__–::: Deepquest :::–__ » Archives

rss feed

Archives

June 2019 (113)

06-18: Clever Dog Smart Camera DOG-2W / DOG-2W-V4 File Disclosure / Backdoor (0)
06-18: RedwoodHQ 2.5.5 Authentication Bypass (0)
06-18: Microsoft Windows UAC Protection Bypass (0)
06-18: Spring Security OAuth 2.3 Open Redirection (0)
06-18: Microsoft Word (2016) Deceptive File Reference (0)
06-18: HC10 HC.Server Service 10.14 Remote Invalid Pointer Write (0)
06-18: AROX School-ERP Pro Unauthenticated Remote Code Execution (0)
06-18: Netperf 2.6.0 Buffer Overflow (0)
06-18: Exim 4.91 Local Privilege Escalation (0)
06-16: http://www.bayaolocal.go.th (0)
06-16: http://www.paeng.go.th (0)
06-16: http://www.kamkoksoong.go.th (0)
06-15: Tzumi Electronics Klic Lock Authentication Bypass (0)
06-15: Aida64 6.00.5100 SEH Buffer Overflow (0)
06-15: CentOS 7.6 ptrace_scope Privlege Escalation (0)
06-15: Thunderbird libical Heap Overflow (0)
06-15: Thunderbird libical icalparser.c Heap Overflow (0)
06-15: Thunderbird libical Stack Buffer Overflow (0)
06-15: Thunderbird libical Type Confusion (0)
06-15: Java Card Proof Of Concepts (0)
06-14: Sitecore 8.x Deserialization Remote Code Execution (0)
06-14: Pronestor Health Monitoring Privilege Escalation (0)
06-14: APCUPSD Information Leak (0)
06-14: WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials (0)
06-14: [local] Aida64 6.00.5100 – 'Log to CSV File' Local SEH Buffer Overflow (0)
06-14: [papers] Active Directory Enumeration with PowerShell (0)
06-14: [local] CentOS 7.6 – 'ptrace_scope' Privilege Escalation (0)
06-13: Webmin 1.910 Remote Command Execution (0)
06-13: ProShow 9.0.3797 Privilege Escalation (0)
06-13: WordPress Insert Or Embed Articulate Content 4.2997 Remote Code Execution (0)
06-13: phpMyAdmin 4.8 Cross Site Request Forgery (0)
06-13: Liferay Portal 7.1 CE GA4 Cross Site Scripting (0)
06-13: FusionPBX 4.4.3 Remote Command Execution (0)
06-13: Telus Actiontec T2200H WiFi Credential Disclosure (0)
06-13: Telus Actiontec WEB6000Q Privilege Escalation (0)
06-13: Telus Actiontec WEB6000Q Denial Of Service (0)
06-13: Telus Actiontec T2200H Serial Number Information Disclosure (0)
06-13: SymCrypt Infinite Loop (0)
06-13: Telus Actiontec WEB6000Q Serial Number Information Disclosure (0)
06-13: Telus Actiontec T2200H Local Privilege Escalation (0)
06-13: [local] Pronestor Health Monitoring < 8.1.11.0 – Privilege Escalation (0)
06-13: [webapps] Sitecore 8.x – Deserialization Remote Code Execution (0)
06-12: [papers] LDAP Swiss Army Knife (0)
06-12: [webapps] FusionPBX 4.4.3 – Remote Command Execution (0)
06-11: Amcrest IPM-721S Credential Disclosure / Privilege Escalation (0)
06-11: Blipcare Clear Text Communication / Memory Corruption (0)
06-11: Dlink DCS-1130 Command Injection / CSRF / Stack Overflow (0)
06-11: Securifi Almond 2015 Buffer Overflow / Command Injection / XSS / CSRF (0)
06-11: Starry Router Camera PIN Brute-Force / CORS Incorrect (0)
06-11: Veralite / Veraedge Router XSS / Command Injection / CSRF / Traversal (0)
06-11: Shekar Endoscope Weak Default Settings / Memory Corruption (0)
06-11: UliCMS 2019.1 Cross Site Scripting (0)
06-11: Ubuntu 18.04 lxd Privilege Escalation (0)
06-11: Wampserver 3.1.8 Cross Site Request Forgery (0)
06-11: [remote] Webmin 1.910 – 'Package Updates' Remote Command Execution (Metasploit) (0)
06-11: [webapps] Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API – Cross-Site Scripting (0)
06-11: [webapps] phpMyAdmin 4.8 – Cross-Site Request Forgery (0)
06-11: [webapps] WordPress Plugin Insert or Embed Articulate Content into WordPress – Remote Code Execution (0)
06-11: [local] ProShow 9.0.3797 – Local Privilege Escalation (0)
06-10: [shellcode] Linux/x86_64 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes) (0)
06-10: [webapps] UliCMS 2019.1 'Spitting Lama' – Persistent Cross-Site Scripting (0)
06-10: [local] Ubuntu 18.04 – 'lxd' Privilege Escalation (0)
06-08: Microsoft Windows AppX Deployment Service Local Privilege Escalation (0)
06-07: Zimbra XML Injection / Server-Side Request Forgery (0)
06-07: WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload (0)
06-07: Supra Smart Cloud TV Remote File Inclusion (0)
06-07: [local] Microsoft Windows – AppX Deployment Service Local Privilege Escalation (3) (0)
06-07: [shellcode] Linux/x86_64 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) (0)
06-06: http://www.srasaming.go.th//../data/mah(5).gif (0)
06-06: [webapps] Supra Smart Cloud TV – 'openLiveURL()' Remote File Inclusion (0)
06-05: Rapid7 Windows InsightIDR Agent 2.6.3.14 Local Privilege Escalation (0)
06-05: TestLink 1.9.19 Server-Side Request Forgery (0)
06-05: Dell KACE System Management Appliance (SMA) XSS / SQL Injection (0)
06-05: AUO Solar Data Recorder Incorrect Access Control (0)
06-05: dotCMS 5.1.1 Open Redirection / Cross Site Scripting (0)
06-05: NUUO NVRMini 2 3.9.1 Stack Overflow (0)
06-05: Cisco RV130W 1.0.3.44 Remote Stack Overflow (0)
06-05: DVD X Player 5.5 Pro Local Buffer Overflow (0)
06-05: IceWarp 10.4.4 Local File Inclusion (0)
06-05: Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting (0)
06-05: Google Chrome WasmMemoryObject::Grow Use-After-Free (0)
06-05: LibreNMS addhost Command Injection (0)
06-05: IBM Websphere Application Server Remote Code Execution (0)
06-05: [remote] Exim 4.87 < 4.91 – (Local / Remote) Command Execution (0)
06-05: [dos] Google Chrome 73.0.3683.103 – 'WasmMemoryObject::Grow' Use-After-Free (0)
06-05: [webapps] Zimbra < 8.8.11 – XML External Entity Injection / Server-Side Request Forgery (0)
06-05: [remote] LibreNMS – addhost Command Injection (Metasploit) (0)
06-05: [remote] IBM Websphere Application Server – Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit) (0)
06-04: [local] Vim < 8.1.1365 / Neovim < 0.3.6 – Arbitrary Code Execution (0)
06-04: [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 – 'SiteLookup.do' Cross-Site Scripting (0)
06-04: [remote] Cisco RV130W 1.0.3.44 – Remote Stack Overflow (0)
06-04: [remote] NUUO NVRMini 2 3.9.1 – 'sscanf' Stack Overflow (0)
06-04: [webapps] IceWarp 10.4.4 – Local File Inclusion (0)
06-04: [local] DVD X Player 5.5 Pro – Local Buffer Overflow (SEH) (0)
06-03: http://member.ses26.go.th (0)
06-03: http://www.mhkpeo.ses26.go.th (0)
06-03: Safari Webkit Proxy Object Type Confusion (0)
06-03: [webapps] WordPress Plugin Form Maker 1.13.3 – SQL Injection (0)
06-03: [webapps] AUO Solar Data Recorder < 1.3.0 – Incorrect Access Control (0)
06-03: [webapps] KACE System Management Appliance (SMA) < 9.0.270 – Multiple Vulnerabilities (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #107 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #106 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #104 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #105 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #102 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #103 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #100 (0)
06-03: [papers] [Hebrew] Digital Whisper Security Magazine #101 (0)
06-02: Packet Storm New Exploits For May, 2019 (0)
06-01: Microsoft Windows Remote Desktop BlueKeep Denial Of Service (0)
06-01: ZyXEL P-660HN-T1 V2 Missing Authentication / Password Disclosure (0)
06-01: Shopware 5.5.6 Cross Site Scripting (0)
06-01: Apple Security Advisory 2019-5-30-1 (0)

May 2019 (352)

05-31: Serv-U FTP Server 15.1.6.25 Local Privilege Escalation (0)
05-31: [papers] Analysis of CVE-2019-0708 (BlueKeep) (0)
05-30: pfSense 2.4.4-p3 Cross Site Scripting (0)
05-30: WordPress Nya-Comment-DoFollow 1.0 Open Redirection (0)
05-30: WordPress WPAds 1.0 Open Redirection (0)
05-30: Free SMTP Server 2.5 Denial Of Service (0)
05-30: Microsoft Windows AppX Deployment Service Local Privilege Escalation (0)
05-30: Qualcomm Android Kernel Use-After-Free (0)
05-30: Siemens LOGO! 8 Hard-Coded Cryptographic Key (0)
05-30: Siemens LOGO! 8 Missing Authentication (0)
05-30: Siemens LOGO! 8 Recoverable Password Format (0)
05-30: [papers] A Debugging Primer with CVE-2019-0708 (0)
05-29: Apple Security Advisory 2019-5-28-2 (0)
05-29: Apple Security Advisory 2019-5-28-1 (0)
05-29: Fast AVI MPEG Joiner 1.2.0812 License Name Denial Of Service (0)
05-29: Cyberoam General Authentication Client 2.1.2.7 Server Address Denial Of Service (0)
05-29: Microsoft Internet Explorer Windows 10 1809 17763.316 Memory Corruption (0)
05-29: CMS Made Simple 2.2.10 Cross Site Scripting (0)
05-29: Cyberoam SSLVPN Client 1.3.1.30 Connect To Server / HTTP Proxy Denial Of Service (0)
05-29: Oracle Application Testing Suite WebLogic Server Administration Console War Deployment (0)
05-29: Cyberoam Transparent Authentication Suite 2.1.2.5 NetBIOS Name / FQDN DoS (0)
05-29: WordPress lqcPlugin-regiePublicites 1.0 Open Redirection (0)
05-29: WordPress 4DMayi 4.6 Open Redirection (0)
05-29: WordPress DingTalk LTS 4.6 Open Redirection (0)
05-29: WordPress LaneMotorSport Responsive 1.8.4 Open Redirection (0)
05-29: Joomla Attachments 3.x File Upload (0)
05-29: MacOS X 10.14.5 Gatekeeper Bypass (0)
05-29: Deltek Maconomy 2.2.5 Local File Inclusion (0)
05-29: Kanboard 1.2.7 Cross Site Scripting (0)
05-29: Typora 0.9.9.24.6 Directory Traversal (0)
05-29: Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak (0)
05-29: EquityPandit 1.0 Password Disclosure (0)
05-29: Petraware pTransformer ADC SQL Injection (0)
05-29: Phraseanet DAM Cross Site Scripting (0)
05-29: VFront 0.99.5 Reflective Cross Site Scripting (0)
05-29: VFront 0.99.5 Persistent Cross Site Scripting (0)
05-29: [remote] Oracle Application Testing Suite – WebLogic Server Administration Console War Deployment (Metasploit) (0)
05-29: [dos] Spidermonkey – IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation (0)
05-29: [dos] Spidermonkey – IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script (0)
05-29: [dos] Qualcomm Android – Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL (0)
05-29: [webapps] pfSense 2.4.4-p3 (ACME Package 0.59_14) – Persistent Cross-Site Scripting (0)
05-29: [dos] Free SMTP Server 2.5 – Denial of Service (PoC) (0)
05-28: [webapps] Phraseanet < 4.0.7 – Cross-Site Scripting (0)
05-28: [remote] Petraware pTransformer ADC < 2.1.7.22827 – Login Bypass (0)
05-28: [local] EquityPandit 1.0 – Password Disclosure (0)
05-27: [remote] Typora 0.9.9.24.6 – Directory Traversal (0)
05-27: [webapps] Deltek Maconomy 2.2.5 – Local File Inclusion (0)
05-27: [dos] Pidgin 2.13.0 – Denial of Service (PoC) (0)
05-25: Microsoft Windows Installer Race Condition (0)
05-24: Brocade Network Advisor 14.4.1 Unauthenticated Remote Code Execution (0)
05-24: WordPress Ad-Manager 1.1.2 Open Redirection (0)
05-24: WordPress Aliyun 5.2 Open Redirection (0)
05-24: WordPress Dankov Planer 1.1.2 Open Redirection (0)
05-24: WordPress Chrome-Extensions 1.0 Open Redirection (0)
05-24: Terminal Services Manager 3.2.1 Denial Of Service (0)
05-24: WordPress jilijilibegin LTS 4.6 Open Redirection (0)
05-24: WordPress Ninger 4.6 Open Redirection (0)
05-24: WordPress Jingke 1.0 Open Redirection (0)
05-24: WordPress Antena_Ri Institute 2.0 Open Redirection (0)
05-24: WordPress PHPL 1.0 Open Redirection (0)
05-24: WordPress Howsci 1.8 Open Redirection (0)
05-24: WordPress Divi-Child 1.0 Open Redirection (0)
05-24: WordPress Xunjin 4.6 Open Redirection (0)
05-24: WordPress Tigin 1.0.5 Open Redirection (0)
05-24: NetAware 1.20 Add Block / Share Name Denial Of Service (0)
05-24: Angry Polar Bear 2: Microsoft Windows Error Reporting Local Privilege Escalation (0)
05-24: Internet Explorer JavaScript Privilege Escalation (0)
05-24: Interspire Email Marketer 6.20 Remote Code Execution (0)
05-24: Microsoft Windows Win32k Privilege Escalation (0)
05-24: Nagios XI 5.6.1 SQL Injection (0)
05-24: Anviz M3 RFID Missing Access Controls (0)
05-24: Opencart 3.0.3.2 extension/feed/google_base Denial Of Service (0)
05-24: Quest KACE Systems Management Appliance 9.0 Cross Site Scripting (0)
05-24: [dos] Fast AVI MPEG Joiner – 'License Name' Denial of Service (PoC) (0)
05-24: [remote] Microsoft Internet Explorer Windows 10 1809 17763.316 – Scripting Engine Memory Corruption (0)
05-24: [dos] Cyberoam General Authentication Client 2.1.2.7 – 'Server Address' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam Transparent Authentication Suite 2.1.2.5 – 'NetBIOS Name' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam Transparent Authentication Suite 2.1.2.5 – 'Fully Qualified Domain Name' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam SSLVPN Client 1.3.1.30 – 'Connect To Server' Denial of Service (PoC) (0)
05-24: [dos] Cyberoam SSLVPN Client 1.3.1.30 – 'HTTP Proxy' Denial of Service (PoC) (0)
05-24: [webapps] Opencart 3.0.3.2 – 'extension/feed/google_base' Denial of Service PoC (0)
05-24: [local] Axessh 4.2 – 'Log file name' Local Stack-based Buffer Overflow (0)
05-23: WordPress Inkblot Theme 4.9.10 Cross Site Request Forgery (0)
05-23: WordPress Memphis Documents Library 3.9.19 Cross Site Request Forgery (0)
05-23: Microsoft Windows Task Scheduler .job Import Arbitrary DACL Write (0)
05-23: Blue Prism Robotic Process Automation (RPA) Privilege Escalation (0)
05-23: [papers] Web Application Firewall Bypass Methods (0)
05-23: [local] Microsoft Windows 10 (17763.379) – Install DLL (0)
05-23: [remote] Shopware – createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit) (0)
05-23: [dos] Visual Voicemail for iPhone – IMAP NAMESPACE Processing Use-After-Free (0)
05-23: [local] Apple Mac OS X – Feedback Assistant Race Condition (Metasploit) (0)
05-23: [dos] Terminal Services Manager 3.2.1 – Denial of Service (0)
05-23: [local] Microsoft Windows 10 1809 – 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation (0)
05-23: [dos] NetAware 1.20 – 'Share Name' Denial of Service (PoC) (0)
05-23: [webapps] Nagios XI 5.6.1 – SQL injection (0)
05-23: [shellcode] Linux/x64 – Execve(/bin/sh) Shellcode (23 bytes) (0)
05-23: [dos] NetAware 1.20 – 'Add Block' Denial of Service (PoC) (0)
05-23: [papers] Penetration Testing Steps And Tools (0)
05-22: http://www.skp.moe.go.th (0)
05-22: Slims CMS Akasia 8.3.1 SQL Injection (0)
05-22: PHP PHP_INI_SYSTEM Ineffective Controls (0)
05-22: JavaScriptCore LICM Uninitialized Stack Variable (0)
05-22: Microsoft Windows CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration (0)
05-22: XNU stf_ioctl Bad Cast (0)
05-22: Darktrace Enterpise Immune System 3.0.9 / 3.0.10 Cross Site Request Forgery (0)
05-22: Visual Voicemail For iPhone IMAP NAMESPACE Use-After-Free (0)
05-22: XNU Stale Pointer Use-After-Free (0)
05-22: Shopware createInstanceFromNamedArguments PHP Object Instantiation (0)
05-22: Mac OS X Feedback Assistant Race Condition (0)
05-22: FreeBSD rtld execl() Privilege Escalation (0)
05-22: [local] Microsoft Internet Explorer 11 – Sandbox Escape (0)
05-22: [local] Microsoft Windows (x84) – Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation (0)
05-22: [local] Microsoft Windows (x84/x64) – 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation (0)
05-22: [webapps] Horde Webmail 5.2.22 – Multiple Vulnerabilities (0)
05-22: [dos] TapinRadio 2.11.6 – 'Uername' Denial of Service (PoC) (0)
05-22: [dos] BlueStacks 4.80.0.1060 – Denial of Service (PoC) (0)
05-22: [webapps] Zoho ManageEngine ServiceDesk Plus < 10.5 – Improper Access Restrictions (0)
05-22: [dos] TapinRadio 2.11.6 – 'Address' Denial of Service (PoC) (0)
05-22: [dos] RarmaRadio 2.72.3 – 'Username' Denial of Service (PoC) (0)
05-22: [dos] RarmaRadio 2.72.3 – 'Server' Denial of Service (PoC) (0)
05-22: [webapps] Carel pCOWeb < B1.2.1 – Cross-Site Scripting (0)
05-22: [webapps] Carel pCOWeb < B1.2.1 – Credentials Disclosure (0)
05-22: [webapps] Zoho ManageEngine ServiceDesk Plus 9.3 – Cross-Site Scripting (0)
05-22: [webapps] AUO Solar Data Recorder < 1.3.0 – 'addr' Cross-Site Scripting (0)
05-21: GAT-Ship Web Module 1.30 Information Disclosure (0)
05-21: Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution (0)
05-21: Freelance Cockpit CRM 3.3.1 SQL Injection (0)
05-21: Cisco Expressway Gateway 11.5.1 Directory Traversal (0)
05-21: Huawei eSpace 1.1.11.103 DLL Hijacking (0)
05-21: Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow (0)
05-21: Huawei eSpace 1.1.11.103 Meeting Image File Format Handling Buffer Overflow (0)
05-21: Huawei eSpace 1.1.11.103 Meeting Heap Overflow (0)
05-21: Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation (0)
05-21: phpKF 1.10 XSS / CSRF / SQL Injection (0)
05-21: Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 XNU – Wild-read due to bad cast in stf_ioctl (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 JavaScriptCore – AIR Optimization Incorrectly Removes Assignment to Register (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 JavaScriptCore – Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized (0)
05-21: [webapps] Brocade Network Advisor 14.4.1 – Unauthenticated Remote Code Execution (0)
05-21: [dos] macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler – 'HasIndexedProperty' Use-After-Free (0)
05-21: [webapps] Oracle CTI Web Service – 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection (0)
05-21: [webapps] WordPress Plugin WPGraphQL 0.2.3 – Multiple Vulnerabilities (0)
05-21: [webapps] Moodle Jmol Filter 6.1 – Directory Traversal / Cross-Site Scripting (0)
05-20: http://hanjoth.go.th (0)
05-20: http://hintang.go.th (0)
05-20: http://khnlocal.go.th (0)
05-20: http://ppnr.go.th (0)
05-20: http://suanmon.go.th (0)
05-20: [dos] Huawei eSpace Meeting 1.1.11.103 – 'cenwpoll.dll' SEH Buffer Overflow (Unicode) (0)
05-20: [local] Solaris 7/8/9 (SPARC) – 'dtprintinfo' Local Privilege Escalation (2) (0)
05-20: [remote] GetSimpleCMS – Unauthenticated Remote Code Execution (Metasploit) (0)
05-20: [local] Huawei eSpace 1.1.11.103 – DLL Hijacking (0)
05-20: [dos] Huawei eSpace 1.1.11.103 – Image File Format Handling Buffer Overflow (0)
05-20: [local] Solaris 7/8/9 (SPARC) – 'dtprintinfo' Local Privilege Escalation (1) (0)
05-20: [local] Solaris 10 1/13 (Intel) – 'dtprintinfo' Local Privilege Escalation (0)
05-20: [dos] BulletProof FTP Server 2019.0.0.50 – 'Storage-Path' Denial of Service (PoC) (0)
05-20: [dos] AbsoluteTelnet 10.16 – 'License name' Denial of Service (PoC) (0)
05-20: [dos] BulletProof FTP Server 2019.0.0.50 – 'DNS Address' Denial of Service (PoC) (0)
05-20: [dos] PCL Converter 2.7 – Denial of Service (PoC) (0)
05-20: [dos] docPrint Pro 8.0 – Denial of Service (PoC) (0)
05-20: [shellcode] Linux x86_64 – Delete File Shellcode (28 bytes) (0)
05-20: [dos] Encrypt PDF 2.3 – Denial of Service (PoC) (0)
05-20: [dos] Huawei eSpace 1.1.11.103 – 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow (0)
05-20: [webapps] eLabFTW 1.8.5 – Arbitrary File Upload / Remote Code Execution (0)
05-17: VMware Workstation DLL Hijacking (0)
05-17: WeChat 7.0.4 Denial Of Service (0)
05-17: JetAudio jetCast Server 2.0 Buffer Overflow (0)
05-17: ZOC Terminal 7.23.4 Denial Of Service (0)
05-17: Axessh 4.2 Denial Of Service (0)
05-17: SEL AcSELerator Architect 2.2.24 Denial Of Service (0)
05-17: GetSimpleCMS 3.3.15 Remote Code Execution (0)
05-17: [webapps] Interspire Email Marketer 6.20 – 'surveys_submit.php' Remote Code Execution (0)
05-17: [dos] CEWE Photo Importer 6.4.3 – '.jpg' Denial of Service (PoC) (0)
05-17: [dos] CEWE Photoshow 6.4.3 – 'Password' Denial of Service (PoC) (0)
05-17: [local] Iperius Backup 6.1.0 – Privilege Escalation (0)
05-17: [dos] Sandboxie 5.30 – 'Programs Alerts' Denial of Service (PoC) (0)
05-16: Tomabo MP4 Converter 3.25.22 Denial Of Service (0)
05-16: CommSy 8.6.5 SQL Injection (0)
05-16: DeepSound 1.0.4 SQL Injection (0)
05-16: Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery (0)
05-16: Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting (0)
05-16: RSA NetWitness Authorization Bypass (0)
05-16: https://dmf.go.th/sana.htm (0)
05-16: [webapps] DeepSound 1.0.4 – SQL Injection (0)
05-16: [local] VMware Workstation 15.1.0 – DLL Hijacking (0)
05-16: [dos] SEL AcSELerator Architect 2.2.24 – CPU Exhaustion Denial of Service (0)
05-16: [dos] Axessh 4.2 – 'Log file name' Denial of Service (PoC) (0)
05-16: [dos] ZOC Terminal v7.23.4 – 'Shell' Denial of Service (PoC) (0)
05-16: [dos] ZOC Terminal v7.23.4 – 'Private key file' Denial of Service (PoC) (0)
05-16: [dos] ZOC Terminal 7.23.4 – 'Script' Denial of Service (PoC) (0)
05-16: [local] JetAudio jetCast Server 2.0 – 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow (0)
05-16: [dos] WeChat for Android 7.0.4 – 'vcodec2_hls_filter' Denial of Service (0)
05-15: Selfie Studio 2.17 Denial Of Service (0)
05-15: Telenor.com.pk SMS 2-Factor Bypass (0)
05-15: TwistedBrush Pro Studio 24.06 Denial Of Service (0)
05-15: PasteShr 1.6 SQL Injection (0)
05-15: PHP-Fusion 9.03.00 Remote Code Execution (0)
05-15: Schneider Electric U.Motion Builder 1.3.4 Command Injection (0)
05-15: [webapps] Legrand BTicino Driver Manager F454 1.0.51 – Cross-Site Request Forgery / Cross-Site Scripting (0)
05-15: [webapps] CommSy 8.6.5 – SQL injection (0)
05-15: [dos] Tomabo MP4 Converter 3.25.22 – Denial of Service (PoC) (0)
05-14: Apple Security Advisory 2019-5-13-1 (0)
05-14: Apple Security Advisory 2019-5-13-2 (0)
05-14: Apple Security Advisory 2019-5-13-3 (0)
05-14: Apple Security Advisory 2019-5-13-4 (0)
05-14: Apple Security Advisory 2019-5-13-6 (0)
05-14: Apple Security Advisory 2019-5-13-5 (0)
05-14: OpenCMS 10.5.4 Cross Site Scripting (0)
05-14: OpenCMS 10.5.4 CSV Injection (0)
05-14: WolfCMS 0.8.3.1 Cross Site Scripting (0)
05-14: CCSP 7.2.5 API XML Injection / Server-Side Request Forgery (0)
05-14: SpotMSN 2.4.6 Denial Of Service (0)
05-14: DNSS Domain Name Search Software 2.1.8 Denial Of Service (0)
05-14: WordPress Form Maker 1.13.3 SQL Injection (0)
05-14: Firefly CMS 1.0 Remote Command Execution (0)
05-14: XOOPS CMS 2.5.9 SQL Injection (0)
05-14: SalesERP 8.1 SQL Injection (0)
05-14: SOCA Access Control System 180612 Information Disclosure (0)
05-14: SOCA Access Control System 180612 Cross Site Scripting (0)
05-14: SOCA Access Control System 180612 SQL Injection (0)
05-14: SOCA Access Control System 180612 Cross Site Request Forgery (0)
05-14: Go Cryptography Libraries Cleartext Message Spoofing (0)
05-14: System Down: A systemd-journald Exploit (0)
05-14: [webapps] Schneider Electric U.Motion Builder 1.3.4 – 'track_import_export.php object_id' Unauthenticated Command Injection (0)
05-14: [webapps] PasteShr 1.6 – Multiple SQL Injection (0)
05-14: [remote] PHP-Fusion 9.03.00 – 'Edit Profile' Remote Code Execution (Metasploit) (0)
05-14: [webapps] Sales ERP 8.1 – Multiple SQL Injection (0)
05-14: [dos] TwistedBrush Pro Studio 24.06 – '.srp' Denial of Service (PoC) (0)
05-14: [dos] TwistedBrush Pro Studio 24.06 – 'Script Recorder' Denial of Service (PoC) (0)
05-14: [dos] TwistedBrush Pro Studio 24.06 – 'Resize Image' Denial of Service (PoC) (0)
05-14: [webapps] D-Link DWL-2600AP – Multiple OS Command Injection (0)
05-14: [dos] Selfie Studio 2.17 – 'Resize Image' Denial of Service (PoC) (0)
05-13: [webapps] SOCA Access Control System 180612 – SQL Injection (0)
05-13: [shellcode] Linux/x86 – /sbin/iptables -F Shellcode (43 bytes) (0)
05-13: [webapps] OpenProject 5.0.0 – 8.3.1 – SQL Injection (0)
05-13: [dos] Google Chrome V8 – Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write (0)
05-13: [webapps] XOOPS 2.5.9 – SQL Injection (0)
05-13: [webapps] SOCA Access Control System 180612 – Cross-Site Request Forgery (Add Admin) (0)
05-13: [webapps] SOCA Access Control System 180612 – Information Disclosure (0)
05-13: [dos] DNSS 2.1.8 – Denial of Service (PoC) (0)
05-13: [dos] SpotMSN 2.4.6 – Denial of Service (PoC) (0)
05-11: Lotus Domino 8.5.3 EXAMINE Stack Buffer Overflow (0)
05-11: Lyric Maker 2.0.1.0 Denial Of Service (0)
05-11: Lyric Video Creator 2.1 Denial Of Service (0)
05-11: jetAudio 8.1.7.20702 Basic Denial Of Service (0)
05-11: Zoho ManageEngine ADSelfService Plus 5.7 Cross Site Scripting (0)
05-11: dotCMS 5.1.1 HTML Injection (0)
05-11: NetNumber Titan ENUM/DNS/NP 7.9.1 Bypass / Traversal (0)
05-11: RICOH SP 4510DN Printer HTML Injection (0)
05-11: RICOH SP 4520DN Printer HTML Injection (0)
05-11: Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure (0)
05-11: SpotIM 2.2 Denial Of Service (0)
05-11: Symphony Project sfDoctrinesfPropel 1.x Database Password Disclosure (0)
05-11: TheHive Project Cortex 2.1.3 Server Side Request Forgery (0)
05-11: Convert Video jetAudio 8.1.7 Denial Of Service (0)
05-11: jetCast Server 2.0 Denial Of Service (0)
05-11: SpotPaltalk 1.1.5 Denial Of Service (0)
05-11: ASPRunner.NET 10.1 Denial Of Service (0)
05-11: PHPRunner 10.1 Denial Of Service (0)
05-11: CyberArk Enterprise Password Vault 10.7 XML External Entity Injection (0)
05-11: Chrome V8 Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Failed Check (0)
05-11: OpenProject 8.3.1 SQL Injection (0)
05-10: [webapps] CyberArk Enterprise Password Vault 10.7 – XML External Entity Injection (0)
05-10: [webapps] RICOH SP 4510DN Printer – HTML Injection (0)
05-10: [webapps] dotCMS 5.1.1 – HTML Injection (0)
05-10: [dos] PHPRunner 10.1 – Denial of Service (PoC) (0)
05-10: [dos] SpotPaltalk 1.1.5 – Denial of Service (PoC) (0)
05-10: [dos] ASPRunner.NET 10.1 – Denial of Service (PoC) (0)
05-10: [webapps] TheHive Project Cortex < 1.15.2 – Server-Side Request Forgery (0)
05-10: [dos] SpotIM 2.2 – Denial of Service (PoC) (0)
05-10: [webapps] RICOH SP 4520DN Printer – HTML Injection (0)
05-10: [dos] jetCast Server 2.0 – Denial of Service (PoC) (0)
05-09: D-Link DWL-2600AP Save Configuration Command Injection (0)
05-09: D-Link DWL-2600AP Upgrade Firmware Command Injection (0)
05-09: Chrome 72.0.3626.119 FileReader Use-After-Free (0)
05-09: [dos] Convert Video jetAudio 8.1.7 – Denial of Service (PoC) (0)
05-09: [webapps] Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build – Cross-Site Scripting (0)
05-09: [dos] Lyric Maker 2.0.1.0 – Denial of Service (PoC) (0)
05-09: [dos] Lyric Video Creator 2.1 – '.mp3' Denial of Service (PoC) (0)
05-08: PostgreSQL COPY FROM PROGRAM Command Execution (0)
05-08: [webapps] NetNumber Titan ENUM/DNS/NP 7.9.1 – Path Traversal / Authorization Bypass (0)
05-08: [dos] jetAudio 8.1.7.20702 Basic – 'Enter URL' Denial of Service (PoC) (0)
05-08: [remote] Lotus Domino 8.5.3 – 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE) (0)
05-08: [shellcode] Linux/x86 – execve /bin/sh Shellcode (20 bytes) (0)
05-08: [local] MiniFtp – 'parseconf_load_setting' Buffer Overflow (0)
05-07: http://phuket.nfe.go.th/kathu/web1/file_editor/db.txt (0)
05-07: http://pattani.nfe.go.th/web1/file_editor/db.txt (0)
05-07: D-Link DWL-2600AP Authenticated OS Command Injection (0)
05-07: Xitami Web Server 2.5 Remote Buffer Overflow (0)
05-07: iOS 12.1.3 cfprefsd Memory Corruption (0)
05-07: NSClient++ 0.5.2.35 Privilege Escalation (0)
05-07: LG Supersign EZ CMS Remote Code Execution (0)
05-07: PHPads 2.0 SQL Injection (0)
05-07: Prinect Archive System 2015 Release 2.6 Cross Site Scripting (0)
05-07: ReadyAPI 2.5.0 / 2.6.0 Remote Code Execution (0)
05-07: [local] Admin Express 1.2.5.485 – 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow (0)
05-07: [webapps] Prinect Archive System 2015 Release 2.6 – Cross-Site Scripting (0)
05-07: [dos] Easy Chat Server 3.1 – 'message' Denial of Service (PoC) (0)
05-06: [webapps] ReadyAPI 2.5.0 / 2.6.0 – Remote Code Execution (0)
05-06: [remote] LG Supersign EZ CMS – Remote Code Execution (Metasploit) (0)
05-06: [dos] iOS 12.1.3 – 'cfprefsd' Memory Corruption (0)
05-06: [local] NSClient++ 0.5.2.35 – Privilege Escalation (0)
05-06: [shellcode] Linux/x86 – shred file Shellcode (72 bytes) (0)
05-06: [shellcode] Linux/x86 – Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) (0)
05-06: [webapps] microASP (Portal+) CMS – 'pagina.phtml?explode_tree' SQL Injection (0)
05-06: [webapps] PHPads 2.0 – 'click.php3?bannerID' SQL Injection (0)
05-06: [remote] Xitami Web Server 2.5 – Remote Buffer Overflow (SEH + Egghunter) (0)
05-05: Blue Angel Software Suite Command Execution (0)
05-05: Instagram Auto Follow SQL Injection (0)
05-05: SolarWinds DameWare Mini Remote Control 10.0 Denial Of Service (0)
05-05: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection (0)
05-05: Zotonic 0.46 mod_admin Cross Site Scripting (0)
05-05: Wordpress Social Warfare Remote Code Execution (0)
05-03: MailCarrier 2.51 HELP Remote Buffer Overflow (0)
05-03: Sentrifugo Human Resource Management System 3.2 File Disclosure (0)
05-03: OpenSkos Simple Knowledge Organization System 2.0 File Disclosure (0)
05-03: CentOS Web Panel Domain Field Cross Site Scripting (0)
05-03: Johnny You Are Fired (0)
05-03: Winamp 5.12 Playlist (.pls) Buffer Overflow (0)
05-03: Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution (0)
05-03: Packet Storm New Exploits For April, 2019 (0)
05-03: Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution (0)
05-03: [webapps] Wordpress Plugin Social Warfare < 3.5.3 – Remote Code Execution (0)
05-03: [dos] SolarWinds DameWare Mini Remote Control 10.0 – Denial of Service (0)
05-03: [remote] Blue Angel Software Suite – Command Execution (0)
05-03: [shellcode] Linux/x86 – Openssl Encrypt Files With aes256cbc Shellcode (185 bytes) (0)
05-03: [remote] Windows PowerShell ISE – Remote Code Execution (0)
05-03: [webapps] Zotonic < 0.47.0 mod_admin – Cross-Site Scripting (0)
05-03: [shellcode] Linux/x86 – Reverse Shell Shellcode (91 Bytes) + Python Wrapper (0)
05-03: [webapps] Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow – Remote Command Injection (0)
05-03: [webapps] Instagram Auto Follow – Authentication Bypass (0)
05-02: [remote] Ruby On Rails – DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit) (0)
05-01: http://lpa.nfe.go.th/mj.htm (0)
05-01: Joomla JiFile 2.3.1 Arbitrary File Download (0)
05-01: Agent Tesla Botnet Information Disclosure (0)
05-01: Pimcore Unserialize Remote Code Execution (0)
05-01: APT Package Manager Persistence (0)
05-01: AIS Logistics ESEL-Server SQL Injection / Code Execution (0)
05-01: Linux Missing Lockdown (0)
05-01: Revive Adserver Deserialization / Open Redirect (0)
05-01: Freefloat FTP Server 1.0 SIZE Buffer Overflow (0)
05-01: Freefloat FTP Server 1.0 STOR Buffer Overflow (0)
05-01: Netgear DGN2200 / DGND3700 Admin Password Disclosure (0)
05-01: Veeam ONE Reporter 9.5.0.3201 Cross Site Request Forgery (0)
05-01: Veeam ONE Reporter 9.5.0.3201 Cross Site Scripting (0)
05-01: Domoticz 4.10577 Unauthenticated Remote Command Execution (0)
05-01: Intelbras IWR 3000N Denial Of Service (0)
05-01: Intelbras IWR 3000N 1.5.0 Cross Site Request Forgery (0)
05-01: HumHub 1.3.12 Cross Site Scripting (0)
05-01: Spring Cloud Config 2.1.x Path Traversal (0)
05-01: Yum Package Manager Persistence (0)
05-01: [webapps] CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) – Domain Field (Add DNS Zone) Cross-Site Scripting (0)

April 2019 (334)

04-30: http://photharamhosp.go.th/sm2//images/db.txt (0)
04-30: http://nongkhamsuphan.go.th/images/db.txt (0)
04-30: [remote] Freefloat FTP Server 1.0 – 'SIZE' Remote Buffer Overflow (0)
04-30: [papers] [Turkish] Tunelleme Teknikleri ile Firewall Atlatmak (0)
04-30: [webapps] Hyvikk Fleet Manager – Shell Upload (0)
04-30: [webapps] Agent Tesla Botnet – Information Disclosure (0)
04-30: [remote] Freefloat FTP Server 1.0 – 'STOR' Remote Buffer Overflow (0)
04-30: [webapps] Netgear DGN2200 / DGND3700 – Admin Password Disclosure (0)
04-30: [remote] Moodle 3.6.3 – 'Install Plugin' Remote Command Execution (Metasploit) (0)
04-30: [webapps] Joomla! Component JiFile 2.3.1 – Arbitrary File Download (0)
04-30: [webapps] Domoticz 4.10577 – Unauthenticated Remote Command Execution (0)
04-30: [webapps] HumHub 1.3.12 – Cross-Site Scripting (0)
04-30: [webapps] Spring Cloud Config 2.1.x – Path Traversal (Metasploit) (0)
04-30: [webapps] Joomla! Component ARI Quiz 3.7.4 – SQL Injection (0)
04-30: [webapps] Intelbras IWR 3000N 1.5.0 – Cross-Site Request Forgery (0)
04-30: [webapps] Veeam ONE Reporter 9.5.0.3201 – Persistent Cross-site Scripting (Add/Edit Widget) (0)
04-30: [webapps] Intelbras IWR 3000N – Denial of Service (Remote Reboot) (0)
04-30: [webapps] Veeam ONE Reporter 9.5.0.3201 – Multiple Cross-Site Request Forgery (0)
04-30: [webapps] Veeam ONE Reporter 9.5.0.3201 – Persistent Cross-Site Scripting (0)
04-29: SGI IRIX 6.4.x Run-Time Linker Arbitrary File Creation (0)
04-28: NSauditor 3.1.2.0 Community Denial Of Service (0)
04-28: NSauditor 3.1.2.0 Name Denial Of Service (0)
04-28: Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting (0)
04-28: Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection (0)
04-28: Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change (0)
04-28: Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution (0)
04-28: Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting (0)
04-28: Sierra Wireless AirLink ES450 SNMPD Hard-Coded Credentials (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Cross Site Request Forgery (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Information Disclosure (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment (0)
04-28: Joomla ARI Quiz 3.7.4 SQL Injection (0)
04-28: Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure (0)
04-28: Sierra Wireless AirLink ES450 ACEManager Information Exposure (0)
04-27: osTicket 1.11 Cross Site Scripting / Local File Inclusion (0)
04-27: Lavavo CD Ripper 4.20 Buffer Overflow (0)
04-27: systemd DynamicUser SetUID Binary Creation (0)
04-26: Chrome NewFixedDoubleArray Integer Overflow (0)
04-26: HeidiSQL Portable 10.1.0.5464 Denial Of Service (0)
04-26: Backup Key Recovery 2.2.4 Denial Of Service (0)
04-26: JioFi 4G M2S 1.0.2 Cross Site Scripting (0)
04-26: JioFi 4G M2S 1.0.2 Denial Of Service (0)
04-26: [dos] systemd – DynamicUser can Create setuid Binaries when Assisted by Another Process (0)
04-26: [webapps] Apache Pluto 3.0.0 / 3.0.1 – Persistent Cross-Site Scripting (0)
04-26: [dos] NSauditor 3.1.2.0 – 'Name' Denial of Service (PoC) (0)
04-26: [dos] NSauditor 3.1.2.0 – 'Community' Denial of Service (PoC) (0)
04-25: ManageEngine Applications Manager 14.0 SQL Injection / Command Injection (0)
04-25: Linux Overflow Via FUSE (0)
04-25: 74CMS 5.0.1 Cross Site Request Forgery (0)
04-25: Linux Siemens R3964 Line Discipline Missing Lock (0)
04-25: Sony Smart TV Information Disclosure / File Read (0)
04-25: VirtualBox COM RPC Interface Code Injection / Privilege Escalation (0)
04-25: RARLAB WinRAR ACE Format Input Validation Remote Code Execution (0)
04-25: https://envocc.ddc.moph.go.th//xampp/lang.tmp (0)
04-25: [local] RARLAB WinRAR 5.61 – ACE Format Input Validation Remote Code Execution (Metasploit) (0)
04-25: [local] Lavavo CD Ripper 4.20 – 'License Activation Name' Buffer Overflow (SEH) (0)
04-25: [dos] AnMing MP3 CD Burner 2.0 – Denial of Service (PoC) (0)
04-25: [webapps] osTicket 1.11 – Cross-Site Scripting / Local File Inclusion (0)
04-25: [dos] JioFi 4G M2S 1.0.2 – Denial of Service (0)
04-25: [webapps] JioFi 4G M2S 1.0.2 – 'mask' Cross-Site Scripting (0)
04-25: [dos] Backup Key Recovery 2.2.4 – Denial of Service (PoC) (0)
04-25: [dos] HeidiSQL 10.1.0.5464 – Denial of Service (PoC) (0)
04-24: Ross Video DashBoard 8.5.1 Insecure Permissions (0)
04-24: [shellcode] Linux/x86 – Rabbit Shellcode Crypter (200 bytes) (0)
04-24: [remote] Google Chrome 72.0.3626.121 / 74.0.3725.0 – 'NewFixedDoubleArray' Integer Overflow (0)
04-24: [local] VirtualBox 6.0.4 r128413 – COM RPC Interface Code Injection Host Privilege Escalation (0)
04-23: Ease Audio Converter 5.30 Denial Of Service (0)
04-23: Google Chrome 73.0.3683.103 V8 JavaScript Engine Denial Of Service (0)
04-23: WordPress Contact Form Builder 1.0.67 CSRF / LFI (0)
04-23: [dos] Linux – 'page->_refcount' Overflow via FUSE (0)
04-23: [dos] Linux – Missing Locking in Siemens R3964 Line Discipline Race Condition (0)
04-23: [dos] systemd – Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit (0)
04-23: [local] Ross Video DashBoard 8.5.1 – Insecure Permissions (0)
04-22: http://harisk.nah.go.th/zz.htm (0)
04-22: http://educationarmy3.nah.go.th/zz.htm (0)
04-22: http://www.sknhospital.go.th/zz.htm (0)
04-22: http://www.ramsurin.go.th/zz.htm (0)
04-22: http://ceramic.dss.go.th/vz.txt (0)
04-22: http://project.dss.go.th/vz.txt (0)
04-22: http://foodcontact.dss.go.th/vz.txt (0)
04-22: http://bas.dss.go.th/vz.txt (0)
04-22: http://rspg.dss.go.th/vz.txt (0)
04-22: http://km.dss.go.th/vz.txt (0)
04-22: http://otop.dss.go.th/vz.txt (0)
04-22: http://glass.dss.go.th/vz.txt (0)
04-22: http://rubber.dss.go.th/vz.txt (0)
04-22: ChurchCRM Software 3.3.2 Database Disclosure (0)
04-22: OpenDocMan Document Management System 1.3.5 Database Disclosure (0)
04-22: RingsDB Software 1.0.0 Database Disclosure (0)
04-22: Zikula Core CMS 2.0.13 Database Disclosure (0)
04-22: LabF nfsAxe 3.7 Ping Client Buffer Overflow (0)
04-22: [remote] ManageEngine Applications Manager 14.0 – Authentication Bypass / Remote Command Execution (Metasploit) (0)
04-22: [webapps] 74CMS 5.0.1 – Cross-Site Request Forgery (Add New Admin User) (0)
04-22: [local] LabF nfsAxe 3.7 Ping Client – 'Host IP' Buffer Overflow (Direct Ret) (0)
04-22: [shellcode] Linux/ARM – Password-Protected Reverse TCP Shellcode (100 bytes) (0)
04-22: [webapps] WordPress Plugin Contact Form Builder 1.0.67 – Cross-Site Request Forgery / Local File Inclusion (0)
04-22: [dos] Google Chrome 73.0.3683.103 V8 JavaScript Engine – Out-of-Memory in Invalid Table Size Denial of Service (PoC) (0)
04-22: [dos] Ease Audio Converter 5.30 – '.mp4' Denial of Service (PoC) (0)
04-22: [webapps] Msvod 10 – Cross-Site Request Forgery (Change User Information) (0)
04-22: [dos] QNAP myQNAPcloud Connect 1.3.4.0317 – 'Username/Password' Denial of Service (0)
04-21: QNAP myQNAPcloud Connect 1.3.4.0317 Username/Password Denial Of Service (0)
04-21: Oracle Business Intelligence And XML Publisher XML Injection (0)
04-21: Oracle Business Intelligence Directory Traversal (0)
04-20: http://bantham.go.th/vz.txt (0)
04-20: Evernote 7.9 Path Traversal / Code Execution (0)
04-20: ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution (0)
04-20: Netwide Assembler (NASM) 2.14rc15 Null Pointer Dereference (0)
04-20: Atlassian Confluence Widget Connector Macro Velocity Template Injection (0)
04-20: SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation (0)
04-19: LibreOffice Macro Code Execution (0)
04-19: [remote] Atlassian Confluence Widget Connector Macro – Velocity Template Injection (Metasploit) (0)
04-19: [local] SystemTap 1.3 – MODPROBE_OPTIONS Privilege Escalation (Metasploit) (0)
04-19: [webapps] Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 – XML External Entity Injection (0)
04-19: [webapps] Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 – Directory Traversal (0)
04-18: Windows Zero Day Emerges In Active Exploits (0)
04-18: UltraVNC Viewer 1.2.2.4 Denial Of Service (0)
04-18: UltraVNC Launcher 1.2.2.4 Denial Of Service (0)
04-18: Seo Panel Newsletter 1.2.0 Cross Site Scripting (0)
04-18: RemoteMouse 3.008 Arbitrary Remote Command Execution (0)
04-18: PCHelpWare 2 1.0.0.5 SC Denial Of Service (0)
04-18: AdminExpress 1.2.5 Denial Of Service (0)
04-18: PCHelpWare 2 1.0.0.5 Group Denial Of Service (0)
04-18: Zyxel ZyWall Cross Site Scripting (0)
04-18: Zoho ManageEngine ADManager Plus 6.6 Privilege Escalation (0)
04-18: Joomla 3.9.4 Arbitrary File Deletion / Directory Traversal (0)
04-18: MailCarrier 2.51 RETR Buffer Overflow (0)
04-18: Microsoft Windows CSRSS SxSSrv Cached Manifest Privilege Escalation (0)
04-18: Microsoft Windows LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation (0)
04-18: Microsoft Windows LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation (0)
04-18: Microsoft Windows LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation (0)
04-18: Microsoft Windows LUAFV NtSetCachedSigningLevel Device Guard Bypass (0)
04-18: Microsoft Windows LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation (0)
04-18: Microsoft Windows LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition (0)
04-18: 2 Plan Team 1.0.4 Cross Site Scripting (0)
04-18: WordPress Download Manager 2.9.93 Cross Site Scripting (0)
04-18: ASUS HG100 Denial Of Service (0)
04-18: DHCP Server 2.5.2 Denial Of Service (0)
04-18: OAMbuster Multi-Threaded CVE-2018-2879 Scanner (0)
04-18: Oracle Java Runtime Environment sc_FindExtrema4 Heap Corruption (0)
04-18: Oracle Java Runtime Environment GlyphIterator::setCurrGlyphID Heap Corruption (0)
04-18: [local] LibreOffice < 6.0.7 / 6.1.3 – Macro Code Execution (Metasploit) (0)
04-18: [dos] Netwide Assembler (NASM) 2.14rc15 – NULL Pointer Dereference (PoC) (0)
04-18: [remote] ManageEngine Applications Manager 11.0 < 14.0 – SQL Injection / Remote Code Execution (Metasploit) (0)
04-18: [local] Evernote 7.9 – Code Execution via Path Traversal (0)
04-17: https://sueksa.go.th (0)
04-17: http://www2.fda.moph.go.th/fdaonline/board/wallpaper/swan.txt (0)
04-17: [dos] Oracle Java Runtime Environment – Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID (0)
04-17: [dos] DHCP Server 2.5.2 – Denial of Service (PoC) (0)
04-17: [dos] ASUS HG100 – Denial of Service (0)
04-17: [dos] Oracle Java Runtime Environment – Heap Corruption During TTF font Rendering in sc_FindExtrema4 (0)
04-17: [remote] MailCarrier 2.51 – POP3 'RETR' SEH Buffer Overflow (0)
04-16: Jobberbase CMS 2.0 SQL Injection (0)
04-16: MailCarrier 2.51 RCPT TO Buffer Overflow (0)
04-16: MailCarrier 2.51 USER Buffer Overflow (0)
04-16: MailCarrier 2.51 LIST Buffer Overflow (0)
04-16: MailCarrier 2.51 TOP Buffer Overflow (0)
04-16: Cisco RV130W Routers Management Interface Remote Command Execution (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation (0)
04-16: [webapps] Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 – Login Page Cross-Site Scripting (0)
04-16: [local] Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) – Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV NtSetCachedSigningLevel Device Guard Bypass (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 / 1709 – CSRSS SxSSrv Cached Manifest Privilege Escalation (0)
04-16: [local] Microsoft Windows 10 1809 – LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation (0)
04-16: [webapps] Joomla Core 1.5.0 – 3.9.4 – Directory Traversal / Authenticated Arbitrary File Deletion (0)
04-16: [dos] AdminExpress 1.2.5 – 'Folder Path' Denial of Service (PoC) (0)
04-16: [dos] PCHelpWare V2 1.0.0.5 – 'SC' Denial of Service (PoC) (0)
04-16: [dos] PCHelpWare V2 1.0.0.5 – 'Group' Denial of Service (PoC) (0)
04-15: [dos] UltraVNC Launcher 1.2.2.4 – 'Path' Denial of Service (PoC) (0)
04-15: [webapps] DirectAdmin 1.561 – Multiple Vulnerabilities (0)
04-15: [remote] Cisco RV130W Routers – Management Interface Remote Command Execution (Metasploit) (0)
04-15: [shellcode] Linux/x86 – Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes) (0)
04-15: [dos] UltraVNC Viewer 1.2.2.4 – 'VNC Server' Denial of Service (PoC) (0)
04-15: [remote] MailCarrier 2.51 – POP3 'TOP' SEH Buffer Overflow (0)
04-15: [remote] MailCarrier 2.51 – POP3 'LIST' SEH Buffer Overflow (0)
04-15: [remote] MailCarrier 2.51 – POP3 'USER' Buffer Overflow (0)
04-15: [remote] CuteNews 2.1.2 – 'avatar' Remote Code Execution (Metasploit) (0)
04-15: [remote] RemoteMouse 3.008 – Arbitrary Remote Command Execution (0)
04-15: [shellcode] Linux/x86 – MMX-PUNPCKLBW Encoder Shellcode (61 bytes) (0)
04-15: [remote] MailCarrier 2.51 – 'RCPT TO' Buffer Overflow (0)
04-14: http://www.onep.go.th/by.htm (0)
04-13: Internet Explorer Zero-Day Lets Hackers Steal Files From Windows PCs (0)
04-13: CyberArk EPM 10.2.1.603 Security Restrictions Bypass (0)
04-13: ATutor file_manager Remote Code Execution (0)
04-13: DirectAdmin 1.561 Cross Site Scripting (0)
04-12: Microsoft Internet Explorer 11 XML Injection (0)
04-12: Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF (0)
04-12: Microsoft Windows Contact File Format Arbitary Code Execution (0)
04-12: [webapps] ATutor < 2.2.4 – 'file_manager' Remote Code Execution (Metasploit) (0)
04-12: [shellcode] Linux/x86 – Add User to Passwd File Shellcode (149 bytes) (0)
04-12: [local] Microsoft Internet Explorer 11 – XML External Entity Injection (0)
04-12: [local] CyberArk EPM 10.2.1.603 – Security Restrictions Bypass (0)
04-11: PHP 7.2 imagecolormatch() Out-Of-Band Heap Write (0)
04-11: Ashop Shopping Cart Software SQL Injection (0)
04-11: TP-LINK TL-WR940N / TL-WR941ND Buffer Overflow (0)
04-11: Loytec LGATE-902 XSS / Traversal / File Deletion (0)
04-11: EasyIO 30P Authentication Bypass / Cross Site Scripting (0)
04-11: Apache Axis 1.4 Remote Code Execution (0)
04-11: Microsoft Windows AppX Deployment Service Privilege Escalation (0)
04-11: Dell KACE Systems Management Appliance (K1000) 6.4.120756 Code Execution (0)
04-11: D-Link DI-524 2.06RU Cross Site Scripting (0)
04-11: FTPShell Server 6.83 Virtual Path Mapping Local Buffer Overflow (0)
04-11: FTPShell Server 6.83 Account Name To Ban Local Buffer Overflow (0)
04-11: NekoCMS 2.5 Database Disclosure (0)
04-11: Themosis Framework BookStore 1.3.0 Database Disclosure (0)
04-11: YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure (0)
04-11: Chrome FileChooserImpl Use-After-Free (0)
04-11: Horde Form Shell Upload (0)
04-10: Jobgator SQL Injection (0)
04-10: ShoreTel Connect ONSITE Cross Site Scripting / Session Fixation (0)
04-10: FlexHEX 2.71 Buffer Overflow (0)
04-10: Bolt CMS 3.6.6 Cross Site Request Forgery / Code Execution (0)
04-10: River Past Cam Do 3.7.6 Local Buffer Overflow (0)
04-10: WordPress Limit Login Attempts Reloaded 2.7.4 Bypass (0)
04-10: AllPlayer 7.4 SEH Buffer Overflow (0)
04-10: CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) Cross Site Scripting (0)
04-10: CARPE (DIEM) Apache 2.4.x Local Privilege Escalation (0)
04-10: [webapps] D-Link DI-524 V2.06RU – Multiple Cross-Site Scripting (0)
04-10: [local] FTPShell Server 6.83 – 'Virtual Path Mapping' Local Buffer (0)
04-10: [local] FTPShell Server 6.83 – 'Account name to ban' Local Buffer (0)
04-10: [webapps] Dell KACE Systems Management Appliance (K1000) 6.4.120756 – Unauthenticated Remote Code Execution (0)
04-09: [local] Microsoft Windows – AppX Deployment Service Privilege Escalation (0)
04-09: [remote] Apache Axis 1.4 – Remote Code Execution (0)
04-09: [webapps] Ashop Shopping Cart Software – 'bannedcustomers.php?blacklistitemid' SQL Injection (0)
04-09: [shellcode] Linux/x64 – XANAX Decoder Shellcode (127 bytes) (0)
04-09: [shellcode] Linux/x64 – XANAX Encoder Shellcode (127 bytes) (0)
04-09: [remote] TP-LINK TL-WR940N / TL-WR941ND – Buffer Overflow (0)
04-08: [local] Apache 2.4.17 < 2.4.38 – 'apache2ctl graceful' 'logrotate' Local Privilege Escalation (0)
04-08: [webapps] Bolt CMS 3.6.6 – Cross-Site Request Forgery / Remote Code Execution (0)
04-08: [webapps] Jobgator – 'experience' SQL Injection (0)
04-08: [local] FlexHEX 2.71 – SEH Buffer Overflow (Unicode) (0)
04-08: [webapps] ShoreTel Connect ONSITE < 19.49.1500.0 – Multiple Vulnerabilities (0)
04-08: [webapps] SaLICru -SLC-20-cube3(5) – HTML Injection (0)
04-08: [remote] QNAP Netatalk < 3.1.12 – Authentication Bypass (0)
04-08: [webapps] ManageEngine ServiceDesk Plus 9.3 – User Enumeration (0)
04-08: [local] Download Accelerator Plus (DAP) 10.0.6.0 – SEH Buffer Overflow (0)
04-08: [webapps] Tradebox CryptoCurrency – 'symbol' SQL Injection (0)
04-08: [webapps] WordPress Plugin Limit Login Attempts Reloaded 2.7.4 – Login Limit Bypass (0)
04-08: [webapps] CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) – Cross-Site Scripting (0)
04-08: [local] River Past Cam Do 3.7.6 – 'Activation Code' Local Buffer Overflow (0)
04-08: [local] AllPlayer 7.4 – SEH Buffer Overflow (Unicode) (0)
04-07: Arris Touchstone TG1672 Credential Disclosure (0)
04-07: Open-Xchange AppSuite 7.10.1 Information Disclosure / Improper Access Control (0)
04-07: WordPress Form Maker 1.13.2 Cross Site Request Forgery / Local File Inclusion (0)
04-07: NC450 1.5.0 Build 181022 Rel.3A033D Hardcoded Credentials (0)
04-06: Magic ISO Maker 5.5 Build 281 Denial Of Service (0)
04-06: Lupusec XT2 Plus Main Panel Shared Secrets / Secret Disclosure / CSRF (0)
04-06: WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery (0)
04-06: AIDA64 Extreme 5.99.4900 SEH Buffer Overflow (0)
04-06: Manage Engine ServiceDesk Plus 9.3 Privilege Escalation (0)
04-06: FreeSMS 2.1.2 SQL Injection (0)
04-06: WordPress 5.0.0 crop-image Shell Upload (0)
04-05: iScripts ReserveLogic SQL Injection (0)
04-05: Ashop Shopping Cart Software SQL Injection (0)
04-05: AIDA64 Business 5.99.4900 SEH Buffer Overflow (0)
04-05: PhreeBooks ERP 5.2.3 Arbitrary File Upload (0)
04-05: PhreeBooks ERP 5.2.3 Remote Command Execution (0)
04-05: Clinic Pro 4 SQL Injection (0)
04-05: TeemIp IPAM Command Injection (0)
04-05: Apache 2.4.38 Root Privilege Escalation (0)
04-05: Chrome 73.0.3683.86 Stable Proof Of Concept (0)
04-05: [remote] WordPress 5.0.0 – Crop-image Shell Upload (Metasploit) (0)
04-05: [webapps] WordPress Plugin Contact Form Maker 1.13.1 – Cross-Site Request Forgery (0)
04-05: [local] AIDA64 Extreme 5.99.4900 – 'Logging' SEH Buffer Overflow (0)
04-05: [webapps] Manage Engine ServiceDesk Plus 9.3 – Privilege Escalation (0)
04-04: [webapps] FreeSMS 2.1.2 – SQL Injection (Authentication Bypass) (0)
04-04: [local] AIDA64 Engineer 5.99.4900 – 'Load from file' Field Buffer Overflow (SEH) (0)
04-04: [dos] Magic ISO Maker 5.5(build 281) – 'Serial Code' Denial of Service (PoC) (0)
04-03: XNU Unsafe Pidversion Increment During Execve (0)
04-03: WebKitGTK+ ThreadedCompositor Race Condition (0)
04-03: Chrome V8TrustedTypePolicyOptions::ToImpl Type Confusion (0)
04-03: Chrome JSPromise::TriggerPromiseReactions Type Confusion (0)
04-03: Chrome ReadableStream Internal Object Leak (0)
04-03: Inout RealEstate SQL Injection (0)
04-03: Inout EasyRooms Ultimate Edition 1.0 SQL Injection (0)
04-03: WordPress PayPal Checkout Payment Gateway 1.6.8 Parameter Tampering (0)
04-03: AIDA64 Extreme Edition 5.99.4800 Buffer Overflow (0)
04-03: CMS Made Simple SQL Injection (0)
04-03: LimeSurvey Deserialization Remote Code Execution (0)
04-03: HP Color LaserJet CP4025 Printers 6.7.0.x Authentication Bypass (0)
04-03: HP Color LaserJet CP4525 Printers 6.7.0.x Authentication Bypass (0)
04-03: HP LaserJet 5200 HP LaserJet 5200 Authentication Bypass (0)
04-03: HP LaserJet P3015 Printers 6.7.0.x Authentication Bypass (0)
04-03: HP LaserJet P4014/P4015 Printers 6.7.0.x Authentication Bypass (0)
04-03: JioFi 4G M2S 1.0.2 Cross Site Request Forgery (0)
04-03: Coders Survey 3.4.10 Database Disclosure (0)
04-03: DataWrapper ProtoType 0.8 Database Disclosure (0)
04-03: Ektron CMS 9 Database Disclosure (0)
04-03: Mash Project Integrated 4.2.7.1 Database Disclosure (0)
04-03: Shinobi Security Software 1.0 Database Disclosure (0)
04-03: Directus Suite CMS 7.0.15 Database Disclosure (0)
04-03: Oracle Weblogic Server Deserialization RMI UnicastRef Remote Code Execution (0)
04-03: phpFileManager 1.7.8 Local File Inclusion (0)
04-03: [dos] SpiderMonkey – IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion) (0)
04-03: [dos] WebKitGTK+ – 'ThreadedCompositor' Race Condition (0)
04-03: [webapps] iScripts ReserveLogic – SQL Injection (0)
04-03: [dos] Google Chrome 72.0.3626.81 – 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion (0)
04-03: [webapps] Clinic Pro v4 – 'month' SQL Injection (0)
04-03: [dos] Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 – 'ReadableStream' Internal Object Leak Type Confusion (0)
04-03: [webapps] PhreeBooks ERP 5.2.3 – Arbitrary File Upload (0)
04-03: [remote] Cisco RV320 and RV325 – Unauthenticated Remote Code Execution (Metasploit) (0)
04-03: [remote] PhreeBooks ERP 5.2.3 – Remote Command Execution (0)
04-03: [webapps] Ashop Shopping Cart Software – SQL Injection (0)
04-03: [remote] TeemIp IPAM < 2.4.0 – 'new_config' Command Injection (Metasploit) (0)
04-03: [local] AIDA64 Business 5.99.4900 – SEH Buffer Overflow (EggHunter) (0)
04-03: [dos] WebKit JavaScriptCore – CodeBlock Dangling Watchpoints Use-After-Free (0)
04-03: [dos] WebKit JavaScriptCore – Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check (0)
04-03: [dos] iOS < 12.2 / macOS < 10.14.4 XNU – pidversion Increment During execve is Unsafe (0)
04-03: [dos] WebKit JavaScriptCore – 'createRegExpMatchesArray' Type Confusion (0)
04-03: [remote] Google Chrome 72.0.3626.96 / 74.0.3702.0 – 'JSPromise::TriggerPromiseReactions' Type Confusion (0)
04-02: https://hearing.dmf.go.th/q.htm (0)
04-02: [webapps] phpFileManager 1.7.8 – Local File Inclusion (0)
04-02: [webapps] Fiverr Clone Script 1.2.2 – SQL Injection / Cross-Site Scripting (0)
04-02: [local] AIDA64 Extreme Edition 5.99.4800 – Local SEH Buffer Overflow (0)
04-02: [webapps] CMS Made Simple < 2.2.10 – SQL Injection (0)
04-02: [webapps] LimeSurvey < 3.16 – Remote Code Execution (0)
04-02: [webapps] WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 – Parameter Tampering (0)
04-02: [webapps] JioFi 4G M2S 1.0.2 – Cross-Site Request Forgery (0)
04-02: [webapps] Inout EasyRooms – SQL Injection (0)
04-02: [webapps] Inout RealEstate – 'city' SQL Injection (0)
04-01: Packet Storm New Exploits For March, 2019 (0)
04-01: WordPress Feed Statistics 4.1 Open Redirection (0)
04-01: Classified Ad Lister 2.0 Arbitrary File Upload (0)
04-01: SphereFTP 2.0 Denial Of Service (0)
04-01: Zeuscart 3.0 User Detail Disclosure (0)
04-01: zipperSNAP 7.0.28 Directory Traversal (0)
04-01: zipperSNAP 7.0.28 Cross Site Scripting (0)
04-01: zStore 1.10 Cross Site Scripting (0)
04-01: WordPress Ultimate Member 2.0.38 Cross Site Request Forgery (0)
04-01: Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection (0)
04-01: https://www.labour.go.th/pwnd.txt (0)

March 2019 (347)

03-30: CentOS Web Panel 0.9.8.789 Cross Site Scripting (0)
03-30: Cisco RV320 / RV325 Unauthenticated Remote Code Execution (0)
03-29: Google Drops Zero Day On TP-Link Smart Home Routers (0)
03-29: Masch CMStudio Banners 8.6.1 Open Redirection (0)
03-29: WordPress Ultimate Form Builder 1.0 Database Disclosure (0)
03-29: Magento 2.3.0 SQL Injection (0)
03-29: Pydio 8 Command Execution / Cross Site Scripting (0)
03-29: Apple Security Advisory 2019-3-27-1 (0)
03-29: [webapps] CentOS Web Panel 0.9.8.789 – NameServer Field Persistent Cross-Site Scripting (0)
03-28: WordPress AND-AntiBounce 1.0.3 Open Redirection (0)
03-28: Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation (0)
03-28: WordPress WP-Forum 1.7.8 Database Disclosure (0)
03-28: SJS Simple Job Script SQL Injection / Cross Site Scripting (0)
03-28: Jettweb Php Hazir ilan Sitesi Scripti 2 SQL Injection (0)
03-28: Rukovoditel ERP And CRM 2.4.1 Cross Site Scripting (0)
03-28: XooGallery SQL Injection (0)
03-28: XooDigital SQL Injection (0)
03-28: Firefox Array.prototype.slice Buffer Overflow (0)
03-28: Jettweb Hazir Rent A Car Scripti 4 SQL Injection (0)
03-28: Joomla ARI Image Slider 2.2.0 Cross Site Request Forgery / Shell Upload (0)
03-28: Cisco RV320 Unauthenticated Configuration Export (0)
03-28: Cisco RV320 Unauthenticated Diagnostic Data Retrieval (0)
03-28: Cisco RV320 Command Injection (0)
03-28: Fat Free CRM 0.19.0 HTML Injection (0)
03-28: GnuTLS verify_crt() Use-After-Free (0)
03-28: SpiderMonkey IonMonkey Type Confusion (0)
03-28: Oracle Weblogic Server Deserialization Remote Code Execution (0)
03-28: CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution (0)
03-28: [dos] Microsoft Visio 2016 16.0.4738.1000 – 'Log in accounts' Denial of Service (0)
03-28: [remote] CMS Made Simple (CMSMS) Showtime2 – File Upload RCE (Metasploit) (0)
03-28: [webapps] Airbnb Clone Script – Multiple SQL Injection (0)
03-28: [remote] Oracle Weblogic Server Deserialization RCE – Raw Object (Metasploit) (0)
03-28: [webapps] WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 – Local File Inclusion (0)
03-28: [webapps] Fat Free CRM 0.19.0 – HTML Injection (0)
03-28: [webapps] Thomson Reuters Concourse & Firm Central < 2.13.0097 – Directory Traversal / Local File Inclusion (0)
03-28: [dos] gnutls 3.6.6 – 'verify_crt()' Use-After-Free (0)
03-28: [local] Base64 Decoder 1.1.2 – Local Buffer Overflow (SEH Egghunter) (0)
03-28: [webapps] Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 – 'arac_kategori_id' SQL Injection (0)
03-28: [webapps] Job Portal 3.1 – 'job_submit' SQL Injection (0)
03-28: [webapps] BigTree 4.3.4 CMS – Multiple SQL Injection (0)
03-28: [webapps] i-doit 1.12 – 'qr.php' Cross-Site Scripting (0)
03-28: [webapps] WordPress Plugin Loco Translate 2.2.1 – Local File Inclusion (0)
03-27: Titan FTP Server 2019 Build 3505 Directory Traversal (0)
03-27: [webapps] Jettweb Hazır Rent A Car Scripti V4 – SQL Injection (0)
03-26: Apple Security Advisory 2019-3-25-2 (0)
03-26: Apple Security Advisory 2019-3-25-7 (0)
03-26: Apple Security Advisory 2019-3-25-4 (0)
03-26: Apple Security Advisory 2019-3-25-3 (0)
03-26: Apple Security Advisory 2019-3-25-5 (0)
03-26: Apple Security Advisory 2019-3-25-1 (0)
03-26: Apple Security Advisory 2019-3-25-6 (0)
03-26: X-NetStat Pro 5.63 Local Buffer Overflow (0)
03-26: Jettweb PHP Hazir Haber Sitesi Scripti 1 SQL Injection (0)
03-26: WordPress Plugins Open Redirection 2019/03/25 (0)
03-26: Jettweb PHP Hazir Haber Sitesi Scripti 2 SQL Injection (0)
03-26: Jettweb PHP Hazir Haber Sitesi Scripti 3 SQL Injection (0)
03-26: VMware Host VMX Process Impersonation Hijack Privilege Escalation (0)
03-26: VMware Host VMX Process COM Class Hijack Privilege Escalation (0)
03-26: Zeeways Matrimony CMS SQL Injection (0)
03-26: Zeeways Jobsite CMS SQL Injection (0)
03-26: SPIP CMS 2.x / 3.x Add Administrator / File Upload (0)
03-26: PCMan FTP Server 2.0 CDUP Remote Buffer Overflow (0)
03-26: DASAN H660RM Information Disclosure / Hardcoded Key (0)
03-26: WordPress article2pdf 0.24 DoS / File Deletion / Disclosure (0)
03-26: Advanced Bash-Scripting Guide Code Execution (0)
03-26: [dos] Spidermonkey – IonMonkey Type Inference is Incorrect for Constructors Entered via OSR (0)
03-26: [dos] Microsoft Windows 7/2008 – 'Win32k' Denial of Service (PoC) (0)
03-26: [webapps] SJS Simple Job Script – SQL Injection / Cross-Site Scripting (0)
03-26: [webapps] Titan FTP Server Version 2019 Build 3505 – Directory Traversal / Local File Inclusion (0)
03-26: [webapps] XooDigital – 'p' SQL Injection (0)
03-26: [webapps] XooGallery – Multiple SQL Injection (0)
03-26: [webapps] Rukovoditel ERP & CRM 2.4.1 – 'path' Cross-Site Scripting (0)
03-26: [papers] JMX RMI – Multiple Applications Remote Code Execution (0)
03-26: [webapps] Jettweb Php Hazır İlan Sitesi Scripti V2 – SQL Injection (0)
03-26: [dos] Firefox < 66.0.1 – 'Array.prototype.slice' Buffer Overflow (0)
03-25: Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting (0)
03-25: TCPDF 6.2.19 Deserialization / Remote Code Execution (0)
03-25: [webapps] Zeeways Matrimony CMS – SQL Injection (0)
03-25: [webapps] Zeeways Jobsite CMS – 'id' SQL Injection (0)
03-25: [local] VMware Workstation 14.1.5 / VMware Player 15 – Host VMX Process COM Class Hijack Privilege Escalation (0)
03-25: [local] VMware Workstation 14.1.5 / VMware Player 15.0.2 – Host VMX Process Impersonation Hijack Privilege Escalation (0)
03-25: [webapps] Jettweb PHP Hazır Haber Sitesi Scripti V3 – SQL Injection (0)
03-25: [webapps] Jettweb PHP Hazır Haber Sitesi Scripti V1 – SQL Injection (0)
03-25: [webapps] Jettweb PHP Hazır Haber Sitesi Scripti V2 – SQL Injection (Authentication Bypass) (0)
03-25: [webapps] Apache CouchDB 2.3.1 – Cross-Site Request Forgery / Cross-Site Scripting (0)
03-25: [local] X-NetStat Pro 5.63 – Local Buffer Overflow (0)
03-23: Meeplace Business Review Script SQL Injection (0)
03-23: Inout Article Base CMS SQL Injection (0)
03-23: Matri4Web Matrimony Web Script SQL Injection (0)
03-23: WordPress Themes Open Redirection 2019/03/22 (0)
03-22: Netartmedia Vlog System SQL Injection (0)
03-22: snap seccomp TIOCSTI Blacklist Circumvention (0)
03-22: https://hrh.go.th/kurd.html (0)
03-22: [dos] snap – seccomp BBlacklist for TIOCSTI can be Circumvented (0)
03-22: [webapps] Inout Article Base CMS – SQL Injection (0)
03-22: [webapps] Meeplace Business Review Script – 'id' SQL Injection (0)
03-22: [webapps] Matri4Web Matrimony Website Script – Multiple SQL Injection (0)
03-21: Netartmedia Deals Portal SQL Injection (0)
03-21: Netartmedia PHP Car Dealer SQL Injection (0)
03-21: Netartmedia PHP Dating Site SQL Injection (0)
03-21: 202CMS 10beta SQL Injection (0)
03-21: Netartmedia PHP Business Directory 4.2 SQL Injection (0)
03-21: Netartmedia Jobs Portal 6.1 SQL Injection (0)
03-21: Netartmedia PHP Real Estate Agency 4.0 SQL Injection (0)
03-21: PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery (0)
03-21: PLC Wireless Router GPN2.4P21-C-CN Incorrect Access Control (0)
03-21: NetShareWatcher 1.5.8.0 Local SEH Buffer Overflow (0)
03-21: JFrog Artifactory Administrator Authentication Bypass (0)
03-21: NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash (0)
03-21: http://www.hadnangkaew.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.koktoom.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.nmtb.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.nondeangcity.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.tharttong.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.chongsammor.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.huay-ang.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kaengdinso.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kapangpolice.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.khamsomboon.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kohloi.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.kokhan.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.nongphailom.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.saiyong-chaiwan.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.sama.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.t-nakham.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.talad.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.tambonbuayai.go.th/activity/images/ph.hitachi.shtml (0)
03-21: http://www.thanangnaew.go.th/activity/images/ph.hitachi.shtml (0)
03-21: [webapps] Bootstrapy CMS – Multiple SQL Injection (0)
03-21: [dos] Canarytokens 2019-03-01 – Detection Bypass (0)
03-20: MyBB Upcoming Events 1.32 Cross Site Scripting (0)
03-20: Netartmedia Real Estate Portal 5.0 SQL Injection (0)
03-20: Netartmedia Event Portal 2.0 SQL Injection (0)
03-20: Gila CMS 1.9.1 Cross Site Scripting (0)
03-20: Netartmedia PHP Mall 4.1 SQL Injection (0)
03-20: eNdonesia Portal 8.7 Iframe Injection / SQL Injection (0)
03-20: Chrome ExtensionsGuestViewMessageFilter Data Race (0)
03-20: Advanced Host Monitor 11.92 Beta Local Buffer Overflow (0)
03-20: Chrome FileSystemOperationRunner Use-After-Free (0)
03-20: Chrome MidiManagerWin Use-After-Free (0)
03-20: Microsoft Windows IE11 VBScript Execution Policy Bypass In MSHTML (0)
03-20: Chrome StoragePartitionService Double-Destruction Race (0)
03-20: JFrog Artifactory Pro 6.5.9 Signature Validation (0)
03-20: VBScript VbsErase Memory Corruption (0)
03-20: Microsoft Edge Flash click2play Bypass (0)
03-19: PHP MySQLi Database Class 2.9.2 SQL Injection (0)
03-19: CSZ CMS 1.2.1 Arbitrary File Upload (0)
03-19: WordPress FormCraft 2.0 CSRF / Shell Upload (0)
03-19: WinMPG Video Convert 9.3.5 Denial Of Service (0)
03-19: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service (0)
03-19: TheCarProject 2 SQL Injection (0)
03-19: Gitea 1.7.3 HTML Injection (0)
03-19: libseccomp Incorrect Compilation Of Arithmetic Comparisons (0)
03-19: exacqVision 9.8 Unquoted Service Path Privilege Escalation (0)
03-19: Jenkins ACL Bypass / Metaprogramming Remote Code Execution (0)
03-19: [webapps] Netartmedia Real Estate Portal 5.0 – SQL Injection (0)
03-19: [webapps] Netartmedia PHP Mall 4.1 – SQL Injection (0)
03-19: [local] Advanced Host Monitor 11.92 beta – Local Buffer Overflow (0)
03-19: [webapps] Netartmedia Event Portal 2.0 – 'Email' SQL Injection (0)
03-19: [webapps] eNdonesia Portal 8.7 – Multiple Vulnerabilities (0)
03-19: [webapps] Gila CMS 1.9.1 – Cross-Site Scripting (0)
03-19: [webapps] MyBB Upcoming Events Plugin 1.32 – Cross-Site Scripting (0)
03-18: [remote] BMC Patrol Agent – Privilege Escalation Code Execution Execution (Metasploit) (0)
03-18: [webapps] TheCarProject 2 – Multiple SQL Injection (0)
03-18: [dos] WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 – Denial of Service (0)
03-18: [dos] WinMPG Video Convert 9.3.5 – Denial of Service (0)
03-16: Laundry CMS SQL / Iframe Injection (0)
03-16: NetData 1.13.0 HTML Injection (0)
03-16: Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure (0)
03-16: CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload (0)
03-16: ICE HRM 23.0 SQL / Iframe Injection (0)
03-16: Mail Carrier 2.5.1 Buffer Overflow (0)
03-16: Moodle 3.4.1 Remote Code Execution (0)
03-16: BMC Patrol Agent Privilege Escalation / Command Execution (0)
03-16: Webmin 1.900 Upload Authenticated Remote Command Execution (0)
03-15: Root Cause Of The CVE-2019-0808 Kernel Privilege Escalation (0)
03-15: FTPGetter Standard 5.97.0.177 Remote Code Execution (0)
03-15: Pegasus CMS 1.0 Remote Code Execution (0)
03-15: Apache UNO API Remote Code Execution (0)
03-15: Proof Of Concept Code Published For Windows 7 Zero Day (0)
03-15: [webapps] Moodle 3.4.1 – Remote Code Execution (0)
03-15: [webapps] Vembu Storegrid Web Interface 4.4.0 – Multiple Vulnerabilities (0)
03-15: [webapps] ICE HRM 23.0 – Multiple Vulnerabilities (0)
03-15: [remote] Mail Carrier 2.5.1 – 'MAIL FROM' Buffer Overflow (0)
03-15: [webapps] NetData 1.13.0 – HTML Injection (0)
03-15: [webapps] CMS Made Simple Showtime2 Module 3.6.2 – Authenticated Arbitrary File Upload (0)
03-15: [webapps] Laundry CMS – Multiple Vulnerabilities (0)
03-14: Microsoft Windows MSHTML Engine Edit Remote Code Execution (0)
03-14: WordPress GraceMedia Media Player 1.0 Local File Inclusion (0)
03-14: pfSense 2.4.4-p1 (HAProxy Package 0.59_14) Cross Site Scripting (0)
03-14: Apache Tika Server Command Injection (0)
03-14: ntopng 3.8.190307 Community Edition Cross Site Scripting (0)
03-14: Intel Modular Server System 10.18 Cross Site Request Forgery (0)
03-14: [webapps] Pegasus CMS 1.0 – 'extra_fields.php' Plugin Remote Code Execution (0)
03-14: [webapps] Intel Modular Server System 10.18 – Cross-Site Request Forgery (Change Admin Password) (0)
03-14: [remote] Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API – Remote Code Execution (0)
03-14: [remote] FTPGetter Standard 5.97.0.177 – Remote Code Execution (0)
03-13: CoreFTP Server FTP / SFTP Server 2 Build 674 MDTM Directory Traversal (0)
03-13: WordPress WP Fastest Cache 0.8.9.0 Arbitrary File Deletion (0)
03-13: NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution (0)
03-13: Microsoft Windows .Reg File / Dialog Box Message Spoofing (0)
03-13: Core FTP 2.0 Build 653 PBSZ Denial Of Service (0)
03-13: PilusCart 1.4.1 Cross Site Request Forgery (0)
03-13: elFinder PHP Connector exiftran Command Injection (0)
03-13: Unpatched Windows Bug Allows Attackers To Spoof Security Dialog Boxes (0)
03-13: [webapps] WordPress Plugin GraceMedia Media Player 1.0 – Local File Inclusion (0)
03-13: [dos] Core FTP Server FTP / SFTP Server v2 Build 674 – 'MDTM' Directory Traversal (0)
03-13: [dos] Microsoft Windows – .reg File / Dialog Box Message Spoofing (0)
03-13: [dos] Core FTP Server FTP / SFTP Server v2 Build 674 – 'SIZE' Directory Traversal (0)
03-12: MeteoTemplate 17.1 Nectarine Diary 4.0 Open Redirection (0)
03-12: MeteoTemplate 17.1 Nectarine globalSnow 1.1 Open Redirection (0)
03-12: Meteotemplate 17.1 Nectarine indoorData 4.0 Open Redirection (0)
03-12: TeamCity Disabled Registration Bypass (0)
03-12: DirectAdmin 1.55 Cross Site Request Forgery (0)
03-12: McAfee ePO 5.9.1 Registered Executable Local Access Bypass (0)
03-12: Sony PlayStation 4 WebKit Code Execution (0)
03-12: Flexpaper 2.3.6 Remote Code Execution (0)
03-12: OpenKM Document Management Remote Command Execution (0)
03-12: NetSetMan 4.7.1 Buffer Overflow (0)
03-12: PRTG Network Monitor 18.2.38 Remote Code Execution (0)
03-12: Linux Kernel 4.4 (Ubuntu 16.04) snd_timer_user_ccallback() Kernel Pointer Leak (0)
03-12: Liferay CE Portal Groovy-Console Remote Command Execution (0)
03-12: [dos] Core FTP 2.0 build 653 – 'PBSZ' Denial of Service (PoC) (0)
03-12: [webapps] PilusCart 1.4.1 – Cross-Site Request Forgery (Add Admin) (0)
03-11: http://www.huorua.go.th/d_finance/new_finance/ooo.jpg (0)
03-11: http://www.nongsangwapi.go.th/f_rules/new_rules/ooo.jpg (0)
03-11: [webapps] PRTG Network Monitor 18.2.38 – Authenticated Remote Code Execution (0)
03-11: [shellcode] Linux/x86 – MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes) (0)
03-11: [local] NetSetMan 4.7.1 – Local Buffer Overflow (SEH Unicode) (0)
03-11: [dos] Linux Kernel 4.4 (Ubuntu 16.04) – 'snd_timer_user_ccallback()' Kernel Pointer Leak (0)
03-11: [webapps] Flexpaper PHP Publish Service 2.3.6 – Remote Code Execution (0)
03-11: [webapps] OpenKM 6.3.2 < 6.3.7 – Remote Command Execution (Metasploit) (0)
03-11: [webapps] Liferay CE Portal < 7.1.2 ga3 – Remote Command Execution (Metasploit) (0)
03-11: [shellcode] Linux/x86 – Polymorphic execve(/bin/sh) Shellcode (63 bytes) (0)
03-08: phpBB 3.2.3 Remote Code Execution (0)
03-08: Sparkasse Cross Site Scripting (0)
03-08: Anyburn 4.x x86 Buffer Overflow (0)
03-08: QNAP TS-431 QTS Remote Command Execution (0)
03-08: OrientDB 3.0.17 GA Community Edition XSS / CSRF (0)
03-08: Kados R10 GreenBee SQL Injection (0)
03-08: Oracle Weblogic Server Deserialization Remote Command Execution (0)
03-08: A Serious Windows Zeroday Is Being Actively Exploited In The Wild (0)
03-08: [shellcode] Linux/x86 – INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes) (0)
03-08: [webapps] OrientDB 3.0.17 GA Community Edition – Cross-Site Request Forgery / Cross-Site Scripting (0)
03-08: [webapps] McAfee ePO 5.9.1 – Registered Executable Local Access Bypass (0)
03-07: Sparkasse – Multiple Persistent Cross Site Vulnerabilities (0)
03-07: EasyBoot v6.6.0.800 – Stack Buffer Overflow Vulnerability (0)
03-07: Telekom Magenta Musik 360 – Cross Site Web Vulnerabilities (0)
03-07: vBulletin 4.x Seo By vBSeo 3.3.2 Open Redirection (0)
03-07: vBulletin 4.2.5 Ajax Threads 1.1.3 Lite Open Redirection (0)
03-07: vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection (0)
03-07: Java Debug Wire Protocol Remote Code Execution (0)
03-07: vBulletin 4.2.5 vBSuper_PM 1.2.3 Lite Open Redirection (0)
03-07: OpenDocMan 1.3.4 SQL Injection (0)
03-07: vBulletin 4.2.5 Member Map 1.1.2 Open Redirection (0)
03-07: WordPress WP-Image-News-Slider 3.3 Cross Site Request Forgery / Shell Upload (0)
03-07: Babel 0.4.1 Open Redirection (0)
03-07: Sagemcom Router Insufficient Default PSK Entropy (0)
03-07: RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow (0)
03-07: Android Binder Use-After-Free (0)
03-07: Android getpidcon() ACL Bypass (0)
03-07: Linux Virtual Address 0 Mappable Via Privilege write() (0)
03-07: Drupal RESTful Web Services unserialize() Remote Code Execution (0)
03-07: Imperva SecureSphere 13.x PWS Command Injection (0)
03-07: ClearOS 7 Community Edition Cross Site Scripting (0)
03-07: Android su Privilege Escalation (0)
03-07: FreeBSD Intel SYSRET Privilege Escalation (0)
03-07: http://e-lib.ddc.moph.go.th/security/lang.tmp (0)
03-07: [remote] Drupal < 8.5.11 / < 8.6.10 – RESTful Web Services unserialize() Remote Command Execution (Metasploit) (0)
03-07: [local] FreeBSD – Intel SYSRET Privilege Escalation (Metasploit) (0)
03-07: [local] Anyburn 4.3 x86 – 'Copy disc to image file' Buffer Overflow – (UNICODE)(SEH) (0)
03-07: [remote] QNAP TS-431 QTS < 4.2.2 – Remote Command Execution (Metasploit) (0)
03-07: [webapps] Kados R10 GreenBee – Multiple SQL Injection (0)
03-07: [remote] Imperva SecureSphere 13.x – 'PWS' Command Injection (Metasploit) (0)
03-06: [dos] Android – getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass (0)
03-06: [dos] Linux < 4.20.14 – Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem (0)
03-06: [dos] Android – binder Use-After-Free via racy Initialization of ->allow_user_free (0)
03-05: Xoops 1.0.2 PD-Links 1.0 Database Disclosure (0)
03-05: Kache Cross Protocol Request Forgery (0)
03-05: Joomla ModPPCSimpleSpotLight 1.2 / 3.0 CSRF / Shell Upload (0)
03-05: 1C-Bitrix Site Management Russia 2.0 Open Redirection (0)
03-05: WordPress WP-DreamworkGallery 2.3 CSRF / Shell Upload (0)
03-05: zzzphp CMS 1.6.1 Cross Site Request Forgery (0)
03-05: Microsoft Edge Chakra 1.11.4 Type Confusion (0)
03-05: Mailtraq WebMail 2.17.7.3550 Cross Site Scripting (0)
03-05: Ability Mail Server 4.2.6 Cross Site Scripting (0)
03-05: Bold CMS 3.6.4 Cross Site Scripting (0)
03-05: Craft CMS 3.1.12 Pro Cross Site Scripting (0)
03-05: SAP J2EE Engine/7.01/Portal/EPP Protocol Cross Site Scripting (0)
03-05: SAP J2EE Engine/7.01/Fiori test2 Cross Site Scripting (0)
03-05: SAP J2EE Engine/7.01/Fiori Protocol Cross Site Scripting (0)
03-05: MarcomCentral FusionPro VDP Creator Directory Traversal (0)
03-05: Fiberhome AN5506-04-F RP2669 Cross Site Scripting (0)
03-05: elFinder 2.1.47 Command Injection (0)
03-05: Booked Scheduler 2.7.5 Remote Command Execution (0)
03-05: Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 Remote Code Execution (0)
03-05: Splunk Enterprise 7.2.4 Remote Code Execution (0)
03-05: [shellcode] Linux/x86 – XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes) (0)
03-05: [shellcode] Linux/x86 – XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes) (0)
03-05: [webapps] OpenDocMan 1.3.4 – 'search.php where' SQL Injection (0)
03-05: [webapps] OpenDocMan 1.3.4 – 'search.php where' SQL Injection (0)
03-04: SMF 2.0.15 SMF4Mobile 1.1.5 / 1.2 Open Redirection (0)
03-04: vBulletin 4.2.5 Advanced User Tagging 3.1.3 Open Redirection (0)
03-04: vBulletin 4.x.x vB Optimise 2.6.3 Pro Open Redirection (0)
03-04: XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection (0)
03-04: XenForo 1.5.x Open Redirection (0)
03-04: [dos] FileZilla 3.40.0 – 'Local search' / 'Local site' Denial of Service (PoC) (0)
03-04: [webapps] OOP CMS BLOG 1.0 – Multiple Cross-Site Request Forgery (0)
03-04: [webapps] OOP CMS BLOG 1.0 – Multiple SQL Injection (0)
03-04: [webapps] elFinder 2.1.47 – 'PHP connector' Command Injection (0)
03-04: [webapps] WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 – Multiple Bypass Vulnerabilities (0)
03-04: [webapps] CMSsite 1.0 – Multiple Cross-Site Request Forgery (0)
03-04: [webapps] Fiberhome AN5506-04-F RP2669 – Persistent Cross-Site Scripting (0)
03-04: [dos] Microsoft Edge Chakra 1.11.4 – Read Permission via Type Confusion (0)
03-04: [webapps] Booked Scheduler 2.7.5 – Remote Command Execution (Metasploit) (0)
03-04: [webapps] Craft CMS 3.1.12 Pro – Cross-Site Scripting (0)
03-04: [webapps] Bolt CMS 3.6.4 – Cross-Site Scripting (0)
03-04: [webapps] MarcomCentral FusionPro VDP Creator < 10.0 – Directory Traversal (0)
03-04: [shellcode] Linux/x64 – Kill All Processes Shellcode (11 bytes) (0)
03-04: [shellcode] Linux/x86 – NOT Encoder / Decoder – execve(/bin/sh) Shellcode (44 bytes) (0)
03-04: [webapps] Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 – Remote Code Execution (0)
03-04: [shellcode] Linux/x86 – iptables -F Shellcode (43 bytes) (0)
03-04: [webapps] Splunk Enterprise 7.2.4 – Custom App Remote Command Execution (Persistent Backdoor / Custom Binary) (0)
03-04: [webapps] zzzphp CMS 1.6.1 – Cross-Site Request Forgery (0)
03-02: CMSsite 1.0 Cross Site Request Forgery (0)
03-02: OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection (0)
03-02: FileZilla 3.40.0 Denial Of Service (0)
03-02: XNU Copy-On-Write Behavior Bypass (0)
03-01: TransMac 12.3 Denial Of Service (0)
03-01: Usermin 1.750 Remote Command Execution (0)
03-01: vBulletin 4.2.5 vBSEO 3.6.1 Open Redirection (0)
03-01: vBulletin 4.x.x DragonByte SEO 2.0.31 Open Redirection (0)
03-01: WordPress Cerber 8.0 Bypass (0)
03-01: Feng Office 3.7.0.5 Remote Command Execution (0)
03-01: FTP Server 1.32 Denial Of Service (0)
03-01: Joomla Content 3.x SQL Injection (0)
03-01: Cisco WebEx Meetings Privilege Escalation (0)
03-01: Joomla J2Store SQL Injection (0)
03-01: Packet Storm New Exploits For February, 2019 (0)
03-01: [local] Cisco WebEx Meetings < 33.6.6 / < 33.9.1 – Privilege Escalation (0)
03-01: [dos] Linux < 4.14.103 / < 4.19.25 – Out-of-Bounds Read and Write in SNMP NAT Module (0)
03-01: [dos] tcpdump < 4.9.3 – Multiple Heap-Based Out-of-Bounds Reads (0)
03-01: [dos] Google Chrome < M72 – FileWriterImpl Use-After-Free (0)
03-01: [dos] Google Chrome < M72 – RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free (0)
03-01: [dos] Google Chrome < M72 – Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost (0)
03-01: [dos] macOS XNU – Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image (0)
03-01: [dos] Google Chrome < M72 – PaymentRequest Service Use-After-Free (0)

February 2019 (490)

02-28: Simple Online Hotel Reservation System SQL Injection (0)
02-28: DomainMOD 4.11.01 category.php Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 ssl-accounts.php Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 ssl-provider-name Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 registrar-accounts.php Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 DisplayName Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 Owner Name Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 Registrar Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 Custom SSL Fields Cross Site Scripting (0)
02-28: SVG nanosvg Library Memory Corruption / Denial Of Service (0)
02-28: SQLiteManager 1.2.0 / 1.2.4 SQL Injection (0)
02-28: vBulletin 4.2.0 ChangUonDyU Chatbox 3.6.0 Cross Site Scripting (0)
02-28: DomainMOD 4.11.01 Custom Domain Cross Site Scripting (0)
02-28: Joomla Alberghi 2.1.3 File Upload / SQL Injection (0)
02-28: Simple Online Hotel Reservation System Cross Site Request Forgery (0)
02-28: tcpdump Out-Of-Bounds Read (0)
02-28: Chrome RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free (0)
02-28: Chrome P2PSocketDispatcherHost Use-After-Free (0)
02-28: Chrome FileWriterImpl Use-After-Free (0)
02-28: Chrome PaymentRequest Service Use-After-Free (0)
02-28: Zentyal Server Development Edition 6.0 Cross Site Scripting (0)
02-28: SHAREit For Android 4.0.38 Authentication Bypass / File Download (0)
02-28: [papers] Crypto Wallet Local Storage Attack (0)
02-28: [webapps] Feng Office 3.7.0.5 – Remote Command Execution (Metasploit) (0)
02-28: [webapps] Simple Online Hotel Reservation System – Cross-Site Request Forgery (Add Admin) (0)
02-28: [webapps] Simple Online Hotel Reservation System – Cross-Site Request Forgery (Delete Admin) (0)
02-28: [webapps] Simple Online Hotel Reservation System – SQL Injection (0)
02-28: [dos] TransMac 12.3 – Denial of Service (PoC) (0)
02-28: [webapps] Usermin 1.750 – Remote Command Execution (Metasploit) (0)
02-28: [webapps] Joomla! Component J2Store < 3.3.7 – SQL Injection (0)
02-28: [dos] WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 – Denial of Service (0)
02-28: [dos] FTP Server 1.32 – Denial of Service (0)
02-26: Drupal 8.6.9 REST Remote Code Execution (0)
02-26: Xlight FTP Server 3.9.1 Buffer Overflow (0)
02-26: RavenDB 4.1.4 Cross Site Request Forgery / Cross Site Scripting (0)
02-26: Joomla BookingCalendarForJoomla 3.4.0 SQL Injection (0)
02-26: Joomla Contact Enhanced 3.9.2 SQL Injection (0)
02-26: Joomla FlexiContent 3.2.1.15 SQL Injection (0)
02-26: Joomla Furniture Virtuemart Templates 1.5 SQL Injection (0)
02-26: Joomla Geommunity3es 1.4 SQL Injection (0)
02-26: Joomla JM Car Classifieds CarAgent Templates 3.8.12 SQL Injection (0)
02-26: Joomla Matukio Events 7.0.15 SQL Injection (0)
02-26: Joomla RD e-Tickets TicketMasterExt 3.5.7 SQL Injection (0)
02-26: Joomla Responsive Grid For Articles Grid 3.4.5 SQL Injection (0)
02-26: Joomla SpiderCalendar 3.2.17 SQL Injection (0)
02-26: Going1up The Newspaper CMS 1998-2019 1.x Open Redirection (0)
02-26: AsureForce Time 12.0 Open Redirection (0)
02-26: Joomla ChronoForms 6.0.17 SQL Injection (0)
02-26: MeteoTemplate 17.1 Nectarine Deviations Open Redirection (0)
02-26: MeteoTemplate 17.1 Nectarine stationExtremes 2.0 Open Redirection (0)
02-26: MeteoTemplate 17.1 Nectarine windDirection 2.2 Open Redirection (0)
02-26: MyBB 1.6.x ChangUonDyU Chatbox 3.6.0 Cross Site Scripting (0)
02-26: Web Wiz Forums 12.01 Database Disclosure (0)
02-26: WordPress NativeChurch Multi-Purpose 5.0.x File Download (0)
02-26: Zarr Software Warwickshire 1.x Open Redirection (0)
02-26: Linux SNMP NAT Module Out-Of-Bounds Read/Write (0)
02-26: PDF Viewer Signatures Broken (0)
02-25: Drupal REST Module Remote Code Execution (0)
02-25: News Website Script 2.0.5 SQL Injection (0)
02-25: Advance Gift Shop Pro Script 2.0.3 SQL Injection (0)
02-25: [dos] Xlight FTP Server 3.9.1 – Buffer Overflow (PoC) (0)
02-25: [webapps] Advance Gift Shop Pro Script 2.0.3 – SQL Injection (0)
02-25: [webapps] News Website Script 2.0.5 – SQL Injection (0)
02-25: [webapps] zzzphp CMS 1.6.1 – Remote Code Execution (0)
02-25: [webapps] PHP Ecommerce Script 2.0.6 – Cross-Site Scripting / SQL Injection (0)
02-25: [webapps] Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 – Remote Code Execution (0)
02-25: [webapps] Drupal < 8.6.9 – REST Module Remote Code Execution (0)
02-23: HanYazilim Paper Submission System .NET 1.0 Shell Upload (0)
02-23: Quest NetVault Backup Server Code Execution / SQL Injection (0)
02-23: Tautulli 2.1.26 Cross Site Scripting (0)
02-23: [webapps] Drupal < 8.6.10 / < 8.5.11 – REST Module Remote Code Execution (0)
02-22: Kanboard 1.2.7 Code Execution / Cross Site Request Forgery (0)
02-22: Advanced Comment System 1.0 Cross Site Scripting (0)
02-22: Teracue ENC-400 Command Injection / Missing Authentication (0)
02-22: VertrigoServ 2.17 Cross Site Scripting (0)
02-22: Exploitation Framework For STMicroelectronics DVB Chipsets (0)
02-22: Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation (0)
02-22: EI-Tube 3 SQL Injection (0)
02-22: RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow (0)
02-22: Valentina Studio 9.0.5 Buffer Overflow (0)
02-22: Drupal Pubdlcnt 7.x-1.2 Open Redirection (0)
02-22: Joomla AdsManager 3.2.0 CSRF / Database Disclosure / SQL Injection (0)
02-22: Typo3 CMS Modern Guestbook tx_veguestbook_pi1 3.3.0 SQL Injection (0)
02-22: WordPress Village 5.0 CSRF / Backdoor / SQL Injection (0)
02-22: Medical Store Script 3.0.3 Cross Site Scripting (0)
02-22: AirDrop 2.0 Denial Of Service (0)
02-22: Virtual VCR Max .0a Buffer Overflow (0)
02-22: C4G Basic Laboratory Information System (BLIS) 3.4 SQL Injection (0)
02-22: ScreenStream 3.0.15 Denial Of Service (0)
02-22: MikroTik RouterOS Firewall / NAT Bypass (0)
02-22: WebKit JSC reifyStaticProperty Attribute Flag Issue (0)
02-22: MatrixSSL x.509 Certificate Verification Stack Buffer Overflow (0)
02-22: Nuuo Central Management SQL Injection (0)
02-22: [webapps] Teracue ENC-400 – Command Injection / Missing Authentication (0)
02-22: [webapps] Quest NetVault Backup Server < 11.4.5 – Process Manager Service SQL Injection / Remote Code Execution (0)
02-22: [webapps] Micro Focus Filr 3.4.0.217 – Path Traversal / Local Privilege Escalation (0)
02-22: [remote] Nuuo Central Management – Authenticated SQL Server SQL Injection (Metasploit) (0)
02-22: [dos] WebKit JSC – reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter (0)
02-22: [papers] Protecting Windows Privilege Accounts (0)
02-21: HotelDruid 2.3 Cross Site Scripting (0)
02-21: Nuuo Central Management Server 2.4 Authenticated Arbitrary File Upload (0)
02-21: Apple macOS 10.13.5 Local Privilege Escalation (0)
02-21: [dos] Valentina Studio 9.0.5 Linux – 'Host' Buffer Overflow (PoC) (0)
02-21: [webapps] C4G Basic Laboratory Information System (BLIS) 3.4 – SQL Injection (0)
02-21: [remote] MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) – Firewall and NAT Bypass (0)
02-21: [dos] AirDrop 2.0 – Denial of Service (DoS) (0)
02-21: [webapps] EI-Tube 3 – SQL Injection (0)
02-21: [local] Memu Play 6.0.7 – Privilege Escalation (0)
02-21: [dos] ScreenStream 3.0.15 – Denial of Service (0)
02-21: [local] RealTerm Serial Terminal 2.0.0.70 – 'Echo Port' Buffer Overflow (SEH) (0)
02-21: [dos] Virtual VCR Max .0a – '.vcr' Buffer Overflow (PoC) (0)
02-20: Ask Expert Script 3.0.5 Cross Site Scripting / SQL Injection (0)
02-20: Joomla Attachments 3.2.6 Shell Upload (0)
02-20: M/Monit 3.7.2 Privilege Escalation (0)
02-20: Valentina Studio 9.0.4 Denial Of Service (0)
02-20: BulletProof FTP Server 2019.0.0.50 Denial Of Service (0)
02-20: eDirectory SQL Injection / File Disclosure (0)
02-20: Joomla JWallPapers 2.0.1 Cross Site Request Forgery / Shell Upload (0)
02-20: Typo3 CMS BrowserMaps Leaflet Tutorial tx_browser_pi1 8.0.39 SQL Injection (0)
02-20: Typo3 Calendar Base tx_pxkalender_pi1 2.0.0 Database Disclosure / SQL Injection (0)
02-20: NetSetMan 4.7.1 Denial Of Service (0)
02-20: XAMPP 5.6.8 Cross Site Scripting / SQL Injection (0)
02-20: Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Traversal / XSS (0)
02-20: Typo3 CMS Commerce DAM connector tx_commerce_pi1 0.1.0 SQL Injection (0)
02-20: Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload (0)
02-20: Typo3 CMS Realty Manager tx_realty_pi1 2.0.0 Database Disclosure / SQL Injection (0)
02-20: WordPress WooCommerce GloBee Payment Gateway 1.1.1 Bypass / Spoofing (0)
02-20: Typo3 CMS T3 EasyEvent tx_easyevent_pi1 0.37.3 SQL Injection (0)
02-20: Webiness Inventory 2.3 Arbitrary File Upload (0)
02-20: Jenkins Remote Code Execution (0)
02-20: Typo3 CMS Shop System tt_products 2.9.4 SQL Injection (0)
02-20: MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 Privilege Escalation (0)
02-20: Android seccomp Filter Ptrace Hole (0)
02-20: FaceTime Texture Processing Memory Corruption (0)
02-20: Belkin Wemo UPnP Remote Code Execution (0)
02-20: http://mattayom31.go.th/web1/file_editor/db.txt (0)
02-20: http://www.nonsanga.go.th/web1/file_editor/db.txt (0)
02-20: http://www.abtnachuek.go.th/web1/file_editor/db.txt (0)
02-20: [remote] Belkin Wemo UPnP – Remote Code Execution (Metasploit) (0)
02-20: [dos] Android Kernel < 4.8 – ptrace seccomp Filter Bypass (0)
02-20: [dos] FaceTime – Texture Processing Memory Corruption (0)
02-20: [dos] WinRAR 5.61 – '.lng' Denial of Service (0)
02-20: [dos] FTPShell Server 6.83 – 'Account name to ban' Denial of Service (PoC) (0)
02-20: [webapps] webERP 4.15 – 'ImportBankTransaction' Blind SQL Injection (0)
02-20: [dos] MatrixSSL < 4.0.2 – Stack Buffer Overflow Verifying x.509 Certificates (0)
02-20: [webapps] HotelDruid 2.3 – Cross-Site Scripting (0)
02-19: DASAN H665 Backdoor Account (0)
02-19: RealTerm Serial Terminal 2.0.0.70 Denial Of Service (0)
02-19: MISP 2.4.97 SQL Injection / Command Injection (0)
02-19: Realterm Serial Termianl 2.0.0.70 Buffer Overflow (0)
02-19: Digi TransPort LR54 Restricted Shell Escape (0)
02-19: mIRC Remote Command Execution (0)
02-19: CMSsite 1.0 post.php SQL Injection (0)
02-19: Apache CouchDB 2.3.0 Cross Site Scripting (0)
02-19: qdPM 9.1 Cross Site Scripting (0)
02-19: ArangoDB Community Edition 3.4.2-1 Cross Site Scripting (0)
02-19: Master IP CAM 01 3.3.4.2103 Remote Command Execution (0)
02-19: Comodo Dome Firewall 2.7.0 Cross Site Scripting (0)
02-19: HTMLy 2.7.4 Cross Site Scripting (0)
02-19: Oracle Java Runtime Environment OpenType Font Heap Out-Of-Bounds Read (0)
02-19: Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read (0)
02-19: Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read (0)
02-19: Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read (0)
02-19: [webapps] eDirectory – SQL Injection (0)
02-19: [dos] BulletProof FTP Server 2019.0.0.50 – 'SMTP Server' Denial of Service (PoC) (0)
02-19: [dos] Valentina Studio 9.0.4 – 'Host' Denial of Service (PoC) (0)
02-19: [webapps] Zuz Music 2.1 – 'zuzconsole/___contact ' Persistent Cross-Site Scripting (0)
02-19: [webapps] Find a Place CMS Directory 1.5 – 'assets/external/data_2.php cate' SQL Injection (0)
02-19: [webapps] Listing Hub CMS 1.0 – 'pages.php id' SQL Injection (0)
02-19: [local] MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 – Local Privilege Escalation (0)
02-19: [dos] NetSetMan 4.7.1 – 'Workgroup' Denial of Service (PoC) (0)
02-19: [papers] The Ultimate Guide For Subdomain Takeover with Practical (0)
02-19: [webapps] XAMPP 5.6.8 – SQL Injection / Persistent Cross-Site Scripting (0)
02-19: [webapps] Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 – Path Traversal / Cross-Site Scripting (0)
02-19: [webapps] Jenkins – Remote Code Execution (0)
02-19: [webapps] Ask Expert Script 3.0.5 – Cross Site Scripting / SQL Injection (0)
02-18: [webapps] WordPress Plugin WooCommerce – GloBee (cryptocurrency) Payment Gateway 1.1.1 – Payment Bypass / Unauthorized Order Status Spoofing (0)
02-18: [webapps] Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 – Arbitrary File Upload (0)
02-18: [shellcode] macOS – Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) (0)
02-18: [shellcode] macOS – Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) (0)
02-18: [shellcode] macOS – Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) (0)
02-18: [shellcode] macOS – Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) (0)
02-18: [dos] Realterm Serial Terminal 2.0.0.70 – Local Buffer Overflow (SEH) (0)
02-18: [remote] mIRC < 7.55 – Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers (0)
02-18: [dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass (0)
02-18: [dos] Realterm Serial Terminal 2.0.0.70 – Denial of Service (0)
02-18: [dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process (0)
02-18: [shellcode] macOS – execve(/bin/sh) + Null-Free Shellcode (31 bytes) (0)
02-18: [webapps] qdPM 9.1 – 'type' Cross-Site Scripting (0)
02-18: [dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions (0)
02-18: [dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour (0)
02-18: [webapps] Comodo Dome Firewall 2.7.0 – Cross-Site Scripting (0)
02-18: [webapps] Apache CouchDB 2.3.0 – Cross-Site Scripting (0)
02-18: [webapps] ArangoDB Community Edition 3.4.2-1 – Cross-Site Scripting (0)
02-18: [webapps] M/Monit 3.7.2 – Privilege Escalation (0)
02-18: [webapps] Webiness Inventory 2.3 – 'ProductModel' Arbitrary File Upload (0)
02-18: [webapps] CMSsite 1.0 – 'post' SQL Injection (0)
02-18: [dos] NBMonitor 1.6.5.0 – 'Key' Denial of Service (PoC) (0)
02-18: [webapps] Master IP CAM 01 3.3.4.2103 – Remote Command Execution (0)
02-18: [webapps] MISP 2.4.97 – SQL Command Execution via Command Injection in STIX Module (0)
02-18: [webapps] qdPM 9.1 – 'search[keywords]' Cross-Site Scripting (0)
02-17: MyBB Trash Bin 1.1.3 Cross Site Request Forgery / Cross Site Scripting (0)
02-17: Jinja2 2.10 Command Injection (0)
02-17: Find A Place CMS Directory 1.5 SQL Injection (0)
02-17: WeHelp 1.6 Cross Site Scripting (0)
02-17: JobFinder Cross Site Scripting (0)
02-17: ZuzMusic 2.1 Cross Site Scripting (0)
02-17: Listing Hub CMS 1.0 SQL Injection (0)
02-17: KVM kvm_inject_page_fault Uninitialized Memory Leak (0)
02-17: KVM VMX Preemption Timer Use-After-Free (0)
02-17: http://www.reo18.go.th (0)
02-16: Linux kvm_ioctl_create_device() Reference Flow Failure (0)
02-16: exacqVision ESM 5.12.2 Privilege Escalation (0)
02-16: WordPress Booking Calendar 8.4.3 SQL Injection (0)
02-16: MediaMonkey 4.1.23 Denial Of Service (0)
02-16: LayerBB 1.1.2 Cross Site Request Forgery (0)
02-16: DomainMOD 4.11.01 Cross Site Scripting (0)
02-16: ApowerManager 3.1.7 Denial Of Service (0)
02-16: Core FTP/SFTP Server 1.2 Build 589.42 Denial Of Service (0)
02-16: http://backoffice.onec.go.th/ket.txt (0)
02-15: runc Container Breakout (0)
02-15: BizPotential EasyWebTime 8.6.2 Bypass / SQL Injection (0)
02-15: F3-CMS FatFreeFramework 0.0.1 Database Disclosure (0)
02-15: Invo PhalconPHP 1.x Database Configuration Disclosure (0)
02-15: Ispirithalaya Hospital Management System 0.1.2 Database Configuration Disclosure (0)
02-15: Joomla DatsoGallery 3.4.4 SQL Injection (0)
02-15: Joomla DT Register 4.0.3 SQL Injection (0)
02-15: Joomla EasyBookReloaded 3.3.2 SQL Injection (0)
02-15: Joomla LightGallery 1.2.1 SQL Injection (0)
02-15: Joomla OSMap 4.2.19 Database Disclosure / SQL Injection (0)
02-15: Joomla PhocaMaps 3.0.5 Database Disclosure / SQL Injection (0)
02-15: Joomla PrayerCenter 3.0.4 Database Disclosure / SQL Injection (0)
02-15: Joomla VirtueMart 3.4.1 SQL Injection (0)
02-15: ph7CMS Social Dating Community 14.8 Database Configuration Disclosure (0)
02-15: phpMyVisites CNTNT Templates 2.4 SQL Injection (0)
02-15: RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection (0)
02-15: Slims CMS Senayan Library Management System 7.0 Shell Upload (0)
02-15: TinyMCE JBimages 3.x JustBoilMe Arbitrary File Upload (0)
02-15: WordPress Jssor-Slider 3.1.24 Cross Site Request Forgery / File Upload (0)
02-15: WordPress WP-JS-External-Link-Info 2.2.0 Open Redirection (0)
02-15: Zend Framework 1.11.11 Database Configuration Disclosure (0)
02-15: Zend Framework ZF1 1.x Database Configuration Disclosure (0)
02-15: ZRECore 1.3.1 Database Configuration Disclosure (0)
02-15: GetSimpleCMS 3.3.13 Open Redirect (0)
02-15: [dos] Linux – 'kvm_ioctl_create_device()' NULL Pointer Dereference (0)
02-15: [webapps] UniSharp Laravel File Manager 2.0.0-alpha7 – Arbitrary File Upload (0)
02-15: [dos] AirMore 1.6.1 – Denial of Service (PoC) (0)
02-15: [dos] Free IP Switcher 3.1 – 'Computer Name' Denial of Service (PoC) (0)
02-15: [webapps] qdPM 9.1 – 'search_by_extrafields[]' SQL Injection (0)
02-15: [webapps] Jinja2 2.10 – 'from_string' Server Side Template Injection (0)
02-15: [dos] VSCO 1.1.1.0 – Denial of Service (PoC) (0)
02-15: [dos] Navicat for Oracle 12.1.15 – "Password" Denial of Service (PoC) (0)
02-15: [webapps] MyBB Trash Bin Plugin 1.1.3 – Cross-Site Scripting / Cross-Site Request Forgery (0)
02-14: runc Host Command Execution (0)
02-14: snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation (0)
02-14: snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation (0)
02-14: SYSTORME ISG Cross Site Request Forgery (0)
02-14: SYSTORME ISG Command Injection (0)
02-14: Raisecom Technology GPON-ONU HT803G-07 Command Injection (0)
02-14: Raisecom Technology GPON-ONU HT803G-07 Command Injection (0)
02-14: Nokia 8810 Denial Of Service (0)
02-14: Jiofi 4 (JMR 1140) Cross Site Scripting (0)
02-14: Jiofi 4 (JMR 1140) WiFi Password Cross Site Request Forgery (0)
02-14: Jiofi 4 (JMR 1140) Admin Token Disclosure Cross Site Request Forgery (0)
02-14: Rukovoditel Project Management CRM 2.4.1 Cross Site Scripting (0)
02-14: NetworkSleuth 3.0 Denial Of Service (0)
02-14: PilusCart 1.4.1 SQL Injection (0)
02-14: [dos] ApowerManager 3.1.7 – Phone Manager Remote Denial of Service (DoS) (0)
02-14: [dos] MediaMonkey 4.1.23 – '.mp3' URL Denial of Service (PoC) (0)
02-14: [webapps] WordPress Plugin Booking Calendar 8.4.3 – Authenticated SQL Injection (0)
02-14: [webapps] DomainMOD 4.11.01 – 'assets/edit/host.php?whid=5' Cross-Site Scripting (0)
02-14: [webapps] DomainMOD 4.11.01 – 'category.php CatagoryName, StakeHolder' Cross-Site Scripting (0)
02-14: [webapps] DomainMOD 4.11.01 – 'assets/add/dns.php' Cross-Site Scripting (0)
02-14: [webapps] DomainMOD 4.11.01 – 'ssl-provider-name' Cross-Site Scripting (0)
02-14: [webapps] DomainMOD 4.11.01 – 'ssl-accounts.php username' Cross-Site Scripting (0)
02-14: [local] exacqVision ESM 5.12.2 – Privilege Escalation (0)
02-14: [webapps] LayerBB 1.1.2 – Cross-Site Request Forgery (Add Admin) (0)
02-14: [dos] Core FTP/SFTP Server 1.2 Build 589.42 – 'User domain' Denial of Service (PoC) (0)
02-13: MyBB Bans List 1.0 Cross Site Scripting (0)
02-13: Webiness Inventory 2.3 SQL Injection (0)
02-13: Microsoft Excel .SLK Payload Delivery (0)
02-13: Jenkins 2.150.2 Remote Command Execution Via Node JS (0)
02-13: Joomla ABook Alexandria Book Library 3.1.4 SQL Injection (0)
02-13: Joomla Agora 4.10 Bypass / SQL Injection (0)
02-13: Joomla BookLibrary 4.0.31 Database Disclosure / SQL Injection (0)
02-13: Joomla ExtCalendar 2.0 SQL Injection (0)
02-13: Joomla JoomGallery 3.2.2 / PonyGallery 2.5.1 Database Disclosure / SQL Injection (0)
02-13: Joomla Mosets Hot Property 1.0.0 SQL Injection (0)
02-13: Joomla PhocaGuestBook 3.0.8 Database Disclosure / SQL Injection (0)
02-13: Joomla SermonSpeaker 5.9.0 Database Disclosure / SQL Injection (0)
02-13: Joomla WordPress Blog 4.8.0 SQL Injection (0)
02-13: Joomla ZCalendar Zap Calendar 4.4.0 SQL Injection (0)
02-13: BlogEngine.NET 3.3.6 Directory Traversal / Remote Code Execution (0)
02-13: LayerBB 1.1.2 Cross Site Scripting (0)
02-13: CentOS Web Panel 0.9.8.763 Cross Site Scripting (0)
02-13: Android Binder fdget() Optimization Use-After-Free (0)
02-13: Android Binder VMA Use-After-Free (0)
02-13: [local] snapd < 2.37.0 (Ubuntu) – 'dirty_sock' Local Privilege Escalation (2) (0)
02-13: [local] snapd < 2.37.0 (Ubuntu) – 'dirty_sock' Local Privilege Escalation (1) (0)
02-12: http://101research.reh.go.th/owned.htm (0)
02-12: http://www.asean-cholang.reh.go.th/owned.htm (0)
02-12: http://cancerconference.reh.go.th/owned.htm (0)
02-12: http://cancer101.reh.go.th/owned.htm (0)
02-12: http://health7.reh.go.th/owned.htm (0)
02-12: http://charityrun.reh.go.th/owned.htm (0)
02-12: http://interconference.reh.go.th/owned.htm (0)
02-12: Avast Anti-Virus Local Credential Disclosure (0)
02-12: NordVPN 6.19.6 Denial Of Service (0)
02-12: Joomla AcePolls 3.x SQL Injection (0)
02-12: Joomla BreezingForms 1.9.0 Database Disclosure / SQL Injection (0)
02-12: Coship Wireless Router 4.0.0.x / 5.0.0.x Authentication Bypass (0)
02-12: AirDroid 4.2.1.6 Denial Of Service (0)
02-12: Joomla jDownloads 3.2.63 Database Disclosure / SQL Injection (0)
02-12: Joomla JVLE JV-LinkExchanger 3.2 SQL Injection (0)
02-12: FutureDj Pro 1.7.20 Denial Of Service (0)
02-12: Joomla WebLinks 3.6.0 Database Disclosure / SQL Injection (0)
02-12: Indusoft Web Studio 8.1 SP2 Remote Code Execution (0)
02-12: VA MAX 8.3.4 Remote Code Execution (0)
02-12: River Past Cam Do 3.7.6 Local Buffer Overflow (0)
02-12: IP-Tools 2.5 Local Buffer Overflow (0)
02-12: Skyworth GPON HomeGateways / Optical Network Stack Overflow (0)
02-12: [webapps] LayerBB 1.1.2 – Cross-Site Scripting (0)
02-12: [webapps] BlogEngine.NET 3.3.6 – Directory Traversal / Remote Code Execution (0)
02-12: [webapps] Jenkins 2.150.2 – Remote Command Execution (Metasploit) (0)
02-12: [webapps] OPNsense < 19.1.1 – Cross-Site Scripting (0)
02-11: [webapps] Smoothwall Express 3.1-SP4 – Cross-Site Scripting (0)
02-11: [webapps] CentOS Web Panel 0.9.8.763 – Persistent Cross-Site Scripting (0)
02-11: [webapps] Webiness Inventory 2.3 – 'email' SQL Injection (0)
02-11: [local] IP-Tools 2.5 – Local Buffer Overflow (SEH) (Egghunter) (0)
02-11: [local] River Past Cam Do 3.7.6 – Local Buffer Overflow (SEH) (0)
02-11: [webapps] VA MAX 8.3.4 – Authenticated Remote Code Execution (0)
02-11: [webapps] MyBB Bans List 1.0 – Cross-Site Scripting (0)
02-11: [dos] River Past Video Cleaner 7.6.3 – Local Buffer Overflow (SEH) (0)
02-11: [webapps] IPFire 2.21 – Cross-Site Scripting (0)
02-11: [local] Avast Anti-Virus < 19.1.2360 – Local Credentials Disclosure (0)
02-11: [remote] Indusoft Web Studio 8.1 SP2 – Remote Code Execution (0)
02-11: [dos] NordVPN 6.19.6 – Denial of Service (PoC) (0)
02-11: [remote] NUUO NVRmini – upgrade_handle.php Remote Command Execution (Metasploit) (0)
02-11: [local] Evince – CBT File Command Injection (Metasploit) (0)
02-11: [dos] FutureDj Pro 1.7.2.0 – Denial of Service (0)
02-11: [remote] Adobe Flash Player – DeleteRangeTimelineOperation Type Confusion (Metasploit) (0)
02-11: [webapps] Coship Wireless Router 4.0.0.x/5.0.0.x – WiFi Password Reset (0)
02-11: [dos] AirDroid 4.2.1.6 – Denial of Service (0)
02-10: OpenText Documentum Webtop 5.3 SP2 Open Redirect (0)
02-10: Amazon FireOS 5.3.6.3 Man-In-The-Middle (0)
02-10: Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting (0)
02-10: SAMSUNG X7400GX Sync Thru Web Cross Site Scripting (0)
02-10: Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS (0)
02-10: IPFire 2.21 Cross Site Scripting (0)
02-10: Adobe Flash Player DeleteRangeTimelineOperation Type Confusion (0)
02-10: http://www.reh.go.th/owned.htm (0)
02-09: Apple Security Advisory 2019-2-07-1 (0)
02-09: Apple Security Advisory 2019-2-07-2 (0)
02-09: Apple Security Advisory 2019-2-07-1 (0)
02-09: Apple Security Advisory 2019-2-07-3 (0)
02-08: Paypal Inc – Broken Authorization & CSRF Vulnerability (0)
02-08: http://asset.fisheries.go.th/APP/pok.html (0)
02-08: Evince CBT File Command Injection (0)
02-08: NUUO NVRmini upgrade_handle.php Remote Command Execution (0)
02-07: osCommerce 2.3.4.1 SQL Injection (0)
02-07: River Past Audio Converter 7.7.16 Buffer Overflow (0)
02-07: Smoothwall Express 3.1-SP4-polar-x86_64-update9 Cross Site Scripting (0)
02-06: WordPress WP User Manager 2.0.8 Shell Upload (0)
02-06: Cisco ISE 2.4.0 XSS / Remote Code Execution (0)
02-06: OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass (0)
02-06: WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection (0)
02-06: WordPress Quiz And Survey Master 6.0.4 Cross Site Scripting (0)
02-06: WordPress Blog2Social 5.0.2 Cross Site Scripting (0)
02-06: Device Monitoring Studio 8.10.00.8925 Denial Of Service (0)
02-06: WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting (0)
02-06: River Past Audio Converter 7.7.16 Denial Of Service (0)
02-06: WordPress Font Organizer 2.1.1 Cross Site Scripting (0)
02-06: Zyxel VMG3312-B10B DSL-491HNU-B1 V2 Cross Site Request Forgery (0)
02-06: WordPress Give 2.3.0 Cross Site Scripting (0)
02-06: WordPress KingComposer 2.7.6 Cross Site Scripting (0)
02-06: OpenMRS Platform Insecure Object Deserialization (0)
02-06: WordPress Social Networks Auto-Poster 4.2.7 Cross Site Scripting (0)
02-06: Skia Buffer Overflow (0)
02-06: WordPress wpGoogleMaps 7.10.41 Cross Site Scripting (0)
02-06: WordPress WP Live Chat 8.0.18 Cross Site Scripting (0)
02-06: WordPress YOP Poll 6.0.2 Cross Site Scripting (0)
02-06: [local] River Past Audio Converter 7.7.16 – Buffer Overflow (SEH) (0)
02-06: [webapps] osCommerce 2.3.4.1 – 'products_id' SQL Injection (0)
02-06: [webapps] osCommerce 2.3.4.1 – 'reviews_id' SQL Injection (0)
02-06: [webapps] osCommerce 2.3.4.1 – 'currency' SQL Injection (0)
02-05: http://myoffice2560.surat3.go.th/index.php (0)
02-05: http://myoffice2561.surat3.go.th/index.php (0)
02-05: http://amssplus.surat3.go.th/index.php (0)
02-05: http://phpmyadmin.surat3.go.th/index.php (0)
02-05: http://schoolmy2560.surat3.go.th/index.php (0)
02-05: http://new.surat3.go.th/index.php (0)
02-05: Joomla FSF FreeStyle FAQs 1.11.18 Database Disclosure / SQL Injection (0)
02-05: Joomla RSForm 1.5 Database Disclosure / SQL Injection (0)
02-05: Joomla ActivityManager 5.3 SQL Injection (0)
02-05: Joomla BF Survey Pro 2.13.1 SQL Injection (0)
02-05: Joomla DocMan 3.3.4 SQL Injection (0)
02-05: Joomla K2 2.9.0 Database Disclosure / SQL Injection (0)
02-05: Joomla Mailto 1.2.2.2 SQL Injection (0)
02-05: Joomla Ninja RSS Syndicator 2.0.5 SQL Injection (0)
02-05: Joomla PhocaDownload 3.1.7 Database Disclosure / SQL Injection (0)
02-05: Joomla PhotoMapGallery 1.0 SQL Injection (0)
02-05: Joomla RedShop 2.0.0.3 Database Disclosure / SQL Injection (0)
02-05: Joomla WebMapPlus 1.0 SQL Injection (0)
02-05: Joomla Acajoom 5.1.5 SQL Injection (0)
02-05: Joomla FacileForms 1.4.7 SQL Injection (0)
02-05: Joomla Jomres 9.16.1 SQL Injection (0)
02-05: Joomla JoomLeague 2.x Database Disclosure / SQL Injection (0)
02-05: Joomla Jumi 3.0.5 Database Disclosure / SQL Injection (0)
02-05: WordPress Ultimate-Member 2.0.38 Cross Site Request Forgery / Shell Upload (0)
02-05: devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation (0)
02-05: devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery (0)
02-05: devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution (0)
02-05: BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure (0)
02-05: BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery (0)
02-05: BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure (0)
02-05: BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution (0)
02-05: http://suratthani.rid.go.th/home/tmp/f3r.html (0)
02-05: http://nongbualumphu.rid.go.th/main/wp-content/f3r.html (0)
02-05: http://upperchi-omp.rid.go.th/website/images/f3r.html (0)
02-05: http://seawyai-omp.rid.go.th/joomla/tmp/f3r.html (0)
02-05: [webapps] BEWARD N100 H.264 VGA IP Camera M2.1.6 – RTSP Stream Disclosure (0)
02-05: [webapps] Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem – Cross-Site Request Forgery (0)
02-05: [webapps] OpenMRS Platform < 2.24.0 – Insecure Object Deserialization (0)
02-05: [webapps] BEWARD N100 H.264 VGA IP Camera M2.1.6 – Cross-Site Request Forgery (Add Admin) (0)
02-05: [webapps] BEWARD N100 H.264 VGA IP Camera M2.1.6 – Remote Code Execution (0)
02-05: [webapps] devolo dLAN 550 duo+ Starter Kit – Remote Code Execution (0)
02-05: [webapps] devolo dLAN 550 duo+ Starter Kit – Cross-Site Request Forgery (0)
02-05: [shellcode] Linux/x86 – Random Insertion Encoder and Decoder Shellcode (Generator) (0)
02-05: [dos] Device Monitoring Studio 8.10.00.8925 – Denial of Service (PoC) (0)
02-05: [dos] River Past Audio Converter 7.7.16 – Denial of Service (PoC) (0)
02-05: [webapps] BEWARD N100 H.264 VGA IP Camera M2.1.6 – Arbitrary File Disclosure (0)
02-04: [webapps] Nessus 8.2.1 – Cross-Site Scripting (0)
02-04: [webapps] ResourceSpace 8.6 – 'watched_searches.php' SQL Injection (0)
02-04: [webapps] pfSense 2.4.4-p1 – Cross-Site Scripting (0)
02-04: [dos] TaskInfo 8.2.0.280 – Denial of Service (PoC) (0)
02-04: [dos] SpotAuditor 3.6.7 – Denial of Service (PoC) (0)
02-04: [dos] River Past Ringtone Converter 2.7.6.1601 – Denial of Service (PoC) (0)
02-04: [webapps] SuiteCRM 7.10.7 – 'record' SQL Injection (0)
02-04: [webapps] SuiteCRM 7.10.7 – 'parentTab' SQL Injection (0)
02-04: [dos] MyVideoConverter Pro 3.14 – Denial of Service (0)
02-02: ASPRunner Professional 6.0.766 Denial Of Service (0)
02-02: FlexHEX 2.46 Denial Of Service (0)
02-02: LanHelper 1.74 Denial Of Service (0)
02-02: PassFab Excel Password Recovery 8.3.1 SEH Buffer Overflow (0)
02-02: Joomla AtomiconGallery 1.5.x SQL Injection (0)
02-02: Joomla ChronoConnectivity2 6.0.7 SQL Injection (0)
02-02: Joomla GMapFP Google Map 3.52 SQL Injection (0)
02-02: Joomla JamBook 1.5 SQL Injection (0)
02-02: Joomla Sobi2 SobiPro 1.4.9 SQL Injection (0)
02-02: Joomla wgPicasa 3x SQL Injection (0)
02-02: OPNsense 19.1 Cross Site Scripting (0)
02-02: Pages For Bitbucket Server 2.6.0 Cross Site Scripting (0)
02-02: COYO 9.0.8 / 10.0.11 / 12.0.4 Cross Site Scripting (0)
02-02: Linux Insufficient eBPF Spectre V1 Mitigation (0)
02-02: Remote Process Explorer 1.0.0.16 Denial Of Service (0)
02-02: SureMDM Local / Remote File Inclusion (0)
02-02: CUJO Firewall User Enumeration / Authorization Bypass (0)
02-02: Zimbra Collaboration Cross Site Scripting (0)
02-02: SolarWinds Serv-U FTP 15.1.6 Privilege Escalation (0)
02-02: SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting (0)
02-02: Packet Storm New Exploits For January, 2019 (0)
02-01: PayPal Inc BB – Arbitrary File Upload Vulnerability (0)
02-01: Joomla Rokin RokGallery 3.2.6 SQL Injection (0)
02-01: Joomla SimplestForum 1.5 SQL Injection (0)
02-01: Joomla XMap 2.3.0 Database Disclosure / SQL Injection (0)
02-01: Joomla Zoo By YooTheme 3.3.10 Database Disclosure / SQL Injection (0)
02-01: MacOS 10.14.1 libxpc Deallocation (0)
02-01: iOS / MacOS iohideventsystem Sandbox Escape (0)
02-01: XNU copy-on-write Behavior Bypass (0)
02-01: XNU vm_map_copy Optimization Issue (0)
02-01: iOS / MacOS PF_KEY Kernel Heap Overflow (0)
02-01: R i386 3.5.0 Local Buffer Overflow (0)
02-01: AnyBurn x86 4.3 Denial Of Service (0)
02-01: UltraISO 9.7.1.3519 Local Buffer Overflow (0)
02-01: WeBid 1.2.2 Cross Site Scripting (0)
02-01: Joomla Formularz 1.0.2 SQL Injection (0)
02-01: Joomla HotelGuide 1.0 SQL Injection (0)
02-01: Joomla HWDVideoShare 1.5 Bypass / Database Disclosure / SQL Injection (0)
02-01: Joomla JCalPro Calendar 4.3.26 SQL Injection (0)
02-01: Joomla JComments 3.0.5 SQL Injection (0)
02-01: Joomla JEvents 3.4.47 SQL Injection (0)
02-01: Joomla JooMap 2.0.6 SQL Injection (0)
02-01: Joomla JUserTube 8.3.1 SQL Injection (0)
02-01: Joomla MorfeoShow 1.2.0 SQL Injection (0)
02-01: Joomla Remository 3.58 Database Disclosure / Shell Upload / SQL Injection (0)
02-01: [local] PassFab Excel Password Recovery 8.3.1 – SEH Local Exploit (0)
02-01: [shellcode] Linux/x86 – Read /etc/passwd Shellcode (58 Bytes) (3) (0)
02-01: [dos] Remote Process Explorer 1.0.0.16 – Denial of Service SEH Overwrite (PoC) (0)
02-01: [webapps] SureMDM < 2018-11 Patch – Local / Remote File Inclusion (0)
02-01: [papers] Remote Code Execution with EL Injection Vulnerabilities (0)

January 2019 (481)

01-31: Collabtive 3.1 Cross Site Scripting (0)
01-31: [dos] macOS < 10.14.3 / iOS < 12.1.3 – Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics (0)
01-31: [local] R 3.5.0 – Local Buffer Overflow (SEH) (0)
01-31: [dos] Anyburn 4.3 – 'Convert image to file format' Denial of Service (0)
01-31: [local] UltraISO 9.7.1.3519 – 'Output FileName' Local Buffer Overflow (SEH) (0)
01-31: [dos] Advanced Host Monitor 11.90 Beta – 'Registration number' Denial of Service (PoC) (0)
01-31: [dos] macOS < 10.14.3 / iOS < 12.1.3 XNU – 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic (0)
01-31: [dos] macOS < 10.14.3 / iOS < 12.1.3 – Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem (0)
01-31: [dos] macOS < 10.14.3 / iOS < 12.1.3 – Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack (0)
01-31: [dos] LanHelper 1.74 – Denial of Service (PoC) (0)
01-31: [dos] macOS XNU – Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File (0)
01-31: [dos] ASPRunner Professional 6.0.766 – Denial of Service (PoC) (0)
01-31: [dos] FlexHEX 2.46 – Denial of Service SEH Overwrite (PoC) (0)
01-31: [dos] AMAC Address Change 5.4 – Denial of Service (PoC) (0)
01-30: HTML Video Player 1.2.5 Local Buffer Overflow (0)
01-30: Nessus 8.2.1 Cross Site Scripting (0)
01-30: MiniUPnPd 2.1 Out-Of-Bounds Read (0)
01-30: PDF Signer 3.0 Template Injection / CSRF / Code Execution (0)
01-30: iOS / macOS Uninitialized Kernel Stack Disclosure (0)
01-30: Microsoft Exchange Vulnerable To PrivExchange Zero Day (0)
01-30: [dos] Necrosoft DIG 0.4 – Denial of Service SEH Overwrite (PoC) (0)
01-30: [dos] IP-Tools 2.50 – Denial of Service SEH Overwrite (PoC) (0)
01-30: [dos] iOS/macOS 10.13.6 – 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure (0)
01-30: [dos] Advanced File Manager 3.4.1 – Denial of Service (PoC) (0)
01-30: [local] 10-Strike Network Inventory Explorer 8.54 – Local Buffer Overflow (SEH) (DEP Bypass) (0)
01-30: [webapps] Rukovoditel Project Management CRM 2.4.1 – 'lists_id' SQL Injection (0)
01-30: [shellcode] Windows/x86 – 'msiexec.exe' Download and Execute Shellcode (95 bytes) (0)
01-29: WordPress WP-Smushit 3.0.2 SQL Injection (0)
01-29: WordPress Yeloni Free Exit Popup 8.1.9 SQL Injection (0)
01-29: ResourceSpace 8.6 SQL Injection (0)
01-29: Smart VPN 1.1.3.0 Denial Of Service (0)
01-29: MyBB IP History Logs 1.0.2 Cross Site Scripting (0)
01-29: BEWARD Intercom 2.3.1 Credential Disclosure (0)
01-29: Mess Management System 1.0 SQL Injection (0)
01-29: Teameyo Project Management System 1.0 SQL Injection (0)
01-29: Faleemi Desktop Software 1.8 Local Buffer Overflow (0)
01-29: Care2x 2.7 (HIS) Hospital Information System SQL Injection (0)
01-29: Newsbull Haber Script 1.0.0 SQL Injection (0)
01-29: Cisco Firepower Management Center 6.2.2.2 / 6.2.3 XSS (0)
01-29: Rundeck Community Edition Cross Site Scripting (0)
01-29: CMSsite 1.0 SQL Injection (0)
01-29: MySQL User-Defined (Linux) x32 / x86_64 sys_exec Privilege Escalation (0)
01-29: CloudMe Sync 1.11.2 Buffer Overflow (0)
01-29: WordPress Ad Manager WD 1.0.11 Arbitrary File Download (0)
01-29: AirTies Air5341 Modem 1.0.0.12 Cross Site Request Forgery (0)
01-29: LongBox Limited Access Manager Insecure Direct Object Reference (0)
01-29: Cisco RV300 / RV320 Information Disclosure (0)
01-29: pfSense 2.4.4-p1 Cross Site Scripting (0)
01-29: Sricam gSOAP 2.8 Denial Of Service (0)
01-29: Easy Video To iPod Converter 1.6.20 Buffer Overflow (0)
01-29: CMSsite 1.0 SQL Injection (0)
01-29: OPNsense 18.7 Cross Site Scripting (0)
01-29: [webapps] PDF Signer 3.0 – Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie) (0)
01-29: [shellcode] Linux/x86 – execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes) (0)
01-29: [local] HTML5 Video Player 1.2.5 – Local Buffer Overflow (Non SEH) (0)
01-29: [dos] MiniUPnPd 2.1 – Out-of-Bounds Read (0)
01-28: http://smss.surat3.go.th/index.php (0)
01-28: http://myoffice2562.surat3.go.th/index.php (0)
01-28: http://hp217.surat3.go.th/index.php (0)
01-28: http://emoney.surat3.go.th/index.php (0)
01-26: WordPress Wisechat 2.6.3 Forced Redirect / Phishing (0)
01-26: Lua 5.3.5 Use-After-Free (0)
01-26: Joomla RSFirewall 2.11.25 Database Disclosure (0)
01-26: Green CMS 2.x SQL Injection (0)
01-26: Green CMS 2.x Arbitrary File / Directory Download (0)
01-26: Podcast Generator 2.7 Cross Site Scripting (0)
01-26: WordPress pitajte-strucnjaka 4.9.6 Shell Upload (0)
01-26: WordPress MM-Forms-Community 2.2.7 Shell Upload / SQL Injection (0)
01-26: https://www.banmor.go.th (0)
01-25: Apple Security Advisory 2019-1-24-1 (0)
01-25: Microsoft Remote Desktop 10.2.4(134) Denial Of Service (0)
01-25: Microsoft Remote Desktop 10.2.4(134) Denial Of Service (0)
01-25: Zyxel NBG-418N V2 Cross Site Request Forgery (0)
01-25: Zyxel NBG-418N V2 Cross Site Request Forgery (0)
01-25: Joomla! J-CruisePortal 6.0.4 SQL Injection (0)
01-25: Joomla! J-CruisePortal 6.0.4 SQL Injection (0)
01-25: Joomla! JHotelReservation 6.0.7 SQL Injection (0)
01-25: Joomla! JHotelReservation 6.0.7 SQL Injection (0)
01-25: SimplePress CMS 1.0.7 SQL Injection (0)
01-25: SimplePress CMS 1.0.7 SQL Injection (0)
01-25: iOS / macOS task_swap_mach_voucher() Use-After-Free (0)
01-25: iOS / macOS task_swap_mach_voucher() Use-After-Free (0)
01-25: ImpressCMS 1.3.11 SQL Injection (0)
01-25: ImpressCMS 1.3.11 SQL Injection (0)
01-25: Cisco RV320 Unauthenticated Configuration Export (0)
01-25: Cisco RV320 Unauthenticated Configuration Export (0)
01-25: Cisco RV320 Unauthenticated Diagnostic Data Retrieval (0)
01-25: Cisco RV320 Unauthenticated Diagnostic Data Retrieval (0)
01-25: Cisco RV320 Command Injection (0)
01-25: Cisco RV320 Command Injection (0)
01-25: SirsiDynix e-Library 3.5.x Cross Site Scripting (0)
01-25: SirsiDynix e-Library 3.5.x Cross Site Scripting (0)
01-25: MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation (0)
01-25: MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation (0)
01-25: Splunk Enterprise 7.2.3 Command Execution (0)
01-25: Splunk Enterprise 7.2.3 Command Execution (0)
01-25: Endian Firewall Community release 3.3.0 Cross Site Scripting (0)
01-25: Endian Firewall Community release 3.3.0 Cross Site Scripting (0)
01-25: CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting (0)
01-25: CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting (0)
01-24: CloudMe Sync 1.11.2 Bufer Overflow (0)
01-24: Joomla! vWishlist 1.0.1 SQL Injection (0)
01-24: Joomla! vAccount 2.0.2 SQL Injection (0)
01-24: Joomla! vReview 1.9.11 SQL Injection (0)
01-24: Joomla! J-MultipleHotelReservation 6.0.7 SQL Injection (0)
01-24: Joomla! J-ClassifiedsManager 3.0.5 SQL Injection (0)
01-24: Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation (0)
01-24: Joomla! vBizz 1.0.7 SQL Injection (0)
01-24: Joomla! vBizz 1.0.7 Code Execution (0)
01-24: Joomla! VMap 1.9.6 SQL Injection (0)
01-24: Joomla! J-BusinessDirectory 4.9.7 SQL Injection (0)
01-24: Joomla! Easy Shop 1.2.3 Local File Inclusion (0)
01-24: Microsoft Windows Contact File HTML Link Injection Remote Code Execution (0)
01-24: DNN 9.1 XML Related Cross Site Scripting (0)
01-24: Abantecart 1.2.12 Cross Site Scripting (0)
01-24: Coppermine 1.5.46 Cross Site Scripting (0)
01-24: Ghostscript Pseudo-Operator Remote Code Execution (0)
01-24: AddressSanitizer (ASan) SUID Executable Privilege Escalation (0)
01-24: Apple Security Advisory 2019-1-22-1 (0)
01-24: Apple Security Advisory 2019-1-22-6 (0)
01-24: Apple Security Advisory 2019-1-22-5 (0)
01-24: Apple Security Advisory 2019-1-22-4 (0)
01-24: Apple Security Advisory 2019-1-22-2 (0)
01-24: Apple Security Advisory 2019-1-22-3 (0)
01-23: Pydio / AjaXplorer 5.0.3 Shell Upload / Directory Traversal (0)
01-23: Kepler Wallpaper Script 1.1 SQL Injection (0)
01-23: Linux Kernel 4.13 compat_get_timex() Kernel Pointer Leak (0)
01-23: Joomla FPSS Art Frontpage Slideshow 1.6.0 Database Disclose / SQL Injection (0)
01-23: Joomla JVFramework 1.6.4.0 Database Disclosure (0)
01-23: Coman Company Management System 1.0 SQL Injection (0)
01-23: Open-Xchange OX App Suite Cross Site Scripting / SSRF (0)
01-23: Echo Mirage 3.1 Buffer Overflow (0)
01-23: MoneyFlux 1.0 SQL Injection (0)
01-23: PHP Dashboards NEW 5.8 SQL Injection (0)
01-23: Reservic 1.0 SQL Injection (0)
01-23: PHP Uber-style GeoTracking 1.1 SQL Injection (0)
01-23: Adianti Framework 5.5.0 SQL Injection (0)
01-23: GattLib 0.2 Stack Buffer Overflow (0)
01-23: Joomla Akeeba Backup 6.3.3 Database Disclosure (0)
01-23: PHP Dashboards NEW 5.8 Local File Inclusion (0)
01-23: Comodo KORUGAN LITE 1.6.5.1024 Cross Site Scripting (0)
01-23: SIDU 6.0 Cross Site Scripting (0)
01-23: Comodo KORUGAN VM 1.9.3.1100 Cross Site Scripting (0)
01-23: NUUO CMS Session Tokens / Traversal / SQL Injection (0)
01-23: Microsoft Windows VCF Arbitrary Code Execution (0)
01-23: ManageEngine OpManager 12.3 Privilege Escalation (0)
01-23: Exploitation Framework For STMicroelectronics DVB Chipsets (0)
01-23: PLC Wireless Router GPN2.4P21-C-CN Incorrect Access Control (0)
01-23: PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery (0)
01-23: Two More Windows Zero Days Get Temporary Patches (0)
01-21: http://amphos.go.th/pwn.txt (0)
01-20: https://www2.po.opdc.go.th/0.php (0)
01-20: http://auditonline.opdc.go.th/0.php (0)
01-20: http://bookingonline.opdc.go.th/0.php (0)
01-20: http://cleanreport.opdc.go.th/0.php (0)
01-20: http://yota.maehia.go.th/0.php (0)
01-19: Watchr 1.1.0.0 Denial Of Service (0)
01-19: 7 Tik 1.0.1.0 Denial Of Service (0)
01-19: VPN Browser+ 1.1.0.0 Denial Of Service (0)
01-19: One Search 1.1.0.0 Denial Of Service (0)
01-19: Eco Search 1.0.2.0 Denial Of Service (0)
01-19: FastTube 1.0.1.0 Denial Of Service (0)
01-19: SSHtranger Things SCP Client File Issue (0)
01-19: Webmin 1.900 Remote Command Execution (0)
01-19: DotNetNuke Events Calendar 1.x File Download (0)
01-19: SeoToaster Ecommerce 3.0.0 Local File Inclusion (0)
01-19: phpTransformer 2016.9 SQL Injection (0)
01-19: phpTransformer 2016.9 Directory Traversal (0)
01-19: Joomla! 3.9.1 Cross Site Scripting (0)
01-19: Kentix MultiSensor-LAN 5.63.00 Authentication Bypass (0)
01-18: Microsoft Edge Chakra JIT NewScObjectNoCtor / InitProto Type Confusion (0)
01-18: Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation (0)
01-18: Microsoft Edge Chakra JIT Use-After-Free / Flag Issue (0)
01-18: Joomla ZHYandexMap 8.0.0.2 Database Disclosure (0)
01-18: Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection (0)
01-18: Oracle Reports Developer 12.2.1.3 Cross Site Scripting (0)
01-18: Siemens SICAM A8000 Series Denial Of Service (0)
01-18: Mozilla Firefox 64 Information Disclosure (0)
01-18: Microsoft Edge Chakra InlineArrayPush Type Confusion (0)
01-17: Spotify 1.0.96.181 Denial Of Service (0)
01-17: Web Design SQL Injection 2019/01/14 (0)
01-17: Web Design SQL Injection 2019/01/16 (0)
01-17: WordPress 2013 TwentyThirteen Theme 5.0.3 Open Redirection (0)
01-17: NTPsec 1.1.2 ctl_getitem Out-Of-Bounds Read (0)
01-17: NTPsec 1.1.2 config Out-Of-Bounds Write (0)
01-17: NTPsec 1.1.2 ntp_control Out-Of-Bounds Read (0)
01-17: WordPress Category Page Icons 3.6.1 CSRF / Shell Upload (0)
01-17: NTPsec 1.1.2 ntp_control Null Pointer Dereference (0)
01-17: 1Password Denial Of Service (0)
01-17: ownDMS 4.7 SQL Injection (0)
01-17: WebKit JSC JIT Use-After-Free (0)
01-17: Streamworks Job Scheduler Release 7 Authentication Weakness (0)
01-17: Microsoft Windows RestrictedErrorInfo Unmarshal Section Handle Use-After-Free (0)
01-17: Microsoft Windows XmlDocument Insecure Sharing Privilege Escalation (0)
01-17: blueman set_dhcp_handler D-Bus Privilege Escalation (0)
01-17: Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation (0)
01-17: Coship Wireless Router Unauthenticated Admin Password Reset (0)
01-17: FortiGate FortiOS LDAP Credential Disclosure (0)
01-17: Roxy Fileman 1.4.5 Arbitrary File Download (0)
01-17: GL-AR300M-Lite 2.2.7 Command Injection / Directory Traversal (0)
01-17: Microsoft Windows .contact Arbitrary Code Execution (0)
01-17: doorGets CMS 7.0 File Download (0)
01-17: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution (0)
01-17: Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload (0)
01-17: [local] Microsoft Windows CONTACT – Remote Code Execution (0)
01-17: [webapps] Oracle Reports Developer Component 12.2.1.3 – Cross-site Scripting (0)
01-16: [local] Microsoft Windows 10 – XmlDocument Insecure Sharing Privilege Escalation (0)
01-16: [dos] NTPsec 1.1.2 – 'ctl_getitem' Out-of-Bounds Read (PoC) (0)
01-16: [dos] Spotify 1.0.96.181 – 'Proxy configuration' Denial of Service (PoC) (0)
01-16: [dos] WebKit JSC JIT – GetIndexedPropertyStorage Use-After-Free (0)
01-16: [webapps] Blueimp's jQuery File Upload 9.22.0 – Arbitrary File Upload Exploit (0)
01-16: [dos] Google Chrome V8 JavaScript Engine 71.0.3578.98 – Out-of-Memory in Invalid Array Length (0)
01-16: [webapps] GL-AR300M-Lite 2.27 – Authenticated Command Injection / Arbitrary File Download / Directory Traversal (0)
01-16: [webapps] Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 – Unauthenticated Admin Password Reset (0)
01-16: [dos] NTPsec 1.1.2 – 'ntp_control' Authenticated NULL Pointer Dereference (PoC) (0)
01-16: [dos] NTPsec 1.1.2 – 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC) (0)
01-16: [dos] Microsoft Windows 10 – 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free (0)
01-16: [dos] NTPsec 1.1.2 – 'ntp_control' Out-of-Bounds Read (PoC) (0)
01-16: [webapps] doorGets CMS 7.0 – Arbitrary File Download (0)
01-16: [webapps] ShoreTel / Mitel Connect ONSITE 19.49.5200.0 – Remote Code Execution (0)
01-16: [webapps] FortiGate FortiOS < 6.0.3 – LDAP Credential Disclosure (0)
01-16: [webapps] Roxy Fileman 1.4.5 – Arbitrary File Download (0)
01-15: http://monitor.cpd.go.th/k3t.html (0)
01-15: Twilio WEB To Fax Machine System Application 1.0 SQL Injection (0)
01-15: Modern POS 1.3 Arbitrary File Download (0)
01-15: Job Portal 1.0 SQL Injection (0)
01-15: Real Estate Custom Script 2.0 SQL Injection (0)
01-15: i-doit CMDB 1.12 SQL Injection (0)
01-15: Live Call Support 1.5 Cross Site Request Forgery (0)
01-15: Live Call Support 1.5 Code Execution / SQL Injection (0)
01-15: Modern POS 1.3 SQL Injection (0)
01-15: Cleanto 5.0 SQL Injection (0)
01-15: HealthNode Hospital Management System 1.0 SQL Injection (0)
01-15: Webmin 1.890 Cross Site Scripting (0)
01-15: Joomla Simple RSS Feed Reader mod_jw_srfr 3.6.0 Open Redirection (0)
01-15: ModX Open Source CMS Babel 3.0.0 Open Redirection (0)
01-15: Craigs CMS 1.0.2 SQL Injection (0)
01-15: WordPress topcsstools 1.0 Open Redirection / Remote File Inclusion (0)
01-15: Locations CMS 1.5 SQL Injection (0)
01-15: Hucart CMS 5.7.4 Cross Site Request Forgery (0)
01-15: Hootoo HT-05 Remote Code Execution (0)
01-15: Microsoft Windows SSPI Network Authentication Session 0 Privilege Escalation (0)
01-15: Microsoft Windows DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation (0)
01-15: Microsoft Windows DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation (0)
01-15: Microsoft Windows DSSVC CanonicalAndValidateFilePath Security Feature Bypass (0)
01-15: Microsoft Windows DSSVC MoveFileInheritSecurity Privilege Escalation (0)
01-15: Microsoft Windows Browser Broker Cross Session Privilege Escalation (0)
01-15: Microsoft Windows COM Desktop Broker Privilege Escalation (0)
01-15: http://cow.cpd.go.th/a.php (0)
01-15: [webapps] ownDMS 4.7 – SQL Injection (0)
01-15: [shellcode] Linux/x86 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes) (0)
01-15: [local] Microsoft Windows VCF – Remote Code Execution (0)
01-15: [dos] 1Password < 7.0 – Denial of Service (0)
01-14: INTEL SA 00203 – PoC Exploitation CVE-2018-18098 (0)
01-14: [papers] [Portuguese] Reverse Engineering 101 using Radare2 (0)
01-14: [webapps] i-doit CMDB 1.12 – SQL Injection (0)
01-14: [webapps] i-doit CMDB 1.12 – Arbitrary File Download (0)
01-14: [papers] Windows Privilege Escalations (0)
01-14: [webapps] Umbraco CMS 7.12.4 – Authenticated Remote Code Execution (0)
01-14: [webapps] Across DR-810 ROM-0 – Backup File Disclosure (0)
01-14: [webapps] Horde Imp – 'imap_open' Remote Command Execution (0)
01-14: [webapps] Bigcart – Ecommerce Multivendor System 1.0 – SQL Injection (0)
01-14: [webapps] Modern POS 1.3 – Arbitrary File Download (0)
01-14: [webapps] Modern POS 1.3 – SQL Injection (0)
01-14: [webapps] Job Portal Platform 1.0 – SQL Injection (0)
01-14: [webapps] Real Estate Custom Script 2.0 – SQL Injection (0)
01-14: [webapps] ThinkPHP 5.X – Remote Command Execution (0)
01-14: [webapps] HealthNode Hospital Management System 1.0 – SQL Injection (0)
01-14: [webapps] Hucart CMS 5.7.4 – Cross-Site Request Forgery (Add Administrator Account) (0)
01-14: [webapps] Cleanto 5.0 – SQL Injection (0)
01-14: [webapps] Lenovo R2105 – Cross-Site Request Forgery (Command Execution) (0)
01-14: [webapps] Craigs Classified Ads CMS Theme 1.0.2 – SQL Injection (0)
01-14: [webapps] Find a Place CMS Directory 1.5 – SQL Injection (0)
01-14: [local] xorg-x11-server < 1.20.3 – Local Privilege Escalation (Solaris 11 inittab) (0)
01-14: [remote] Hootoo HT-05 – Remote Code Execution (Metasploit) (0)
01-14: [webapps] Live Call Support Widget 1.5 – Cross-Site Request Forgery (Add Admin) (0)
01-14: [webapps] Live Call Support Widget 1.5 – Remote Code Execution / SQL Injection (0)
01-14: [webapps] Twilio WEB To Fax Machine System Application 1.0 – SQL Injection (0)
01-13: Selfie Studio 2.17 Denial Of Service (0)
01-13: Tree Studio 2.17 Denial Of Service (0)
01-13: Paint Studio 2.17 Denial Of Service (0)
01-13: Liquid Studio 2.17 Denial Of Service (0)
01-13: Pixel Studio 2.17 Denial Of Service (0)
01-13: Code Blocks 17.12 Local Buffer Overflow (0)
01-13: Blob Studio 2.17 Denial Of Service (0)
01-13: Luminance Studio 2.17 Denial Of Service (0)
01-13: Adapt Inventory Management System 1.0 SQL Injection (0)
01-13: Joomla! JoomCRM 1.1.1 SQL Injection (0)
01-13: Joomla! JoomProject 1.1.3.2 Information Disclosure (0)
01-13: UA-Parser Denial Of Service (0)
01-13: Microsoft Windows VCF Remote Code Execution (0)
01-13: AudioCode 400HD Cross Site scripting (0)
01-13: AudioCode 400HD Remote Command Injection (0)
01-11: http://www.saluanglocal.go.th/cc4ever.html (0)
01-11: http://www.paphai.go.th/cc4ever.html (0)
01-11: http://www.hangdonghod.go.th/cc4ever.html (0)
01-11: http://banluanglocal.go.th/cc4ever.html (0)
01-11: http://www.wiangkalong.go.th/cc4ever.html (0)
01-11: http://www.banmanglocal.go.th/cc4ever.html (0)
01-11: http://www.tubtaothoeng.go.th/cc4ever.html (0)
01-11: http://www.tazala.go.th/cc4ever.html (0)
01-11: http://www.wiang.go.th/cc4ever.html (0)
01-11: http://www.thawangthong.go.th/cc4ever.html (0)
01-11: http://www.paphaichiangmai.go.th/cc4ever.html (0)
01-11: http://www.hadlektrat.go.th/cc4ever.html (0)
01-11: http://www.monjong.go.th/cc4ever.html (0)
01-11: http://www.huadong.go.th/cc4ever.html (0)
01-11: http://maerang.go.th/cc4ever.html (0)
01-11: http://www.banpaosao.go.th/cc4ever.html (0)
01-11: http://www.ngewchiangrai.go.th/cc4ever.html (0)
01-11: http://www.sator.go.th/cc4ever.html (0)
01-11: http://www.nongkaew.go.th/cc4ever.html (0)
01-11: http://www.khuamung.go.th/cc4ever.html (0)
01-11: ZTE MF65 BD_HDV6MF65V1.0.0B05 Cross Site Scripting (0)
01-11: Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality (0)
01-11: RGui 3.5.0 Buffer Overflow (0)
01-11: Shield CMS 2.2 Cross Site Request Forgery / SQL Injection (0)
01-11: Architectural CMS 1.0 SQL Injection (0)
01-11: Matrix MLM Script 1.0 SQL Injection (0)
01-11: doitX 1.0 SQL Injection (0)
01-11: Matrix MLM Script 1.0 Information Disclosure (0)
01-11: Event Calendar 3.7.4 SQL Injection (0)
01-11: Event Locations 1.0.1 SQL Injection (0)
01-11: eBrigade ERP 4.5 SQL Injection (0)
01-11: OpenSource ERP 6.3.1 SQL Injection (0)
01-11: eBrigade ERP 4.5 Arbitrary File Download (0)
01-11: PEAR Archive_Tar PHP Object Injection (0)
01-11: Adobe Coldfusion 11 CKEditor Arbitrary File Upload (0)
01-11: Microsoft Skype v8.34 Android – Authentication Bypass (0)
01-11: [dos] Blob Studio 2.17 – Denial of Service (PoC) (0)
01-11: [dos] Luminance Studio 2.17 – Denial of Service (PoC) (0)
01-11: [webapps] Adapt Inventory Management System 1.0 – SQL Injection (0)
01-11: [local] Code Blocks 17.12 – Local Buffer Overflow (SEH) (Unicode) (0)
01-11: [dos] Liquid Studio 2.17 – Denial of Service (PoC) (0)
01-11: [dos] Pixel Studio 2.17 – Denial of Service (PoC) (0)
01-11: [dos] Paint Studio 2.17 – Denial of Service (PoC) (0)
01-11: [dos] Selfie Studio 2.17 – Denial of Service (PoC) (0)
01-11: [dos] Tree Studio 2.17 – Denial of Service (PoC) (0)
01-11: [webapps] Joomla! Component JoomCRM 1.1.1 – SQL Injection (0)
01-11: [shellcode] Windows/x86 – Download With TFTP And Execute Shellcode (51-60 bytes) (Generator) (0)
01-11: [webapps] Joomla! Component JoomProject 1.1.3.2 – Information Disclosure (0)
01-10: Microsoft Skype v8.34 Android – Authentication Bypass (0)
01-10: OrangeForum 1.4.0 Open Redirection (0)
01-10: BlogEngine 3.3 XML External Entity Injection (0)
01-10: Ampache 3.8.6 Cross Site Scripting (0)
01-10: http://wangchaohosp.go.th/ngeod.php (0)
01-10: [webapps] Shield CMS 2.2 – 'email' SQL Injection (0)
01-10: [webapps] Matrix MLM Script 1.0 – Information Disclosure (0)
01-10: [webapps] eBrigade ERP 4.5 – Arbitrary File Download (0)
01-10: [webapps] PEAR Archive_Tar < 1.4.4 – PHP Object Injection (0)
01-10: [webapps] doitX 1.0 – 'search' SQL Injection (0)
01-10: [local] RGui 3.5.0 – Local Buffer Overflow (SEH)(DEP Bypass) (0)
01-09: http://www.nasoke.go.th (0)
01-09: http://www.laor.go.th (0)
01-09: http://www.banshong.go.th (0)
01-09: http://www.nongwang101.go.th (0)
01-09: http://www.3yaek.go.th (0)
01-09: http://www.nonpuoy.go.th (0)
01-09: http://www.thadthong.go.th (0)
01-09: http://www.sokpra.go.th (0)
01-09: http://www.buengnakorn.go.th (0)
01-09: CF Image Hosting Script 1.6.5 Privilege Escalation (0)
01-09: WordPress MapSVG Lite 3.2.3 Cross Site Request Forgery (0)
01-09: Dolibarr ERP-CRM 8.0.4 SQL Injection (0)
01-09: Mantis 2.11.1 Cross Site Scripting (0)
01-09: ZenPhoto 1.4.14 Cross Site Scripting (0)
01-09: Microsoft Windows DSSVC CheckFilePermission Arbitrary File Deletion (0)
01-09: Polkit Temporary Authentication Hijacking (0)
01-09: Wireshark get_t61_string Heap Out-Of-Bounds Read (0)
01-09: Mailcleaner Remote Code Execution (0)
01-09: http://www.pnbpeo.go.th/hey.htm (0)
01-09: [dos] polkit – Temporary auth Hijacking via PID Reuse and Non-atomic Fork (0)
01-09: [shellcode] Linux/x86 – wget chmod execute over execve /bin/sh -c Shellcode (119 bytes) (0)
01-09: [webapps] ZTE MF65 BD_HDV6MF65V1.0.0B05 – Cross-Site Scripting (0)
01-09: [dos] Microsoft Office SharePoint Server 2016 – Denial of Service (Metasploit) (0)
01-09: [dos] Google Chrome V8 JavaScript Engine 71.0.3578.98 – Out-of-Memory. Denial of Service (PoC) (0)
01-09: [webapps] Heatmiser Wifi Thermostat 1.7 – Cross-Site Request Forgery (Update Admin) (0)
01-09: [local] Microsoft Windows – DSSVC CheckFilePermission Arbitrary File Deletion (0)
01-08: BlueAuditor 1.7.2.0 Denial Of Service (0)
01-08: All In One Video Downloader 1.2 SQL Injection (0)
01-08: SpotFTP Password Recover 2.4.2 Denial Of Service (0)
01-08: Microsoft Edge 44.17763.1.0 Null Pointer Dereference (0)
01-08: Foscam Video Management System 1.1.4.9 Denial Of Service (0)
01-08: LayerBB 1.1.1 Cross Site Scripting (0)
01-08: Joomla Codextrous B2jcontact 2.1.17 Shell Upload (0)
01-08: Mailcleaner Remote Code Execution (0)
01-08: MyBB OUGC Awards 1.8.3 Cross Site Scripting (0)
01-08: Webgalamb Information Disclosure / XSS / CSRF / SQL Injection (0)
01-08: Base Soundtouch 18.1.4 Cross Site Scripting (0)
01-08: PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting (0)
01-08: phpMoAdmin 1.1.5 Cross Site Request Forgery / Cross Site Scripting (0)
01-08: BMC Remedy / ITAM 7.1.00 / 9.1.02.003 Information Disclosure (0)
01-08: WordPress UserPro Privilege Escalation (0)
01-08: MyT Project Management 1.5.1 SQL Injection (0)
01-08: BMC Network Automation 8.7.00.000 Session Hijacking (0)
01-08: TWiki 6.0.2 Cross Site Scripting (0)
01-08: Huawei E5330 21.210.09.00.158 Cross Site Request Forgery (0)
01-08: KioWare Server 4.9.6 Privilege Escalation (0)
01-08: Roxy Fileman 1.4.5 File Upload / Directory Traversal (0)
01-08: Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure (0)
01-08: Ajera Timesheets 9.10.16 Deserialization (0)
01-08: Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 CSRF (0)
01-08: Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS (0)
01-08: [dos] Wireshark – 'get_t61_string' Heap Out-of-Bounds Read (0)
01-08: [webapps] CF Image Hosting Script 1.6.5 – (Delete all Pictures) Privilege Escalation (0)
01-07: http://nakha.udonthani.police.go.th/k3t.html (0)
01-07: http://www.scdc8.forensic.police.go.th/inform08/k3t.html (0)
01-07: [webapps] phpMoAdmin MongoDB GUI 1.1.5 – Cross-Site Request Forgery / Cross-Site Scripting (0)
01-07: [webapps] PLC Wireless Router GPN2.4P21-C-CN – Cross-Site Scripting (0)
01-07: [webapps] LayerBB 1.1.1 – Persistent Cross-Site Scripting (0)
01-07: [dos] Microsoft Edge 44.17763.1.0 – NULL Pointer Dereference (0)
01-07: [webapps] All in One Video Downloader 1.2 – Authenticated SQL Injection (0)
01-07: [remote] Mailcleaner – Authenticated Remote Code Execution (Metasploit) (0)
01-07: [webapps] Embed Video Scripts – Persistent Cross-Site Scripting (0)
01-07: [webapps] MyBB OUGC Awards Plugin 1.8.3 – Persistent Cross-Site Scripting (0)
01-04: SugarCRM WorkFlow PHP Code Injection (0)
01-04: Oracle Application Express AnyChart Flash-Based Cross Site Scripting (0)
01-04: SugarCRM addLabels PHP Code Injection (0)
01-04: SugarCRM Web Logic Hooks Module PHP Code Injection (0)
01-04: SugarCRM Web Logic Hooks Module Path Traversal (0)
01-04: Typo3 CMS pw_highslide_gallery 0.3.1 Database Disclosure (0)
01-04: Typo3 CMS Static Info Tables 6.7.3 Database Disclosure (0)
01-04: aria2 1.33.1 Password Disclosure (0)
01-04: Frog CMS 0.9.5 Cross Site Scripting (0)
01-04: Typo3 CMS twwc_pages 8.7.x Database Disclosure (0)
01-04: Typo3 CMS YAG Themepack jQuery 1.3.2 Database Disclosure (0)
01-04: NBMonitor Network Bandwidth Monitor 1.6.5.0 Denial Of Service (0)
01-04: Typo3 CMS Site Crawler 6.1.2 Database Disclosure (0)
01-04: Ayukov NFTP FTP Client 2.0 Buffer Overflow (0)
01-04: NetworkSleuth 3.0.0.0 Denial Of Service (0)
01-04: WordPress Adicon Server 1.2 SQL Injection (0)
01-04: EZ CD Audio Converter 8.0.7 Denial Of Service (0)
01-04: ImpressCMS 1.3.10 Cross Site Scripting (0)
01-04: Vtiger CRM 7.1.0 Remote Code Execution (0)
01-04: Zurmo 2.3.4 Cross Site Scripting (0)
01-04: unCaptcha2 – Google ReCaptcha Proof Of Concept (0)
01-04: Microweber 1.0.8 Cross Site Scripting (0)
01-04: GeniXCMS 1.1.5 Cross Site Scripting (0)
01-04: Family Connections 3.7.0 Cross Site Scripting (0)
01-04: Apache CouchDB 2.3.0 Cross Site Request Forgery (0)
01-04: http://muangpang.go.th/upzz.html (0)
01-04: http://www.phangngaedarea.go.th/sendbooks/booksfile/20190103224643.jpg (0)
01-04: http://eoffice.lp2.go.th/eofficenew/booksfile/20190103224913.jpg (0)
01-03: http://www.nongyaeng.go.th/2013/pic/o2.jpg (0)
01-03: http://www.muanglen.go.th/2013/pic/o2.jpg (0)
01-03: http://wwwnpo.moph.go.th/k3t.html (0)
01-03: http://www.sskh.moph.go.th/indonesia.php (0)
01-02: http://www.takong-sao.go.th/iq.html (0)
01-02: [webapps] Frog CMS 0.9.5 – Cross-Site Scripting (0)
01-02: [dos] NetworkSleuth 3.0.0.0 – 'Key' Denial of Service (PoC) (0)
01-02: [dos] NBMonitor Network Bandwidth Monitor 1.6.5.0 – 'Name' Denial of Service (PoC) (0)
01-02: [webapps] Vtiger CRM 7.1.0 – Remote Code Execution (0)
01-01: http://www.thaklor.go.th/AnonymousFox.html (0)
01-01: http://www.cpp.go.th/a.php (0)
01-01: http://www.wangsammohospital.go.th/xx.html (0)
01-01: http://dongkelek.go.th/k3t.html (0)
01-01: http://hutamnob.go.th/k3t.html (0)
01-01: On-Liners WebDesign SiteManager 2.3 SQL Injection (0)
01-01: China Electronic WebSolutions Cnzz.Com 1.0 SQL Injection (0)
01-01: Quick Sales Network QuickXiao 1.0 SQL Injection (0)
01-01: NwebProcess India Web Design 1.0 SQL Injection (0)
01-01: Drupal ArabDevelopmentPortal Egypt 1.0 SQL Injection (0)
01-01: Melbourne Fineart Gallery Australia 1.0 SQL Injection (0)
01-01: AnimaxTechnology.in India Web Design 1.0 SQL Injection (0)
01-01: SmartWorks Systems Pakistan 1.0 SQL Injection (0)
01-01: Rayleigh Enterprise Management MiitBeianGovCn 1.0 SQL Injection (0)
01-01: Technical Support Juxiang Network China 1.0 SQL Injection (0)
01-01: Taiwan GPS Satellite Positioning Passenger Web Design 1.0 SQL Injection (0)
01-01: All In One Video Downloader 1.2 SQL Injection (0)
01-01: TotalComfortSolutions Company 1.0 SQL Injection (0)
01-01: Vitalex Computers SRO Tvorba Skolnich Webu 1.0 SQL Injection (0)
01-01: AtelyeDigital Web Design 1.0 SQL Injection (0)
01-01: Bitsolution.ws ICT Consulting Firm 1.0 Bypass / SQL Injection (0)
01-01: BTOptions Web Design 1.0 SQL Injection (0)
01-01: BuInteractive Web Design 1.0 SQL Injection (0)
01-01: WebFairy Mediat 1.4.1 Cross Site Scripting (0)
01-01: Voyager 1.1 Shell Upload (0)
01-01: Byte-Elaborazioni Web Design 1.0 SQL Injection (0)
01-01: NIP Kompanija Novosti A.D. Serbia Web Design 1.0 SQL Injection (0)
01-01: Packet Storm New Exploits For December, 2018 (0)
01-01: Packet Storm New Exploits For 2018 (0)

December 2018 (399)

