PHPYUN cloud talent system background CSRF Getshell-a vulnerability warning-the black bar safety net

phpyun background no authentication token, by the CSRF directly getshell First, from the background getshell start. The web site's configuration file,/plus/config.php using double quotes to do the key value, which leads to security issues. We can put php code to write into the double quotes insid...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

Default configuration

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-6433

The CVE-2013-6433 issue affects the Red Hat openstack-neutron package: its default configuration prior to 2013.2.3-7 does not properly set a rootwrap configuration file, enabling privilege escalation by an attacker via a crafted config. The impact is privilege escalation with network-exposed vect...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

Design/Logic Flaw

The Red Hat Enterprise Virtualization Manager reports rhevm-reports package before 3.3.3-1 uses world-readable permissions on the datasource configuration file js-jboss7-ds.xml, which allows local users to obtain sensitive information by reading the file...

CVE-2014-0200

The Red Hat Enterprise Virtualization Manager reports rhevm-reports package before 3.3.3-1 uses world-readable permissions on the datasource configuration file js-jboss7-ds.xml, which allows local users to obtain sensitive information by reading the file...

PHPYUN云人才系统后台CSRF Getshell

简要描述： phpyun后台没有验证token，可以通过CSRF直接getshell 详细说明： 首先从后台getshell开始。 网站的配置文件，/plus/config.php，用的是双引号做键值，这导致了安全问题。我们可以把php代码写进双引号里面执行。 修改配置文件，提交: 然后访问/plus/config.php： 特别的是，因为phpyun后台没有防御CSRF的办法，所以我们可以构造一个表单，诱使管理员访问，修改配置文件，导致getshell。 详见漏洞证明。 漏洞证明：...

[oss-security] A number of EncFS issues

Hi, https://defuse.ca/audits/encfs.htm discusses a number of issues in EncFS: "Same Key Used for Encryption and Authentication" "Stream Cipher Used to Encrypt Last File Block" "Generating Block IV by XORing Block Number" "File Holes are Not Authenticated" "MACs Not Compared in Constant Time"...

CVE-2014-0164

The CVE affects openshift-origin-broker-util used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, where the mcollective client.cfg file is world-readable, allowing local users to read credentials and other sensitive information. The underlying issue is improper file permissions on the configurat...

Weak randomization seeds of vulnerability science-vulnerability warning-the black bar safety net

0x00 background Last week I attended a Bishop Fox and the BYU University organized CTF game, during the race I decided to try out the invasion about the scoring system, and I took intrusion of the recording process down. Although the client token cheat is not nothing new, but this time the invasi...

MobileIron VSP/Sentry 'j_username'参数XPath注入漏洞

Bugtraq ID:66595 CVE ID:CVE-2014-1409 MobileIron是一个虚拟智能终端平台，包含VSP,Sentry等组件。 MobileIron VSP/Sentry管理接口存在验证绕过漏洞，https://target/mics/jspringsecuritycheck中的脚本不正确过滤'jusername'参数，允许未验证攻击者进行XPath注入攻击，可获取XML文档数据，如配置文件等。 0 MobileIron VSP 5.9.1 MobileIron Sentry 5.0 MobileIron VSP 5.9.1和MobileIron Sentry...

FreeBSD : nginx -- SPDY heap buffer overflow (fc28df92-b233-11e3-99ca-f0def16c5c1b)

The nginx project reports : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...

nginx -- SPDY heap buffer overflow

The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...

PHPMYWIND 后台Getshell的一种方法

简要描述： 过滤不严。 详细说明： phpmywind 和 dedecms 都挺像的。 在修改配置文件的时候 过滤掉了单引号 防止闭合单引号 Getshell。 $cfgwebname = '我的网站'; $cfgweburl = 'http://127.0.0.1'; $cfgwebpath = '/phpmywind'; $cfgauthor = ''; $cfggenerator = 'PHPMyWind CMS'; $cfgkeyword = ''; $cfgdescription = ''; 配置文件 单引号保护。 然后过滤掉单引号。 看似无法从配置文件这里下手 其实还是可以的...

CVE-2013-6304

CVE-2013-6304 affects IBM Algo One’s Algo Risk Application (ARA) 2.x and 4.x (2.4.0.1–4.9.1). The vulnerability is a directory traversal flaw allowing remote authenticated users to bypass access restrictions by submitting crafted pathnames for (1) a configuration file or (2) a JAR file. Impact de...

Yahoo!: http://conf.member.yahoo.com configuration file disclosure

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

Exploit for windows platform in category web applications Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServl...