Ali.txt (0)
03-20: Broadcom Wi-Fi KR00K Proof Of Concept (0)
03-20: Easy File Sharing Web Server 7.2 Local Buffer Overflow (0)
03-20: [local] VMware Fusion 11.5.2 – Privilege Escalation (0)
03-20: [webapps] Exagate Sysguard 6001 – Cross-Site Request Forgery (Add Admin) (0)
03-19: NetBackup 7.0 Unquoted Service Path (0)
03-19: pppd 2.4.8 Buffer Overflow (0)
03-19: Netlink GPON Router 1.0.11 Remote Code Execution (0)
03-19: Microtik SSH Daemon 6.44.3 Denial Of Service (0)
03-19: Ivanti Workspace Manager Security Bypass (0)
03-19: VMware Fusion Local Privilege Escalation / Directory Traversal (0)
03-19: Microsoft VSCode Python Extension Code Execution (0)
03-19: Razer Synapse Service 1.0.0 DLL Injection (0)
03-19: ZoneAlarm TrueVector Internet Monitor Insecure NTFS Permissions (0)
03-19: Centreon Poller Authenticated Remote Command Execution (0)
03-18: UADMIN Botnet SQL Injection (0)
03-18: [webapps] Netlink GPON Router 1.0.11 – Remote Code Execution (0)
03-17: Enhanced Multimedia Router 3.0.4.27 Cross Site Request Forgery (0)
03-17: MiladWorkShop VIP System 1.0 SQL Injection (0)
03-17: PHPKB Multi-Language 9 Authenticated Remote Code Execution (0)
03-17: PHPKB Multi-Language 9 Authenticated Directory Traversal (0)
03-17: PHPKB Multi-Language 9 image-upload.php Code Execution (0)
03-17: ShaderCache Arbitrary File Creation / Privilege Escalation (0)
03-17: Rconfig 3.x Chained Remote Code Execution (0)
03-17: [remote] ManageEngine Desktop Central – Java Deserialization (Metasploit) (0)
03-17: [remote] Rconfig 3.x – Chained Remote Code Execution (Metasploit) (0)
03-16: CoronaBlue / SMBGhost Microsoft Windows 10 SMB 3.1.1 Proof Of Concept (0)
03-16: Microsoft Windows SMB 3.1.1 Remote Code Execution (0)
03-16: Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution (0)
03-16: [webapps] PHPKB Multi-Language 9 – 'image-upload.php' Authenticated Remote Code Execution (0)
03-16: [webapps] PHPKB Multi-Language 9 – Authenticated Remote Code Execution (0)
03-16: [webapps] MiladWorkShop VIP System 1.0 – 'lang' SQL Injection (0)
03-16: [webapps] PHPKB Multi-Language 9 – Authenticated Directory Traversal (0)
03-16: [webapps] Enhanced Multimedia Router 3.0.4.27 – Cross-Site Request Forgery (Add Admin) (0)
03-15: Revive Adserver 5.0.4 Security Bypass / Open Redirect (0)
03-15: Phoenix Contact TC Router / TC Cloud Client Command Injection (0)
03-15: ManageEngine Desktop Central Java Deserialization (0)
03-15: http://www.udonthani.go.th (0)
03-15: https://lawreform.go.th/t3x.htm (0)
03-15: http://ssobkl.go.th/t3x.htm (0)
03-14: AnyBurn 4.8 Buffer Overflow (0)
03-14: CentOS WebPanel 7 SQL Injection (0)
03-14: Drobo 5N2 4.1.1 Remote Command Injection (0)
03-14: http://royalrain.go.th/BD.txt (0)
03-14: http://www.saomuangkaopc.go.th (0)
03-14: [dos] Microsoft Windows 10 (1903/1909) – 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC) (0)
03-13: http://www.takesa1.go.th/bc7.html (0)
03-13: rConfig 3.9 SQL Injection (0)
03-13: rConfig 3.93 Authenticated Remote Code Execution (0)
03-13: ASUS AAHM 1.00.22 Unquoted Service Path (0)
03-13: HRSALE 1.1.8 Cross Site Request Forgery (0)
03-13: WordPress Appointment Booking Calendar 1.3.34 CSV Injection (0)
03-13: AtMail WebMail 4.61 Open Redirect (0)
03-13: WatchGuard Fireware AD Helper 5.8.5.10317 Credential Disclosure (0)
03-13: Horde Groupware Webmail Edition 5.2.22 PHAR Loading (0)
03-13: Horde Groupware Webmail Edition 5.2.22 PHP File Inclusion (0)
03-13: Chrome BlobURLStoreImpl::Register Site Isolation Bypass (0)
03-13: SQL Server Reporting Services (SSRS) ViewState Deserialization (0)
03-13: [webapps] Centos WebPanel 7 – 'term' SQL Injection (0)
03-13: [local] AnyBurn 4.8 – Buffer Overflow (SEH) (0)
03-12: Wing FTP Server 6.2.3 Cross Site Request Forgery (0)
03-12: ASUS AXSP 1.02.00 Unquoted Service Path (0)
03-12: WordPress Search Meter 2.13.2 CSV Injection (0)
03-12: [webapps] rConfig 3.93 – 'ajaxAddTemplate.php' Authenticated Remote Code Execution (0)
03-12: [webapps] Wordpress Plugin Appointment Booking Calendar 1.3.34 – CSV Injection (0)
03-12: [webapps] Joomla! Component com_newsfeeds 1.0 – 'feedid' SQL Injection (0)
03-12: [webapps] WatchGuard Fireware AD Helper Component 5.8.5.10317 – Credential Disclosure (0)
03-11: http://www.takong-sao.go.th/in.txt (0)
03-11: Counter Strike: GO Memory Control (0)
03-11: Sysaid 20.1.11 b26 Remote Command Execution (0)
03-11: YzmCMS 5.5 Cross Site Scripting (0)
03-11: Persian VIP Download Script 1.0 SQL Injection (0)
03-11: PHPStudy Backdoor Remote Code Execution (0)
03-11: Nagios XI Authenticated Remote Command Execution (0)
03-11: [webapps] Wordpress Plugin Search Meter 2.13.2 – CSV injection (0)
03-11: [local] ASUS AXSP 1.02.00 – 'asComSvc' Unquoted Service Path (0)
03-10: http://schoolmy2560.surat3.go.th (0)
03-10: Iskysoft Application Framework Service 2.4.3.241 Unquoted Service Path (0)
03-10: Microsoft Windows WizardOpium Local Privilege Escalation (0)
03-10: SpyHunter 4 Unquoted Service Path (0)
03-10: ManageEngine Desktop Central Deserialization / Remote Code Execution (0)
03-10: ASUS GiftBox Desktop 1.1.1.127 Unquoted Service Path (0)
03-10: Deep Instinct Windows Agent 1.2.29.0 Unquoted Service Path (0)
03-10: Sentrifugo HRMS 3.2 SQL Injection (0)
03-10: IRISgraphic 1.0 SQL Injection (0)
03-10: Creative Contact Form 4.6.2 Directory Traversal (0)
03-10: iOS / macOS AWDL Heap Corruption / Bounds Checking (0)
03-10: 60CycleCMS 2.5.2 SQL Injection (0)
03-10: Citrix Gateway 11.1 / 12.0 / 12.1 Information Disclosure (0)
03-10: Citrix Gateway 11.1 / 12.0 / 12.1 Cache Poisoning (0)
03-10: Citrix Gateway 11.1 / 12.0 / 12.1 Cache Bypass (0)
03-10: pppd 2.4.8 Buffer Overflow (0)
03-10: Richsploit RichFaces Exploitation Toolkit (0)
03-10: [webapps] Persian VIP Download Script 1.0 – 'active' SQL Injection (0)
03-10: [webapps] YzmCMS 5.5 – 'url' Persistent Cross-Site Scripting (0)
03-10: [webapps] Sysaid 20.1.11 b26 – Remote Command Execution (0)
03-09: [remote] PHP-FPM – Underflow Remote Code Execution (Metasploit) (0)
03-09: [remote] Apache ActiveMQ 5.x-5.11.1 – Directory Traversal Shell Upload (Metasploit) (0)
03-09: [local] Counter Strike: GO – '.bsp' Memory Control (PoC) (0)
03-09: [remote] Google Chrome 80 – JSCreate Side-effect Type Confusion (Metasploit) (0)
03-09: [local] OpenSMTPD – OOB Read Local Privilege Escalation (Metasploit) (0)
03-09: [remote] Google Chrome 67, 68 and 69 – Object.create Type Confusion (Metasploit) (0)
03-09: [remote] Google Chrome 72 and 73 – Array.map Out-of-Bounds Write (Metasploit) (0)
03-09: [webapps] Sentrifugo HRMS 3.2 – 'id' SQL Injection (0)
03-09: [webapps] 60CycleCMS – 'news.php' SQL Injection (0)
03-06: http://iud.phitsanulok3.go.th/t3x.htm (0)
03-06: http://iud.namnaohospital.go.th/t3x.htm (0)
03-06: http://maeyanghor.go.th/meh.php (0)
03-06: Google Chrome 80 JSCreate Side-Effect Type Confusion (0)
03-06: OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation (0)
03-06: netkit-telnet 0.17 Remote Code Execution (0)
03-06: Google Chrome 67 / 68 / 69 Object.create Type Confusion (0)
03-06: Google Chrome 72 / 73 Array.map Corruption (0)
03-06: PHP-FPM 7.x Remote Code Execution (0)
03-06: Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload (0)
03-06: [local] ASUS GiftBox Desktop 1.1.1.127 – 'ASUSGiftBoxDesktop' Unquoted Service Path (0)
03-06: [local] ASUS GiftBox Desktop 1.1.1.127 – 'ASUSGiftBoxDesktop' Unquoted Service Path (0)
03-06: [local] SpyHunter 4 – 'SpyHunter 4 Service' Unquoted Service Path (0)
03-06: [local] SpyHunter 4 – 'SpyHunter 4 Service' Unquoted Service Path (0)
03-06: [local] Iskysoft Application Framework Service 2.4.3.241 – 'IsAppService' Unquoted Service Path (0)
03-06: [local] Iskysoft Application Framework Service 2.4.3.241 – 'IsAppService' Unquoted Service Path (0)
03-06: [local] Deep Instinct Windows Agent 1.2.29.0 – 'DeepMgmtService' Unquoted Service Path (0)
03-06: [local] Deep Instinct Windows Agent 1.2.29.0 – 'DeepMgmtService' Unquoted Service Path (0)
03-05: UniSharp Laravel File Manager 2.0.0 Arbitrary File Read (0)
03-05: XOO Digital 2.1.0 SQL Injection (0)
03-05: Exchange Control Panel Viewstate Deserialization (0)
03-05: [remote] EyesOfNetwork – AutoDiscovery Target Command Execution (Metasploit) (0)
03-05: [remote] Exchange Control Panel – Viewstate Deserialization (Metasploit) (0)
03-04: RICOH Aficio SP 5200S Printer HTML Injection (0)
03-04: Alfresco 5.2.4 Cross Site Scripting (0)
03-04: RICOH Aficio SP 5210SF Printer HTML Injection (0)