12-30: http://www.abtbankuan.go.th/Turkey.htm (0)
12-29: Cela Link CLR-M20 1.0.6 Authentication Bypass (0)
12-29: Cela Link CLR-M20 1.0.6 Information Disclosure (0)
12-29: Hashicorp Consul Services API Remote Command Execution (0)
12-29: Hashicorp Consul Rexec Remote Command Execution (0)
12-28: Product Key Explorer 4.0.9 Denial Of Service (0)
12-28: PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting (0)
12-28: ShareAlarmPro 2.1.4 Denial Of Service (0)
12-28: Craft CMS 3.0.25 Cross Site Scripting (0)
12-28: NetShareWatcher 1.5.8 Denial Of Service (0)
12-28: WordPress Audio Record 1.0 Shell Upload (0)
12-28: Armitage 1.14.11 Denial Of Service (0)
12-28: MAGIX Music Editor 3.1 Buffer Overflow (0)
12-28: WordPress Baggage Freight Shipping Australia 0.1.0 Shell Upload (0)
12-28: bludit Pages Editor 3.0.0 Shell Upload (0)
12-28: Iperius Backup 5.8.1 Buffer Overflow (0)
12-28: Terminal Services Manager 3.1 Local Buffer Overflow (0)
12-28: http://buengkan.mnre.go.th/404PRESSI.html (0)
12-28: http://thainiyom.mnre.go.th/404PRESSI.html (0)
12-28: http://kamphaengphet.mnre.go.th/404PRESSI.html (0)
12-28: http://phetchabun.mnre.go.th/404PRESSI.html (0)
12-28: http://landinfo.mnre.go.th/404PRESSI.html (0)
12-28: http://pkk.mnre.go.th/404PRESSI.html (0)
12-28: http://om.mnre.go.th/404PRESSI.html (0)
12-28: http://nakhonnayok.mnre.go.th/404PRESSI.html (0)
12-28: http://rayong.mnre.go.th/404PRESSI.html (0)
12-28: http://chiangrai.mnre.go.th/404PRESSI.html (0)
12-28: http://angthong.mnre.go.th/404PRESSI.html (0)
12-28: http://suratthani.mnre.go.th/404PRESSI.html (0)
12-28: http://samutprakan.mnre.go.th/404PRESSI.html (0)
12-28: http://training.mnre.go.th/404PRESSI.html (0)
12-28: http://amnatcharoen.mnre.go.th/404PRESSI.html (0)
12-28: http://nakhonsawan.mnre.go.th/404PRESSI.html (0)
12-28: http://samutsakhon.mnre.go.th/404PRESSI.html (0)
12-28: http://phatthalung.mnre.go.th/404PRESSI.html (0)
12-28: http://nongkhai.mnre.go.th/404PRESSI.html (0)
12-28: http://nakhonratchasima.mnre.go.th/404PRESSI.html (0)
12-28: http://www.khonklan.go.th/Turkey.htm (0)
12-27: [local] Iperius Backup 5.8.1 – Buffer Overflow (SEH) (0)
12-27: [dos] Product Key Explorer 4.0.9 – Denial of Service (PoC) (0)
12-27: [local] MAGIX Music Editor 3.1 – Buffer Overflow (SEH) (0)
12-27: [webapps] WordPress Plugin Audio Record 1.0 – Arbitrary File Upload (0)
12-27: [local] Terminal Services Manager 3.1 – Local Buffer Overflow (SEH) (0)
12-27: [webapps] Craft CMS 3.0.25 – Cross-Site Scripting (0)
12-25: Adobe Flash Active-X 28.0.0.137 Remote Code Execution (0)
12-25: WordPress cvp-irontec 4.8.3 Shell Upload (0)
12-25: PrestaShop FacebookPsConnect 1.6.1.4 Database Disclosure (0)
12-25: PrestaShop Google GSnippetsReviews 1.6.1.4 Database Disclosure (0)
12-25: PrestaShop yllyaidechantier 1.4.9.0 Database Disclosure (0)
12-25: PrestaShop PM_ModalCart 1.6.1.4 Database Disclosure (0)
12-25: PrestaShop PM_AdvancedTopMenu 1.4.6.2 Database Disclosure / SQL Injection (0)
12-25: PrestaShop PM_AdvancedSearch4 1.6.1.18 Database Disclosure (0)
12-25: Drupal 7 CivicRM 5.8.2 Database Disclosure (0)
12-25: FrontAccounting 2.4.5 SQL Injection (0)
12-25: WSTMart 2.0.8 Cross Site Request Forgery (0)
12-25: WSTMart 2.0.8 Cross Site Scripting (0)
12-24: Apple iOS v12.1.1 – (Combo) Passcode Bypass Vulnerability (0)
12-24: Apple iOS v12.1.1 – (Combo) Passcode Bypass Vulnerability (0)
12-24: [dos] Angry IP Scanner for Linux 3.5.3 – Denial of Service (PoC) (0)
12-24: [webapps] FrontAccounting 2.4.5 – 'SubmitUser' SQL Injection (0)
12-24: [webapps] WSTMart 2.0.8 – Cross-Site Request Forgery (Add Admin) (0)
12-24: [webapps] WSTMart 2.0.8 – Cross-Site Scripting (0)
12-24: [shellcode] Linux/x86 – Kill All Processes Shellcode (14 bytes) (0)
12-23: http://reo09.mnre.go.th/k3t.html (0)
12-23: http://psdg.mnre.go.th/404PRESSI.html (0)
12-23: http://reo02.mnre.go.th/404PRESSI.html (0)
12-23: http://reo01.mnre.go.th/404PRESSI.html (0)
12-23: http://reo08.mnre.go.th/404PRESSI.html (0)
12-23: http://buriram.mnre.go.th/404PRESSI.html (0)
12-23: http://aviation.mnre.go.th/404PRESSI.html (0)
12-23: http://phuket.mnre.go.th/404PRESSI.html (0)
12-23: PCRE 8.41 Buffer Overflow (0)
12-23: Netatalk Authentication Bypass (0)
12-23: Exiftool 8.3.2.0 DLL Hijacking (0)
12-23: ASUS Driver Privilege Escalation (0)
12-23: GIGABYTE Driver Privilege Escalation (0)
12-23: Zoho ManageEngine OpManager 12.3 Alarms SQL Injection (0)
12-23: Zoho ManageEngine OpManager 12.3 Alarms Cross Site Scripting (0)
12-23: Angry IP Scanner 3.5.3 Denial Of Service (0)
12-23: AnyBurn 4.3 Local Buffer Overflow (0)
12-23: D-Link DSL-2770L Credential Disclosure (0)
12-23: D-Link DSL-2770L / DIR-140L / DIR-640L Credential Disclosure (0)
12-23: D-Link DIR-140L / DIR-640L Credential Disclosure (0)
12-23: Microsoft Edge 42.17134.1.0 Denial Of Service (0)
12-23: Juniper Secure Access SSL VPN Privilege Escalation (0)
12-23: ZeusCart 4.0 Cross Site Request Forgery (0)
12-23: WordPress Firma Rehberi 4.9.9 Shell Upload / SQL Injection (0)
12-23: WordPress Cvp-Adegrontec 4.8.3 Shell Upload (0)
12-23: WordPress Share-Buttons 4.9.9 Shell Upload (0)
12-23: WordPress Saphali-Customer-Reviews 5.0.2 Shell Upload (0)
12-23: WordPress WP-Ajax-Form-Pro 5.0.2 Shell Upload (0)
12-23: SQLScan 1.0 Denial Of Service (0)
12-23: ATool 1.0.0.22 Buffer Overflow (0)
12-23: http://www.mnre.go.th/k3t.html (0)
12-22: Base64 Decoder 1.1.2 SEH Local Buffer Overflow (0)
12-22: XMPlay 3.8.3 Local Stack Overflow (0)
12-22: Microsoft Windows Arbitrary File Read (0)
12-21: WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Shell Upload (0)
12-21: WordPress St_Newsletter Swift Mailer 2.7 Shell Upload (0)
12-21: WordPress Monsters-Editor-10-For-WP-Super-Edit 2.3.1 Shell Upload (0)
12-21: LanSpy 2.0.1.159 Buffer Overflow (0)
12-21: WordPress ChenPress 3.1.1 Shell Upload (0)
12-21: WordPress Sem-Wysiwyg 1.0 Shell Upload (0)
12-21: [webapps] ZeusCart 4.0 – Cross-Site Request Forgery (Deactivate Customer Accounts) (0)
12-21: [dos] Microsoft Edge 42.17134.1.0 – 'Tree::ANode::DocumentLayout' Denial of Service (0)
12-21: [local] AnyBurn 4.3 – Local Buffer Overflow (SEH) (0)
12-20: MegaPing Buffer Overflow / Denial Of Service (0)
12-20: Nsauditor 3.0.28.0 Buffer Overflow (0)
12-20: Exel Password Recovery 8.2.0.0 Buffer Overflow / Denial Of Service (0)
12-20: AnyBurn 4.3 Buffer Overflow / Denial Of Service (0)
12-20: SDL Web Content Manager 8.5.0 XML Injection (0)
12-20: Microsoft Windows jscript!JsArrayFunctionHeapSort Out-Of-Bounds Write (0)
12-20: Bolt CMS Cross Site Scripting (0)
12-20: Hotel Booking Script 3.4 Cross Site Request Forgery (0)
12-20: Linux Kernel 4.4 rtnetlink Stack Memory Disclosure (0)
12-20: Integria IMS 5.0.83 Cross Site Request Forgery (0)
12-20: PassFab RAR 9.3.4 SEH Buffer Overflow (0)
12-20: Integria IMS 5.0.83 Cross Site Scripting (0)
12-20: IBM Operational Decision Manager 8.x XML Injection (0)
12-20: Yeswiki Cercopitheque SQL Injection (0)
12-20: PDF Explorer 1.5.66.2 SEH Buffer Overflow (0)
12-20: LanSpy 2.0.1.159 Local Buffer Overflow (0)
12-20: Rukovoditel Project Management CRM 2.3.1 Remote Code Execution (0)
12-20: VBScript VbsErase Reference Leak (0)
12-20: VBScript MSXML Policy Bypass (0)
12-20: Erlang Port Mapper Daemon Cookie Remote Code Execution (0)
12-20: http://hr.dmh.go.th/z.html (0)
12-20: http://fsf.fisheries.go.th/z.html (0)
12-20: http://thicbantak.bantakhospital.go.th/z.php (0)
12-20: http://mdsc.bantakhospital.go.th/z.php (0)
12-20: http://herb.bantakhospital.go.th/z.php (0)
12-20: http://actionplan.bantakhospital.go.th/z.php (0)
12-20: http://bantakrun.bantakhospital.go.th/z.php (0)
12-20: [dos] VBScript – MSXML Execution Policy Bypass (0)
12-20: [papers] An Internal Pentest Audit Against Active Directory (0)
12-20: [local] LanSpy 2.0.1.159 – Buffer Overflow (SEH) (Egghunter) (0)
12-19: http://www.bantakhospital.go.th/z.html (0)
12-19: http://dc.dip.go.th/deface.html (0)
12-19: http://dontarn.go.th/eg.htm (0)
12-19: [webapps] IBM Operational Decision Manager 8.x – XML External Entity Injection (0)
12-19: [local] PassFab RAR 9.3.2 – Buffer Overflow (SEH) (0)
12-19: [local] LanSpy 2.0.1.159 – Local Buffer Overflow (0)
12-19: [webapps] Yeswiki Cercopitheque – 'id' SQL Injection (0)
12-19: [webapps] Bolt CMS < 3.6.2 – Cross-Site Scripting (0)
12-19: [webapps] Integria IMS 5.0.83 – Cross-Site Request Forgery (0)
12-19: [webapps] Rukovoditel Project Management CRM 2.3.1 – Remote Code Execution (Metasploit) (0)
12-19: [webapps] Integria IMS 5.0.83 – 'search_string' Cross-Site Scripting (0)
12-19: [webapps] Hotel Booking Script 3.4 – Cross-Site Request Forgery (Change Admin Password) (0)
12-19: [shellcode] Linux/x64 – Disable ASLR Security Shellcode (93 Bytes) (0)
12-19: [local] Linux Kernel 4.4 – 'rtnetlink' Stack Memory Disclosure (0)
12-18: http://dw-web.bangkok.go.th/index.htm (0)
12-18: http://glass.dss.go.th (0)
12-18: Transcend Wi-Fi SD Card Cross Site Request Forgery / Traversal (0)
12-18: Everus.org Mobile Wallet 1.0.9 Information Disclosure (0)
12-18: KARMA 6.0.0 SQL Injection (0)
12-18: Windows Persistent Service Installer (0)
12-18: WordPress Lumise 4.9 Database Disclosure (0)
12-18: WordPress Ithemes-BackupBuddy Amazon WP-S3 2.9 Database Disclosure (0)
12-18: WordPress Mirrorwp-Backups 4.8 Database Disclosure (0)
12-18: WordPress Dev-Custom-Management VerzDesign 1.0 Database Disclosure / Shell Upload (0)
12-18: Simple CMS PHPJabbers Stivasoft 4.0 Database Disclosure (0)
12-18: ITAdvisorsNepal 9Qube Testimonials 1.0 Database Disclosure (0)
12-18: Zoho ManageEngine OpManager 12.3 SQL Injection (0)
12-18: Razer Cortex Debugger Remote Command Execution (0)
12-18: http://tessabantak.go.th/index.php (0)
12-18: http://www.tamafuang.go.th (0)
12-18: [remote] MiniShare 1.4.1 – Remote Buffer Overflow HEAD and POST Method (0)
12-18: [webapps] SDL Web Content Manager 8.5.0 – XML External Entity Injection (0)
12-17: Subsonic v6.1.5 – Server Side Request Forgery & CSRF (0)
12-17: NetChat v7.8 – Persistent Cross Site Scripting Vulnerability (0)
12-17: NetChat v7.8 – Persistent Cross Site Scripting Vulnerability (0)
12-16: Facebook And Google Reviews System For Business 1.0 CSRF (0)
12-16: Angry IP Scanner 3.5.3 Denial Of Service (0)
12-16: Huawei Router HG532e Command Execution (0)
12-16: Mikrotik RouterOS Telnet Arbitrary Root File Creation (0)
12-16: GNU inetutils 1.9.4 telnet.c Overflows (0)
12-16: Facebook And Google Reviews System For Businesses 1.1 SQL Injection (0)
12-16: Facebook And Google Reviews System For Businesses 1.1 Code Execution (0)
12-15: Safari Proxy Object Type Confusion (0)
12-15: Cisco RV110W Password Disclosure / Command Execution (0)
12-15: Responsive FileManager 9.13.4 XSS / File Manipulation / Traversal (0)
12-15: Zortam MP3 Media Studio 24.15 Local Buffer Overflow (0)
12-14: Fortify SSC 17.10 / 17.20 / 18.10 Project Insecure Direct Object Reference (0)
12-14: Fortify SSC 17.10 / 17.20 / 18.10 User Detail Insecure Direct Object Reference (0)
12-14: WebDAV Server Serving DLL (0)
12-14: Windows UAC Protection Bypass (0)
12-14: [webapps] Double Your Bitcoin Script Automatic – Authentication Bypass (0)
12-14: [webapps] Double Your Bitcoin Script Automatic – Authentication Bypass (0)
12-14: [webapps] Fortify Software Security Center (SSC) 17.10/17.20/18.10 – Information Disclosure (2) (0)
12-14: [webapps] Fortify Software Security Center (SSC) 17.10/17.20/18.10 – Information Disclosure (0)
12-14: [local] Zortam MP3 Media Studio 24.15 – Local Buffer Overflow (SEH) (0)
12-14: [webapps] Responsive FileManager 9.13.4 – Multiple Vulnerabilities (0)
12-14: [remote] Cisco RV110W – Password Disclosure / Command Execution (0)
12-13: http://www.chainatpao.go.th/images/funk.gif (0)
12-13: Dynamic Loader Oriented Programming – Wiederganger Proof Of Concept (0)
12-13: WebKit JIT Proxy Object Issue (0)
12-13: Linux userfaultfd tmpfs File Permission Bypass (0)
12-13: PrinterOn Enterprise 4.1.4 Arbitrary File Deletion (0)
12-13: LanSpy 2.0.1.159 Buffer Overflow (0)
12-13: SmartFTP Client 9.0.2623.0 Denial Of Service (0)
12-13: Alumni Tracer SMS Notification Cross Site Request Forgery / SQL Injection (0)
12-13: Tourism Website Blog Code Execution / SQL Injection (0)
12-13: PrestaShop 1.6.x / 1.7.x Remote Code Execution (0)
12-13: TP-Link Archer C1200 Cross Site Scripting (0)
12-13: Adobe ColdFusion 2018 Shell Upload (0)
12-13: Huawei B315s-22 Information Disclosure (0)
12-13: ThinkPHP 5.x Remote Code Execution (0)
12-13: WordPress AutoSuggest 0.24 SQL Injection (0)
12-13: Apache OFBiz 16.11.05 Cross Site Scripting (0)
12-13: HotelDruid 2.3 SQL Injection (0)
12-13: WordPress Snap Creek Duplicator Code Injection (0)
12-13: [local] CyberLink LabelPrint 2.5 – Stack Buffer Overflow (Metasploit) (0)
12-13: [dos] WebKit JIT – Int32/Double Arrays can have Proxy Objects in the Prototype Chains (0)
12-13: [dos] Linux – 'userfaultfd' Bypasses tmpfs File Permissions (0)
12-12: WordPress NikolayDyankovDesign 2.0 Arbitrary File Disclosure (0)
12-12: WordPress Real-Estate-Listing-Realtyna-Wpl 4.3.2 Database Disclosure (0)
12-12: WordPress HighStand 4.6.1 Database Disclosure (0)
12-12: WordPress Simple-E-Commerce-Shopping-Cart 2.2.5 Database Disclosure (0)
12-12: Joomla Acymailing 2.0.0 Database Disclosure (0)
12-12: WordPress Total-Child-Theme-Master 1.0 Arbitrary File Disclosure (0)
12-12: WordPress TimeTable Responsive Schedule 5.4 Database Disclosure (0)
12-12: WordPress WPide ACE-0.2.0 2.4.0 Database Disclosure (0)
12-12: WordPress Jupiter Child 1.0 Database Disclosure (0)
12-12: Joomal Migrator 1.5 Database Disclosure (0)
12-12: WordPress WP-Bannerize 4.0.2 Database Disclosure (0)
12-12: Joomla RsGallery2 4.4.1 Database Disclosure (0)
12-12: WordPress CodeCanyon-5293356-Ajax-Store-Locator-Wordpress 1.2.0 Disclosure (0)
12-12: WordPress Wysija-Newsletters 2.10.2 Database Disclosure (0)
12-12: WordPress MiwoPolls 3.9.2 Database Disclosure (0)
12-12: WordPress MagicMembers 1.0 Database Disclosure (0)
12-12: WordPress PDF Catalog For WooCommerce 1.1.18 Database Disclosure (0)
12-12: WordPress JoeBooking 6.6.5 Database Disclosure (0)
12-12: Symfony 1.4.17 Database Disclosure (0)
12-12: ZTE Home Gateway ZXHN H168N 2.2 Access Control Bypass (0)
12-12: XNU POSIX Shared Memory Mapping Issue (0)
12-12: Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle (0)
12-12: McAfee True Key 5.1.173.1 Privilege Escalation (0)
12-12: CyberLink LabelPrint 2.5 Stack Buffer Overflow (0)
12-12: Zoho ManageEngine OpManager 12.3 Cross Site Scripting (0)
12-11: TV B Gone Kit – New Universal Device Case (0)
12-11: [dos] SmartFTP Client 9.0.2623.0 – Denial of Service (PoC) (0)
12-11: [webapps] DomainMOD 4.11.01 – Cross-Site Scripting (0)
12-11: [shellcode] Linux/x86 – execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes) (0)
12-11: [webapps] PrinterOn Enterprise 4.1.4 – Arbitrary File Deletion (0)
12-11: [webapps] Adobe ColdFusion 2018 – Arbitrary File Upload (0)
12-11: [webapps] ThinkPHP 5.0.23/5.1.31 – Remote Code Execution (0)
12-11: [webapps] WordPress Plugin AutoSuggest 0.24 – 'wpas_keys' SQL Injection (0)
12-11: [webapps] HotelDruid 2.3.0 – 'id_utente_mod' SQL Injection (0)
12-11: [webapps] Apache OFBiz 16.11.05 – Cross-Site Scripting (0)
12-11: [local] XNU – POSIX Shared Memory Mappings have Incorrect Maximum Protection (0)
12-11: [local] McAfee True Key – McAfee.TrueKey.Service Privilege Escalation (0)
12-09: http://mhcr4.go.th (0)
12-09: MiniShare 1.4.1 HEAD / POST Buffer Overflow (0)
12-09: VistaPortal SE 5.1 Cross Site Scripting (0)
12-09: Adiscon LogAnalyzer 4.1.6 Cross Site Scripting (0)
12-09: [webapps] DomainMOD 4.11.01 – 'DisplayName' Cross-Site Scripting (0)
12-09: [webapps] Adiscon LogAnalyzer 4.1.7 – Cross-Site Scripting (0)
12-09: [webapps] i-doit CMDB 1.11.2 – Remote Code Execution (0)
12-09: [dos] Textpad 8.1.2 – Denial Of Service (PoC) (0)
12-08: Apple Security Advisory 2018-12-06-1 (0)
12-08: FutureNet NXR-G240 Series ShellShock Command Injection (0)
12-07: Apple Security Advisory 2018-12-05-2 (0)
12-07: Apple Security Advisory 2018-12-05-1 (0)
12-07: Apple Security Advisory 2018-12-05-4 (0)
12-07: Apple Security Advisory 2018-12-05-3 (0)
12-07: Apple Security Advisory 2018-12-05-6 (0)
12-07: Apple Security Advisory 2018-12-05-5 (0)
12-07: Apple Security Advisory 2018-12-05-7 (0)
12-07: Typesetter 5.1 Cross Site Scripting (0)
12-07: HasanMWB 1.0 SQL Injection (0)
12-07: Wireshark cdma2k_message_ACTIVE_SET_RECORD_FIELDS Stack Corruption (0)
12-07: WordPress Events Made Easy 2.0.68 Database Disclosure (0)
12-07: WordPress newwpml 3.0 Database Disclosure (0)
12-07: WordPress Caldera Forms 1.7.4 Database Disclosure (0)
12-07: WordPress Simple-Forum 4.0 Database Disclosure (0)
12-07: WordPress BatchMove 1.5 Database Disclosure (0)
12-07: WordPress Search-Engine 0.5.9 Database Disclosure (0)
12-07: Chamilo 1.11.6 Cross Site Scripting (0)
12-07: Chamilo 1.11.6 SQL Injection (0)
12-07: OSclass 3.7.4 Cross Site Scripting (0)
12-07: Hasan MWB 1.0 Time-Based SQL Injection (0)
12-07: Rockwell Automation Allen-Bradley 1752-EN2T/C / 1769-L33ER/A LOGIX5333ER XSS (0)
12-07: Plikli 4.0.0 Cross Site Scripting (0)
12-07: WordPress Exports-and-Reports 0.8.1 Database Disclosure (0)
12-07: WordPress WP-Business-Directory 5.3.4 Database Disclosure (0)
12-07: WordPress WP_Quiz 1.1.9 Database Disclosure (0)
12-07: WordPress WP-Syntax Download Extension 1.1.1 Database Disclosure (0)
12-07: WordPress Shopp 1.4 Database Disclosure (0)
12-07: WordPress WpEasyCart LevelFourStoreFront 8.1.16 Database Disclosure (0)
12-07: WordPress Ari Adminer 1.1.12 Database Disclosure (0)
12-07: WordPress Orbis 1.3.3 Database Disclosure (0)
12-07: WordPress Ad Buttons 3.1 Database Disclosure (0)
12-07: WordPress WP EasyCart 3.1.11 Database Disclosure (0)
12-05: WordPress WP Editor 1.2.6.3 Database Disclosure (0)
12-05: WordPress HitAppoint 5.0.5 Database Disclosure (0)
12-05: WordPress wpmu-dev-post-votes 2.2.5 Database Disclosure (0)
12-05: WordPress II_OData_Importer 1.0 Database Disclosure (0)
12-05: WordPress paid-memberships-pro 1.5.2 Database Disclosure (0)
12-05: Joomla Com_Finder 4.0.0 Database Disclosure (0)
12-05: Joomla Kunena 5.1.7 Database Disclosure (0)
12-05: KC GRUP Web Design 1.0 SQL Injection (0)
12-05: WordPress BackWpUP 3.6.6 Database Disclosure (0)
12-05: WordPress BlackHawk 1.0 Open Redirection (0)
12-05: WordPress rss-feed-post-generator-echo 1.0.0 Database Disclosure (0)
12-05: WordPress wp-contactpage-designer 1.0 Database Disclosure (0)
12-05: WordPress zerotolaunch 1.0 Database Disclosure (0)
12-05: WordPress cart66 cart66-lite 1.0 Database Disclosure (0)
12-05: Fleetco Fleet Maintenance Management 1.2 Remote Code Execution (0)
12-05: Rockwell Automation Allen-Bradley PowerMonitor 1000 XSS (0)
12-05: PaloAlto Networks Expedition Migration Tool 1.0.106 Information Disclosure (0)
12-05: Apache Superset 0.23 Remote Code Execution (0)
12-05: PHP Server Monitor 3.3.1 Cross Site Request Forgery (0)
12-05: Joomla! JE Photo Gallery 1.1 SQL Injection (0)
12-05: FreshRSS 1.11.1 Cross Site Scripting (0)
12-05: CubeCart 6.2.2 Cross Site Scripting (0)
12-05: NEC Univerge Sv9100 WebPro 6.00.00 Predictable Session ID / Cleartext Passwords (0)
12-05: Emacs movemail Privilege Escalation (0)
12-05: HP Intelligent Management Java Deserialization Remote Code Execution (0)
12-05: [webapps] HasanMWB 1.0 – SQL Injection (0)
12-04: [shellcode] Linux/x86 – /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) (0)
12-04: [remote] OpenSSH < 7.7 – User Enumeration (2) (0)
12-04: [local] Xorg X11 Server (AIX) – Local Privilege Escalation (0)
12-04: [webapps] Rockwell Automation Allen-Bradley PowerMonitor 1000 – Incorrect Access Control Authentication Bypass (0)
12-04: [dos] Microsoft Lync for Mac 2011 – Injection Forced Browsing/Download (0)
12-04: [webapps] FreshRSS 1.11.1 – Cross-Site Scripting (0)
12-04: [webapps] DomainMOD 4.11.01 – Owner name Field Cross-Site Scripting (0)
12-04: [webapps] NEC Univerge Sv9100 WebPro – 6.00 – Predictable Session ID / Clear Text Password Storage (0)
12-04: [local] Emacs – movemail Privilege Escalation (Metasploit) (0)
12-04: [remote] HP Intelligent Management – Java Deserialization RCE (Metasploit) (0)
12-04: [dos] Wireshark – 'find_signature' Heap Out-of-Bounds Read (0)
12-04: [dos] Wireshark – 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption (0)
12-04: [webapps] DomainMOD 4.11.01 – Registrar Cross-Site Scripting (0)
12-04: [webapps] NUUO NVRMini2 3.9.1 – Authenticated Command Injection (0)
12-04: [webapps] DomainMOD 4.11.01 – Custom SSL Fields Cross-Site Scripting (0)
12-04: [webapps] DomainMOD 4.11.01 – Custom Domain Fields Cross-Site Scripting (0)
12-04: [webapps] Dolibarr ERP/CRM 8.0.3 – Cross-Site Scripting (0)
12-04: [webapps] KeyBase Botnet 1.5 – SQL Injection (0)
12-04: [shellcode] Linux/x64 – Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes) (0)
12-04: [webapps] FreshRSS 1.11.1 – Cross-Site Scripting (0)
12-04: [webapps] NEC Univerge Sv9100 WebPro – 6.00 – Predictable Session ID / Clear Text Password Storage (0)
12-04: [webapps] Rockwell Automation Allen-Bradley PowerMonitor 1000 – Incorrect Access Control Authentication Bypass (0)
12-04: [webapps] Dolibarr ERP/CRM 8.0.3 – Cross-Site Scripting (0)
12-04: [local] Xorg X11 Server (AIX) – Local Privilege Escalation (0)
12-04: [remote] HP Intelligent Management – Java Deserialization RCE (Metasploit) (0)
12-04: [dos] Wireshark – 'find_signature' Heap Out-of-Bounds Read (0)
12-04: [dos] Wireshark – 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption (0)
12-04: [webapps] NUUO NVRMini2 3.9.1 – Authenticated Command Injection (0)
12-04: [webapps] DomainMOD 4.11.01 – Registrar Cross-Site Scripting (0)
12-04: [webapps] DomainMOD 4.11.01 – Custom Domain Fields Cross-Site Scripting (0)
12-04: [webapps] DomainMOD 4.11.01 – Custom SSL Fields Cross-Site Scripting (0)
12-04: [webapps] KeyBase Botnet 1.5 – SQL Injection (0)
12-04: [dos] Microsoft Lync for Mac 2011 – Injection Forced Browsing/Download (0)
12-04: [local] Emacs – movemail Privilege Escalation (Metasploit) (0)
12-04: [shellcode] Linux/x64 – Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes) (0)
12-04: [shellcode] Linux/x86 – /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) (0)
12-04: [webapps] DomainMOD 4.11.01 – Owner name Field Cross-Site Scripting (0)
12-04: [remote] OpenSSH < 7.7 – User Enumeration (2) (0)
12-03: [webapps] Joomla! Component JE Photo Gallery 1.1 – 'categoryid' SQL Injection (0)
12-03: [remote] CyberArk 9.7 – Memory Disclosure (0)
12-03: [webapps] WordPress Plugin Advanced-Custom-Fields 5.7.7 – Cross-Site Scripting (0)
12-03: [dos] Budabot 4.0 – Denial of Service (PoC) (0)
12-03: [webapps] Apache Superset < 0.23 – Remote Code Execution (0)
12-03: [webapps] PHP Server Monitor 3.3.1 – Cross-Site Request Forgery (0)
12-03: [dos] Mozilla Firefox 63.0.1 – Denial of Service (PoC) (0)
12-03: [webapps] PaloAlto Networks Expedition Migration Tool 1.0.106 – Information Disclosure (0)
12-03: [webapps] Rockwell Automation Allen-Bradley PowerMonitor 1000 – Cross-Site Scripting (0)
12-03: [webapps] Fleetco Fleet Maintenance Management 1.2 – Remote Code Execution (0)
12-03: [webapps] Wordpress Plugins Advanced-Custom-Fields 5.7.7 – Cross-Site Scripting (0)
12-03: [dos] Budabot 4.0 – Denial of Service (PoC) (0)
12-03: [webapps] Apache Superset 0.23 – Remote Code Execution (0)
12-03: [webapps] PHP Server Monitor 3.3.1 – Cross-Site Request Forgery (0)
12-03: [dos] Mozilla Firefox 63.0.1 – Denial of Service (PoC) (0)
12-03: [webapps] Joomla! Component JE Photo Gallery 1.1 – 'categoryid' SQL Injection (0)
12-02: Seopanel 3.13.0 Cross Site Scripting (0)
12-02: Packet Storm New Exploits For November, 2018 (0)
12-02: Joomla JCE 2.6.33 Arbitrary File Upload (0)
12-02: Joomla JCE 2.6.33 Database Backup Disclosure (0)
12-02: KPOT Botnet Arbitrary File Disclosure (0)
12-02: Schneider Electric PLC Authentication Bypass (0)
12-02: Linux Kernel 4.8 (Ubuntu 16.04) sctp Kernel Pointer Leak (0)
12-02: HTML5 Video Player 1.2.5 Buffer Overflow (0)
12-02: xorg-x11-server modulepath Local Privilege Escalation (0)
12-01: WordPress wawp_framework 1.0 Database Backup Disclosure (0)
12-01: WordPress pm_market 1.0 Database Backup Disclosure (0)
12-01: WordPress WP Complete Backup 3.0.5 Database Backup Disclosure (0)
12-01: WordPress Jazzy Forms 1.1.1 Database Backup Disclosure (0)
12-01: WordPress Events Calendar Premium 1.0 Database Disclosure (0)
12-01: knc (Kerberized NetCat) Denial Of Service (0)
12-01: Moxa NPort W2x50A 2.1 OS Command Injection (0)
12-01: WebKit JSC JIT JSPropertyNameEnumerator Type Confusion (0)
12-01: WebKit JIT ByteCodeParser::handleIntrinsicCall Type Confusion (0)
12-01: Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free (0)
12-01: WebKit JSC ForInContext Invalidation (0)
12-01: Microsoft VBScript rtFilter Out-Of-Bounds Read (0)
12-01: Ubuntu Ghostscript Failed Fix (0)
12-01: Tarantella Enterprise Directory Traversal (0)
12-01: Tarantella Enterprise Security Bypass (0)
12-01: Siglent Technologies SDS 1202X-E Digital Oscilloscope 5.1.3.13 Hardcoded Credentials (0)
12-01: Apache Spark Unauthenticated Command Execution (0)

November 2018 (345)

