Check_MK Arbitrary File Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 === CheckMK - Arbitrary File Disclosure Vulnerability - -------------------------------------------------- Affected Versions ================= Linux versions of CheckMK equal or...

Destoon B2B 2014-05-21最新版绕过全局防御暴力注入（官方Demo可重现）

简要描述： destoon某加密函数缺陷可破解导致注入 由于字符串加密，所以自带的全局stripsql gpc等直接无视了 使用不安全的“随机数”的实例 搬个小凳子吧，这个一时半会儿说不完。。。 详细说明： 出问题的是用于cookie加解密的encrypt和decrypt函数 首先看一下函数内容include/global.func.php 122行 function encrypt$txt, $key = '' $key or $key = DTKEY; //DTKEY是在安装时生成的一个15位随机字符串 $rnd = md5microtime;//缺陷 下面说 $len =...

CVE-2014-1341

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1...

CVE-2014-1333

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1...

Memory corruption

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1...