122 matches found
Shopify: SSRF via 'Insert Image' feature of Products/Collections/Frontpage
Hi Security team, I would like to report an another SSRF issue like my previous bug 67377 https://hackerone.com/reports/67377. The description, threats, risks, exploatations are the same. The base request is the following POST /admin/settings/files.json HTTP/1.1 Host: test-4925.myshopify.com...
apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error
Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang Date: 02. January 2014 / 05. September 2014 Vendor: Apache Product: Tomcat Affected versions at least: 7.0.26 7.0.39 7.0.40 Timeline: 1...
Subpages don't inherit permissions from parent pages (see comments for solution)
We are currently experiencing a serious issue with page restrictions. We have pages with restrictions, that have sub pages, which were created by users, that were deleted from the user directory in the meantime. These root-pages have read restrictions, set for a particular group. However, these s...
CVE-2013-2074
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...
Default credentials
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...
CVE-2013-2074
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...
XSS vulnerability in default 'internal server error' page
We have identified and fixed a reflected cross-site scripting XSS vulnerability in the Bamboo default 'internal server error' page. This issue is reported in our security advisory on this page: https://confluence.atlassian.com/x/rQP5FQ You can read more about XSS attacks at:...
Phenotype CMS 2.8 - login.php?user Blind SQL Injection
Phenotype CMS 2.8 - login.php?user Blind SQL Injection Phenotype v2.8 Blind Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://ircrash.com My Official WebSite : http://r3dw0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina...
Mortbay Jetty Denial Of Service
?php Mortbay Jetty = 7.0.0-pre5 Dispatcher Servlet DoS Affected Software: Jetty 6.1.16, 7.0.0.pre5 all platforms Author: Ikki http://blog.nibblesec.org/ Description: The dispatcher servlet com.acme.DispatchServlet is prone to a DoS vulnerability. This example servlet is meant to be used as a...
Mortbay Jetty 7.0.0-pre5 Dispatcher Servlet - Denial of Service
Mortbay Jetty 7.0.0-pre5 Dispatcher Servlet - Denial of Service ?php Mortbay Jetty = 7.0.0-pre5 Dispatcher Servlet DoS Affected Software: Jetty 6.1.16, 7.0.0.pre5 all platforms Author: Ikki http://blog.nibblesec.org/ Description: The dispatcher servlet com.acme.DispatchServlet is prone to a DoS...
Microsoft Exchange OWA 长用户名拒绝服务漏洞
微软Exchange OWAOutlook Web Access组件存在一个拒绝服务漏洞。当使用很多"%"作 为用户名和口令登录时,OWA会返回HTTP 500 - Internal server error信息。用户将不 能通过IE进行登录。据报告说WWW发布服务和IIS管理服务会停止响应。 Microsoft Exchange Server 5.5 SP4 Microsoft Exchange Server 5.5 SP3 Microsoft Exchange Server 5.5 SP2 Microsoft Exchange Server 5.5 SP1 Microsoft...
XOOPS Module Tutoriais (viewcat.php) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================================= XOOPS Module Tutoriais viewcat.php Remote SQL Injection Exploit ================================================================= !/usr/bin/perl Script Name: XOOPS Module...
ScriptMagix FAQ Builder 2.0 - index.php SQL Injection
ScriptMagix FAQ Builder 2.0 - index.php SQL Injection !/usr/bin/perl Script Name: ScriptMagix FAQ Builder : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; $target =...
Click N Print Coupons 2006.01 - 'key' SQL Injection
!/usr/bin/perl Script Name: Click N' Print Coupons : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User : "; $ID = ; chop $ID; if $ID = /exit/ print "-- Exploit FailedYou Are Exited \n"...
The Classified Ad System 1.0 - 'main' SQL Injection
!/usr/bin/perl Script Name: The Classified Ad System 1.0 main Remote SQL Injection Exploit Coded by : ajann Author : ajann Contact : : S.Page : http://www.mxmania.net $$ : 29.99 . .. : ajann,Turkey use IO::Socket; if@ARGV : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are...
NewsLetter MX 1.0.2 - ID SQL Injection
NewsLetter MX 1.0.2 - ID SQL Injection !/usr/bin/perl Script Name: Newsletter MX : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User : "; $ID = ; chop $ID; if $ID = /exit/ print "--...
Enthrallweb emates 1.0 (newsdetail.asp) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================================== Enthrallweb emates 1.0 newsdetail.asp Remote SQL Injection Exploit ==================================================================== !/usr/bin/perl Script Name:...
Enthrallweb ePages (actualpic.asp) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications =============================================================== Enthrallweb ePages actualpic.asp Remote SQL Injection Exploit =============================================================== !/usr/bin/perl Script Name: Enthrallweb ePages...
Cross site scripting
Cross-site scripting XSS vulnerability in the 500 Internal Server Error page on the SOAP port 8880/tcp in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is...
Hacking tips-domestic famous website vulnerability-vulnerability warning-the black bar safety net
Recently about system vulnerabilities,has nothing of interest. Because now a patch out very quickly. The large site has been nothing system. Even if you use twwwscan,namp, etc. might very strong scanner also impossible to scan what the hell,there,is also deceptive. But,the so-called hundred Secre...