程氏舞曲CMSPHP3.0储存型xss与后台任意文件写入漏洞

简要描述： 插入 构造的js 可 getshell 详细说明： user/space.php?ac=edit&op=zl 修改 签名处，没有 任何过滤。xss产生 后台 看了下 可以写任意格式文件。。 抓包。。 POST /admin/skins/skins.php?ac=xgmb&op=go&path=../../skins/index/html/ HTTP/1.1 Accept: text/html, application/xhtml+xml, / Referer:...

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

xampp 1.8.1 任意文件写入漏洞

BUGTRAQ ID: 62665 CVE ID: CVE-2013-2586 XAMPP是跨平台开源Web服务器解决方案软件包，主要包括Apache HTTP Server, MySQL数据库, 以及用PHP及Perl编程语言编写的脚本的解释程序。 XAMPP 1.8.1的"/xampp/lang.php"页面存在注入漏洞，未授权用户可在本地磁盘内写入，本地文件 "lang.tmp"可以从远程机器上进行修改，可在目标用户浏览器中执行任意HTML或脚本代码，窃取用户凭证之类的敏感信息。 0 xampp 1.8.1 厂商补丁： xampp -----...

Nmap - Arbitrary File Write

Nmap - Arbitrary File Write source: https://www.securityfocus.com/bid/62024/info Nmap is prone to an arbitrary file-write vulnerability. An attacker can exploit this issue to write arbitrary files with the permissions of the user running the nmap client. This will allow the attacker to fully...

Nmap - Arbitrary File Write

source: https://www.securityfocus.com/bid/62024/info Nmap is prone to an arbitrary file-write vulnerability. An attacker can exploit this issue to write arbitrary files with the permissions of the user running the nmap client. This will allow the attacker to fully compromise the affected machine...

230 CMS 1.1.2012 PHP Code Injection

'; $defaulttime = isset$POST'defaulttime' ? $POST'defaulttime' : 'UTC'; $dbhost = isset$POST'dbhost' ? $POST'dbhost' : 'localhost'; $dbname = isset$POST'dbname' ? $POST'dbname' : ''; $dbuser = isset$POST'dbuser' ? $POST'dbuser' : 'root'; $dbpassword = isset$POST'dbpassword' ? $POST'dbpassword' :...

mkCMS 3.6 PHP Code Injection

Exploit Title : mkCMS PHP Code Injection Date : 11 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://mkcms.milankragujevic.com/ Software Link : http://jaist.dl.sourceforge.net/project/milan-cms/Releases/mkCMS-v3.6.zip Version : 3.6 Tested on : Window and...

CMS Gratis Indonesia PHP Code Injection Vulnerability

CMS Gratis Indonesia version 2.2 Beta 1 suffers from a remote PHP code injection vulnerability. Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link :...

CMS Gratis Indonesia PHP Code Injection

Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link : http://jaist.dl.sourceforge.net/project/cmsid/source/2.2/cmsid-2.2-beta1.zip Version : 2.2 Beta 1 Tested on : Windo...

PHP4DVD 2.0 Code Injection

Exploit Title : PHP4DVD PHP Code Injection Date : 31 May 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://php4dvd.sourceforge.net/ Software Link : http://downloads.sourceforge.net/project/php4dvd/php4dvd-2.0.zip Version : 2.0 Tested on : Window and Linux...

MySQL FILE privilege elevation

Added: 12/21/2012 CVE: CVE-2012-5613 BID: 56771 OSVDB: 88118 Background MySQL is an open-source database software package available for multiple platforms. Problem A database user who has FILE permission can write arbitrary files to the file system, leading to privilege elevation. Resolution Revo...

MarkAny Content SAFER ActiveX Arbitrary Download and Execution

The remote host has the MarkAny Content SAFER ActiveX control installed, which is distributed with Samsung KIES. It is affected by an arbitrary file write vulnerability that is triggered during the parsing of a method call. This may allow attackers to overwrite or download arbitrary files. C...

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 154983154987 Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie...

Stable Channel Update

The Stable channel has been updated to 22.0.1229.94 for Windows, Mac, and Linux. This release contains fixes for the security issue listed below. Security fixes and rewards: Congratulations to Pinkie Pie, returning to the fray with another beautiful piece of work! We're delighted at the success o...

MobileCartly 1.0 - Arbitrary File Write

MobileCartly 1.0 - Arbitrary File Write ----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- MobileCartly 1.0 Arbitrary File Write Vulnerability Bug...

NetDecision 4.2 TFTP Writable Directory Traversal Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "NetDecision 4.2...

Scientific Linux Security Update : tar on SL5.x, SL4.x i386/x86_64

A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. CVE-2007-4131 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text i...

HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PMParamHandler component of Performance Manager, which is served v...