Online Notice Board 2022 suffers from a remote SQL injection vulnerability.
>> AUTHOR: deepcore
Online Notice Board 2022 suffers from a remote SQL injection vulnerability.
On Windows, CG API KerbIumCreateApReqAuthenticator can be used to decrypt arbitrary encrypted Kerberos keys leading to information disclosure.
InTouch Access Anywhere Secure Gateway versions 2020 R2 and below suffer from a path traversal vulnerability.
On Windows, the KerbIumGetNtlmSupplementalCredential CG API does not check the encryption key type leading to information disclosure of key material.
On Windows, the Kerberos ticket renewal process can be used with CG to get an unencrypted TGT session key for a currently authenticated user leading to information disclosure.
XML signature verification in .NET 6 as implemented in System.Security.Cryptography.Xml.SignedXml is vulnerable to external entity injection attacks.
Sagemath version 9.0 suffers from overflow and denial of service vulnerabilities.
http://amss.ayutthaya2.go.th/read.html notified by ./Niz4r
http://sawat.ayutthaya2.go.th/read.html notified by ./Niz4r
http://salary.ayutthaya2.go.th/read.html notified by ./Niz4r