03-04: GUnet OpenEclass 1.7.3 SQL Injection (0)
03-04: EyesOfNetwork AutoDiscovery Target Command Execution (0)
03-04: [webapps] UniSharp Laravel File Manager 2.0.0 – Arbitrary File Read (0)
03-03: Joplin Desktop 1.0.184 Cross Site Scripting (0)
03-03: Wing FTP Server 6.2.5 Privilege Escalation (0)
03-03: TP-Link TL-WR849N Remote Code Execution (0)
03-03: WordPress Tutor LMS 1.5.3 Cross Site Request Forgery (0)
03-03: TP-Link TL-WR849N 0.9.1 4.16 Authentication Bypass (0)
03-03: Cyberoam Authentication Client 2.1.2.7 Buffer Overflow (0)
03-03: Netis WF2419 2.2.36123 Remote Code Execution (0)
03-03: Intelbras Wireless N 150Mbps WRN240 Authentication Bypass (0)
03-03: Wing FTP Server 6.2.3 Privilege Escalation (0)
03-03: Microsoft Exchange 2019 15.2.221.12 Remote Code Execution (0)
03-03: Cacti 1.2.8 Unauthenticated Remote Code Execution (0)
03-03: JSC DFG ObjectAllocationSinkingPhase Crash (0)
03-03: macOS / iOS ImageIO OpenEXR Image Processing Memory Issues (0)
03-03: [webapps] RICOH Aficio SP 5210SF Printer – 'entryNameIn' HTML Injection (0)
03-03: [webapps] Alfresco 5.2.4 – Persistent Cross-Site Scripting (0)
03-03: [webapps] RICOH Aficio SP 5200S Printer – 'entryNameIn' HTML Injection (0)
03-03: [webapps] GUnet OpenEclass 1.7.3 E-learning platform – 'month' SQL Injection (0)
03-02: Nimsoft nimcontroller 7.80 Remote Code Execution (0)
03-02: qdPM Remote Code Execution (0)
03-02: MITREid 1.3.3 Cross Site Scripting (0)
03-02: Microsoft Windows Kernel Privilege Escalation (0)
03-02: Packet Storm New Exploits For February, 2020 (0)
03-02: [webapps] Wordpress Plugin Tutor LMS 1.5.3 – Cross-Site Request Forgery (Add User) (0)
03-02: [webapps] Intelbras Wireless N 150Mbps WRN240 – Authentication Bypass (Config Upload) (0)
03-02: [remote] CA Unified Infrastructure Management Nimsoft 7.80 – Remote Buffer Overflow (0)
03-02: [webapps] TP LINK TL-WR849N – Remote Code Execution (0)
03-02: [remote] Microsoft Exchange 2019 15.2.221.12 – Authenticated Remote Code Execution (0)
03-02: [webapps] Wing FTP Server 6.2.5 – Privilege Escalation (0)
03-02: [webapps] TL-WR849N 0.9.1 4.16 – Authentication Bypass (Upload Firmware) (0)
03-02: [webapps] Netis WF2419 2.2.36123 – Remote Code Execution (0)
03-02: [webapps] Joplin Desktop 1.0.184 – Cross-Site Scripting (0)
03-02: [local] Cyberoam Authentication Client 2.1.2.7 – Buffer Overflow (SEH) (0)
03-01: http://old.ddc.moph.go.th/data/pwn(94).gif (0)

February 2020 (320)

02-29: Cacti 1.2.8 Unauthenticated Remote Code Execution (0)
02-29: Cacti 1.2.8 Authenticated Remote Code Execution (0)
02-29: DirectWeb 0.4.0 Cross Site Scripting (0)
02-29: Easy2Pilot 8 SQL Injection / Cross Site Request Forgery (0)
02-29: Apache Tomcat AJP Ghostcat File Read / Inclusion (0)
02-29: Core FTP LE 2.2 Denial Of Service (0)
02-29: PhpIX 2012 Professional (Beta) SQL Injection (0)
02-29: Business Live Chat Software 1.0 Cross Site Request Forgery (0)
02-29: PHP-Fusion CMS 9.03 Cross Site Scripting (0)
02-29: Comtrend VR-3033 Command Injection (0)
02-29: Samsung Kernel /dev/vipx Pointer Leak (0)
02-29: Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition (0)
02-29: XNU tcp_input Use-After-Free (0)
02-29: Samsung Kernel Arbitrary /dev/vipx / /dev/vertex kfree (0)
02-29: Chrome DesktopMediaPickerController::WebContentsDestroyed Use-After-Free (0)
02-29: http://www.banann.go.th/vuln.gif (0)
02-28: [webapps] qdPM < 9.1 – Remote Code Execution (0)
02-27: [webapps] Comtrend VR-3033 – Command Injection (0)
02-27: [webapps] Business Live Chat Software 1.0 – Cross-Site Request Forgery (Add Admin) (0)
02-26: SpotFTP-FTP Password Recover 2.4.8 Denial Of Service (0)
02-26: aSc TimeTables 2020.11.4 Denial Of Service (0)
02-26: WordPress WooCommerce CardGate Payment Gateway 3.1.15 Bypass (0)
02-26: Magento WooCommerce CardGate Payment Gateway 2.0.30 Bypass (0)
02-26: Odin Secure FTP Expert 7.6.3 Denial Of Service (0)
02-26: Astak CM-818T3 Remote Configuration Disclosure (0)
02-26: OpenSMTPD Local Information Disclosure (0)
02-26: OpenSMTPD Out-Of-Bounds Read (0)
02-26: [remote] OpenSMTPD 6.6.3 – Arbitrary File Read (0)
02-26: [webapps] PhpIX 2012 Professional – 'id' SQL Injection (0)
02-26: [dos] Core FTP LE 2.2 – Denial of Service (PoC) (0)
02-25: http://nonsanga.go.th/web1/file_editor/dbx.txt (0)
02-25: http://www.nasameng.go.th (0)
02-25: Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure (0)
02-25: ESCAM QD-900 WIFI HD Camera Remote Configuration Disclosure (0)
02-25: SecuSTATION SC-831 HD Camera Remote Configuration Disclosure (0)
02-25: Aptina AR0130 Camera Remote Configuration Disclosure (0)
02-25: AMSS++ 4.7 Backdoor Account (0)
02-25: Go SSH 0.0.2 Denial Of Service (0)
02-25: ATutor 2.2.4 SQL Injection (0)
02-25: ManageEngine EventLog Analyzer 10.0 Information Disclosure (0)
02-25: Avaya IP Office Application Server 11.0.0.0 Cross Site Scripting (0)
02-25: Quick N Easy Web Server 3.3.8 Denial Of Service (0)
02-25: DotNetNuke CMS 9.5.0 Cross Site Scripting (0)
02-25: DotNetNuke CMS 9.5.0 File Extension Check Bypass (0)
02-25: eLection 2.0 SQL Injection (0)
02-25: DotNetNuke CMS 9.4.4 Zip Directory Traversal (0)
02-25: CandidATS 2.1.0 Cross Site Request Forgery (0)
02-25: Android Binder Use-After-Free (0)
02-25: SecuSTATION IPCAM-130 HD Camera Remote Configuration Disclosure (0)
02-25: ACE SECURITY WiP-90113 HD Camera Remote Configuration Disclosure (0)
02-25: Revotech I6032B-P Remote Configuration Disclosure (0)
02-25: http://news.sesao8.go.th/X-m3n.php (0)
02-25: http://amssplus.rayong1.go.th/X-m3n.html (0)
02-25: http://cpp.rayong1.go.th/X-m3n.html (0)
02-25: http://smssplus.rayong1.go.th/X-m3n.html (0)
02-25: [dos] aSc TimeTables 2020.11.4 – Denial of Service (PoC) (0)
02-25: [dos] SpotFTP-FTP Password Recover 2.4.8 – Denial of Service (PoC) (0)
02-24: http://www.phraepeo.go.th (0)
02-24: http://www.kohsathon.go.th/wir.html (0)
02-24: http://jobok.go.th/wir.html (0)
02-24: [webapps] CandidATS 2.1.0 – Cross-Site Request Forgery (Add Admin) (0)
02-24: [webapps] AMSS++ 4.7 – Backdoor Admin Account (0)
02-24: [dos] Quick N Easy Web Server 3.3.8 – Denial of Service (PoC) (0)
02-24: [webapps] Cacti 1.2.8 – Remote Code Execution (0)
02-24: [webapps] Aptina AR0130 960P 1.3MP Camera – Remote Configuration Disclosure (0)
02-24: [webapps] SecuSTATION SC-831 HD Camera – Remote Configuration Disclosure (0)
02-24: [webapps] ATutor 2.2.4 – 'id' SQL Injection (0)
02-24: [webapps] DotNetNuke 9.5 – File Upload Restrictions Bypass (0)
02-24: [webapps] DotNetNuke 9.5 – Persistent Cross-Site Scripting (0)
02-24: [webapps] eLection 2.0 – 'id' SQL Injection (0)
02-24: [webapps] ManageEngine EventLog Analyzer 10.0 – Information Disclosure (0)
02-24: [dos] Go SSH servers 0.0.2 – Denial of Service (PoC) (0)
02-24: [webapps] I6032B-P POE 2.0MP Outdoor Camera – Remote Configuration Disclosure (0)
02-24: [webapps] SecuSTATION IPCAM-130 HD Camera – Remote Configuration Disclosure (0)
02-24: [webapps] AMSS++ v 4.31 – 'id' SQL Injection (0)
02-24: [webapps] Real Web Pentesting Tutorial Step by Step – [Persian] (0)
02-24: [webapps] Avaya IP Office Application Server 11.0.0.0 – Reflective Cross-Site Scripting (0)
02-24: [webapps] ESCAM QD-900 WIFI HD Camera – Remote Configuration Disclosure (0)
02-23: http://nbc.dip.go.th/rx.html (0)
02-23: http://nec.dip.go.th/rx.html (0)
02-22: AMSS++ 4.31 SQL Injection (0)
02-22: Online Birth Certificate System 1.0 Cross Site Scripting (0)
02-22: D-Link DGS-1250 Header Injection (0)
02-22: Open-Xchange App Suite / Documents Server-Side Request Forgery (0)
02-22: OpenNetAdmin Ping Command Injection (0)
02-21: http://sahathat.go.th/file_editor/db.txt (0)
02-21: WordPress Default-Featured-Image 1.6.1 Cross Site Scripting (0)
02-21: WordPress Events-Manager 5.9.7.3 Cross Site Scripting (0)
02-21: WordPress Forminator 1.11.2 Remote File Upload (0)
02-21: WordPress Forminator 1.11.2 Cross Site Scripting (0)
02-21: WordPress Jetpack 8.2 Cross Site Scripting (0)
02-21: Easy2Pilot 7 Cross Site Request Forgery (0)
02-21: WordPress Ultimate-Member 2.1.3 Cross Site Scripting (0)
02-21: Core FTP Lite 1.3 Denial Of Service (0)
02-21: WordPress Popup-Builder 3.61.1 Cross Site Scripting (0)
02-21: WordPress Prismatic 2.3 Cross Site Scripting (0)
02-21: WordPress Really-Simple-SSL 3.2.9 Cross Site Scripting (0)
02-21: WordPress TinyMCE-Advanced 5.3.0 Cross Site Scripting (0)
02-21: WordPress WooCommerce 3.9.2 Cross Site Scripting (0)
02-21: XNU ip6_notify_pmtu Remote mbuf Double-Free (0)
