freakshare.com XSS vulnerability

Open Bug Bounty ID: OBB-52687 Description| Value ---|--- Affected Website:| freakshare.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...

74cms(20141020)全局SQL注入过滤绕过

简要描述： 74cmsv3.5.120141020 绕过全局SQL注入过滤。 详细说明： WooYun: 74cms 最新版 注入8-9 报道过74cms转换编码导致的SQL注入的问题，是由于使用了iconv函数导致的，74cms做了修正，转而使用了自定义的函数utf8togbk来转换编码，代码如下： function utf8togbk$utfstr global $UC2GBTABLE; $okstr = ''; ifempty$UC2GBTABLE define'CODETABLEDIR',...

ncssa.info Open Redirect vulnerability

Open Bug Bounty ID: OBB-50496 Description| Value ---|--- Affected Website:| ncssa.info Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet Vulnerable...

crazymatures.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-49904 Description| Value ---|--- Affected Website:| crazymatures.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

Cisco Prime Data Center Network Manager 6.x XSS (uncredentialed check)

According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by a cross-site scripting vulnerability due to insufficient validation of input parameters by its web server component. Using a specially crafted URL...

zoombucks.com XSS vulnerability

Open Bug Bounty ID: OBB-48839 Description| Value ---|--- Affected Website:| zoombucks.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

CVE-2014-5194

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

Code injection

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

CVE-2014-3914

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager TSM in Rocket ServerGraph 1.2 allows remote attackers to 1 create arbitrary files via a .. dot dot in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. dot d...

TinyShop 多处sql注入#2

简要描述： rt 详细说明： 看到 /framework/lib/util/filterclass.php ...... public static function sql$str if getmagicquotesgpc $str = stripslashes$str; else //不使用主要是因为，先有mysql的连接 //$str = mysqlrealescapestring$str; $str = addslashes$str; return $str; ..... 当php为低版本或者 gpc开启（php默认是开启的吧）时。 $str = stripslashes$str...

74cms (20140709) 最新版二次注入一弹

简要描述： 74cms V3.4.20140709 不好好的修改漏洞代码 而是修改过滤函数。 虽然那过滤代码我绕不过去。。 但是还是找到了处能出数据。 在修改过滤函数的基础上,还是好好的修改代码把。 详细说明： 首先来看看过滤函数 function removexss$string $string = pregreplace'/\x00-\x08\x0B\x0C\x0E-\x1F\x7F+/S', '', $string; $parm1 = Array'javascript', 'union','vbscript', 'expression', 'applet', 'xml',...

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection Exploit Title: Joomla component comyoutubegallery - SQL Injection vulnerability Google Dork: inurl:index.php?option=comyoutubegallery Date: 15-07-2014 Exploit Author: Pham Van Khanh [email protected] Vendor Homepage:...

CVE-2014-4671

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows...

Destoon最新 V5.0-UTF8 正式版命令执行漏洞（后台）

简要描述： RT 详细说明： 后台一处命令执行漏洞，可添加系统账户。 漏洞位于admin/tag.inc.php case 'preview': $db-halt = 0; $destoontask = ''; if$tagcss $tagcss = stripslashes$tagcss; if$taghtmls $taghtmls = stripslashes$taghtmls; if$taghtmle $taghtmle = stripslashes$taghtmle; if$tagcode $tagcode = stripslashes$tagcode; if$tagjs...

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually...

Winamp 5.05-5.13 .ini local stack buffer overflow PoC

No description provided by source. /Winamp 5.05-5.13 .ini local stack buffer overflow poc The problem is in the skin field when a long string is writen it causes the buffer overflow. All u have to do is replace this file with the initial one. -snipp-- Winamp vispluginname=visavs.dll vispluginnum=...

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot ../ directory traversal exploitation if extended UNICODE character representations are used in substitution for / and . Unauthenticated users may acces...

Breed <= patch #1 zero-length Remote Crash Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h...

Microsoft Internet Explorer 6.0 Search Pane URI Obfuscation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11851/info A remote URI obfuscation vulnerability has been found in Internet Explorer's search pane functionality. This issue is due to a failure of the application to present the URI address of HTML and script code loade...

WordPress SH Slideshow plugin <= 3.1.4 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress SH Slideshow plugin = 3.1.4 SQL Injection Vulnerability Date: 2011-08-29 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/sh-slideshow.3.1.4.zip Version: 3.1.4 tested...