http://maeyanghor.go.th/meh.php
Posted by deepcore under defacement (No Respond)
http://maeyanghor.go.th/meh.php notified by Mr./The-meh
Tags: defacement
Archive for March, 2020
Google Chrome 80 JSCreate Side-Effect Type Confusion
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for […]
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD’s MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses.
netkit-telnet 0.17 Remote Code Execution
Posted by deepcore under exploit (No Respond)
netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Google Chrome 67 / 68 / 69 Object.create Type Confusion
Posted by deepcore under exploit (No Respond)
This Metasploit modules exploits a type confusion in Google Chrome’s JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process, so the browser must be run with the –no-sandbox option for the payload […]
Google Chrome 72 / 73 Array.map Corruption
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an issue in Chrome version 73.0.3683.86 (64 bit). The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region […]
PHP-FPM 7.x Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex’s exploit code (see refs). First, it detects the correct parameters (Query String Length […]
Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then […]
[local] ASUS GiftBox Desktop 1.1.1.127 – 'ASUSGiftBoxDesktop' Unquoted Service Path
Posted by deepcore under Security (No Respond)
ASUS GiftBox Desktop 1.1.1.127 – ‘ASUSGiftBoxDesktop’ Unquoted Service Path
Tags: 0day, remote exploit[local] ASUS GiftBox Desktop 1.1.1.127 – 'ASUSGiftBoxDesktop' Unquoted Service Path
Posted by deepcore under Security (No Respond)
ASUS GiftBox Desktop 1.1.1.127 – ‘ASUSGiftBoxDesktop’ Unquoted Service Path
Tags: 0day, remote exploit