ecshop最新版本几处用户权限越权(其它版本亦可)

简要描述： 就是可以帮助管理员管理订单啥的，匿名活雷锋呐～ 详细说明： 当开启WAP功能手机商城时，未登录可对其它用户订单操作：查看非注册用户订单、取消任意用户订单、任意用户订单确认收货等。 漏洞存在于 /mobile/user.php 页面 1.查看非注册用户订单 elseif $act == 'orderlist' // /mobile/user.php 49行起 $recordcount = $db-getOne"SELECT COUNT FROM " .$ecs-table'orderinfo'. " WHERE userid = $SESSION'userid'";...

New Reveton Ransomware Variant Steals Passwords

The developers of Reveton have expanded that ransomware’s repertoire with a password stealing functionality, according to new research. Ransomware, sometimes called scareware, is a type of malware that locks down infected machines, offering to unlock them only after a fee has been paid. Oftentime...

Gallery Server Pro File Upload Filter Bypass Vulnerability

Gallery Server Pro suffers from a file upload filter bypass vulnerability. , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / / .-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Gallery Server Pro File Upload Filter Bypass Vendor Link:...

Code injection

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and...

Novell Identity Manager Role Based Provisioning Module Unspecified Vulnerability

The remote web server has an install of Novell Identity Manager Role Based Provisioning Module that is affected by an unspecified vulnerability in its login functionality. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-2013-1083

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

Design/Logic Flaw

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

CVE-2013-1083

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

CVE-2013-1147

Cisco IOS PT (Protocol Translation) vulnerability CVE-2013-1147 affects IOS 12.3–12.4 and 15.0–15.3. When one-step port-23 translation or a Telnet-to-PAD ruleset is configured, PT fails to validate TCP connection information, enabling unauthenticated remote DoS via an attempted connection to a PT...

Code injection

The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors...

CVE-2012-4684

CVE-2012-4684 affects Bitcoin Core (bitcoind/Bitcoin-Qt) prior to 0.7.0. The alert functionality accepts different character representations of the same signature data but relies on a hash of the signature, enabling a remote attacker to trigger a denial-of-service (resource consumption) by sendin...

AoF, IAA and CSRF vulnerabilities in Question2Answer

Hello 3APA3A! These are Abuse of Functionality, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the second part of vulnerabilities in this web application. ------------------------- Affected products: ------------------------- Vulnerable are...

CVE-2013-1493

The color management CMM functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service crash via an image with crafted raster parameters, which...

kernel: security and bugfix update (important)

The Linux kernel was updated to fix various bugs and security issues: CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath. CVE-2013-0160...

Kaspersky Internet Security 2013 - Denial Of Service Vulnerability

Exploit for windows platform in category dos / poc I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 and any...

Kaspersky Internet Security 2013 - Denial of Service

Kaspersky Internet Security 2013 - Denial of Service I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 and any...

CVE-2013-0897

Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document...

Code injection

Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document...

CVE-2013-0897

Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document...

CVE-2013-0897

CVE-2013-0897 affects Google Chrome’s PDF functionality. An off-by-one error in the PDF handling code on Windows, Linux, and macOS allows a remote attacker to cause a denial-of-service via a crafted PDF document. The issue is triggered by reading beyond bounds in PDF processing; impact is limited...