Telerik UI – Remote Code Execution via Insecure Deserialization
>> AUTHOR: deepcore
Telerik UI – Remote Code Execution via Insecure Deserialization
http://necsystem.dip.go.th/index.html notified by Jean Maroc
http://angelfund.dip.go.th/index.html notified by Jean Maroc
Squiz Matrix CMS suffers from PHP unserialization code execution, information disclosure, and arbitrary file deletion vulnerabilities.
D-Link DIR-615 suffers from a privilege escalation vulnerability.
Linux suffers from a privilege escalation vulnerability via io_uring offload of sendmsg() onto kernel thread with kernel creds.
Serv-U FTP Server version 15.1.7 suffers from a persistent cross site scripting vulnerability.
Serv-U FTP Server version 15.1.7 suffers from a CSV injection vulnerability.
Control Web Panel versions 0.9.8.856 through 0.9.8.864 suffer from a phpMyAdmin password disclosure vulnerability.
Microsoft Teams Instant Messenger application on Windows 7 SP1 fully patched is vulnerable to remote DLL hijacking.