:: Deepquest ::

http://info.ska2.go.th/myoffice/bannakhuanlang/laysen/30.jpg notified by MeXe

http://myoffice.edurng.go.th/laysen/27.jpg notified by MeXe

http://myoffice.nonpeo.go.th/laysen/32.jpg notified by MeXe

http://yala.nfe.go.th/tyata/web1/file_editor/logs.txt notified by SeRaVo BlackHaT

This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, […]

This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller’s token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours.

MSI Ambient Link Driver version 1.0.0.8 suffers from a local privilege escalation vulnerability.

Joplin version 1.0.245 suffers from a cross site scripting vulnerability that can lead to allowing for remote code execution.

Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability.

CloudMe 1.11.2 – Buffer Overflow ROP (DEP,ASLR)