Synology DSM 4.3-3810 - Directory Traversal

Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 I'm again here with a Synology DSM vulnerability. Synolo...

Design/Logic Flaw

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a 1 -flat, 2 -rdm, or 3 -rdmp filename...

CVE-2013-7085

CVE-2013-7085 affects devscripts 2.13.5 (Uscan); when USCAN_EXCLUSION is enabled, remote attackers can delete arbitrary files via a whitespace character in a filename. Evidenced in Fedora/SUSE advisories calling for updates to devscripts (e.g., 2.13.9) to fix the issue. Remediation in provided do...

ecmall 2.x SQL注入漏洞

漏洞文件app/buyergroupbuy.app.php function exitgroup $id = empty$GET'id' ? 0 : $GET'id'; //没过滤你懂的。 if !$id $this-showwarning'nosuchgroupbuy'; return false; // 判断是否能退团 if !$this-ican$id, ACT //跟进 $this-showwarning'Hacking Attempt'; return; function ican$id, $act = '' $group =...

Google Android - Signature Verification Security Bypass

Google Android - Signature Verification Security Bypass source: https://www.securityfocus.com/bid/63547/info Google Android is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in furthe...

SpecView Directory Traversal

Overview This advisory is a follow up to the original alert titled ICS-ALERT-12-214-01 SpecView Directory Traversal that was published August 01, 2012, on the ICS-CERT Web. This advisory provides mitigation details for a vulnerability, which impacts SpecView products. Independent researcher Luigi...

CVE-2012-4122

The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669...

Design/Logic Flaw

The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669...

CVE-2013-3543

The CVE-2013-3543 entry affects the AXIS Media Control ActiveX (AxisMediaControlEmb.dll) version 6.2.10.11 used in AXIS network cameras. The vulnerability allows remote attackers to write arbitrary files by supplying file paths to the StartRecord, SaveCurrentImage, or StartRecordMedia methods, le...

Zimplit CMS 3.0 - Multiple Vulnerabilities

Exploit Title: Zimplit CMS multiple vulnerabilities Date: 2013 13 September Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: www.zimplit.com Tested on: Linux & Windows, PHP 5.3.2 Affected Version : 3.0 Last...

[SECURITY] Fedora 19 Update: libtiff-4.0.3-9.fc19

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

jetAudio 8.0.16.2000 Plus VX - '.wav' Crash (PoC)

Exploit Title: jetAudio Version 8.0.16.2000 Plus VX - .wav - Crash POC Date: 03-09-2013 Exploit Author: ariarat Software Link: http://www.jetaudio.com/download/ Version: 8.0.16.2000 Probably old version of software and the LATEST version too Vendor Homepage: http://www.jetaudio.com Tested on:...

CVE-2013-2802

The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes...

Code injection

The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes...

CVE-2013-2802

The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes...

CVE-2013-2802

Sixnet UDR (<2.0) and RTU firmware (

[SECURITY] Fedora 19 Update: libtiff-4.0.3-8.fc19

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

Spitefire CMS 1.1.4 Cross Site Request Forgery Vulnerability

Spitefire CMS version 1.1.4 suffers from a cross site request forgery vulnerability. Exploit Title: spitefire CMS - CSRF / ADD / EDTI / UPLOAD FILE Date: 2013 15 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor...

w-CMS 2.0.1 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications --- Vuln Code : /userFunctions.php 6. switch$REQUEST'udef' // user defined function ... 11. case 'activity': procActivity; // Exploit/Proof of Concept PoC http://localhost/wcms/userFunctions.php?udef=activity&type=shell.php&content= Find your...

w-CMS 2.0.1 - Remote Code Execution

Exploit Title: w-CMS 2.0.1 Remote Code Execution Vulnerability Google Dork: intext:"Powered by w-CMS" Date: 15/08/2013 Exploit Author: ICheerNo0M - http://icheernoom.blogspot.com/ Vendor Homepage: http://w-cms.org/ Software Link: - Version: 2.0.1 Tested on: Windows 7 + PHP 5.2.6 --- Vuln Code :...