11-30: [remote] Apache Spark – Unauthenticated Command Execution (Metasploit) (0)
11-30: [dos] VBScript – 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free (0)
11-30: [local] xorg-x11-server < 1.20.3 – 'modulepath' Local Privilege Escalation (0)
11-30: [local] HTML5 Video Player 1.2.5 – Buffer Overflow (Metasploit) (0)
11-30: [dos] Linux Kernel 4.8 (Ubuntu 16.04) – Leak sctp Kernel Pointer (0)
11-30: [webapps] Synaccess netBooter NP-02x/NP-08x 6.8 – Authentication Bypass (0)
11-30: [dos] VBScript – 'rtFilter' Out-of-Bounds Read (0)
11-30: [webapps] Schneider Electric PLC – Session Calculation Authentication Bypass (0)
11-29: TeamCity Agent XML-RPC Command Execution (0)
11-29: Mac OS X libxpc MITM Privilege Escalation (0)
11-29: Linux Nested User Namespace idmap Limit Local Privilege Escalation (0)
11-29: PHP imap_open Remote Code Execution (0)
11-29: BMC Remedy 7.1 User Impersonation (0)
11-29: Avahi 0.7 Denial Of Service (0)
11-29: Cisco WebEx Meetings Privilege Escalation (0)
11-29: WordPress SEO (Yoast SEO) 9.1 Race Condition / Command Execution (0)
11-29: Unitrends Enterprise Backup bpserverd Privilege Escalation (0)
11-29: Joomla Fabrik 3.9 CSRF / LFI / Shell Upload (0)
11-29: Joomla DJ Image Slider 3.2.3 Database Disclosure (0)
11-29: Joomla Event Booking 3.8.3 Database Disclosure (0)
11-29: WordPress allow-l10n-upload-filename 1.0 Arbitrary File Download (0)
11-29: WordPress sermon-shortcodes 1.0 Arbitrary File Download (0)
11-29: WordPress uploadingdownloading-non-latin-filename 1.1.5 Arbitrary File Download (0)
11-29: WordPress hwm_board 1.0 Arbitrary File Disclosure (0)
11-29: WordPress user-spam-remover 1.0 Database Disclosure (0)
11-29: WordPress Delme 3.0 Database Disclosure (0)
11-29: [local] Linux – Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit) (0)
11-29: [dos] WebKit JSC JIT – 'JSPropertyNameEnumerator' Type Confusion (0)
11-29: [remote] TeamCity Agent – XML-RPC Command Execution (Metasploit) (0)
11-29: [local] Mac OS X – libxpc MITM Privilege Escalation (Metasploit) (0)
11-29: [remote] PHP imap_open – Remote Code Execution (Metasploit) (0)
11-29: [local] Unitrends Enterprise Backup – bpserverd Privilege Escalation (Metasploit) (0)
11-29: [dos] WebKit JSC – BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object (0)
11-29: [dos] WebKit JIT – 'ByteCodeParser::handleIntrinsicCall' Type Confusion (0)
11-28: http://www.sawai.go.th/art.php (0)
11-28: http://www.makluamai.go.th/art.html (0)
11-27: Arm Whois 3.11 Buffer Overflow (0)
11-27: Zyxel VMG1312-B10D 5.13AAXA.8 Directory Traversal (0)
11-27: WordPress Easy Testimonials 3.2 Cross Site Scripting (0)
11-27: MariaDB Client 10.1.26 Denial Of Service (0)
11-27: No-Cms 1.0 SQL Injection (0)
11-27: phpMyAdmin 4.8.1 Authenticated Local File Inclusion (0)
11-27: Netgear Unauthenticated Remote Command Execution (0)
11-27: [remote] Netgear Devices – Unauthenticated Remote Command Execution (Metasploit) (0)
11-26: Joomla Admin 3.7.4 Database Disclosure (0)
11-26: Joomla MacGallery Database Disclosure (0)
11-26: WordPress Pods 2.7.9 Database Disclosure (0)
11-26: Cory Support 1.0 SQL Injection (0)
11-26: WordPress Absolutely Glamorous Custom Admin 6.4.1 Database Disclosure (0)
11-26: Consona Password Reset Security Bypass (0)
11-26: WordPress Universal Post Manager 1.5.0 Database Disclosure (0)
11-26: Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting (0)
11-26: Xorg X11 Server SUID Privilege Escalation (0)
11-26: [local] Xorg X11 Server – SUID privilege escalation (Metasploit) (0)
11-26: [local] Arm Whois 3.11 – Buffer Overflow (ASLR) (0)
11-26: [papers] CORS Attacks (0)
11-26: [papers] CORS Attacks (0)
11-26: [webapps] Zyxel VMG1312-B10D 5.13AAXA.8 – Directory Traversal (0)
11-26: [webapps] No-Cms 1.0 – 'order_by' SQL Injection (0)
11-26: [dos] MariaDB Client 10.1.26 – Denial of Service (PoC) (0)
11-26: [webapps] Wordpress Plugins Easy Testimonials 3.2 – Cross-Site Scripting (0)
11-26: [webapps] Ricoh myPrint 2.9.2.4 – Hard-Coded Credentials (0)
11-26: [webapps] Ticketly 1.0 – 'kind_id' SQL Injection (0)
11-25: http://www.nonhanmuni.go.th/index.php (0)
11-21: Ticketly 1.0 Cross Site Request Forgery (0)
11-21: ImageMagick Memory Leak (0)
11-21: macOS 10.13 workq_kernreturn Denial Of Service (0)
11-21: Microsoft Windows DfMarshal Unsafe Unmarshaling Privilege Escalation (0)
11-21: Microsoft Windows Unnamed Kernel Object Privilege Escalation (0)
11-21: ELBA5 Electronic Banking Remote Code Execution (0)
11-21: Richfaces 3.x Remote Code Execution (0)
11-21: Ticketly 1.0 SQL Injection (0)
11-21: WordPress CherryFramework Themes 3.1.4 Backup File Download (0)
11-21: WebOfisi E-Ticaret 4 SQL Injection (0)
11-21: Microsoft Skype 2015 / 2016 Denial Of Service (0)
11-21: Governikus Autent SDK 3.8.1 Signature Bypass (0)
11-21: Intel Media Server Studio – Improper Directory Permissions (0)
11-21: [webapps] WebOfisi E-Ticaret V4 – 'urun' SQL Injection (0)
11-21: [webapps] Ticketly 1.0 – 'name' SQL Injection (0)
11-21: [webapps] WordPress CherryFramework Themes 3.1.4 – Backup File Download (0)
11-21: [webapps] Synaccess netBooter NP-0801DU 7.4 – Cross-Site Request Forgery (Add Admin) (0)
11-20: HTML Video Player 1.2.5 Buffer Overflow (0)
11-20: XMPlay 3.8.3 Denial Of Service (0)
11-20: Microsoft Edge Chakra OP_Memset Type Confusion (0)
11-20: Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass (0)
11-20: Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery (0)
11-20: Ricoh myPrint Hardcoded Credentials / Information Disclosure (0)
11-20: http://www.nonsamran.go.th/nonsamran/file_editor/Hx.html (0)
11-20: http://www.donsailocal.go.th/donsailocal/file_editor/Hx.html (0)
11-20: [local] Microsoft Windows – DfMarshal Unsafe Unmarshaling Privilege Escalation (0)
11-20: [webapps] Ticketly 1.0 – Cross-Site Request Forgery (Add Admin) (0)
11-20: [dos] MacOS 10.13 – 'workq_kernreturn' Denial of Service (PoC) (0)
11-19: Microsoft BingPlaces – TrackEmailOpen (url) Open Redirect (0)
11-19: [dos] XMPlay 3.8.3 – '.m3u' Denial of Service (PoC) (0)
11-19: [local] HTML Video Player 1.2.5 – Buffer-Overflow (SEH) (0)
11-17: Everus.org 1.0.9 Second Factor Redirection (0)
11-17: Warranty Tracking System 11.06.3 SQL Injection (0)
11-17: Helpdezk 1.1.1 Shell Upload (0)
11-17: DomainMOD 4.11.01 Cross Site Scripting (0)
11-17: Mumsoft Easy Software 2.0 Denial Of Service (0)
11-17: Easy Outlook Express Recovery 2.0 Denial Of Service (0)
11-17: Budabot 4.0 Denial Of Service (0)
11-17: Intel Rapid Storage Technology User Interface And Driver 15.9.0.1015 DLL Hijacking (0)
11-16: PHP 5.2.3 imap_open Bypass (0)
11-16: ntpd 4.2.8p10 Out-Of-Bounds Read (0)
11-16: AMPPS 2.7 Denial Of Service (0)
11-16: Bosch Video Management System 8.0 Denial Of Service (0)
11-16: Notepad3 1.0.2.350 Denial Of Service (0)
11-16: Rmedia SMS 1.0 SQL Injection (0)
11-16: Pedidos 1.0 SQL Injection (0)
11-16: Electricks eCommerce 1.0 Cross Site Scripting (0)
11-16: DoceboLMS 1.2 Shell Upload / SQL Injection (0)
11-16: Precurio Intranet Portal 2.0 Cross Site Request Forgery (0)
11-16: BitZoom 1.0 SQL Injection (0)
11-16: Malicious Git HTTP Server (0)
11-16: BiP Messenger Denial Of Service (0)
11-16: Net-Billetterie 2.9 SQL Injection (0)
11-16: Galaxy Forces MMORPG 0.5.8 SQL Injection (0)
11-16: EverSync 0.5 Arbitrary File Download (0)
11-16: Meneame English Pligg 5.8 SQL Injection (0)
11-16: Kordil EDMS 2.2.60rc3 Shell Upload (0)
11-16: Simple E-Document 1.31 SQL Injection (0)
11-16: 2-Plan Team 1.0.4 Shell Upload (0)
11-16: PHP Mass Mail 1.0 Shell Upload (0)
11-16: WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting (0)
11-16: WordPress Ninja Forms 3.3.17 Cross Site Scripting (0)
11-16: PHP-Proxy 5.1.0 Local File Inclusion (0)
11-16: Linux Broken UID/GID Mapping (0)
11-16: [dos] Easy Outlook Express Recovery 2.0 – Denial of Service (PoC) (0)
11-16: [dos] Mumsoft Easy Software 2.0 – Denial of Service (PoC) (0)
11-16: [webapps] DomainMOD 4.11.01 – Cross-Site Scripting (0)
11-16: [webapps] Helpdezk 1.1.1 – Arbitrary File Upload (0)
11-16: [webapps] Warranty Tracking System 11.06.3 – 'txtCustomerCode' SQL Injection (0)
11-15: [webapps] PHP Mass Mail 1.0 – Arbitrary File Upload (0)
11-15: [dos] Notepad3 1.0.2.350 – Denial of Service (PoC) (0)
11-15: [webapps] Net-Billetterie 2.9 – 'login' SQL Injection (0)
11-15: [webapps] Wordpress Plugin Ninja Forms 3.3.17 – Cross-Site Scripting (0)
11-15: [webapps] Galaxy Forces MMORPG 0.5.8 – 'type' SQL Injection (0)
11-15: [webapps] 2-Plan Team 1.0.4 – Arbitrary File Upload (0)
11-15: [webapps] Meneame English Pligg 5.8 – 'search' SQL Injection (0)
11-15: [webapps] Simple E-Document 1.31 – 'username' SQL Injection (0)
11-15: [webapps] Kordil EDMS 2.2.60rc3 – Arbitrary File Upload (0)
11-15: [webapps] Precurio Intranet Portal 2.0 – Cross-Site Request Forgery (Add Admin) (0)
11-14: XAMPP Control Panel 3.2.2 Buffer Overflow (0)
11-14: Surreal ToDo 0.6.1.2 SQL Injection (0)
11-14: Surreal ToDo 0.6.1.2 Local File Inclusion (0)
11-14: Alienor Web Libre 2.0 SQL Injection (0)
11-14: Musicco 2.0.0 Arbitrary Directory Download (0)
11-14: Data Center Audit 2.6.2 Cross Site Request Forgery (0)
11-14: Tina4 Stack 1.0.3 SQL Injection (0)
11-14: Tina4 Stack 1.0.3 Cross Site Request Forgery (0)
11-14: xorg-x11-server Local Privilege Escalation (0)
11-14: CuteFTP Mac 3.1 Denial Of Service (0)
11-14: Easyndexer 1.0 Arbitrary File Download (0)
11-14: ABC ERP 0.6.4 Cross Site Request Forgery (0)
11-14: Evince 3.24.0 Command Injection (0)
11-14: Gumbo CMS 0.99 SQL Injection (0)
11-14: Silurus Classifieds Script 2.0 SQL Injection (0)
11-14: ClipperCMS 1.3.3 Cross Site Request Forgery (0)
11-14: Webiness Inventory 2.3 Cross Site Request Forgery / Shell Upload (0)
11-14: Webiness Inventory 2.3 SQL Injection (0)
11-14: SwitchVPN For MacOS 2.1012.03 Privilege Escalation (0)
11-14: SIPve 0.0.2-R19 SQL Injection (0)
11-14: Maitra Mail Tracking System 1.7.2 SQL Injection / Database File Download (0)
11-14: Alive Parish 2.0.4 File Upload / SQL Injection (0)
11-14: OCS Inventory NG ocsreports Shell Upload (0)
11-14: SwitchVPN For MacOS / Windows 2.1012.03 Man-In-The-Middle (0)
11-14: Atlassian Jira Authenticated Upload Code Execution (0)
11-14: WP Master Slider v3.5.1 – Cross Site Scripting Vulnerability (0)
11-14: Intel Distribution Python (IDP) 2018 – Privilege Escalation (0)
11-14: [webapps] Dell OpenManage Network Manager 6.2.0.51 SP3 – Multiple Vulnerabilities (0)
11-14: [remote] Atlassian Jira – Authenticated Upload Code Execution (Metasploit) (0)
11-14: [dos] AMPPS 2.7 – Denial of Service (PoC) (0)
11-14: [webapps] Electricks eCommerce 1.0 – Cross-Site Request Forgery (Change Admin Password) (0)
11-14: [webapps] EdTv 2 – 'id' SQL Injection (0)
11-14: [webapps] Helpdezk 1.1.1 – 'query' SQL Injection (0)
11-14: [webapps] iServiceOnline 1.0 – 'r' SQL Injection (0)
11-14: [local] ntpd 4.2.8p10 – Out-of-Bounds Read (PoC) (0)
11-13: CuteFTP 9.3.0.3 Denial Of Service (0)
11-13: HeidiSQL 9.5.0.5196 Denial Of Service (0)
11-13: TP-Link Archer C50 Wireless Router 171227 CSRF (0)
11-13: WordPress Media File Manager 1.4.2 Directory Traversal (0)
11-13: Advanced Comment System 1.0 SQL Injection (0)
11-13: Netscape Enterprise 3.63 Cross Site Scripting (0)
11-13: Vignette Content Management 6 Security Bypass (0)
11-13: WordPress WP User Manager 2.0.8 SQL Injection (0)
11-13: WordPress PeepSo 1.11.2 SQL Injection (0)
11-13: WordPress PeepSo 1.11.2 Cross Site Scripting (0)
11-13: Data Center Audit 2.6.2 SQL Injection (0)
11-13: Paroiciel 11.20 SQL Injection (0)
11-13: Facturation System 1.0 SQL Injection (0)
11-13: Easyndexer 1.0 Cross Site Request Forgery (0)
11-13: GPS Tracking System 2.12 SQL Injection (0)
11-13: ServerZilla 1.0 SQL Injection (0)
11-13: Nominas 0.27 SQL Injection (0)
11-13: Mongoose Web Server 6.9 Denial Of Service (0)
11-13: The Don 1.0.1 SQL Injection (0)
11-13: TufinOS 2.1.7 Build 1193 XML Injection (0)
11-13: Android 5.0 Battery Information Broadcast Information Disclosure (0)
11-13: Android RSSI Broadcast Information Disclosure (0)
11-13: Cisco Prime Infrastructure Unauthenticated Remote Code Execution (0)
11-13: Intel Extreme Tuning Utility 6.4.1.23 – BOF DoS Vulnerability (0)
11-13: [webapps] Gumbo CMS 0.99 – SQL Injection (0)
11-13: [webapps] Surreal ToDo 0.6.1.2 – SQL Injection (0)
11-13: [shellcode] Linux/x86 – Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes) (0)
11-13: [webapps] Easyndexer 1.0 – Arbitrary File Download (0)
11-13: [webapps] Tina4 Stack 1.0.3 – Cross-Site Request Forgery (Update Admin) (0)
11-13: [webapps] Tina4 Stack 1.0.3 – SQL Injection / Database File Download (0)
11-13: [webapps] Data Center Audit 2.6.2 – Cross-Site Request Forgery (Update Admin) (0)
11-13: [local] xorg-x11-server < 1.20.1 – Local Privilege Escalation (0)
11-13: [dos] Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 – Denial of Service (0)
11-13: [webapps] Musicco 2.0.0 – Arbitrary Directory Download (0)
11-13: [webapps] Alienor Web Libre 2.0 – SQL Injection (0)
11-13: [local] XAMPP Control Panel 3.2.2 – Buffer Overflow (SEH) (Unicode) (0)
11-13: [webapps] ABC ERP 0.6.4 – Cross-Site Request Forgery (Update Admin) (0)
11-13: [webapps] Surreal ToDo 0.6.1.2 – Local File Inclusion (0)
11-13: [dos] CuteFTP Mac 3.1 – Denial of Service (PoC) (0)
11-13: [dos] Evince 3.24.0 – Command Injection (0)
11-13: [webapps] CentOS Web Panel 0.9.8.740 – Cross-Site Request Forgery / Cross-Site Scripting (0)
11-12: http://mueang.trang.doae.go.th/piclogo/x.html (0)
11-12: http://www.suphanburi.doae.go.th//suphanburiproj/x.html (0)
11-12: Barracuda MAS – (ldap_load_entry.cgi) XSS Vulnerability (0)
11-12: Intel OpenVINO 2018.1.x – Permissions Privilege Escalation (0)
11-12: [webapps] Nominas 0.27 – 'username' SQL Injection (0)
11-12: [dos] Mongoose Web Server 6.9 – Denial of Service (PoC) (0)
11-12: [webapps] D-LINK Central WifiManager CWM-100 – Server-Side Request Forgery (0)
11-12: [webapps] ServerZilla 1.0 – 'email' SQL Injection (0)
11-12: [webapps] GPS Tracking System 2.12 – 'username' SQL Injection (0)
11-12: [dos] CuteFTP 9.3.0.3 – Denial of Service (PoC) (0)
11-12: [webapps] Easyndexer 1.0 – Cross-Site Request Forgery (Add Admin) (0)
11-12: [webapps] Facturation System 1.0 – 'modid' SQL Injection (0)
11-12: [dos] HeidiSQL 9.5.0.5196 – Denial of Service (PoC) (0)
11-12: [webapps] Data Center Audit 2.6.2 – 'username' SQL Injection (0)
11-12: [webapps] TufinOS 2.17 Build 1193 – XML External Entity Injection (0)
11-10: Everus.org 1.0.7 Second Factor Modification (0)
11-10: Everus.org 1.0.7 Second Factor Client-Side Validation (0)
11-10: Microsoft Windows 10 Build 17134 Local Privilege Escalation (0)
11-10: OpenSLP 2.0.0 Out-Of-Bounds (0)
11-10: Cisco Immunet / Cisco AMP For Endpoints Scanning Denial Of Service (0)
11-10: D-LINK Central WifiManager (CWM 100) 1.03 r0098 Man-In-The-Middle (0)
11-10: D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery (0)
11-10: D-LINK Central WifiManager (CWM 100) 1.03 r0098 DLL Hijacking (0)
11-10: http://leamsingha.go.th/king.txt (0)
11-10: http://chanmunic.go.th/king.txt (0)
11-10: http://www.kakoh.go.th/imggallery (0)
11-09: http://ictg.onwr.go.th/layouts/ (0)
11-09: http://flood.correct.go.th (0)
11-09: [shellcode] Linux/x64 – Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) (0)
11-08: eToolz 3.4.8.0 Denial Of Service (0)
11-08: VSAXESS 2.6.2.70 Build 20171226_053 Denial Of Service (0)
11-08: OOP CMS BLOG 1.0 SQL Injection (0)
11-08: OpenBiz Cubi Lite 3.0.8 SQL Injection (0)
11-08: LibreHealth 2.0.0 File Read / File Delete / LFI (0)
11-08: PlayJoom 0.10.1 SQL Injection (0)
11-08: [local] Microsoft Windows 10 (Build 17134) – Local Privilege Escalation (UAC Bypass) (0)
11-07: Apple iOS v12.1 – Authentication Bypass Vulnerability Z0D (0)
11-07: http://sarai.go.th (0)
11-07: Cradlepoint Router Password Disclosure (0)
11-07: OOP CMS BLOG 1.0 Cross Site Request Forgery (0)
11-07: Grocery Crud 1.6.1 SQL Injection (0)
11-07: Blue Server 1.1 Denial Of Service (0)
11-07: Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation (0)
11-07: FaceTime readSPSandGetDecoderParams Stack Corruption (0)
11-07: FaceTime VCPDecompressionDecodeFrame Memory Corruption (0)
11-07: FaceTime RTP Video Processing Heap Corruption (0)
11-07: [local] OpenSLP 2.0.0 – Multiple Vulnerabilities (0)
11-07: [webapps] PlayJoom 0.10.1 – 'catid' SQL Injection (0)
11-06: http://snwrc.onwr.go.th (0)
11-06: http://bpad.onwr.go.th (0)
11-06: http://onwr.go.th (0)
11-06: http://rbmd.onwr.go.th (0)
11-06: Softros LAN Messenger 9.2 Denial Of Service (0)
11-06: PCManFTPD 2.0.7 Server APPE Command Buffer Overflow (0)
11-06: Cisco WebEx Meetings Server XML Injection (0)
11-06: SiAdmin 1.1 SQL Injection (0)
11-06: Advantech WebAccess SCADA 8.3.2 Remote Code Execution (0)
11-06: WebVet 0.1a SQL Injection (0)
11-06: Vigin Media Hub 3.0 Denial Of Service (0)
11-06: Schneider Electric BMX P34 CPU B Open Redirect (0)
11-06: Poppy Web Interface Generator 0.8 Shell Upload (0)
11-06: Microsoft Internet Explorer 11 Tree::Notify_InvalidateDisplay Null Pointer Dereference (0)
11-06: Mongo Web Admin 6.0 Information Disclosure (0)
11-06: CentOS Web Panel 0.9.8.740 XSS / CSRF / Code Execution (0)
11-06: PHP Proxy 3.0.3 Local File Inclusion (0)
11-06: CMS Made Simple 2.2.7 Remote Code Execution (0)
11-06: Voovi Social Networking Script 1.0 SQL Injection (0)
11-06: Morris Worm fingerd Stack Buffer Overflow (0)
11-06: blueimp jQuery Arbitrary File Upload (0)
11-06: Morris Worm sendmail Debug Mode Shell Escape (0)
11-06: http://sonwr.onwr.go.th (0)
11-06: http://psd.onwr.go.th (0)
11-06: [local] libiec61850 1.3 – Stack Based Buffer Overflow (0)
11-06: [dos] Blue Server 1.1 – Denial of Service (PoC) (0)
11-06: [remote] Morris Worm – fingerd Stack Buffer Overflow (Metasploit) (0)
11-06: [dos] FaceTime – RTP Video Processing Heap Corruption (0)
11-06: [dos] FaceTime – 'readSPSandGetDecoderParams' Stack Corruption (0)
11-06: [remote] Morris Worm – sendmail Debug Mode Shell Escape (Metasploit) (0)
11-06: [remote] blueimp's jQuery 9.22.0 – (Arbitrary) File Upload (Metasploit) (0)
11-06: [dos] FaceTime – 'VCPDecompressionDecodeFrame' Memory Corruption (0)
11-05: [dos] Softros LAN Messenger 9.2 – Denial of Service (PoC) (0)
11-05: [webapps] Royal TS/X – Information Disclosure (0)
11-05: [webapps] Voovi Social Networking Script 1.0 – 'user' SQL Injection (0)
11-05: [local] Microsoft Internet Explorer 11 – Null Pointer Dereference (0)
11-05: [webapps] Virgin Media Hub 3.0 Router – Denial of Service (PoC) (0)
11-05: [webapps] SiAdmin 1.1 – 'id' SQL Injection (0)
11-05: [webapps] WebVet 0.1a – 'id' SQL Injection (0)
11-05: [webapps] Advantech WebAccess SCADA 8.3.2 – Remote Code Execution (0)
11-04: Royal TS/X Information Disclosure (0)
11-04: Loadbalancer.org Enterprise VA MAX Cross Site Scripting (0)
11-04: LiquidVPN For macOS 1.3.7 Privilege Escalation (0)
11-02: Arm Whois 3.11 Denial Of Service (0)
11-02: WebDrive 18.00.5057 Denial Of Service (0)
11-02: Artha The Open Thesaurus 1.0.3.0 Denial Of Service (0)
11-02: Packet Storm New Exploits For October, 2018 (0)
11-02: Brava! Enterprise / Server 16.4 Information Disclosure (0)
11-02: Anviz AIM CrossChex Standard 4.3 Excel Macro Injection (0)
11-02: [webapps] Jelastic 5.4 – 'host' SQL Injection (0)
11-02: [dos] WinMTR 0.91 – Denial of Service (PoC) (0)
11-02: [webapps] qdPM 9.1 – 'filter_by' SQL Injection (0)
11-02: [webapps] Gate Pass Management System 2.1 – 'login' SQL Injection (0)
11-02: [webapps] Yot CMS 3.3.1 – 'aid' SQL Injection (0)
11-02: [local] Anviz AIM CrossChex Standard 4.3 – CSV Injection (0)
11-02: [webapps] Fantastic Blog CMS 1.0 – 'id' SQL Injection (0)
11-01: http://watkoh-donation.lampangdopa.go.th/index.php (0)
11-01: http://www.mahasawat.go.th/customers/subject/subject-37.gif (0)
11-01: http://suphan.go.th/customers/banner/multi/banner-38.gif (0)
11-01: SmartFTP Client 9.0.2615.0 Denial Of Service (0)
11-01: Loadbalancer.org Enterprise VA MAX 8.3.2 Remote Code Execution (0)
11-01: Apple Security Advisory 2018-10-30-1 (0)
11-01: Apple Security Advisory 2018-10-30-3 (0)
11-01: Apple Security Advisory 2018-10-30-4 (0)
11-01: Apple Security Advisory 2018-10-30-6 (0)
11-01: Apple Security Advisory 2018-10-30-5 (0)
11-01: Apple Security Advisory 2018-10-30-2 (0)
11-01: Apple Security Advisory 2018-10-30-7 (0)
11-01: Apple Security Advisory 2018-10-30-10 (0)
11-01: Apple Security Advisory 2018-10-30-13 (0)
11-01: Apple Security Advisory 2018-10-30-12 (0)
11-01: Apple Security Advisory 2018-10-30-9 (0)
11-01: Apple Security Advisory 2018-10-30-8 (0)
11-01: Apple Security Advisory 2018-10-30-14 (0)
11-01: Apple Security Advisory 2018-10-30-11 (0)
11-01: [dos] WebDrive 18.00.5057 – Denial of Service (PoC) (0)
11-01: [dos] Arm Whois 3.11 – Denial of Service (PoC) (0)
11-01: [dos] Artha The Open Thesaurus 1.0.3.0 – Denial of Service (PoC) (0)

October 2018 (474)

10-31: Nutanix AOS And Prism SFTP Authentication Bypass (0)
10-31: South Gate Inn Online Reservation System 1.0 SQL Injection (0)
10-31: Electricks eCommerce 1.0 SQL Injection (0)
10-31: QNAP NetBak Replicator 4.5.6.0607 Denial Of Service (0)
10-31: ZyXEL VMG3312-B10B Credential Disclosure (0)
10-31: PHPTPoint Pharmacy Management System 1.0 SQL Injection (0)
10-31: EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 Hard-Coded Credentails (0)
10-31: R 3.4.4 (Windows 10 x64) Buffer Overflow (0)
10-31: Expense Management 1.0 Shell Upload (0)
10-31: University Application System 1.0 Cross Site Request Forgery / SQL Injection (0)
10-31: xorg-x11-server 1.20.3 Privilege Escalation (0)
10-31: Notes Manager 1.0 Shell Upload (0)
10-31: Any Sound Recorder 2.93 Buffer Overflow (0)
10-31: NETGEAR WiFi Router R6120 Credential Disclosure (0)
10-31: Instagram Clone 1.0 Shell Upload (0)
10-31: Microstrategy Web 7 Cross Site Scripting / Traversal (0)
10-31: Simple PHP Shopping Cart 0.9 Shell Upload / SQL Injection (0)
10-31: CI User Login And Management 1.0 Shell Upload (0)
10-31: SIPp 3.3.990 Local Buffer Overflow (0)
10-31: [dos] SmartFTP Client 9.0.2615.0 – Denial of Service (PoC) (0)
10-31: [webapps] Loadbalancer.org Enterprise VA MAX 8.3.2 – Remote Code Execution (0)
10-30: Modbus Slave PLC 7 Buffer Overflow (0)
10-30: Open Faculty Evaluation System 5.6 SQL Injection (0)
10-30: AlienIP 2.41 Denial Of Service (0)
10-30: Grapixel New Media 2 SQL Injection (0)
10-30: Open Faculty Evaluation System 7 SQL Injection (0)
10-30: School Equipment Monitoring System 1.0 SQL Injection (0)
10-30: Linux mremap() TLB Flush Too Late (0)
10-30: MOGG Web Simulator SQL Injection (0)
10-30: Aplaya Beach Resort Online Reservation System 1.0 CSRF / SQL Injection (0)
10-30: SaltOS Erp Crm 3.1 r8126 SQL Injection (0)
10-30: SaltOS Erp Crm 3.1 r8126 Database Download (0)
10-30: School Event Management System 1.0 Shell Upload (0)
10-30: School Event Management System 1.0 Cross Site Request Forgery (0)
10-30: School Attendance Monitoring System 1.0 Cross Site Request Forgery (0)
10-30: School Attendance Monitoring System 1.0 Shell Upload (0)
10-30: School Attendance Monitoring System 1.0 SQL Injection (0)
10-30: Curriculum Evaluation System 1.0 SQL Injection (0)
10-30: Bakeshop Inventory System In VB.Net / MS Access Database 1.0 SQL Injection (0)
10-30: Point Of Sales (POS) In VB.Net MYSQL Database 1.0 SQL Injection (0)
10-30: School Event Management System 1.0 SQL Injection (0)
10-30: Modbus Slave 7.0.0 Denial Of Service (0)
10-30: K-iwi Framework 1775 SQL Injection (0)
10-30: E-Negosyo System 1.0 SQL Injection (0)
10-30: RhinOS CMS 3.x Arbitrary File Download (0)
10-30: PayPal/Credit Card/Debit Card Payment 1.0 SQL Injection (0)
10-30: [webapps] University Application System 1.0 – SQL Injection / Cross-Site Request Forgery (Add Admin) (0)
10-30: [webapps] Webiness Inventory 2.9 – Arbitrary File Upload (0)
10-30: [webapps] Notes Manager 1.0 – Arbitrary File Upload (0)
10-30: [local] Any Sound Recorder 2.93 – Buffer Overflow Local (SEH) (Metasploit) (0)
10-30: [webapps] Instagram Clone 1.0 – Arbitrary File Upload (0)
10-30: [local] R 3.4.4 (Windows 10 x64) – Buffer Overflow (DEP/ASLR Bypass) (0)
10-30: [webapps] Microstrategy Web 7 – Cross-Site Scripting / Directory Traversal (0)
10-30: [dos] ZyXEL VMG3312-B10B < 1.00(AAPP.7) – Credential Disclosure (0)
10-30: [webapps] Asaancart Simple PHP Shopping Cart 0.9 – Arbitrary File Upload / SQL Injection (0)
10-30: [local] xorg-x11-server 1.20.3 – Privilege Escalation (0)
10-30: [webapps] South Gate Inn Online Reservation System 1.0 – 'q' SQL Injection (0)
10-29: http://www.thabo-mu.go.th (0)
10-29: http://www.bandonglocal.go.th (0)
10-29: [dos] systemd – chown_one() can Dereference Symlinks (0)
10-29: [webapps] School Event Management System 1.0 – Arbitrary File Upload (0)
10-29: [webapps] K-iwi Framework 1775 – SQL Injection (0)
10-29: [webapps] Curriculum Evaluation System 1.0 – SQL Injection (0)
10-29: [webapps] SaltOS Erp Crm 3.1 r8126 – Database File Download (0)
10-29: [webapps] Bakeshop Inventory System in VB.Net and MS Access Database 1.0 – SQL Injection (0)
10-29: [dos] Navicat 12.0.29 – 'SSH' Denial of Service (PoC) (0)
10-29: [webapps] Open Faculty Evaluation System 7 – 'batch_name' SQL Injection (0)
10-29: [local] School Equipment Monitoring System 1.0 – 'login' SQL Injection (0)
10-29: [dos] Local Server 1.0.9 – Denial of Service (PoC) (0)
10-29: [dos] AlienIP 2.41 – Denial of Service (PoC) (0)
10-29: [remote] Paramiko 2.4.1 – Authentication Bypass (0)
10-29: [local] Modbus Slave PLC 7 – '.msw' Buffer Overflow (PoC) (0)
10-29: [webapps] Open Faculty Evaluation System 5.6 – 'batch_name' SQL Injection (0)
10-29: [webapps] Grapixel New Media 2 – 'pageref' SQL Injection (0)
10-29: [webapps] Library Management System 1.0 – 'frmListBooks' SQL Injection (0)
10-28: WordPress Arforms 3.5.1 Arbitrary File Delete (0)
10-28: Webiness Inventory 2.9 Shell Upload (0)
10-28: http://www.childrenhospital.go.th/index.htm (0)
10-27: BORGChat 1.0.0 Build 438 Denial Of Service (0)
10-27: MPS Box 0.1.8.0 SQL Injection (0)
10-27: xorg-x11-server Local Privilege Escalation (0)
10-27: xorg-x11-server Local Root (0)
10-27: Linux systemd Line Splitting (0)
10-27: Linux systemd Symlink Dereference Via chown_one() (0)
10-27: Libtiff Decodes Arbitrarilly-Sozed JBIG Into A Target Buffer (0)
10-27: Open STA Manager 2.3 Arbitrary File Download (0)
10-27: Quick Count 2.0 SQL Injection (0)
10-27: MPS Box 0.1.8.0 Arbitrary File Upload (0)
10-27: PHPTPoint Mailing Server Using File Handling 1.0 Arbitrary File Read (0)
10-27: Oracle Hyperion Planning 11.1.2.4 Cross Site Scripting (0)
10-27: Delta Sql 1.8.2 SQL Injection (0)
10-27: Veterinary Clinic Management 00.02 SQL Injection (0)
10-27: HID ActivID ActivClient 7.1.0.202 Heap Spray / Denial Of Service (0)
10-27: Shell In A Box 2.2.0 Denial Of Service (0)
10-27: ASRock Drivers Privilege Escalation / Code Execution (0)
10-27: http://bandarbangovths.gov.bd (0)
10-27: http://lampangdopa.go.th/index.php (0)
10-26: Apple iOS 11.x & 12.x – Authentication Bypass Vulnerability (0)
10-26: [webapps] Veterinary Clinic Management 00.02 – 'editpetnum' SQL Injection (0)
10-26: [webapps] Delta Sql 1.8.2 – 'id' SQL Injection (0)
10-26: [webapps] Quick Count 2.0 – 'txtInstID' SQL Injection (0)
10-26: [webapps] MPS Box 0.1.8.0 – Arbitrary File Upload (0)
10-25: Intel Quartus Family – Privilege Escalation Vulnerability (0)
10-25: Intel Quartus Family – Privilege Escalation Vulnerability (0)
10-25: Adult Filter 1.0 Denial Of Service (0)
10-25: PHPTPoint Hospital Management System 1 SQL Injection (0)
10-25: Apache OFBiz 16.11.04 XML Injection (0)
10-25: LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting (0)
10-25: WordPress Pie Register 3.0.17 Cross Site Scripting (0)
10-25: WordPress Question Answer 1.2.30 Cross Site Scripting (0)
10-25: Exim 4.90 Remote Code Execution (0)
10-25: SG ERP 1.0 SQL Injection (0)
10-25: Microsoft Data Sharing Local Privilege Escalation (0)
10-25: Axioscloud Sissiweb Registro Elettronico 7.0.0 Cross Site Scripting (0)
10-25: Fifa Master XLS 2.3.2 SQL Injection (0)
10-25: AudioCodes 440HD / 450HD IP Phone 3.1.2.89 Man-In-The-Middle (0)
10-25: Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle (0)
10-25: Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure (0)
10-25: WebEx Local Service Permissions Code Execution (0)
10-25: WebExec Authenticated User Code Execution (0)
10-25: [webapps] Ekushey Project Manager CRM 3.1 – Cross-Site Scripting (0)
10-25: [webapps] ProjeQtOr Project Management Tool 7.2.5 – Remote Code Execution (0)
10-25: [local] Adult Filter 1.0 – Buffer Overflow (SEH) (0)
10-25: [webapps] phptpoint Pharmacy Management System 1.0 – 'username' SQL injection (0)
10-25: [webapps] ClipBucket 2.8 – 'id' SQL Injection (0)
10-25: [webapps] Simple Chat System 1.0 – 'id' SQL Injection (0)
10-25: [webapps] Simple POS and Inventory 1.0 – 'cat' SQL Injection (0)
10-25: [webapps] User Management 1.1 – Cross-Site Scripting (0)
10-25: [webapps] AiOPMSD Final 1.0.0 – 'q' SQL Injection (0)
10-25: [webapps] Open STA Manager 2.3 – Arbitrary File Download (0)
10-25: [webapps] AjentiCP 1.2.23.13 – Cross-Site Scripting (0)
10-25: [webapps] Delta Sql 1.8.2 – Arbitrary File Upload (0)
10-25: [webapps] MPS Box 0.1.8.0 – 'uuid' SQL Injection (0)
10-25: [webapps] phptpoint Hospital Management System 1.0 – 'user' SQL injection (0)
10-25: [dos] BORGChat 1.0.0 build 438 – Denial of Service (PoC) (0)
10-24: School ERP Pro+Responsive 1.0 Arbitrary File Download (0)
10-24: School ERP Pro+Responsive 1.0 SQL Injection (0)
10-24: SIM-PKH 2.4.1 SQL Injection (0)
10-24: SIM-PKH 2.4.1 Shell Upload (0)
10-24: ServersCheck Monitoring Software 14.3.3 Arbitrary File Write / DoS (0)
10-24: Appsource School Management System 1.0 SQL Injection (0)
10-24: Microsoft Active Directory Federated Services (ADFS) User Enumeration (0)
10-24: MGB OpenSource Guestbook 0.7.0.2 SQL Injection (0)
10-24: ServersCheck Monitoring Software 14.3.3 Cross Site Scripting (0)
10-24: CommuniGatePro Pronto Webmail 6.2 Cross Site Scripting (0)
10-24: ServersCheck Monitoring Software 14.3.3 SQL Injection (0)
10-24: [webapps] LANGO Codeigniter Multilingual Script 1.0 – Cross-Site Scripting (0)
10-24: [webapps] Apache OFBiz 16.11.04 – XML External Entity Injection (0)
10-24: [webapps] SG ERP 1.0 – 'info' SQL Injection (0)
10-24: [webapps] Fifa Master XLS 2.3.2 – 'usw' SQL Injection (0)
10-24: [shellcode] Linux/x86 – execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes (0)
10-24: [dos] ADULT FILTER 1.0 – Denial of Service (PoC) (0)
10-24: [webapps] Axioscloud Sissiweb Registro Elettronico 7.0.0 – 'Error_desc' Cross-Site Scripting (0)
10-23: AudaCity 2.3 Denial Of Service (0)
10-23: Microsoft Windows 10 UAC Bypass By computerDefault (0)
10-23: Modbus Poll 7.2.2 Denial Of Service (0)
10-23: MySQL Edit Table 1.0 SQL Injection (0)
10-23: School ERP Ultimate 2018 Arbitrary File Download (0)
10-23: Oracle Siebel CRM 8.1.1 CSV Injection (0)
10-23: The Open ISES Project 3.30A SQL Injection (0)
10-23: School ERP Ultimate 2018 SQL Injection (0)
10-23: The Open ISES Project 3.30A Arbitrary File Download (0)
10-23: AjentiCP 1.2.23.13 Cross Site Scripting (0)
10-23: eNdonesia Portal 8.7 SQL Injection (0)
10-23: Traq 3.7.1 CSRF / XSS / SQL Injection (0)
10-23: Viva Visitor And Volunteer ID Tracking 0.95.1 SQL Injection (0)
10-23: VestaCP 0.9.8-22 Cross Site Scripting (0)
10-23: [webapps] School ERP Pro+Responsive 1.0 – Arbitrary File Download (0)
10-23: [webapps] SIM-PKH 2.4.1 – 'id' SQL Injection (0)
10-23: [webapps] ServersCheck Monitoring Software 14.3.3 – 'id' SQL Injection (0)
10-23: [webapps] School ERP Pro+Responsive 1.0 – 'fid' SQL Injection (0)
10-23: [webapps] SIM-PKH 2.4.1 – Arbitrary File Upload (0)
10-23: [webapps] Appsource School Management System 1.0 – 'student_id' SQL Injection (0)
10-23: [dos] ServersCheck Monitoring Software 14.3.3 – Denial of Service (PoC) (0)
10-22: [dos] Apple iOS – Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value (0)
10-22: [webapps] School ERP Ultimate 2018 – 'fid' SQL Injection (0)
10-22: [webapps] Oracle Siebel CRM 8.1.1 – CSV Injection (0)
10-22: [webapps] The Open ISES Project 3.30A – 'tick_lat' SQL Injection (0)
10-22: [dos] AudaCity 2.3 – Denial of Service (PoC) (0)
10-22: [webapps] School ERP Ultimate 2018 – Arbitrary File Download (0)
10-22: [webapps] MySQL Edit Table 1.0 – 'id' SQL Injection (0)
10-22: [dos] Modbus Poll 7.2.2 – Denial of Service (PoC) (0)
10-20: libSSH Authentication Bypass (0)
10-20: WiFiRanger 7.0.8rc3 Incorrect Access Control / Privilege Escalation (0)
10-20: Viprinet VPN Hub Router Cross Site Scripting (0)
10-20: Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference (0)
10-20: iOS / macOS MIG Object Lifetime Semantics Sandbox Escape (0)
10-20: Apple Intel GPU Driver Use-After-Free / Double-Delete (0)
10-20: [remote] LibSSH 0.7.6 / 0.8.4 – Unauthorized Access (0)
10-19: Learning With Texts 1.6.2 SQL Injection (0)
10-19: PHP-SHOP Master 1.0 Cross Site Request Forgery (0)
10-19: OwnTicket 1.0 SQL Injection (0)
10-18: http://leaves.eppo.go.th/security/lang.tmp (0)
10-18: Any Sound Recorder 2.93 Buffer Overflow (0)
10-18: Time And Expense Management System 3.0 Cross Site Request Forgery (0)
10-18: Git Submodule Arbitrary Code Execution (0)
10-18: LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting (0)
10-18: Ekushey Project Manager CRM 3.1 Cross Site Scripting (0)
10-18: TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure (0)
10-18: D-Link Plain-Text Password Storage / Code Execution / Directory Traversal (0)
10-18: WordPress Wordfence 7.1.12 XSS / Username Disclosure (0)
10-18: User Management 1.1 Cross Site Scripting (0)
10-18: Zenar Content Management System 8.3 Cross Site Request Forgery (0)
10-18: Time And Expense Management System 3.0 SQL Injection (0)
10-18: http://www.kudnamsai.go.th/activity/images/83506.jpg (0)
10-18: http://www.samrongkk.go.th/activity/images/97023.gif (0)
10-18: [webapps] OwnTicket 1.0 – 'TicketID' SQL Injection (0)
10-18: [webapps] Learning with Texts 1.6.2 – 'start' SQL Injection (0)
10-18: [webapps] PHP-SHOP master 1.0 – Cross-Site Request Forgery (Add admin) (0)
10-17: Academic Timetable Final Build 7.0a / 7.0b Information Disclosure (0)
10-17: KORA 2.7.0 SQL Injection (0)
10-17: HotelDruid 2.2.4 SQL Injection (0)
10-17: Navigate CMS 2.8.5 Arbitrary File Download (0)
10-17: Kados R10 GreenBee SQL Injection (0)
10-17: Vishesh Auto Index 3.1 SQL Injection (0)
10-17: Rukovoditel Project Management CRM 2.3 SQL Injection (0)
10-17: MV Video Sharing Software 1.2 SQL Injection (0)
10-17: HighPortal 12.5 Cross Site Scripting (0)
10-17: GIU Gallery Image Upload 0.3.1 SQL Injection (0)
10-17: Microsoft Windows FSCTL_FIND_FILES_BY_SID Information Disclosure (0)
10-17: https://numbering.nbtc.go.th/xampp/lang.tmp (0)
10-17: [webapps] TP-Link TL-SC3130 1.6.18 – RTSP Stream Disclosure (0)
10-17: [webapps] Time and Expense Management System 3.0 – Cross-Site Request Forgery (Add Admin) (0)
10-17: [local] Any Sound Recorder 2.93 – Buffer Overflow (SEH) (0)
10-17: [remote] FLIR AX8 Thermal Camera 1.32.16 – Hard-Coded Credentials (0)
10-17: [webapps] BigTree CMS 4.2.23 – Cross-Site Scripting (0)
10-16: Snes9K 0.0.9z Buffer Overflow (0)
10-16: Mozilla Firefox Picture Drag And Drop Security Bypass (0)
10-16: BigTree CMS 4.2.23 Cross Site Scripting (0)
10-16: Alchemy CMS 4.1-Stable Cross Site Scripting (0)
10-16: FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Remote Root (0)
10-16: Academic Timetable Final Build 7.0a / 7.0b SQL Injection (0)
10-16: Academic Timetable Final Build 7.0b Cross Site Request Forgery (0)
10-16: College Notes Management System 1.0 SQL Injection (0)
10-16: MaxOn ERP Software 8.x / 9.x SQL Injection (0)
10-16: Centos Web Panel 0.9.8.480 XSS / LFI / Code Execution (0)
10-16: Advanced HRM 1.6 Remote Code Execution (0)
10-16: FLIR Systems FLIR AX8 Thermal Camera 1.32.16 RTSP Stream Disclosure (0)
10-16: FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Arbitrary File Disclosure (0)
10-16: FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell Access (0)
10-16: FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure (0)
10-16: FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure (0)
10-16: Solaris RSH Stack Clash Privilege Escalation (0)
10-16: Library CMS 2.1.1 Cross Site Scripting (0)
10-16: WordPress Support Board 1.2.3 Cross Site Scripting (0)
10-16: [webapps] Rukovoditel Project Management CRM 2.3 – 'path' SQL Injection (0)
10-16: [webapps] Kados R10 GreenBee – 'release_id' SQL Injection (0)
10-16: [webapps] Kados R10 GreenBee – 'release_id' SQL Injection (0)
10-16: [webapps] HotelDruid 2.2.4 – 'anno' SQL Injection (0)
10-16: [webapps] HotelDruid 2.2.4 – 'anno' SQL Injection (0)
10-16: [webapps] Library CMS 2.1.1 – Cross-Site Scripting (0)
10-16: [webapps] Library CMS 2.1.1 – Cross-Site Scripting (0)
10-16: [webapps] Navigate CMS 2.8.5 – Arbitrary File Download (0)
10-16: [webapps] Navigate CMS 2.8.5 – Arbitrary File Download (0)
10-15: https://ic.nbtc.go.th/xampp/lang.tmp (0)
10-15: EasyBoot v6.6.0.800 – (Function Key) Buffer Overflow (0)
10-15: [remote] NoMachine < 5.3.27 – Remote Code Execution (0)
10-15: [webapps] FLIR AX8 Thermal Camera 1.32.16 – Remote Code Execution (0)
10-15: [webapps] Academic Timetable Final Build 7.0 – Information Disclosure (0)
10-15: [local] Snes9K 0.0.9z – Buffer Overflow (SEH) (0)
10-15: [webapps] AlchemyCMS 4.1 – Cross-Site Scripting (0)
10-15: [webapps] Advanced HRM 1.6 – Remote Code Execution (0)
10-15: [webapps] FLIR AX8 Thermal Camera 1.32.16 – RTSP Stream Disclosure (0)
10-15: [webapps] MaxOn ERP Software 8.x-9.x – 'nomor' SQL Injection (0)
10-15: [webapps] FLIR Brickstream 3D+ 2.1.742.1842 – Config File Disclosure (0)
10-15: [webapps] FLIR AX8 Thermal Camera 1.32.16 – Arbitrary File Disclosure (0)
10-15: [webapps] Academic Timetable Final Build 7.0a-7.0b – 'id' SQL Injection (0)
10-13: HaPe PKH 1.1 SQL Injection (0)
10-13: Cockpit CMS CSRF / XSS / Path Traversal (0)
10-13: Phoenix Contact WebVisit 2985725 Authentication Bypass (0)
10-13: Teltonika RUT9XX Unauthenticated OS Command Injection (0)
10-13: HaPe PKH 1.1 Cross Site Request Forgery (0)
10-13: Teltonika RUT9XX Missing Access Control To UART Root Terminal (0)
10-13: HaPe PKH 1.1 Shell Upload (0)
10-13: Teltonika RUT9XX Reflected Cross Site Scripting (0)
10-13: SugarCRM 6.5.26 Cross Site Scripting (0)
10-13: NoMachine 5.3.26 Remote Code Execution (0)
10-13: D-Link DSL-2640T Cross Site Scripting (0)
10-12: EasyBoot v6.6.0.800 – (Title CD) Buffer Overflow (0)
10-12: WAGO 750-881 01.09.18 Cross Site Scripting (0)
10-12: Phoenix Contact WebVisit 6.40.00 Password Disclosure (0)
10-12: Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection (0)
10-12: Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection (0)
10-12: E-Registrasi Pencak Silat 18.10 SQL Injection (0)
10-12: Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection (0)
10-12: LUYA CMS 1.0.12 Cross Site Scripting (0)
10-12: CAMALEON CMS 2.4 Cross Site Scripting (0)
10-12: [webapps] SugarCRM 6.5.26 – Cross-Site Scripting (0)
10-12: [webapps] HaPe PKH 1.1 – Arbitrary File Upload (0)
10-12: [webapps] CAMALEON CMS 2.4 – Cross-Site Scripting (0)
10-12: [webapps] HaPe PKH 1.1 – 'id' SQL Injection (0)
10-12: [webapps] Phoenix Contact WebVisit 2985725 – Authentication Bypass (0)
10-12: [webapps] HaPe PKH 1.1 – Cross-Site Request Forgery (Update Admin) (0)
10-12: [webapps] LUYA CMS 1.0.12 – Cross-Site Scripting (0)
10-11: Free MP3 CD Ripper 2.8 .wma Buffer Overflow (0)
10-11: net-snmp 5.7.3 Denial Of Service (0)
10-11: Wikidforum 2.20 select_sort SQL Injection (0)
10-11: NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass (0)
10-11: Sitepress Multilingual 3.6.3 Cross Site Scripting (0)
10-11: Responsive Filemanager 9.8.1 Authentication Bypass (0)
10-11: Responsive Filemanager 9.8.1 Cross Site Scripting (0)
10-11: FileZilla 3.33 Buffer Overflow (0)
10-11: Wikidforum 2.20 SQL Injection (0)
10-11: Ektron CMS 9.20 SP2 Improper Access Restrictions (0)
10-11: Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow (0)
10-11: Mikrotik RouterOS Remote Root (0)
10-11: jQuery-File-Upload 9.22.0 Arbitrary File Upload (0)
10-11: XMeye P2P Cloud Remote Code Execution / Integrity Issues (0)
10-11: DELL EMC OneFS Storage Administration 8.1.2.0 .zshrc Overwrite (0)
10-11: Microsoft Edge Chakra JIT BailOutOnInvalidatedArrayHeadSegment Check Bypass (0)
10-11: Microsoft Edge Chakra JIT Type Confusion Bug (0)
10-11: WhatsApp RTP Processing Heap Corruption (0)
10-11: Ghostscript executeonly Bypass (0)
10-11: VLC Media Player 2.2.8 MKV Use-After-Free (0)
10-11: Apple Security Advisory 2018-10-08-1 (0)
10-11: Apple Security Advisory 2018-10-08-2 (0)
10-11: [webapps] jQuery-File-Upload 9.22.0 – Arbitrary File Upload (0)
10-11: [webapps] E-Registrasi Pencak Silat 18.10 – 'id_partai' SQL Injection (0)
10-11: [webapps] WAGO 750-881 01.09.18 – Cross-Site Scripting (0)
10-11: [webapps] Wikidforum 2.20 – Cross-Site Scripting (0)
10-10: http://khoksaat.go.th/doc_news (0)
10-10: http://bakdailocal.go.th/doc_news (0)
10-10: http://khoktakhian.go.th/doc_news (0)
10-10: http://muangthi.go.th/doc_news (0)
10-10: http://tabao.go.th/doc_news (0)
10-10: http://nanokkok.go.th/doc_news (0)
10-10: http://pingluang.go.th/doc_news (0)
10-10: http://www.tambondan.go.th/doc_news (0)
10-10: http://thawangpha.go.th/doc_news (0)
10-10: http://www.kwaosinarin.go.th/doc_news (0)
10-10: http://www.salangpan.go.th/doc_news (0)
10-10: http://www.salakdai.go.th/doc_news (0)
10-10: http://www.phaisarn.go.th/doc_news (0)
10-10: http://www.phaikala.go.th/doc_news (0)
10-10: http://www.nongbuabanlocal.go.th/doc_news (0)
10-10: http://www.kapchoeng.go.th/doc_news (0)
10-10: http://www.bandara.go.th/doc_newsebay (0)
10-10: http://www.tramdom.go.th/doc_news (0)
10-10: http://www.sanjaopor.go.th/doc_news (0)
10-10: http://www.prakaewlocal.go.th/doc_news (0)
10-10: http://www.nammuab.go.th/doc_news (0)
10-10: http://www.trum.go.th/doc_news (0)
10-10: http://www.muangleeng.go.th/doc_news (0)
10-10: [dos] WhatsApp – RTP Processing Heap Corruption (0)
10-10: [remote] MicroTik RouterOS < 6.43rc3 – Remote Root (0)
10-10: [webapps] Ektron CMS 9.20 SP2 – Improper Access Restrictions (0)
10-10: [dos] FileZilla 3.33 – Buffer Overflow (PoC) (0)
10-09: http://knowledge.ocpb.go.th//xampp/lang.tmp (0)
10-09: 360 3.5.0.1033 Sandbox Escape (0)
10-09: net-snmp 5.7.3 Denial Of Service (0)
10-09: Linux Kernel mq_notify: double sock_put() Local Privilege Escalation (0)
10-09: Android current-fs Improper Locking (0)
10-09: Chamilo LMS 1.11.8 firstname Cross Site Scripting (0)
10-09: Git Submodule Arbitrary Code Execution (0)
10-09: FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure (0)
10-09: FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation (0)
10-09: net-snmp 5.7.3 Unauthenticated Denial Of Service (0)
10-09: Imperva SecureSphere 13 Remote Command Execution (0)
10-09: Cisco Prime Infrastructure Unauthenticated Remote Code Execution (0)
10-09: ifwatchd Privilege Escalation (0)
10-09: Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow (0)
10-09: [local] ifwatchd – Privilege Escalation (Metasploit) (0)
10-09: [webapps] Wikidforum 2.20 – 'select_sort' SQL Injection (0)
10-09: [local] Free MP3 CD Ripper 2.8 – '.wma' Buffer Overflow (SEH) (DEP Bypass) (0)
10-09: [papers] Client Side Injection on Web Applications (0)
10-09: [papers] [Persian] Exploiting Wordpress Security (0)
10-09: [local] Seqrite End Point Security 7.4 – Privilege Escalation (0)
10-09: [dos] Microsoft Edge Chakra JIT – Type Confusion (0)
10-09: [dos] Microsoft Edge Chakra JIT – 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass (0)
10-09: [local] ghostscript – executeonly Bypass with errorhandler Setup (0)
10-09: [webapps] Wikidforum 2.20 – 'message_id' SQL Injection (0)
10-09: [remote] Delta Electronics Delta Industrial Automation COMMGR 1.08 – Stack Buffer Overflow (Metasploit) (0)
10-09: [papers] LOKIDN: a new vector for Homograph Attacks (0)
10-08: [dos] Linux – Kernel Pointer Leak via BPF (0)
10-08: [local] Zahir Enterprise Plus 6 – Stack Buffer Overflow (Metasploit) (0)
10-08: [remote] Unitrends UEB – HTTP API Remote Code Execution (Metasploit) (0)
10-08: [remote] Navigate CMS – Unauthenticated Remote Code Execution (Metasploit) (0)
10-08: [dos] Android – sdcardfs Changes current->fs Without Proper Locking (0)
10-08: [papers] WordPress Penetration Testing using WPScan and MetaSploit (0)
10-08: [webapps] Imperva SecureSphere 13 – Remote Command Execution (0)
10-08: [webapps] Imperva SecureSphere 13 – Remote Command Execution (0)
10-08: [shellcode] Linux/x86 – execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes) (0)
10-08: [local] 360 3.5.0.1033 – Sandbox Escape (0)
10-08: [shellcode] Linux/MIPS (Big Endian) – execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes) (0)
10-08: [webapps] FLIR Thermal Traffic Cameras 1.01-0bb5b27 – Information Disclosure (0)
10-06: Easy File Sharing Web Server 7.2 Domain Name Buffer Overflow (0)
10-06: Chrome OS /sbin/crash_reporter Symlink Traversal (0)
10-06: Chamilo LMS 1.11.8 Cross Site Scripting (0)
10-06: Linux Kernel PTR Leak Via BPF (0)
10-06: Windows Net-NTLMv2 Reflection DCOM/RPC (0)
10-06: Netis ADSL Router DL4322D RTK 2.1.1 Cross Site Request Forgery (0)
10-06: Navigate CMS Unauthenticated Remote Code Execution (0)
10-06: Zahir Enterprise Plus 6 Stack Buffer Overflow (0)
10-06: Unitrends UEB HTTP API Remote Code Execution (0)
10-06: Claromentis Discuss 1.2.1 Cross Site Scripting (0)
10-06: http://www.maekhaning.go.th/king.txt (0)
10-06: http://www.nongyai.go.th/king.txt (0)
10-06: http://www.thungsrithong.go.th/king.txt (0)
10-06: http://www.sri-satuk.go.th/king.txt (0)
10-06: http://www.khutan.go.th/king.txt (0)
10-06: http://www.banchop.go.th/king.txt (0)
10-06: http://www.that.go.th/king.txt (0)
10-06: http://www.uttaradit-pao.go.th/king.txt (0)
10-06: http://www.berd.go.th/king.txt (0)
10-06: http://www.thamaunglocal.go.th/king.txt (0)
10-06: http://www.nongyai-sao.go.th/king.txt (0)
10-06: http://www.pradu.go.th/king.txt (0)
10-06: http://www.orbotor-yang.go.th/king.txt (0)
10-06: http://www.phensuk-sao.go.th/king.txt (0)
10-06: http://www.thaworn.go.th/king.txt (0)
10-06: http://www.nongmathee.go.th/king.txt (0)
10-06: http://www.khumpong.go.th/king.txt (0)
10-06: http://www.kudkhakeem.go.th/king.txt (0)
10-06: http://www.tangjai.go.th/king.txt (0)
10-06: http://www.sano.go.th/king.txt (0)
10-06: [webapps] Chamilo LMS 1.11.8 – 'firstname' Cross-Site Scripting (0)
10-06: [webapps] FLIR Thermal Traffic Cameras 1.01-0bb5b27 – RTSP Stream Disclosure (0)
10-05: Easy File Sharing WS v7.2 – (Domain Name) Buffer Overflow (0)
10-05: Zechat 1.5 SQL Injection (0)
10-05: Joomla! Jimtawl 2.2.7 SQL Injection (0)
10-05: Photo Nettoyeur 1.4.5 Insecure File Permission (0)
10-05: LayerBB Forum 1.1.1 SQL Injection (0)
10-05: NICO-FTP 3.0.1.19 SEH Buffer Overflow (0)
10-05: virtualenv 16.0.0 Sandbox Escape (0)
10-05: WordPress Pie Register 3.0.15 Cross Site Scripting (0)
10-05: ISPConfig Remote Command Execution (0)
10-05: D-Link Central WiFiManager Software Controller Code Execution / XSS (0)
10-05: [webapps] Chamilo LMS 1.11.8 – Cross-Site Scripting (0)
10-05: [webapps] D-Link Central WiFiManager Software Controller 1.03 – Multiple Vulnerabilities (0)
10-05: [webapps] ISPConfig < 3.1.13 – Remote Command Execution (0)
10-05: [webapps] Netis ADSL Router DL4322D RTK 2.1.1 – Cross-Site Request Forgery (Add Admin) (0)
10-04: [webapps] LayerBB Forum 1.1.1 – 'search_query' SQL Injection (0)
10-04: [local] virtualenv 16.0.0 – Sandbox Escape (0)
10-04: [shellcode] Linuxx86 – (NOT +SHIFT-N+ XOR-N) + encoded (/bin/sh) Shellcode (50 byes) (0)
10-03: OPAC EasyWeb Five 5.7 biblio SQL Injection (0)
10-03: Coaster CMS 5.5.0 Cross Site Scripting (0)
10-03: OPAC EasyWeb Five 5.7 nome SQL Injection (0)
10-03: Collaboration Compliance And Quality Management Platform 9.1.1.5482 Disclosure (0)
10-03: Collaboration Compliance And Quality Management Platform 9.1.1.5482 Improper Access Control (0)
10-03: [webapps] Airties AIR5342 1.0.0.18 – Cross-Site Scripting (0)
10-03: [webapps] Joomla! Component Jimtawl 2.2.7 – 'id' SQL Injection (0)
10-03: [webapps] Zechat 1.5 – 'uname' SQL Injection (0)
10-02: Facebook – Instagram Business Access Token Vulnerability (0)
10-02: Easy File Sharing WS v7.2 – (UserId) Buffer Overflow (0)
10-02: WordPress PDF And Print 2.0.2 Cross Site Scripting (0)
10-02: Snes9K 0.0.9z Denial Of Service (0)
10-02: Zahir Enterprise Plus 6 Build 10b Buffer Overflow (0)
10-02: Packet Storm New Exploits For September, 2018 (0)
10-02: Fork CMS 5.4.0 Cross Site Scripting / HTML Injection (0)
10-02: WUZHICMS 2.0 Cross Site Scripting (0)
10-02: MensaMax 4.3 Hardcoded Encryption Key Disclosure (0)
10-02: Ivanti Workspace Control Application PowerGrid RWS Whitelist Bypass (0)
10-02: Ivanti Workspace Control Application PowerGrid SEE Whitelist Bypass (0)
10-02: Debian/Ubuntu AppArmor evince Policy Bypass (0)
10-02: H2 Database 1.4.196 Remote Code Execution (0)
10-02: Hotel Booking Engine 1.0 SQL Injection (0)
10-02: Education Website 1.0 SQL Injection (0)
10-02: Singleleg MLM Software 1.0 SQL Injection (0)
10-02: Binary MLM Software 1.0 SQL Injection (0)
10-02: Flippa Marketplace Clone 1.0 SQL Injection (0)
10-02: Billion ADSL Router 400G 20151105641 Cross Site Scripting (0)
10-02: [webapps] OPAC EasyWeb Five 5.7 – 'biblio' SQL Injection (0)
10-02: [webapps] Coaster CMS 5.5.0 – Cross-Site Scripting (0)
10-02: [webapps] OPAC EasyWeb Five 5.7 – 'nome' SQL Injection (0)
10-01: http://www.my-office.yala3.go.th/1.php (0)
10-01: [webapps] Fork CMS 5.4.0 – Cross-Site Scripting (0)
10-01: [webapps] Singleleg MLM Software 1.0 – 'msg_id' SQL Injection (0)
10-01: [webapps] Education Website 1.0 – 'subject' SQL Injection (0)
10-01: [webapps] Binary MLM Software 1.0 – 'pid' SQL Injection (0)
10-01: [webapps] Hotel Booking Engine 1.0 – 'h_room_type' SQL Injection (0)
10-01: [webapps] ManageEngine AssetExplorer 6.2.0 – Cross-Site Scripting (0)
10-01: [local] Snes9K 0.0.9z – Denial of Service (PoC) (0)
10-01: [local] Zahir Enterprise Plus 6 build 10b – Buffer Overflow (SEH) (0)
10-01: [webapps] H2 Database 1.4.196 – Remote Code Execution (0)

September 2018 (441)

09-29: Intel Extreme Tuning Utility 6.4.1.23 Code Execution / Privilege Escalation (0)
09-29: Seqrite End Point Security 7.4 Privilege Escalation (0)
09-29: Airties AIR5343v2 1.0.0.18 Cross Site Scripting (0)
09-29: Airties AIR5442 1.0.0.18 Cross Site Scripting (0)
09-29: Airties AIR5443v2 1.0.0.18 Cross Site Scripting (0)
09-29: Airties AIR5453 1.0.0.18 Cross Site Scripting (0)
09-29: Fork CMS 5.4.0 Cross Site Scripting / HTML Injection (0)
09-29: ManageEngine AssetExplorer 6.2.0 Cross Site Scripting (0)
09-29: Airties AIR5021 1.0.0.18 Cross Site Scripting (0)
09-29: Airties AIR5650 1.0.0.18 Cross Site Scripting (0)
09-29: Airties AIR5750 1.0.0.18 Cross Site Scripting (0)
09-28: gVisor Pagetables Reuse (0)
09-28: WordPress Breadcrumb NavXT 6.1.0 Username Disclosure (0)
09-28: WordPress WebARX Website Firewall 4.9.8 XSS / Bypass (0)
09-28: Microsoft Edge Sandbox Escape (0)
09-28: iWay Data Quality Suite Web Console 10.6.1.ga XML Injection (0)
09-28: ManageEngine Desktop Central 10.0.271 Cross Site Scripting (0)
09-28: Rausoft ID.prove 2.95 SQL Injection (0)
09-28: PCProtect 4 8.35 Privilege Escalation (0)
09-28: AppArmor Filesystem Blacklisting Bypass (0)
09-28: [local] PCProtect 4.8.35 – Privilege Escalation (0)
09-27: http://www.rb2.go.th/admin/admin_menager/file_list/ (0)
09-27: http://tungkratadpatthana.go.th/activity/images/vbs.txt (0)
09-27: http://pakprak.go.th/activity/images/vbs.txt (0)
09-27: http://www.nongtad.go.th/activity/images/vbs.txt (0)
09-27: http://tambonnaklang.go.th/activity/images/vbs.txt (0)
09-27: http://www.khamsakasang.go.th/activity/images/vbs.txt (0)
09-27: http://makluakao.go.th/activity/images/vbs.txt (0)
09-27: http://www.sraponthong.go.th/activity/images/vbs.txt (0)
09-27: http://consolidation.rid.go.th/engineering/images/HTLrHaCkEr.txt (0)
09-27: Linux VMA Use-After-Free (0)
09-27: TransMac 12.2 Denial Of Service (0)
09-27: CrossFont 7.5 Denial Of Service (0)
09-27: tekno.Portal 0.1b Cross Site Scripting (0)
09-27: Linux create_elf_tables() Integer Overflow (0)
09-27: WordPress WP Insert 2.4.2 Arbitrary File Upload (0)
09-27: Progress Kendo UI Editor 2018.1.221 Cross Site Scripting (0)
09-27: Citrix StorageZones Controller Improper Access Restrictions / Traversal (0)
09-27: CMS ISWEB 3.5.3 SQL Injection (0)
09-27: [webapps] ManageEngine Desktop Central 10.0.271 – Cross-Site Scripting (0)
09-27: [webapps] Rausoft ID.prove 2.95 – 'Username' SQL injection (0)
09-27: [local] EE 4GEE Mini EE40_00_02.00_44 – Privilege Escalation (0)
09-27: [webapps] iWay Data Quality Suite Web Console 10.6.1.ga – XML External Entity Injection (0)
09-26: http://nbc.dip.go.th/sa.html (0)
09-26: http://nbcsystem.dip.go.th/sa.html (0)
09-26: http://nec.dip.go.th/sa.html (0)
09-26: Joomla! Raffle Factory 3.5.2 SQL Injection (0)
09-26: Joomla! Music Collection 3.0.3 SQL Injection (0)
09-26: Joomla! Penny Auction Factory 2.0.4 SQL Injection (0)
09-26: Joomla! Questions 1.4.3 SQL Injection (0)
09-26: Joomla! Jobs Factory 2.0.4 SQL Injection (0)
09-26: Joomla! Social Factory 3.8.3 SQL Injection (0)
09-26: Joomla! Dutch Auction Factory 2.0.2 SQL Injection (0)
09-26: Faleemi Desktop Software 1.8.2 Device Alias Buffer Overflow (0)
09-26: Joomla Component eXtroForms 2.1.5 SQL Injection (0)
09-26: Joomla! Swap Factory 2.2.1 SQL Injection (0)
09-26: Joomla! Collection Factory 4.1.9 SQL Injection (0)
09-26: Joomla! Reverse Auction Factory 4.3.8 SQL Injection (0)
09-26: Joomla! AlphaIndex Dictionaries 1.0 SQL Injection (0)
09-26: Joomla! Article Factory Manager 4.3.9 SQL Injection (0)
09-26: Joomla! Timetable Schedule 3.6.8 SQL Injection (0)
09-26: Red Hat Security Advisory 2018-2772-01 (0)
09-26: WebKit WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded Use-After-Free (0)
09-26: WebKit WebCore::SVGTextLayoutAttributes::context Use-After-Free (0)
09-26: WebKit WebCore::RenderLayer::updateDescendantDependentFlags Use-After-Free (0)
09-26: WebKit WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free (0)
09-26: WebKit WebCore::Node::ensureRareData Use-After-Free (0)
09-26: