:: Deepquest ::

>> http://nanuan.go.th/nanuan/module_eservice1/

USER: deepcore // 2022-07-29 // 0 CMT

http://nanuan.go.th/nanuan/module_eservice1/ notified by ./Niz4r

>> Transposh WordPress Translation 1.0.8.1 Remote Code Execution

USER: deepcore // 2022-07-29 // 0 CMT

Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role…

>> Loan Management System 1.0 SQL Injection

USER: deepcore // 2022-07-29 // 0 CMT

Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

>> Loan Management System 1.0 Cross Site Scripting

USER: deepcore // 2022-07-29 // 0 CMT

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

>> [webapps] WordPress Plugin WP-UserOnline 2.87.6 – Stored Cross-Site Scripting (XSS)

USER: deepcore // 2022-07-29 // 0 CMT

WordPress Plugin WP-UserOnline 2.87.6 – Stored Cross-Site Scripting (XSS)

>> [remote] Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) – Remote Code Execution

USER: deepcore // 2022-07-29 // 0 CMT

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) – Remote Code Execution

>> [webapps] Geonetwork 4.2.0 – XML External Entity (XXE)

USER: deepcore // 2022-07-29 // 0 CMT

Geonetwork 4.2.0 – XML External Entity (XXE)

>> [webapps] Carel pCOWeb HVAC BACnet Gateway 2.1.0 – Directory Traversal

USER: deepcore // 2022-07-29 // 0 CMT

Carel pCOWeb HVAC BACnet Gateway 2.1.0 – Directory Traversal

>> [local] Asus GameSDK v1.0.0.4 – 'GameSDK.exe' Unquoted Service Path

USER: deepcore // 2022-07-29 // 0 CMT

Asus GameSDK v1.0.0.4 – ‘GameSDK.exe’ Unquoted Service Path

>> [webapps] Dingtian-DT-R002 3.1.276A – Authentication Bypass

USER: deepcore // 2022-07-29 // 0 CMT

Dingtian-DT-R002 3.1.276A – Authentication Bypass