KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the…
>> AUTHOR: deepcore
KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or…
KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include…
CSZ CMS 1.2.9 – ‘Multiple’ Arbitrary File Deletion
KevinLAB BEMS 1.0 – Undocumented Backdoor Account
KevinLAB BEMS 1.0 – Unauthenticated SQL Injection / Authentication Bypass
KevinLAB BEMS 1.0 – File Path Traversal Information Disclosure (Authenticated)
http://www.takesa1.go.th notified by Salman Hacker
The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.