PageAdmin多处设计缺陷可getshell

简要描述： rt 详细说明： text3 = now.AddSecondsdoublerandom.Next3600, 86164.ToString"yyyyMMddHHmmss"; masterlogin.imMAPgbr7QUplCu6n3ehttpCookie.Add"Valicate", masterlogin.sxW4jRbFsutFEAxed8Smd, text3; 管理员登陆成功，SetCookie 登陆时间+（3600，86164）之间随机的秒数，进行GetMd5运算。 public string GetMd5string s MD5 mD = new...

[SECURITY] Fedora 20 Update: libxml2-2.9.1-3.fc20

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2014-2927

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remo...

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

DrayTek VigorACS SI versions 1.3.0 and below suffer from local file inclusion, remote file upload, file write, and default login vulnerabilities. DrayTek VigorACS SI /ACSServer/ We found that most of the VigorACS SI deployments are using the default http authentication settings acs/password. This...

Cisco Unified Communications Manager Multiple Arbitrary File Manipulation Vulnerabilities (CSCuo17199 / CSCuo17302)

According to its self-reported version, the remote Cisco Unified Communications Manager CUCM device is affected by multiple file manipulation vulnerabilities in the Real-Time Monitoring Tool RTMT due to improper validation of user-supplied input. An authenticated, remote attacker can exploit thes...

CVE-2014-2375

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service disk consumption, via the CSV export feature...

GLSA-201408-11 : PHP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201408-11 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can cause arbitrary code execution...

ISPConfig 3.0.54p1 Local Root

Exploit Title: ISPConfig 3 authenticated admin Localroot vulnerability Date: 7/25/14 Exploit Author: mra Vendor Homepage: http://wwwispconfig.org Version: 3.0.54p1 Tested on: ubuntu, centos irc.criten.net elite-chat While logged in as admin user: 1 add a shell user 2 under option set gid to...

Code injection

Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors...

CVE-2014-2365

CVE-2014-2365 affects Advantech WebAccess before 7.2. An improper access control/flaw in WebAccess components allowed a remote attacker (in some docs, authenticated) to create or delete arbitrary files; ZDI notes a remote code execution path via gmicons.asp and file operations, with exploits publ...

Zoomla CMS 存在任意文件读取漏洞

简要描述： Zoomla CMS 存在任意文件读取漏洞 详细说明： 官网演示demo http://demo.zoomla.cn 后台地址http://demo.zoomla.cn/admin/login.aspx 演示账户:admin 密码：admin888 测试地址：http://demo.zoomla.cn/Admin/I/Template/TemplateEdit.aspx?setTemplate=%2fTemplate%2fV3&filepath=../../../config/AppSettings.config 其中修改installed参数为false以后 可以执行重装...

cmseasy 最新版任意权限getshell

简要描述： 这是一个很长的故事，还请客官慢慢看来。（看在我这么晚还在挖洞写文章的份上，求闪电呀！） 版本：2014-06-05 详细说明： 0x01 首先，从一个后台未授权访问开始讲起。 看到文件/lib/admin/admin.php if !defined'ROOT' exit'Can't Access !'; abstract class admin extends act function construct if ADMINDIR!=config::get'admindir' config::modifyarray'admindir'=ADMINDIR;...

BibORB 1.3.2 index.php Traversal Arbitrary File Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML...

Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilties

No description provided by source. source: http://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files outside of normal or safe webserver...

Core Image Fun House <= 2.0 Arbitrary Code Execution PoC (OSX)

No description provided by source. !/usr/bin/ruby Copyright c Netragard, LLC. [email protected] /Developer/Applications/Graphics Tools/Core Image Fun House.app /Contents/MacOS/Core Image Fun House gdb x/10s 0xbfffddf7 0xbfffddf7: 'Z' repeats 101 times, DCBA center 2007-07-10 21:15:34.573 Core...

IRIX 5.2/6.0 permissions File Manipulation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1751/info The IRIX's /usr/lib/desktop/permissions tool is a suid and sgid root applications normally used by users to modify permissions of their files and files they are privileged for. A vulnerability in the permissions...

MS IE 4.0/5.0,Outlook 98 0 window.open Redirect Vulnerability

No description provided by source. Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Outlook 98 0 window.open Redirect Vulnerability source: http://www.securityfocus.com/bid/766/info If window.open is called with ...

Digital Amp MP3 3.1 (.Mp3) Local Crash PoC

No description provided by source. !/usr/bin/perl H0m3 : S3curity-art.com M4!l: [email protected] T3st3d on: Windows XP SP3 print Tic-Tac; my $boom=\x41 x 1500; my $filename = B000M.mp3; open FILE,$filename; print FILE $boom; print \nFile successfully created!\n;...

mkportal <= 1.2.1 () Multiple Vulnerabilities

No description provided by source. waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind waraxe Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html...

USB Sharp 1.3.4 iPad iPhone - Multiple Vulnerabilities

No description provided by source. Title: ====== USB Sharp v1.3.4 iPad iPhone - Multiple Web Vulnerabilities Date: ===== 2013-02-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=873 VL-ID: ===== 873 Common Vulnerability Scoring System:...