02-21: WordPress Wordfence 7.4.6 Cross Site Scripting (0)
02-21: OpenEXR Memory Safety Issues (0)
02-21: WordPress WPForms-Lite 1.5.8.2 Cross Site Scripting (0)
02-21: WordPress Yikes Inc Easy Mailchimp Extender 6.6.2 Cross Site Scripting (0)
02-21: Diamorphine Rootkit Signal Privilege Escalation (0)
02-21: Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write (0)
02-20: http://ccit.go.th (0)
02-20: Virtual Freer 1.58 Remote Command Execution (0)
02-20: SmartClient 120 Information Disclosure / XML Injection / LFI / Code Execution (0)
02-20: Nanometrics Centaur 4.3.23 Memory Leak (0)
02-20: WordPress Contact-Form-7 5.1.6 Cross Site Scripting (0)
02-20: DBPower C300 HD Camera Remote Configuration Disclosure (0)
02-20: [webapps] Easy2Pilot 7 – Cross-Site Request Forgery (Add User) (0)
02-20: [dos] Core FTP Lite 1.3 – Denial of Service (PoC) (0)
02-19: http://nlaradio.senate.go.th/my.ini (0)
02-19: WordPress WP Sitemap Page 1.6.2 Cross Site Scripting (0)
02-19: [webapps] DBPower C300 HD Camera – Remote Configuration Disclosure (0)
02-19: [webapps] Virtual Freer 1.58 – Remote Command Execution (0)
02-18: http://dnprg15.dnp.go.th/007.html (0)
02-18: SOPlanning 1.45 SQL Injection (0)
02-18: SOPlanning 1.45 Cross Site Request Forgery (0)
02-18: Easy File Sharing Web Server 7.2 Unquoted Service Path (0)
02-18: Easy File Management Web Server 5.6 Unquoted Service Path (0)
02-18: HP System Event 1.2.9.0 Unquoted Service Path (0)
02-18: Disk Pulse Enterprise 12.4.18 Unquoted Service Path (0)
02-18: Ice HRM 26.2.0 Cross Site Request Forgery (0)
02-18: DiskBoss Enterprise 11.0.24 Unquoted Service Path (0)
02-18: Easy Chat Server 3.1 Unquoted Service Path (0)
02-18: VX Search Enterprise 12.4.16 Unquoted Service Path (0)
02-18: BOOTP Turbo 2.0.1214 Unquoted Service Path (0)
02-18: DHCP Turbo 4.61298 Unquoted Service Path (0)
02-18: TFTP Turbo 4.6.1273 Unquoted Service Path (0)
02-18: Cuckoo Clock 5.0 Buffer Overflow (0)
02-18: Easy File Sharing Web Server 7.2 Buffer Overflow (0)
02-18: FTPShell Server 6.85 Buffer Overflow (0)
02-18: WordPress Strong Testimonials 2.40.1 Cross Site Scripting (0)
02-18: Avaya Aura Communication Manager 5.2 Remote Code Execution (0)
02-18: Microsoft Windows 10 MSI Privilege Escalation (0)
02-18: LabVantage 8.3 Information Disclosure (0)
02-18: Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak (0)
02-18: WordPress Fruitful 3.8 Cross Site Scripting (0)
02-18: Microsoft Windows Modules Installer Service Information Disclosure (0)
02-18: [webapps] WordPress Plugin WP Sitemap Page 1.6.2 – Persistent Cross-Site Scripting (0)
02-17: [webapps] Wordpress Plugin Strong Testimonials 2.40.1 – Persistent Cross-Site Scripting (0)
02-17: [local] HP System Event 1.2.9.0 – 'HPWMISVC' Unquoted Service Path (0)
02-17: [local] Cuckoo Clock v5.0 – Buffer Overflow (0)
02-17: [webapps] SOPlanning 1.45 – 'users' SQL Injection (0)
02-17: [webapps] Avaya Aura Communication Manager 5.2 – Remote Code Execution (0)
02-17: [local] BOOTP Turbo 2.0.1214 – 'BOOTP Turbo' Unquoted Service Path (0)
02-17: [webapps] SOPlanning 1.45 – Cross-Site Request Forgery (Add User) (0)
02-17: [local] TFTP Turbo 4.6.1273 – 'TFTP Turbo 4' Unquoted Service Path (0)
02-17: [webapps] WordPress Theme Fruitful 3.8 – Persistent Cross-Site Scripting (0)
02-17: [local] DHCP Turbo 4.61298 – 'DHCP Turbo 4' Unquoted Service Path (0)
02-17: [webapps] Ice HRM 26.2.0 – Cross-Site Request Forgery (Add User) (0)
02-17: [local] MSI Packages Symbolic Links Processing – Windows 10 Privilege Escalation (0)
02-17: [webapps] SOPlanning 1.45 – 'by' SQL Injection (0)
02-15: SWAPGS Attack Proof Of Concept (0)
02-15: phpMyChat Plus 1.98 SQL Injection (0)
02-15: HomeGuard Pro 9.3.1 Insecure Folder Permissions (0)
02-15: EPSON EasyMP Network Projection 2.81 Unquoted Service Path (0)
02-15: SprintWork 2.3.1 Local Privilege Escalation (0)
02-14: SweynTooth Bluetooth Exploits (0)
02-14: WordPress Ultimate-Member 2.1.3 Local File Inclusion (0)
02-14: SuiteCRM 7.11.11 Second-Order PHP Object Injection (0)
02-14: SuiteCRM 7.11.11 Phar Deserialization (0)
02-14: Pandora FMS 7.0 Authenticated Remote Code Execution (0)
02-14: SuiteCRM 7.11.11 Bean Manipulation (0)
02-14: OpenTFTP 1.66 Local Privilege Escalation (0)
02-14: SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion (0)
02-14: SuiteCRM 7.11.10 SQL Injection (0)
02-14: macOS / iOS launchd XPC Message Parsing Memory Corruption (0)
02-14: XPC Memory Disclosure / Corruption (0)
02-14: Samsung /dev/tsmux Heap Out-Of-Bounds Write (0)
02-14: Anviz CrossChex Buffer Overflow (0)
02-14: [local] EPSON EasyMP Network Projection 2.81 – 'EMP_NSWLSV' Unquoted Service Path (0)
02-14: [local] HomeGuard Pro 9.3.1 – Insecure Folder Permissions (0)
02-14: [webapps] phpMyChat Plus 1.98 – 'pmc_username' SQL Injection (0)
02-13: WordPress Contact-Form-7 5.1.6 File Upload (0)
02-13: MyVideoConverter Pro 3.14 Buffer Overflow (0)
02-13: WordPress Tutor 1.5.3 Cross Site Scripting (0)
02-13: HP System Event Utility Local Privilege Escalation (0)
02-13: WordPress Wordfence 7.4.5 Local File Disclosure (0)
02-13: WordPress Tutor 1.5.3 Local File Inclusion (0)
02-13: Samsung Kernel PROCA Use-After-Free / Double-Free (0)
02-13: Samsung SEND_FILE_WITH_HEADER Use-After-Free (0)
02-13: [webapps] PANDORAFMS 7.0 – Authenticated Remote Code Execution (0)
02-13: [local] OpenTFTP 1.66 – Local Privilege Escalation (0)
02-13: [webapps] Wordpress Plugin tutor.1.5.3 – Local File Inclusion (0)
02-13: [webapps] Wordpress Plugin tutor.1.5.3 – Persistent Cross-Site Scripting (0)
02-12: Torrent iPod Video Converter 1.51 Stack Overflow (0)
02-12: freeFTPd 1.0.13 Unquoted Service Path (0)
02-12: Disk Sorter Enterprise 12.4.16 Unquoted Service Path (0)
02-12: Disk Savvy Enterprise 12.3.18 Unquoted Service Path (0)
02-12: Sync Breeze Enterprise 12.4.18 Unquoted Service Path (0)
02-12: FreeSSHd 1.3.1 Unquoted Service Path (0)
02-12: CHIYU BF430 TCP IP Converter Cross Site Scripting (0)
02-12: DVD Photo Slideshow Professional 8.07 Buffer Overflow (0)
02-12: Wedding Slideshow Studio 1.36 Buffer Overflow (0)
02-12: OpenSMTPD 6.6.1 Local Privilege Escalation (0)
02-12: Google Chrome PannerHandler::TailTime Heap Use-After-Free (0)
02-12: Google Chrome PasswordFormManager::OnGeneratedPasswordAccepted Heap Buffer Overflow (0)
02-12: [local] HP System Event Utility – Local Privilege Escalation (0)
02-12: [local] MyVideoConverter Pro 3.14 – 'Output Folder' Buffer Overflow (0)
02-12: [local] MyVideoConverter Pro 3.14 – 'Movie' Buffer Overflow (0)
02-12: [local] MyVideoConverter Pro 3.14 – 'TVSeries' Buffer Overflow (0)
02-11: VehicleWorkshop 1.0 SQL Injection (0)
02-11: EyesOfNetwork 5.3 Remote Code Execution (0)
02-11: Dota 2 7.23f Denial Of Service (0)
02-11: PackWeb Formap E-learning 1.0 SQL Injection (0)
02-11: Forcepoint WebSecurity 8.5 Cross Site Scripting (0)
02-11: QuickDate 1.3.2 SQL Injection (0)
02-11: Google Invisible RECAPTCHA 3 Spoof Bypass (0)
02-11: ExpertGPS 6.38 XML Injection (0)
02-11: Wedding Slideshow Studio 1.36 Buffer Overflow (0)
02-11: LearnDash WordPress LMS 3.1.2 Cross Site Scripting (0)
02-11: WordPress InfiniteWP Client Authentication Bypass (0)
02-11: Vanilla Forum 2.6.3 Cross Site Scripting (0)
02-11: [remote] OpenSMTPD 6.4.0 < 6.6.1 – Local Privilege Escalation + Remote Code Execution (0)
02-11: [local] Wedding Slideshow Studio 1.36 – 'Name' Buffer Overflow (0)
02-11: [local] Disk Savvy Enterprise 12.3.18 – Unquoted Service Path (0)
02-11: [webapps] WordPress InfiniteWP – Client Authentication Bypass (Metasploit) (0)
02-11: [local] Disk Sorter Enterprise 12.4.16 – 'Disk Sorter Enterprise' Unquoted Service Path (0)
02-11: [local] Sync Breeze Enterprise 12.4.18 – 'Sync Breeze Enterprise' Unquoted Service Path (0)
02-11: [local] DVD Photo Slideshow Professional 8.07 – 'Name' Buffer Overflow (0)
02-11: [local] FreeSSHd 1.3.1 – 'FreeSSHDService' Unquoted Service Path (0)
02-11: [webapps] Vanilla Forums 2.6.3 – Persistent Cross-Site Scripting (0)
02-11: [local] DVD Photo Slideshow Professional 8.07 – 'Key' Buffer Overflow (0)
02-11: [webapps] CHIYU BF430 TCP IP Converter – Stored Cross-Site Scripting (0)
02-11: [local] freeFTPd v1.0.13 – 'freeFTPdService' Unquoted Service Path (0)
02-11: [local] Torrent iPod Video Converter 1.51 – Stack Overflow (0)
02-10: [webapps] LearnDash WordPress LMS Plugin 3.1.2 – Reflective Cross-Site Scripting (0)
02-10: [webapps] Forcepoint WebSecurity 8.5 – Reflective Cross-Site Scripting (0)
02-10: [local] Wedding Slideshow Studio 1.36 – 'Key' Buffer Overflow (0)
02-08: OpenSMTPD MAIL FROM Remote Code Execution (0)
02-08: D-Link ssdpcgi Unauthenticated Remote Command Execution (0)
02-08: Ricoh Driver Privilege Escalation (0)
02-08: macOS/iOS ImageIO DDS Image Out-Of-Bounds Read (0)
02-08: macOS/iOS kern_stack_snapshot_internal() Userspace Share Issue (0)
02-08: macOS ImageIO JPEG Out-Of-Bounds Write (0)
02-08: libx264 H264 Conversion Out-Of-Bounds Write (0)
02-08: macOS/iOS XNU mk_timer_create_trap() Race Condition (0)
02-08: XNU OUserClient::_sendAsyncResult64() ipc_port Pointer Disclosure (0)
02-08: systemd-machined Incorrect Reference Decrement (0)
02-08: macOS/iOS ImageIO PVR Image Processing Heap Corruption (0)
02-08: macOS/iOS ImageIO PVR Processing Out-Of-Bounds Read (0)
02-08: macOS/iOS IOAccelCommandQueue2::processSegmentKernelCommand() Out-Of-Bounds Timestamp Write (0)
02-08: usersctp sctp_load_addresses_from_init Out-Of-Bounds Read (0)
02-07: ELAN Smart-Pad 11.10.15.1 Unquoted Service Path (0)
02-07: VIM 8.2 Denial Of Service (0)
02-07: AbsoluteTelnet 11.12 Denial Of Service (0)
02-07: TapinRadio 2.12.3 Denial Of Service (0)
02-07: RarmaRadio 2.72.4 Denial Of Service (0)
02-07: Online Job Portal 1.0 SQL Injection (0)
02-07: Online Job Portal 1.0 Code Execution (0)
02-07: Online Job Portal 1.0 Cross Site Request Forgery (0)
02-07: Ecommerce Systempay 1.0 Brute Force (0)
02-07: Cisco Data Center Network Manager 11.2 Remote Code Execution (0)
02-07: Cisco Data Center Network Manager 11.2.1 SQL Injection (0)
02-07: Cisco Data Center Network Manager 11.2.1 Command Injection (0)
02-07: [webapps] QuickDate 1.3.2 – SQL Injection (0)
02-07: [webapps] ExpertGPS 6.38 – XML External Entity Injection (0)
02-07: [local] Windscribe – WindscribeService Named Pipe Privilege Escalation (Metasploit) (0)
02-06: HiSilicon DVR/NVR hi3520d Firmware Backdoor Account (0)
02-06: xglance-bin Local Root Privilege Escalation (0)
02-06: AVideo Platform 8.1 Cross Site Request Forgery (0)
02-06: AVideo Platform 8.1 User Enumeration (0)
02-06: Verodin Director Web Console 3.5.4.0 Password Disclosure (0)
02-06: Kronos WebTA 4.0 Privilege Escalation / Cross Site Scripting (0)
02-06: Socat 1.7.3.4 Heap Overflow (0)
02-06: Wago PFC200 Remote Code Execution (0)
02-06: Windscribe WindscribeService Named Pipe Privilege Escalation (0)
02-06: [dos] AbsoluteTelnet 11.12 – 'license name' Denial of Service (PoC) (0)
02-06: [webapps] Cisco Data Center Network Manager 11.2.1 – 'LanFabricImpl' Command Injection (0)
02-06: [dos] AbsoluteTelnet 11.12 – "license name" Denial of Service (PoC) (0)
02-06: [webapps] Cisco Data Center Network Manager 11.2.1 – 'getVmHostData' SQL Injection (0)
02-06: [webapps] Online Job Portal 1.0 – 'user_email' SQL Injection (0)
02-06: [dos] VIM 8.2 – Denial of Service (PoC) (0)
02-06: [webapps] Cisco Data Center Network Manager 11.2 – Remote Code Execution (0)
02-06: [webapps] Ecommerce Systempay 1.0 – Production KEY Brute Force (0)
02-06: [webapps] Online Job Portal 1.0 – Cross Site Request Forgery (Add User) (0)
02-06: [dos] RarmaRadio 2.72.4 – 'username' Denial of Service (PoC) (0)
02-06: [dos] RarmaRadio 2.72.4 – 'server' Denial of Service (PoC) (0)
02-06: [webapps] Online Job Portal 1.0 – Remote Code Execution (0)
02-06: [dos] TapinRadio 2.12.3 – 'username' Denial of Service (PoC) (0)
02-06: [dos] AbsoluteTelnet 11.12 – 'SSH2/username' Denial of Service (PoC) (0)
02-06: [dos] TapinRadio 2.12.3 – 'address' Denial of Service (PoC) (0)
02-06: [local] ELAN Smart-Pad 11.10.15.1 – 'ETDService' Unquoted Service Path (0)
02-05: Sudo 1.8.25p Buffer Overflow (0)
02-05: F-Secure Internet Gatekeeper 5.40 Heap Overflow (0)
02-05: SMB DOUBLEPULSAR Remote Code Execution (0)
02-05: RDP DOUBLEPULSAR Remote Code Execution (0)
02-05: Centreon 19.10.5 Pollers Remote Command Execution (0)
02-05: [remote] HiSilicon DVR/NVR hi3520d firmware – Remote Backdoor Account (0)
02-05: [webapps] Verodin Director Web Console 3.5.4.0 – Remote Authenticated Password Disclosure (PoC) (0)
02-05: [webapps] Kronos WebTA 4.0 – Authenticated Remote Privilege Escalation (0)
02-05: [local] xglance-bin 11.00 – Privilege Escalation (0)
02-05: [webapps] Wago PFC200 – Authenticated Remote Code Execution (Metasploit) (0)
02-05: [local] Socat 1.7.3.4 – Heap-Based Overflow (PoC) (0)
02-05: [webapps] AVideo Platform 8.1 – Cross Site Request Forgery (Password Reset) (0)
02-05: [webapps] AVideo Platform 8.1 – Information Disclosure (User Enumeration) (0)
02-04: BearFTP 0.1.0 Denial Of Service (0)
02-04: Jira 8.3.4 Information Disclosure (0)
02-04: Packet Storm New Exploits For January, 2020 (0)
02-04: phpList 3.5.0 Authentication Bypass (0)
02-04: School ERP System 1.0 Cross Site Request Forgery (0)
02-04: P2PWIFICAM2 For iOS 10.4.1 Denial Of Service (0)
02-04: Schneider Electric U.Motion Builder 1.3.4 Command Injection (0)
02-04: [local] Sudo 1.8.25p – Buffer Overflow (0)
02-04: [webapps] Centreon 19.10.5 – 'Pollers' Remote Command Execution (Metasploit) (0)
02-03: [dos] P2PWIFICAM2 for iOS 10.4.1 – 'Camera ID' Denial of Service (PoC) (0)
02-03: [webapps] Schneider Electric U.Motion Builder 1.3.4 – Authenticated Command Injection (0)
02-03: [webapps] ira 8.3.4 – Information Disclosure (Username Enumeration) (0)
02-03: [webapps] phpList 3.5.0 – Authentication Bypass (0)
02-03: [dos] BearFTP 0.1.0 – 'PASV' Denial of Service (0)
02-03: [webapps] IceWarp WebMail 11.4.4.1 – Reflective Cross-Site Scripting (0)
02-03: [webapps] School ERP System 1.0 – Cross Site Request Forgery (Add Admin) (0)
02-01: Lotus Core CMS 1.0.1 Local File Inclusion (0)
02-01: FlexNet Publisher 11.12.1 Cross Site Request Forgery (0)
02-01: Intel Processor Identification Utility 6.0.0211 Privilege Escalation (0)
02-01: http://psschool.obec.go.th/007.html (0)

January 2020 (291)

01-31: XMLBlueprint 16.191112 XML Injection (0)
01-31: Centreon 19.10.5 Remote Command Execution (0)
01-31: Cups Easy 1.0 Cross Site Request Forgery (0)
01-31: Centreon 19.10.5 Remote Command Execution (0)
01-31: OpenSMTPD 6.6.2 Remote Code Execution (0)
01-31: rConfig 3.9.3 Remote Code Execution (0)
01-31: TrendMicro Anti-Threat Toolkit Improper Fix (0)
01-31: [webapps] Lotus Core CMS 1.0.1 – Local File Inclusion (0)
01-30: Apple Security Advisory 2020-1-29-2 (0)
01-30: Apple Security Advisory 2020-1-29-1 (0)
01-30: Apple Security Advisory 2020-1-28-6 (0)
01-30: Apple Security Advisory 2020-1-28-5 (0)
01-30: Apple Security Advisory 2020-1-28-3 (0)
01-30: Apple Security Advisory 2020-1-28-4 (0)
01-30: Apple Security Advisory 2020-1-28-2 (0)
01-30: Apple Security Advisory 2020-1-28-1 (0)
01-30: Fifthplay S.A.M.I Cross Site Request Forgery / Cross Site Scripting (0)
01-30: OpenBSD OpenSMTPD Privilege Escalation / Code Execution (0)
01-30: [webapps] rConfig 3.9.3 – Authenticated Remote Code Execution (0)
01-30: [remote] OpenSMTPD 6.6.2 – Remote Code Execution (0)
01-29: Torrent 3GP Converter 1.51 Stack Overflow (0)
01-29: SolarWinds n-Central Dumpster Diver (0)
01-29: FusionAuth 1.10 Remote Command Execution (0)
01-29: IceWarp WebMail 11.4.4.1 Cross Site Scripting (0)
01-29: macOS / iOS ImageIO Heap Corruption (0)
01-29: Adive Framework 2.0.8 Cross Site Request Forgery (0)
01-29: Centreon 19.10.5 Credential Disclosure (0)
01-29: Centreon 19.10.5 Remote Command Execution (0)
01-29: Octeth Oempro 4.8 SQL Injection (0)
01-29: [webapps] Centreon 19.10.5 – 'Pollers' Remote Command Execution (0)
01-29: [webapps] Satellian 1.12 – Remote Code Execution (0)
01-29: [local] Microsoft Windows 10 – Theme API 'ThemePack' File Parsing (0)
01-29: [webapps] Cups Easy 1.0 – Cross Site Request Forgery (Password Reset) (0)
01-29: [local] XMLBlueprint 16.191112 – XML External Entity Injection (0)
01-29: [webapps] Liferay CE Portal 6.0.2 – Remote Command Execution (0)
01-29: [webapps] Kibana 6.6.1 – CSV Injection (0)
01-28: [dos] macOS/iOS ImageIO – Heap Corruption when Processing Malformed TIFF Image (0)
01-28: [webapps] Centreon 19.10.5 – Database Credentials Disclosure (0)
01-28: [webapps] Octeth Oempro 4.8 – 'CampaignID' SQL Injection (0)
01-28: [webapps] Adive Framework 2.0.8 – Cross-Site Request Forgery (Change Admin Password) (0)
01-28: [webapps] Centreon 19.10.5 – Remote Command Execution (0)
01-27: [local] Torrent 3GP Converter 1.51 – Stack Overflow (SEH) (0)
01-26: Ricoh Printer Driver Local Privilege Escalation (0)
01-26: Realtek SDK Information Disclosure / Code Execution (0)
01-25: Genexis Platinum-4410 2.1 Authentication Bypass (0)
01-25: TP-Link TP-SG105E 1.0.0 Unauthenticated Remote Reboot (0)
01-25: Webtareas 2.0 SQL Injection (0)
01-25: OLK Web Store 2020 Cross Site Request Forgery (0)
01-24: http://bamras.ddc.moph.go.th/Ali.txt (0)
01-24: http://special.obec.go.th/by_agent.php (0)
01-24: http://www.dsd.go.th/0.html (0)
01-24: BOOTP Turbo 2.0 Denial Of Service (0)
01-24: Pachev FTP Server 1.0 Path Traversal (0)
01-24: Umbraco CMS 8.2.2 Cross Site Request Forgery (0)
01-24: qdPM 9.1 Remote Code Execution (0)
01-24: [webapps] Genexis Platinum-4410 2.1 – Authentication Bypass (0)
01-24: [webapps] OLK Web Store 2020 – Cross-Site Request Forgery (0)
01-24: [webapps] Webtareas 2.0 – 'id' SQL Injection (0)
01-24: [webapps] TP-Link TP-SG105E 1.0.0 – Unauthenticated Remote Reboot (0)
01-23: Microsoft Windows Media Center .wmv Security Bypass / Code Execution (0)
01-23: ManageEngine Network Configuration Manager 12.2 SQL Injection (0)
01-23: Microsoft Windows Theme API File Parsing (0)
01-23: Park Ticketing Management System 1.0 Cross Site Scripting (0)
01-23: SolarWindows MSP n-Central Information Disclosure (0)
01-23: ECTouch ECShop 2.7.3 SQL Injection (0)
01-23: KeePass 2.44 Denial Of Service (0)
01-23: XNU vm_map_copy Insufficient Fix (0)
01-23: Citrix XenMobile Server 10.8 XML Injection (0)
01-23: Employee Leaves Management System 2.0 Cross Site Request Forgery (0)
01-23: ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting (0)
01-23: Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation (0)
01-23: D-Link DIR-859 Unauthenticated Remote Command Execution (0)
01-23: [remote] Pachev FTP Server 1.0 – Path Traversal (0)
01-23: [webapps] qdPM 9.1 – Remote Code Execution (0)
01-23: [dos] BOOTP Turbo 2.0 – Denial of Service (SEH)(PoC) (0)
01-22: Microsoft Zero Day Actively Exploited, Patch Forthcoming (0)
01-22: WordPress WP Fanzone 3.1 SQL Injection (0)
01-22: Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption (0)
01-22: [dos] KeePass 2.44 – Denial of Service (PoC) (0)
01-22: [webapps] Citrix XenMobile Server 10.8 – XML External Entity Injection (0)
01-21: Hospital Management System 4.0 Cross Site Scripting (0)
01-21: Easy XML Editor 1.7.8 XML Injection (0)
01-21: Advie Framework 2.0.8 Cross Site Scripting (0)
01-21: Sysax Multi Server 5.50 Denial Of Service (0)
01-21: Centreon 19.04 Remote Code Execution (0)
01-21: [local] NEOWISE CARBONFTP 1.4 – Weak Password Encryption (0)
01-21: [webapps] ManageEngine Network Configuration Manager 12.2 – 'apiKey' SQL Injection (0)
01-20: [webapps] Centreon 19.04 – Authenticated Remote Code Execution (Metasploit) (0)
01-20: [dos] Sysax Multi Server 5.50 – Denial of Service (PoC) (0)
01-20: [webapps] Adive Framework 2.0.8 – Persistent Cross-Site Scripting (0)
01-20: [local] Easy XML Editor 1.7.8 – XML External Entity Injection (0)
01-19: Microsoft .diagcab Directory Traversal / Code Execution (0)
01-18: APKF Product Key Finder 2.5.8.0 Denial Of Service (0)
01-18: Torrent FLV Converter 1.51 Build 117 Stack Overflow (0)
01-18: WordPress InfiniteWP Client 1.9.4.5 Authentication Bypass (0)
01-18: GTalk Password Finder 2.2.1 Denial Of Service (0)
01-18: WordPress Time Capsule 1.21.16 Authentication Bypass (0)
01-18: Solaris xlock Information Disclosure (0)
01-18: Common Desktop Environment 2.3.1 Buffer Overflow (0)
01-18: Trend Micro Security 2019 Security Bypass Protected Service Tampering (0)
01-18: Trend Micro Security (Consumer) Arbitrary Code Execution (0)
01-17: WordPress Postie 1.9.40 Cross Site Scripting (0)
01-17: SunOS 5.10 Generic_147148-26 Local Privilege Escalation (0)
01-17: Online Book Store 1.0 Arbitrary File Upload (0)
01-17: Tautulli 2.1.9 Denial Of Service (0)
01-17: CurveBall Microsoft Windows CryptoAPI Spoofing Proof Of Concept (0)
01-17: CurveBall Microsoft Windows CryptoAPI Spoofing Proof Of Concept (0)
01-17: Jenkins Gitlab Hook 1.4.2 Cross Site Scripting (0)
01-17: Citrix ADC / Gateway Path Traversal (0)
01-17: WordPress Resim ara 1.0 Cross Site Scripting (0)
01-17: [local] Trend Micro Maximum Security 2019 – Privilege Escalation (0)
01-17: [dos] GTalk Password Finder 2.2.1 – 'Key' Denial of Service (PoC) (0)
01-17: [webapps] Wordpress Time Capsule Plugin 1.21.16 – Authentication Bypass (0)
01-17: [local] Trend Micro Maximum Security 2019 – Arbitrary Code Execution (0)
01-17: [webapps] Wordpress Plugin InfiniteWP Client 1.9.4.5 – Authentication Bypass (0)
01-17: [dos] APKF Product Key Finder 2.5.8.0 – 'Name' Denial of Service (PoC) (0)
01-17: [local] Torrent FLV Converter 1.51 Build 117 – Stack Oveflow (SEH partial overwrite) (0)
01-16: The NSA Has Discovered A Major Flaw In Windows 10 (0)
01-16: Plantronics Hub SpokesUpdateService Privilege Escalation (0)
01-16: Online Book Store 1.0 SQL Injection (0)
01-16: Huawei HG255 Directory Traversal (0)
01-16: [webapps] WordPress Plugin Postie 1.9.40 – Persistent Cross-Site Scripting (0)
01-16: [webapps] Rukovoditel Project Management CRM 2.5.2 – 'entities_id' SQL Injection (0)
01-16: [webapps] Citrix Application Delivery Controller (ADC) and Gateway 13.0 – Path Traversal (0)
01-16: [webapps] Tautulli 2.1.9 – Denial of Service ( Metasploit ) (0)
01-16: [webapps] Jenkins Gitlab Hook Plugin 1.4.2 – Reflected Cross-Site Scripting (0)
01-16: [webapps] Online Book Store 1.0 – Arbitrary File Upload (0)
01-16: [local] SunOS 5.10 Generic_147148-26 – Local Privilege Escalation (0)
01-16: [webapps] Rukovoditel Project Management CRM 2.5.2 – 'reports_id' SQL Injection (0)
01-15: Citrix Application Delivery Controller / Gateway Remote Code Execution (0)
01-15: Citrix Application Delivery Controller / Gateway Remote Code Execution / Traversal (0)
01-15: Top Password Firefox Password Recovery 2.8 Denial Of Service (0)
01-15: Top Password Software Dialup Password Recovery 1.30 Denial Of Service (0)
01-15: Allok Video Converter 4.6.1217 Stack Overflow (0)
01-15: Allok RM RMVB To AVI MPEG DVD Converter 3.6.1217 Stack Overflow (0)
01-15: Chevereto 3.13.4 Core Remote Code Execution (0)
01-15: SpotDialup 1.6.7 Denial Of Service (0)
01-15: SpotOutlook 1.2.6 Denial Of Service (0)
01-15: Advanced System Repair Pro 1.9.1.7 Insecure File Permissions (0)
01-15: TaskCanvas 1.4.0 Denial Of Service (0)
01-15: Freelancy 1.0.0 Remote Code Execution (0)
01-15: Car Rental Project 1.0 Remote Code Execution (0)
01-15: Digi AnywhereUSB 14 Cross Site Scripting (0)
01-15: Hospital Management System 4.0 Cross Site Scripting (0)
01-15: Citrix Application Delivery Controller / Gateway 10.5 Remote Code Execution (0)
01-15: VPN Unlimited 6.1 Unquoted Service Path (0)
01-15: IBM RICOH InfoPrint 6500 Printer HTML Injection (0)
01-15: WordPress 5.3 Denial Of Service (0)
01-15: Sagemcom Fast 3890 Remote Code Execution (0)
01-15: Redir 3.3 Denial Of Service (0)
01-15: IBM RICOH 6400 Printer HTML Injection (0)
01-15: Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution (0)
01-15: Barco WePresent file_transfer.cgi Command Injection (0)
01-15: [webapps] Huawei HG255 – Directory Traversal ( Metasploit ) (0)
01-15: [webapps] Online Book Store 1.0 – 'bookisbn' SQL Injection (0)
01-14: [dos] WeChat – Memory Corruption in CAudioJBM::InputAudioFrameToJBM (0)
01-14: [dos] Redir 3.3 – Denial of Service (PoC) (0)
01-14: [webapps] IBM RICOH InfoPrint 6500 Printer – HTML Injection (0)
01-14: [webapps] IBM RICOH 6400 Printer – HTML Injection (0)
01-14: [local] VPN unlimited 6.1 – Unquoted Service Path (0)
01-13: [local] Allok Video Converter 4.6.1217 – Stack Overflow (SEH) (0)
01-13: [dos] SpotOutlook 1.2.6 – 'Name' Denial of Service (PoC) (0)
01-13: [local] Advanced System Repair Pro 1.9.1.7 – Insecure File Permissions (0)
01-13: [dos] SpotDialup 1.6.7 – 'Name' Denial of Service (PoC) (0)
01-13: [dos] Top Password Software Dialup Password Recovery 1.30 – Denial of Service (PoC) (0)
01-13: [webapps] Chevereto 3.13.4 Core – Remote Code Execution (0)
01-12: TotalAV 2020 4.14.31 Privilege Escalation (0)
01-12: Pandora 7.0NG Remote Code Execution (0)
01-12: PixelStor 5000 K:4.0.1580-20150629 Remote Code Execution (0)
01-12: ASTPP 4.0.1 Database Disclosure (0)
01-12: WeChat CAudioJBM::InputAudioFrameToJBM Memory Corruption (0)
01-12: Android ashmem Read-Only Bypasses (0)
01-11: [webapps] Citrix Application Delivery Controller and Citrix Gateway – Remote Code Execution (0)
01-11: [webapps] Citrix Application Delivery Controller and Citrix Gateway – Remote Code Execution (PoC) (0)
01-10: https://www.huaikrachaohospital.go.th/0day.html (0)
01-10: [webapps] ASTPP 4.0.1 VoIP Billing – Database Backup Download (0)
01-10: [webapps] Pandora 7.0NG – Remote Code Execution (0)
01-10: [local] TotalAV 2020 4.14.31 – Privilege Escalation (0)
01-10: [webapps] PixelStor 5000 K:4.0.1580-20150629 – Remote Code Execution (0)
01-09: Cisco DCNM JBoss 10.4 Credential Leakage (0)
01-09: Sony Playstation 4 Webkit Code Execution (0)
01-09: Django Account Hijack (0)
01-09: Tomcat 9.0.0.M1 Sandbox Escape (0)
01-09: JetBrains TeamCity 2018.2.4 Remote Code Execution (0)
01-09: Codoforum 4.8.3 Cross Site Scripting (0)
01-09: EBBISLAND EBBSHAVE 6100-09-04-1441 Remote Buffer Overflow (0)
01-09: ASTPP VoIP 4.0.1 Remote Code Execution (0)
01-09: Online Book Store 1.0 Remote Code Execution (0)
01-09: ZIP Password Recovery 2.30 Denial Of Service (0)
01-09: Oracle Weblogic 10.3.6.0.0 Remote Command Execution (0)
01-09: MSN Password Recovery 1.30 XML Injection (0)
01-09: Firefox Gets Patch For Critical 0-Day That's Being Actively Exploited (0)
01-09: [local] MSN Password Recovery 1.30 – XML External Entity Injection (0)
01-09: [dos] ZIP Password Recovery 2.30 – 'ZIP File' Denial of Service (PoC) (0)
01-09: [webapps] Oracle Weblogic 10.3.6.0.0 – Remote Command Execution (0)
01-08: AnyDesk 5.4.0 Unquoted Service Path (0)
01-08: Complaint Management System 4.0 Remote Code Execution (0)
01-08: piSignage 2.6.4 Directory Traversal (0)
01-08: Dairy Farm Shop Management System 1.0 SQL Injection (0)
01-08: Dairy Farm Shop Management System 1.0 Cross Site Scripting (0)
01-08: Job Portal 1.0 Shell Upload (0)
01-08: Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key (0)
01-08: http://server91.labour.go.th/kurd.html (0)
01-08: [webapps] Tomcat proprietaryEvaluate 9.0.0.M1 – Sandbox Escape (0)
01-08: [remote] JetBrains TeamCity 2018.2.4 – Remote Code Execution (0)
01-08: [remote] ASTPP VoIP 4.0.1 – Remote Code Execution (0)
01-08: [remote] EBBISLAND EBBSHAVE 6100-09-04-1441 – Remote Buffer Overflow (0)
01-08: [webapps] Online Book Store 1.0 – Unauthenticated Remote Code Execution (0)
01-08: [remote] Cisco DCNM JBoss 10.4 – Credential Leakage (0)
01-08: [webapps] Codoforum 4.8.3 – 'input_txt' Persistent Cross-Site Scripting (0)
01-07: Adaware Web Companion 4.9.2159 WCAssistantService Unquoted Service Path (0)
01-07: Duplicate Cleaner Pro 4 Denial Of Service (0)
01-07: Voyager 1.3.0 Directory Traversal (0)
01-07: SpotFTP FTP Password Recovery 3.0.0.0 Denial Of Service (0)
01-07: Office Product Key Finder 1.5.4 Denial Of Service (0)
01-07: NBMonitor 1.6.6.0 Denial Of Service (0)
01-07: RemShutdown 2.9.0.0 Denial Of Service (0)
01-07: Backup Key Recovery 2.2.5 Denial Of Service (0)
01-07: TextCrawler Pro 3.1.1 Denial Of Service (0)
01-07: Hostel Management System 2.0 SQL Injection (0)
01-07: Dairy Farm Shop Management System 1.0 SQL Injection (0)
01-07: Complaint Management System 4.0 SQL Injection (0)
01-07: IBM RICOH Infoprint 1532 Printer Cross Site Scripting (0)
01-07: ERPNext 11.1.47 Cross Site Scripting (0)
01-07: [webapps] Complaint Management System 4.0 – Remote Code Execution (0)
01-07: [webapps] piSignage 2.6.4 – Directory Traversal (0)
01-07: [local] AnyDesk 5.4.0 – Unquoted Service Path (0)
01-07: [webapps] Job Portal 1.0 – Remote Code Execution (0)
01-06: [dos] BlueAuditor 1.7.2.0 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] Dnss Domain Name Search Software – 'Key' Denial of Service (PoC) (0)
01-06: [dos] SpotIE 2.9.5 – 'Key' Denial of Service (PoC) (0)
01-06: [webapps] Hostel Management System 2.0 – 'id' SQL Injection (0)
01-06: [local] Adaware Web Companion 4.9.2159 – 'WCAssistantService' Unquoted Service Path (0)
01-06: [dos] NetworkSleuth 3.0.0.0 – 'Key' Denial of Service (PoC) (0)
01-06: [webapps] IBM RICOH Infoprint 1532 Printer – Persistent Cross-Site Scripting (0)
01-06: [webapps] Subrion CMS 4.0.5 – Cross-Site Request Forgery (Add Admin) (0)
01-06: [webapps] Complaint Management System 4.0 – 'cid' SQL injection (0)
01-06: [dos] NetShareWatcher 1.5.8.0 – 'Name' Denial Of Service (0)
01-06: [dos] SpotIM 2.2 – 'Name' Denial Of Service (0)
01-06: [webapps] Dairy Farm Shop Management System 1.0 – 'username' SQL Injection (0)
01-06: [dos] FTPGetter Professional 5.97.0.223 – Denial of Service (PoC) (0)
01-06: [webapps] elaniin CMS 1.0 – Authentication Bypass (0)
01-06: [dos] ShareAlarmPro Advanced Network Access Control – 'Key' Denial of Service (PoC) (0)
01-06: [dos] SpotMSN 2.4.6 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] SpotFTP FTP Password Recovery 3.0.0.0 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] Office Product Key Finder 1.5.4 – Denial of Service (PoC) (0)
01-06: [dos] RemShutdown 2.9.0.0 – 'Name' Denial of Service (PoC) (0)
01-06: [dos] NBMonitor 1.6.6.0 – 'Key' Denial of Service (PoC) (0)
01-06: [dos] RemShutdown 2.9.0.0 – 'Key' Denial of Service (PoC) (0)
01-06: [dos] Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 – 'Key' Denial of Service (PoC) (0)
01-06: [dos] Dnss Domain Name Search Software – 'Name' Denial of Service (PoC) (0)
01-06: [dos] TextCrawler Pro3.1.1 – Denial of Service (PoC) (0)
01-06: [dos] NetShareWatcher 1.5.8.0 – 'Key' Denial of Service (PoC) (0)
01-05: Microsoft Windows VCF Denial Of Service (0)
01-05: http://www.wanyai.go.th (0)
01-04: MSN Password Recovery 1.30 Denial Of Service (0)
01-04: Hospital Management System 4.0 searchdata SQL Injection (0)
01-04: Mozilla Firefox Denial Of Service (0)
01-04: AppLocker Policy Bypass (0)
01-04: Hospital Management System 4.0 Cross Site Scripting (0)
01-04: CTFd 2.1.5 Administrator Account Takeover (0)
01-04: OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control (0)
01-04: Online Course Registration 2.0 Remote Code Execution (0)
01-04: IceWarp 12.2.0 / 12.1.x Cross Site Scripting (0)
01-04: Karakuzu ERP Management Web 5.7.0 SQL Injection (0)
01-04: Plantronics Hub 3.13.2 Local Privilege Escalation (0)
01-04: IceWarp 12.2.0 / 12.1.x Cross Site Scripting (0)
01-04: http://doa.go.th/readme.htm (0)
01-04: https://pbhospital.go.th (0)
01-03: [local] Plantronics Hub 3.13.2 – Local Privilege Escalation (0)
01-03: [webapps] Karakuzu ERP Management Web 5.7.0 – 'k_adi_duz' SQL Injection (0)
01-03: [webapps] Online Course Registration 2.0 – Remote Code Execution (0)
01-02: NextVPN 4.10 Insecure File Permissions (0)
01-02: WordPress Ultimate Addons For Beaver Builder 1.2.4.1 Authentication Bypass (0)
01-02: nostromo 1.9.6 Remote Code Execution (0)
01-02: Shopping Portal ProVersion 3.0 SQL Injection (0)
01-02: IBM InfoPrint 4247-Z03 Impact Matrix Printer Directory Traversal (0)
01-02: Hospital Management System 4.0 SQL Injection (0)
01-02: Microsoft Windows .Group File URL Field Code Execution (0)
01-02: Packet Storm New Exploits For December, 2019 (0)
01-02: Packet Storm New Exploits For 2019 (0)
01-02: [webapps] BloodX 1.0 – Authentication Bypass (0)
01-02: [webapps] Hospital Management System 4.0 – Persistent Cross-Site Scripting (0)
01-02: [webapps] Hospital Management System 4.0 – 'searchdata' SQL Injection (0)
01-02: [dos] MSN Password Recovery 1.30 – Denial of Service (PoC) (0)
01-01: http://www.abtbankuan.go.th/krd.html (0)
01-01: [local] Microsoft Windows .Group File – Code Execution (0)
01-01: [remote] nostromo 1.9.6 – Remote Code Execution (0)
01-01: [webapps] Hospital Management System 4.0 – Authentication Bypass (0)
01-01: [webapps] Shopping Portal ProVersion 3.0 – Authentication Bypass (0)
01-01: [webapps] IBM InfoPrint 4247-Z03 Impact Matrix Printer – Directory Traversal (0)

December 2019 (222)

12-31: AVS Audio Converter 9.1.2.600 Stack Overflow (0)
12-31: FTP Navigator 8.03 Stack Overflow (0)
12-31: Cera Intranet Community Theme 1.0.1 SQL Injection (0)
12-31: elearning-script 1.0 SQL Injection (0)
12-31: Wave 2.0 SQL Injection (0)
12-31: RICOH SP 4510SF Printer HTML Injection (0)
12-31: Wing FTP Server 6.0.7 Unquoted Service Path (0)
12-31: Heatmiser Netmonitor 3.03 Hardcoded Credentials (0)
12-31: WEMS Enterprise Manager 2.58 Cross Site Scripting (0)
12-31: WEMS BEMS 21.3.1 Undocumented Backdoor Account (0)
12-31: HomeAutomation 3.3.2 Cross Site Scripting (0)
12-31: MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Information Disclosure (0)
12-31: FreeBSD mqueuefs Privilege Escalation (0)
12-31: HomeAutomation 3.3.2 Authentication Bypass (0)
12-31: FreeBSD fd Privilege Escalation (0)
12-31: HomeAutomation 3.3.2 Cross Site Request Forgery (0)
12-31: HomeAutomation 3.3.2 CSRF / Code Execution (0)
12-31: HomeAutomation 3.3.2 Open Redirect (0)
