Multiple SQL Injection Vulnerabilities in the Backend of Imperial Website Management System V7.2

Empire CMS is based on B/S structure, Empire CMS-logo easy-to-use website management system. There are multiple SQL injection vulnerabilities in the backend of Empire CMS V7.2. Allow attackers can exploit the vulnerability to obtain database sensitive information...

Espcms latest version backend has csrf vulnerability

ESPCMS enterprise website management system is a powerful enterprise website management system built on LAMP development. Espcms background csrf vulnerability, attackers can with the vulnerability to forge cross-site requests, add new administrator users, resulting in information leakage...

LebiShop Mall Backend Arbitrary File Reading Vulnerability

LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The management background of this mall system provides the editing function of the system template file. The file parameter of this function page is no...

TYPO3 back-end component cross-site scripting vulnerability (CNVD-2016-00179)

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the back-end components of TYPO3 versions 6.2.x before 6.2.16 and 7.x before 7.6.1. A remote attacker can exploit this vulnerabilit...

iGENUS 邮件系统 V5.0 任意文件读取漏洞

login.php 文件中，选择语言环境后会读取语言文件，并加载到页面，后台接到请求后，没有对 Lang 参数过滤，就直接读取文件，从而造成任意文件读取漏洞。 http://221.130.182.230/igenus/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpg...

Red Hat PCS Backend Program Sensitive Cookie Information Disclosure Vulnerability

Red Hat is an operating system based on the linux kernel. The PCSD backend program in Red Hat PCS fails to properly set the security token for cookies in https sessions, allowing remote attackers to exploit the vulnerability to obtain sensitive information via intercepted communications...

Varnish Cache 4.03 Buffer Overflow

Hi there, Latest varnish-cache 4.0.3 https://www.varnish-cache.org/ seem to have a problem with parsing HTTP responses from backend. The following example response will trigger a heap buffer overflow : -- cut -- perl -e 'print "HTTP/1.1 200 OK\r\nContent-Length: dupa" . "\n" x 15855 . "A" x 10000...

MGASA-2015-0032 Updated moodle package fixes security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.7, absence of a capability check in AJAX backend script in the LTI module could allow any enrolled user to search the list of registered tools CVE-2015-0211. In Moodle before 2.6.7, the course summary on course request...

某校园管理系统后台SQL注入(无需登录/SA权限)

简要描述： ... 详细说明： 百度dork：inurl:/ws2004/ 技术支持：南京苏亚星资讯科技开发有限公司 ---------------------------------------- 漏洞页面：ws2004/SysManage/LeaveWord/List.asp?AbPage=1&where=%20where%20Title%20like%20111 漏洞参数：where 均为sa权限 ---------------------------------------- 漏洞证明： 1 http://www.suyaxing.com:81/ws2004/...

Sefrengo CMS 1.6.0 - SQL Injection

Advisory: SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Advisory ID: SROEADV-2015-04 Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 Release-Date: 18th-Feb-2014 Vendor URL: http://www.sefrengo.org/start/start.html Vendor Status: fixed CVE-ID: -...

Shopnc Software Backend Arbitrary Code Execution Vulnerability

ShopNC mall system is a set of multi-store mode mall system developed by Tianjin Netcity Tianchuang Technology Co. There is an arbitrary code execution vulnerability in the backend of shopnc software, due to the operation process did not check whether the content of the field of the advertising...

PayPal Inc BB #74 - Persistent Core Backend Vulnerability

Document Title: =============== PayPal Inc BB 74 - Persistent Core Backend Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1278 PayPal Inc Security UID: cDc49dT Vulnerability Magazine Article:...

Ecshop后台getshell-2

简要描述： 非模板，非sql!!!!!!! 详细说明： 后台可以编辑语言项，并且语言项中有部分是双引号，所以可以通过 $phpinfo 这种格式直接执行php代码，getshell!!这里为了方便演示，使用phpinfo，实际情况可以换成一句话） 语言文件有双引号 后台可以编辑语言文件，插入特殊格式php代码。 此处编辑的是“gzip已禁用”这段文字，所以几乎所有页面都有php代码，首页都有了。 漏洞证明：...

Espcms V5.6.13.04.22 UTF8 正式版后台逻辑验证错误漏洞之2/N

简要描述： 系统后台权限逻辑校验存在问题，导致后台某模块功能被绕过和非授权访问 详细说明： 后台管理员权限校验在文件\public\classconnector.php: function adminpurview if $this-fun-accept'archive', 'R' == 'filemanage' && $this-fun-accept'action', 'R' == 'batupfilesave' $ecispadmininfo = $this-fun-accept'ecispadmininfo', 'G'; $esppowerlist =...

The integrity of the enterprise 2. 0 backend login universal password vulnerability-vulnerability warning-the black bar safety net

Background/ ManageAdmin/ManageLogin. asp The vulnerability can be used universal password login 'or'='or' 'or'='or' Get a webshell directly on in the picture there, you know. Google keywords: inurl:/Product/Product. asp? CateID Actual URL: http://www.hnvalve.com/ManageAdmin/AdminManage.asp...

PHP168后台查看/修改任意文件漏洞

No description provided by source...

CVE-2009-2161

CVE-2009-2161 affects TorrentTrader Classic 1.09. The vulnerability is a directory traversal in backend/admin-functions.php that, on case-insensitive sites, allows remote attackers to include and execute arbitrary local files via a .. in the ss_uri parameter when combined with a modified componen...

Fedora 8 : duplicity-0.4.9-1.fc8 (2008-1521)

WARNING: Command line syntax incompatibility! See e.g. https://www.redhat.com/archives/epel-devel-list/2008-February/msg00056 .html for furhter information. - Upgrade to 0.4.9 - Duplicity discloses password in FTP backend CVE-2007-5201 - Several bug and problem fixes Note that Tenable Network...

IlohaMail Forged GET/POST Arbitrary Contacts Deletion

The target is running at least one instance of IlohaMail version 0.7.9-RC2 or earlier. Such versions contain a flaw that enables an authenticated user to delete contacts belonging to any user provided the DB-based backend is used to store contacts. The flaw arises because ownership of 'deleteitem...