CVE-2015-7919

CVE-2015-7919 affects SearchBlox 8.3 before 8.3.1. The vulnerability allows remote attackers to write to the config file, which can cause the application to crash (DoS). Related sources also describe a risk of overwriting the config file, and altering user privileges via the configuration, per IC...

Updated owncloud package fixes security vulnerabilities

In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted CVE-2015-4715. In ownCloud before 6.0.8 and 8.0.4, the...

D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities

D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities Exploit Title: D-Link DSP-W Arbitrary Arbitrary file upload Date: 30/06/2015 Exploit Author: DNO Vendor Homepage: link Version: w110 v1.05b01 Tested on: linux CVE : N/A ======================================== the only 'filtering' on this...

Vane - WordPress Vulnerability Scanner (A GPL fork of WPScan)

Vane is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan. INSTALL Prerequisites Windows not supported Ruby = 1.9 RubyGems Git Installing on Debian/Ubuntu sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git clone...

ECStore open source online shop system arbitrary file modification vulnerability to get shell-vulnerability warning-the black bar safety net

Brief description: Template Edit in the file edit function, to edit the file limit is not strict, the result may be to modify the system in the presence of any file Detailed description: File editing function, select To modify the file, where the selected image template file, then upload the...

phpok sql注入一枚

简要描述： phpok4.2.083，刚下的 详细说明： 1.safekey固定，导致加密函数可逆 2.使用固定的safekey加密后发起攻击请求，加密内容在代码中解密，绕过了过滤 /install/index.php中 $content = filegetcontentsROOT."config.php"; //查找替换 $content = pregreplace'/$config"db"\"file"\s=\s'|"a-zA-Z0-9-\'|";/isU','$config"db""file" = "'.$dbconfig'file'.'";',$content;...

Discuz /config_global.php.bak 备份文件发现漏洞

No description provided by source...

cmseasy 后台csrf缓存配置文件可导致getshell(2)

简要描述： cmseasy 管理员身份 后台缓存配置文件，没有过滤一个字符导致getshell2 详细说明： 直接到: 然后我们分析代码： websiteadmin.php:lines:25-43: function editwebsiteaction chkpw'websiteedit'; if front::post'submit' $var = front::$post; $path = ROOT.'/config/website/'.front::$post'path'.'.php'; $contenttmp =...

UBUNTU-CVE-2014-5339

CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...

CVE-2013-5755

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of 1 user s7C9Cx.rLsWFA for the user account, 2 admin uoCbM.VEiKQto for the admin account, and 3 var jhl3iZAe./qXM for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors...

Hardcoded credentials

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of 1 user s7C9Cx.rLsWFA for the user account, 2 admin uoCbM.VEiKQto for the admin account, and 3 var jhl3iZAe./qXM for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors...

XZero Community Classifieds <= 4.95.11 Remote File Inclusion Vuln

No description provided by source. XZero Community Classifieds = v4.95.11 Remote File Inclusion linK : http://www.xzeroscripts.com download: http://rapidshare.com/files/66809648/XZCl4.95.11.rar cod3d and f0unded by Kw3rLn from Romanian Security Team a.K.A http://rstzone.org we have in...

ME Download System <= 1.3 (header.php) Remote Inclusion Vulnerability

No description provided by source. +-------------------------------------------------------------------- + + ME Download System 1.3 Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: ME Download System 1.3 + Venedor ...........:...

PhpMyAdmin Config File Code Injection

漏洞位置在scripts/setup.php 1315行开始： case 'save': $config = @fopen'./config/config.inc.php', 'w'; //以写的方式打开 if $config === FALSE message'error', 'Could not open config file for writing! Bad permissions?'; break; $s = getcfgstring$configuration; //$configuration = unserialize$POST'configuration'; $r =...

Confixx 2 Perl Debugger Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9831/info The Confixx PERL debugging utility functionality has been reported to be prone to a remote command execution vulnerability. The issue is reported to occur when a command sequence is appended to a HTTP request fo...

OraMon 2.0.1 - Remote Config File Disclosure Vulnerability

No description provided by source. ........................ .............................................. +++++Bypass Config Download Vulnerability+++++ ............................................... script:Oramon = Oracle Database Monitoring...

symantec web gateway 5.0.2.8 - Multiple Vulnerabilities

Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include: https://192.168.82.207/spywall/previewProxyError.php?err=../../../../../../../../etc/passwd File include and OS command...

TSEP <= 0.942 (copyright.php) Remote Inclusion Vulnerability

No description provided by source. +-------------------------------------------------------------------- + + TSEP 0.9.4.2 + +-------------------------------------------------------------------- + + Affected Software .: TSEP 0.9.4.2 + Venedor ...........: http://www.tsep.info/ + Class ...............

MultiCMS Local File Inclusion Vulnerbility

No description provided by source. Source: http://packetstormsecurity.org/files/view/97987/multicms-lfi.txt =============================wwwdotWhiteponnydotcom============================= Date: 29/01/2011 Author: R3VANBASTARD Exploit Title: MultiCMS File Inclusion Vulnerbility Vendor:...

JBoss 3.x/4.0.2 Malformed HTTP Request Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13985/info JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data. Informatio...