12-31: Thrive Smart Home 1.1 Cross Site Scripting (0)
12-31: Thrive Smart Home 1.1 SQL Injection (0)
12-31: [local] NextVPN v4.10 – Insecure File Permissions (0)
12-31: [webapps] Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 – Authentication Bypass (0)
12-30: [local] AVS Audio Converter 9.1.2.600 – Stack Overflow (PoC) (0)
12-30: [webapps] HomeAutomation 3.3.2 – Cross-Site Request Forgery (Add Admin) (0)
12-30: [webapps] HomeAutomation 3.3.2 – Authentication Bypass (0)
12-30: [webapps] HomeAutomation 3.3.2 – Persistent Cross-Site Scripting (0)
12-30: [local] Reptile Rootkit – reptile_cmd Privilege Escalation (Metasploit) (0)
12-30: [local] Microsoft UPnP – Local Privilege Elevation (Metasploit) (0)
12-30: [local] OpenBSD – Dynamic Loader chpass Privilege Escalation (Metasploit) (0)
12-30: [webapps] HomeAutomation 3.3.2 – Remote Code Execution (0)
12-28: AVE DOMINAplus 1.10.x Cross Site Request Forgery / Cross Site Scripting (0)
12-28: AVE DOMINAplus 1.10.x Unauthenticated Remote Reboot (0)
12-28: AVE DOMINAplus 1.10.x Authentication Bypass (0)
12-28: AVE DOMINAplus 1.10.x Credential Disclosure (0)
12-28: OpenBSD Dynamic Loader chpass Privilege Escalation (0)
12-27: http://www.reo15.moe.go.th/web/ (0)
12-25: Prime95 29.8 Build 6 Buffer Overflow (0)
12-24: Microsoft Windows 10 BasicRender.sys Denial Of Service (0)
12-24: phpMyChat-Plus 1.98 Cross Site Scripting (0)
12-24: FreeSWITCH 1.10.1 Command Execution (0)
12-24: vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation (0)
12-24: Reptile Rootkit reptile_cmd Privilege Escalation (0)
12-23: http://sanpong.go.th (0)
12-23: http://sanpayang.go.th (0)
12-23: [local] Prime95 Version 29.8 build 6 – Buffer Overflow (SEH) (0)
12-21: FaceTime _RSU_DecodeByteBuffer Out-Of-Bounds Read (0)
12-20: FTP Navigator 8.03 Denial Of Service (0)
12-20: Deutsche Bahn Ticket Vending Machine Privilege Escalation (0)
12-20: [remote] FreeSWITCH 1.10.1 – Command Execution (0)
12-20: [webapps] phpMyChat-Plus 1.98 – 'pmc_username' Reflected Cross-Site Scripting (0)
12-20: [dos] Microsoft Windows 10 BasicRender.sys – Denial of Service (PoC) (0)
12-19: XnView 2.49.1 Denial Of Service (0)
12-19: AVS Audio Converter 9.1 Buffer Overflow (0)
12-19: Rumpus FTP Web File Manager 8.2.9.1 Cross Site Scripting (0)
12-19: Telerik UI Remote Code Execution (0)
12-19: macOS Kernel wait_for_namespace_event() Race Condition / Use-After-Free (0)
12-19: Microsoft UPnP Local Privilege Elevation (0)
12-19: [dos] FTP Navigator 8.03 – 'Custom Command' Denial of Service (SEH) (0)
12-19: [webapps] Deutsche Bahn Ticket Vending Machine Local Kiosk – Privilege Escalation (0)
12-18: Metasploit Sample Linux Privilege Escalation Exploit (0)
12-18: Metasploit Sample Webapp Exploit (0)
12-18: OpenMRS Java Deserialization Remote Code Execution (0)
12-18: Zendesk SweetHawk Survey 1.6 Cross Site Scripting (0)
12-18: NopCommerce 4.2.0 Privilege Escalation (0)
12-18: Xerox AltaLink C8035 Printer Cross Site Request Forgery (0)
12-18: Tautulli 2.1.9 Cross Site Request Forgery (0)
12-18: Serv-U FTP Server 15.1.7 Cross Site Scripting (0)
12-18: Netgear R6400 Remote Code Execution (0)
12-18: [webapps] Telerik UI – Remote Code Execution via Insecure Deserialization (0)
12-18: [remote] OpenMRS – Java Deserialization RCE (Metasploit) (0)
12-18: [dos] macOS 10.14.6 (18G87) – Kernel Use-After-Free due to Race Condition in wait_for_namespace_event() (0)
12-18: [webapps] Rumpus FTP Web File Manager 8.2.9.1 – Reflected Cross-Site Scripting (0)
12-18: [local] AVS Audio Converter 9.1 – 'Exit folder' Buffer Overflow (0)
12-18: [webapps] Xerox AltaLink C8035 Printer – Cross-Site Request Forgery (Add Admin) (0)
12-18: [webapps] Tautulli 2.1.9 – Cross-Site Request Forgery (ShutDown) (0)
12-17: http://necsystem.dip.go.th/index.html (0)
12-17: http://angelfund.dip.go.th/index.html (0)
12-17: Squiz Matrix CMS 5.5.x.x Code Execution / Information Disclosure (0)
12-17: D-Link DIR-615 Privilege Escalation (0)
12-17: Linux sendmsg() Privilege Escalation (0)
12-17: Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting (0)
12-17: Serv-U FTP Server 15.1.7 CSV Injection (0)
12-17: Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure (0)
12-17: Microsoft Teams Instant Messenger DLL Hijacking (0)
12-17: Bash Profile Persistence (0)
12-17: Apple Security Advisory 2019-12-10-1 (0)
12-17: [webapps] NopCommerce 4.2.0 – Privilege Escalation (0)
12-17: [webapps] Netgear R6400 – Remote Code Execution (0)
12-17: [webapps] Zendesk App SweetHawk Survey 1.6 – Persistent Cross-Site Scripting (0)
12-16: https://www.sme.go.th/readme.htm (0)
12-16: [webapps] Roxy Fileman 1.4.5 – Directory Traversal (0)
12-16: [webapps] D-Link DIR-615 Wireless Router – Persistent Cross-Site Scripting (0)
12-16: [local] Linux 5.3 – Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds (0)
12-16: [webapps] D-Link DIR-615 – Privilege Escalation (0)
12-15: Apple iOS v13.x Webkit VCF – Denial of Service Vulnerability (0)
12-15: DB Ticket Vending Machine WinXP – Privilege Escalation (0)
12-15: Apple iOS v13.x (AirDrop) – (AirDoS) Denial of Service PoC (0)
12-14: NVMS-1000 Directory Traversal (0)
12-14: FTP Commander Pro 8.03 Local Stack Overflow (0)
12-14: Roxy Fileman 1.4.5 For .NET Directory Traversal (0)
12-13: Bullwark Momentum Series JAWS 1.0 Directory Traversal (0)
12-13: OpenNetAdmin 18.1.1 Command Injection (0)
12-13: Qualys Security Advisory – OpenBSD Dynamic Loader Privilege Escalation (0)
12-13: Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing (0)
12-13: http://bangnampriao.chachoengsao.doae.go.th (0)
12-13: http://angthong.nfe.go.th/kurd.html (0)
12-13: http://dop.go.th/kurd.html (0)
12-13: [local] FTP Commander Pro 8.03 – Local Stack Overflow (0)
12-13: [webapps] NVMS 1000 – Directory Traversal (0)
12-12: http://pon.go.th/kurd.html (0)
12-12: http://suksamran.go.th/kurd.html (0)
12-12: http://tumbonnontan.go.th/kurd.html (0)
12-12: http://www.samutsakhon.doae.go.th/krd.html (0)
12-12: http://www.nakhonphanom.doae.go.th/krd.html (0)
12-12: http://www.chachoengsao.doae.go.th/krd.html (0)
12-12: Lenovo Power Management Driver Buffer Overflow (0)
12-12: Product Key Explorer 4.2.0.0 Name Denial Of Service (0)
12-12: AppXSvc 17763 Arbitrary File Overwrite (0)
12-12: Adobe Acrobat Reader DC For Windows Memory Corruption (0)
12-12: Product Key Explorer 4.2.0.0 Key Denial Of Service (0)
12-12: Apple Security Advisory 2019-12-10-7 (0)
12-12: Apple Security Advisory 2019-12-10-8 (0)
12-12: Apple Security Advisory 2019-12-10-6 (0)
12-12: Apple Security Advisory 2019-12-10-5 (0)
12-12: Apple Security Advisory 2019-12-10-2 (0)
12-12: Apple Security Advisory 2019-12-10-3 (0)
12-12: Apple Security Advisory 2019-12-10-4 (0)
12-12: [webapps] Bullwark Momentum Series JAWS 1.0 – Directory Traversal (0)
12-12: [webapps] OpenNetAdmin 18.1.1 – Command Injection Exploit (Metasploit) (0)
12-12: [dos] Lenovo Power Management Driver 1.67.17.48 – 'pmdrvs.sys' Denial of Service (PoC) (0)
12-11: http://www.hrm.m-society.go.th/kurd.html (0)
12-11: WordPress Scoutnet Kalender 1.1.0 Cross Site Scripting (0)
12-11: Inim Electronics SmartLiving SmartLAN/G/SI 6.x Remote Root (0)
12-11: Inim Electronics Smartliving SmartLAN/G/SI 6.x SSRF (0)
12-11: Inim Electronics Smartliving SmartLAN/G/SI 6.x Hard-Coded Credentials (0)
12-11: Apache Olingo OData 4.6.x XML Injection (0)
12-11: DAViCal CalDAV Server 1.1.8 Persistent Cross Site Scripting (0)
12-11: DAViCal CalDAV Server 1.1.8 Cross Site Request Forgery (0)
12-11: DAViCal CalDAV Server 1.1.8 Reflective Cross Site Scripting (0)
12-11: vBulletin 5.5.4 Remote Command Execution (0)
12-11: [dos] Adobe Acrobat Reader DC – Heap-Based Memory Corruption due to Malformed TTF Font (0)
12-11: [dos] AppXSvc 17763 – Arbitrary File Overwrite (DoS) (0)
12-11: [dos] Product Key Explorer 4.2.0.0 – 'Key' Denial of Service (PoC) (0)
12-11: [dos] Product Key Explorer 4.2.0.0 – 'Name' Denial of Service (POC) (0)
12-10: Mozilla Firefox Windows 64-Bit Chain Exploit (0)
12-10: Microsoft Windows Windows 10 UAC Bypass (0)
12-10: SpotAuditor 5.3.2 Local Buffer Overflow (0)
12-10: PRO-7070 Hazir Profesyonel Web Sitesi 1.0 SQL Injection (0)
12-10: Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting (0)
12-10: Alcatel-Lucent Omnivista 8770 Remote Code Execution (0)
12-10: Oracle Siebel Sales 8.1 Cross Site Scripting (0)
12-10: [local] Inim Electronics Smartliving SmartLAN 6.x – Hard-coded Credentials (0)
12-09: [webapps] Alcatel-Lucent Omnivista 8770 – Remote Code Execution (0)
12-09: [local] SpotAuditor 5.3.2 – 'Base64' Local Buffer Overflow (SEH) (0)
12-09: [dos] Omron PLC 1.0.0 – Denial of Service (PoC) (0)
12-09: [webapps] Snipe-IT Open Source Asset Management 4.7.5 – Persistent Cross-Site Scripting (0)
12-09: [webapps] PRO-7070 Hazır Profesyonel Web Sitesi 1.0 – Authentication Bypass (0)
12-08: [local] Microsoft Windows – Multiple UAC Protection Bypasses (0)
12-07: Microsoft Skype For Business DNS Query (0)
12-07: Verot 2.0.3 Remote Code Execution (0)
12-07: Integard Pro NoJs 2.2.0.9026 Remote Buffer Overflow (0)
12-07: Trend Micro Deep Security Agent 11 Arbitrary File Overwrite (0)
12-07: Yachtcontrol 2019-10-06 Remote Code Execution (0)
12-07: SiteVision 4.x / 5.x Insufficient Module Access Control (0)
12-07: SiteVision 4.x / 5.x Remote Code Execution (0)
12-07: OkayCMS 2.3.4 Remote Code Execution (0)
12-07: [local] Mozilla FireFox (Windows 10 x64) – Full Chain Client Side Attack (0)
12-06: NETGATE Data Backup 3.0.620 Unquoted Service Path (0)
12-06: Amiti Antivirus 25.0.640 Unquoted Service Path (0)
12-06: Qualys Security Advisory – OpenBSD Authentication Bypass / Privilege Escalation (0)
12-06: Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution (0)
12-06: [local] Trend Micro Deep Security Agent 11 – Arbitrary File Overwrite (0)
12-06: [remote] Integard Pro NoJs 2.2.0.9026 – Remote Buffer Overflow (0)
12-06: [webapps] Verot 2.0.3 – Remote Code Execution (0)
12-05: Online Invoicing System 2.6 Cross Site Scripting (0)
12-05: Intelbras Router RF1200 1.1.3 Cross Site Request Forgery (0)
12-05: Online Clinic Management System 2.2 HTML Injection (0)
12-05: Cisco WLC 2504 8.9 Denial Of Service (0)
12-05: Microsoft Windows BasicRender.sys WARPGPUCMDSYNC NULL Pointer (0)
12-05: Microsoft Visual Basic 2010 Express XML Injection (0)
12-05: BMC Smart Reporting 7.3 20180418 XML Injection (0)
12-05: Microsoft Windows Media Center XML Injection (0)
12-05: WordPress CSS Hero 4.0.3 Cross Site Scripting (0)
12-05: Revive Adserver 4.2 Remote Code Execution (0)
12-05: SSDWLAB 6.1 Authentication Bypass (0)
12-05: Fronius Solar Inverter Series Insecure Communication / Path Traversal (0)
12-05: YouPHPTube 7.7 SQL Injection (0)
12-05: [webapps] Broadcom CA Privilged Access Manager 2.8.2 – Remote Command Execution (0)
12-05: [local] Amiti Antivirus 25.0.640 – Unquoted Service Path (0)
12-05: [local] NETGATE Data Backup 3.0.620 – 'NGDatBckpSrv' Unquoted Service Path (0)
12-04: https://labanimals.nrct.go.th/index.html (0)
12-04: [webapps] OwnCloud 8.1.8 – Username Disclosure (0)
12-04: [webapps] Cisco WLC 2504 8.9 – Denial of Service (PoC) (0)
12-04: [local] Microsoft Visual Basic 2010 Express – XML External Entity Injection (0)
12-04: [webapps] Online Clinic Management System 2.2 – HTML Injection (0)
12-04: [webapps] SSDWLAB 6.1 – Authentication Bypass (0)
12-03: http://www.srn2.go.th/fca.html (0)
12-03: NSAuditor 3.1.8.0 Name Denial Of Service (0)
12-03: NSAuditor 3.1.8.0 Key Denial Of Service (0)
12-03: Anviz CrossChex 4.3.12 Local Buffer Overflow (0)
12-03: Dokuwiki 2018-04-22b Username Enumeration (0)
12-03: Microsoft Visual Studio 2008 Express IDE XML Injection (0)
12-03: Ajenti 2.1.31 Command Injection (0)
12-03: Packet Storm New Exploits For November, 2019 (0)
12-03: SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass (0)
12-03: http://www.silalang.go.th/o.htm (0)
12-03: [webapps] Intelbras Router RF1200 1.1.3 – Cross-Site Request Forgery (0)
12-03: [webapps] Online Invoicing System 2.6 – 'description' Persistent Cross-Site Scripting (0)
12-02: http://ncd.ddc.moph.go.th (0)
12-02: [local] Microsoft Excel 2016 1901 – XML External Entity Injection (0)
12-02: [local] Max Secure Anti Virus Plus 19.0.4.020 – Insecure File Permissions (0)
12-02: [dos] Nsauditor 3.1.8.0 – 'Key' Denial of Service (PoC) (0)
12-02: [webapps] Dokuwiki 2018-04-22b – Username Enumeration (0)
12-02: [local] Visual Studio 2008 – XML External Entity Injection (0)
12-02: [webapps] SmartHouse Webapp 6.5.33 – Cross-Site Request Forgery (0)
12-02: [local] Anviz CrossChex 4.3.12 – Local Buffer Overflow (0)
12-02: [dos] Nsauditor 3.1.8.0 – 'Name' Denial of Service (PoC) (0)
12-01: Allied Telesis AT-GS950/8 Directory Traversal (0)
12-01: Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection (0)
12-01: Max Secure Anti Virus Plus 19.0.4.020 Insecure Permissions (0)
12-01: Microsoft Excel 2016 1901 Import Error XML Injection (0)
12-01: Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery (0)

November 2019 (326)

11-30: http://nbcsystem.dip.go.th/x3.html (0)
11-30: WordPress 5.3 Username Enumeration (0)
11-30: TexasSoft CyberPlanet 6.4.131 Unquoted Service Path (0)
11-30: GHIA CamIP 1.2 For iOS Denial Of Service (0)
11-30: Mersive Solstice 2.8.0 Remote Code Execution (0)
11-30: SpotAuditor 5.3.2 Denial Of Service (0)
11-30: Online Inventory Manager 3.2 Cross Site Scripting (0)
11-30: Bash 5.0 Patch 11 Privilege Escalation (0)
11-30: OwnCloud 8.1.8 Username Disclosure (0)
11-30: WordPress Plainview Activity Monitor 20161228 Remote Command Execution (0)
11-29: [dos] SpotAuditor 5.3.2 – 'Name' Denial of Service (0)
11-29: [webapps] Online Inventory Manager 3.2 – Persistent Cross-Site Scripting (0)
11-29: [local] TexasSoft CyberPlanet 6.4.131 – 'CCSrvProxy' Unquoted Service Path (0)
11-29: [local] Bash 5.0 Patch 11 – SUID Priv Drop Exploit (0)
11-29: [dos] SpotAuditor 5.3.2 – 'Key' Denial of Service (0)
11-28: http://bokaew.go.th/images/0x1998.txt (0)
11-28: http://www.lungtakian.go.th/activity/images/8623.jpg (0)
11-28: Microsoft DirectX SDK 2010 Denial Of Service (0)
11-28: SpotAuditor 5.3.2 Denial Of Service (0)
11-28: Xiaomi Mi Box Display Corruption (0)
11-28: Grub2 grub2-set-bootflag Environment Corruption (0)
11-28: [dos] GHIA CamIP 1.2 for iOS – 'Password' Denial of Service (PoC) (0)
11-28: [webapps] Wordpress 5.3 – User Disclosure (0)
11-27: Microsoft Windows AppXsvc Deployment Extension Privilege Escalation (0)
11-27: Easy-Hide-IP 5.0.0.3 Unquoted Service Path (0)
11-27: SMPlayer 19.5.0 Denial Of Service (0)
11-27: InTouch Machine Edition 8.1 SP1 Denial Of Service (0)
11-27: Waves MaxxAudio Drivers 1.1.6.0 Unquoted Service Path (0)
11-27: InduSoft Web Studio 8.1 SP1 Denial Of Service (0)
11-27: iNetTools For iOS 8.20 Denial Of Service (0)
11-27: FortiOS 6.0.6 / FortiClientWindows 6.0.6 / FortiClientMac 6.2.1 XOR Encryption (0)
11-27: pari/gp 2.x Arbitrary File Overwrite (0)
11-27: [dos] SpotAuditor 5.3.2 – 'Base64' Denial Of Service (PoC) (0)
11-27: [dos] Microsoft DirectX SDK 2010 – '.PIXrun' Denial Of Service (PoC) (0)
11-26: http://www.phrae.m-society.go.th/zx.htm (0)
11-26: http://www.samutsakhon.m-society.go.th/zx.htm (0)
11-26: http://www.rayong.m-society.go.th/zx.htm (0)
11-26: http://www.narathiwat.m-society.go.th/zx.htm (0)
11-26: http://www.loei.m-society.go.th/zx.htm (0)
11-26: http://www.nakhonratchasima.m-society.go.th/zx.htm (0)
11-26: http://tpso2.m-society.go.th/zx.htm (0)
11-26: http://www.saraburi.m-society.go.th/zx.htm (0)
11-26: http://www.chiangrai.m-society.go.th/zx.htm (0)
11-26: http://www.lampang.m-society.go.th/zx.htm (0)
11-26: [dos] InduSoft Web Studio 8.1 SP1 – "Atributos" Denial of Service (PoC) (0)
11-26: [dos] iNetTools for iOS 8.20 – 'Whois' Denial of Service (PoC) (0)
11-25: Free MP3 CD Ripper 2.8 Buffer Overflow / Denial Of Service (0)
11-25: Free MP3 CD Ripper 2.8 Buffer Overflow (0)
11-25: [local] Microsoft Windows AppXsvc Deployment Extension – Privilege Escalation (0)
11-25: [local] Easy-Hide-IP 5.0.0.3 – 'EasyRedirect' Unquoted Service Path (0)
11-25: [dos] InTouch Machine Edition 8.1 SP1 – 'Atributos' Denial of Service (PoC) (0)
11-25: [local] Waves MaxxAudio Drivers 1.1.6.0 – 'WavesSysSvc64' Unquoted Service Path (0)
11-25: [dos] SMPlayer 19.5.0 – Denial of Service (PoC) (0)
11-23: ProShow Producer 9.0.3797 Unquoted Service Path (0)
11-23: LiteManager 4.5.0 Insecure File Permissions (0)
11-22: TestLink 1.9.19 Cross Site Scripting (0)
11-22: GNU Mailutils 3.7 Privilege Escalation (0)
11-22: Pagekit CMS 1.0.17 Cross Site Request Forgery (0)
11-22: Network Management Card 6.2.0 Host Header Injection (0)
11-22: macOS update_dyld_shared_cache Privilege Escalation (0)
11-22: Microsoft Internet Explorer Use-After-Free (0)
11-22: Skype v8.x – History Export v7 Web Vulnerability (0)
11-22: [local] macOS 10.14.6 – root->kernel Privilege Escalation via update_dyld_shared_cache (0)
11-22: [local] LiteManager 4.5.0 – Insecure File Permissions (0