Ninja Blog 4.8 - Remote Information Disclosure Vulnerability

No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/index.php?s=ad&id=6 ---- Due to insufficient validation of client-side data, we can alt...

Fully Modded phpBB <= 2021.4.40 Multiple File Include Vulnerabilities

No description provided by source. Fully Modded phpBB 2 Remote File Include PHPBB Exploit 2 Source Code: http://phpbbfm.net/support/indexfm.php http://kent.dl.sourceforge.net/sourceforge/phpbbfm/FM2021-4-40.tar.gz Vulnerable Code: include'includes/common.php'; $phpbbrootpath = $foingrootpath...

Gradman <= 0.1.3 (agregar_info.php) Local File Inclusion Exploit

No description provided by source. --==+=================== Spanish Hackers Team www.spanish-hackers.com =================+==-- --==+ Gradman = 0.1.3 agregarinfo.php?tabla= Local File Inclusion Exploit +==--...

DouPHP轻量级企业建站系统后台任意文件删除缺陷

简要描述： 某处未验证删除的文件路径，导致可以删除任意文件。 官网演示站测试通过 详细说明： 漏洞文件: /admin/backup.php 第161行 / +---------------------------------------------------------- 备份删除 +---------------------------------------------------------- / if $REQUEST'rec' == 'del' $sqlfilename = $GET'sqlfilename'; if $POST'confirm' if...

Linux Kernel 3.13 - SGID Privilege Escalation

Linux Kernel 3.13 - SGID Privilege Escalation / CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC Vitaly Nikolenko http://hashcrack.org Usage: ./poc filepath where filepath is the file on which you want to set the sgid bit / define GNUSOURCE include include include include include include...

Linux Kernel 3.13 - SGID Privilege Escalation

/ CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC Vitaly Nikolenko http://hashcrack.org Usage: ./poc filepath where filepath is the file on which you want to set the sgid bit / define GNUSOURCE include include include include include include include include include define STACKSIZE 1024...

PT-2014-3429 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.5 Foreman versions 1.5.x prior to 1.5.1 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to the "tftp/fetch boot file" endpoint...

Files Desk Pro 1.4 iOS - Local File Inclusion

Document Title: =============== Files Desk Pro v1.4 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1266 Release Date: ============= 2014-05-16 Vulnerability Laboratory ID VL-ID: ====================================...

FineCMS v1.8任意文件下载

简要描述： 代码审计是个技术活，需要很好的耐心.. o︶︿︶o 详细说明： 出现问题的版本是FineCMS V1.8.0 最新版。 1.顺藤摸瓜 漏洞文件：controllers/ApiController.php downAction方法 public function downAction $data = fnauthcodebase64decode$this-get'file', 'DECODE'; $file = isset$data'finecms' && $data'finecms' ? $data'finecms' : ''; if empty$file...

Files Desk Pro v1.4 iOS - File Include Web Vulnerability

Document Title: =============== Files Desk Pro v1.4 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1266 Release Date: ============= 2014-05-15 Vulnerability Laboratory ID VL-ID: ====================================...

python-django: MySQL typecasting

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

python-django: MySQL typecasting

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

Ian Dunn: Multiple Path Disclosure

Hi Ian, I have downloaded all the latest version's of plugin's from your wp profile and did a quick check for FPD. I know you may point out that WP does'nt consider it as a issue however i personally for plugin i look at it as a miss on best practice from plugin developers part. I do not expect a...

PYSEC-2014-3

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

UBUNTU-CVE-2014-0474

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

SQL Server Fails with error VSSControl: -2147024809 Backup job failed. Discovery phase failed.

This KB provides information when SQL fails with this error due to a logical file path...

方维O2O城市生活服务平台后门任意文件上传漏洞（官网演示getshell）

简要描述： 用户好像不太多，但基本都有这个后门文件 详细说明： 后门文件路径 /esfile.php 官网介绍 http://www.fanwe.com/o2o 前台演示地址:http://o2o.fanwe.net/ 会员账号：fanwe 密码：fanwe http://o2o.fanwe.net/index.php?ctl=uccenter 分享处上传图片马 F12去掉尺寸，得到图片马地址 http://o2o.fanwe.net/public/comment/201404/17/10/1acafed8eeffa043489a4321b877e36690.jpg Getshell...

CVE-2011-3180

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown...

PDF Album v1.7 iOS - File Include Web Vulnerability

Document Title: =============== PDF Album v1.7 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1255 Release Date: ============= 2014-04-11 Vulnerability Laboratory ID VL-ID: ==================================== 1255...

Google Chrome拖处理本地文件路径伪造跨域绕过漏洞

CVE ID:CVE-2014-1726 Google Chrome是一款流行的WEB浏览器。 Google Chrome处理拖操作存在一个未明安全漏洞，可导致伪造本地文件路径，绕过同源策略。 0 Google Chrome 33.0.1750.154 Google Chrome 33.0.1750.152 Google Chrome 34.0.1847.116版本已修复该漏洞，建议用户下载使用： https://www.google.com/chrome/...