http://info.ska2.go.th/myoffice/bannakhuanlang/laysen/30.jpg notified by MeXe
http://myoffice.edurng.go.th/laysen/27.jpg
http://myoffice.edurng.go.th/laysen/27.jpg notified by MeXe
http://myoffice.nonpeo.go.th/laysen/32.jpg
http://myoffice.nonpeo.go.th/laysen/32.jpg notified by MeXe
http://yala.nfe.go.th/tyata/web1/file_editor/logs.txt
http://yala.nfe.go.th/tyata/web1/file_editor/logs.txt notified by SeRaVo BlackHaT
MaraCMS 7.5 Remote Code Execution
This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, […]
Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call
This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller’s token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours.
MSI Ambient Link Driver 1.0.0.8 Privilege Escalation
MSI Ambient Link Driver version 1.0.0.8 suffers from a local privilege escalation vulnerability.
Joplin 1.0.245 Cross Site Scripting / Code Execution
Joplin version 1.0.245 suffers from a cross site scripting vulnerability that can lead to allowing for remote code execution.
Mida eFramework 2.8.9 Remote Code Execution
Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability.
[local] CloudMe 1.11.2 – Buffer Overflow ROP (DEP,ASLR)
CloudMe 1.11.2 – Buffer Overflow ROP (DEP,ASLR)