159 matches found
Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications ''' Source: https://blogs.securiteam.com/index.php/archives/3356 Vulnerability details The remote code execution is a combination of 4 different vulnerabilities: Upload arbitrary files to the specified directories Log in with a fake...
MediaWiki < 1.23.14 / 1.25.6 / 1.26.3 Multiple Vulnerabilities
Binary data 9475.prm...
Palm reading iReader a station Python vulnerability discovery-vulnerability warning-the black bar safety net
Python as a new generation of web development language, many of the Internet inside and outside the company network using their development site. Python web periphery there is also redis, memcached, a mongod, the supervisord is restarted, etc. services, we combine these services to a range of...
Libsys图书管理系统 V5.5 变量覆盖漏洞
登陆页面 sessionstart ; if isset $REQUEST'username' $strUser = trim $REQUEST'username' ; $strInput = trim $REQUEST'passwd' ; $strMsg = "用户名或者密码错误"; switch $strUser case "opacadmin" : $strPassWd = $strPassWdFile; $strMsg = verifypwd $strInput, $strPassWd ; if $strMsg == true $SESSION'ADMINUSER' =...
Instacart: Cookie-Based Injection
Hi Security Team instacart I'm Found Vulnerability Cookie-Based Injection It's may be possible to steal or manipulate session and cookies if attacker can injection XSS . details --- in path /help/ contain header in cookie paramter ahoyvisitor and ahoyvisit it's allow injection because re request...
大汉网络 opr_licenceinfo.jsp 后台登陆认证绕过
//在/jcms/setup/oprlicenceinfo.jsp文件中 //获取Session中cookieusername的值,赋值给strUser String strUser = Stringsessions.getAttribute"cookieusername"; // 判断strUser值 是否为空? if strUser == null || strUser.trim.length == 0 out.println'请先登录!' return; //如果为空,则未登录,直接返回 // 如果不为空,说明已经登录...
Cross site request forgery (csrf)
The banner aka MOTD implementation in Cisco NX-OS 4.12E11f on Nexus 4000 devices, 5.21SV32.1 on Nexus 1000V devices, 6.02N22 on Nexus 5000 devices, 6.211 on MDS 9000 devices, 6.212 on Nexus 7000 devices, 7.03 on Nexus 9000 devices, and 7.20ZN99.67 on Nexus 3000 devices allows remote attackers to...
Facebook CSRF / Session Manipulation
Document Title: =============== Facebook Bug Bounty 23 - Session ID & CSRF Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1432 Facebook Security ID: 10202805822321483 Video: https://www.youtube.com/watch?v=SAr2AGLrBkQ Vulnerability Magazin...
cmseasy sql二次注入漏洞
简要描述: cmseasy 可shell的漏洞 详细说明: 下载最新的cmseasy,发现有一处问题 用户注册处,email没有做任何限制,可以任意填写 我们发送url: POST /cmseasylast/uploads/index.php?case=user&act=register HTTP/1.1 Host: localhost postdata: username=sql1231&password=111111&password2=111111&question=&answer=ccccc&email=',data='openid|s:1:"2";' WHERE clienti...
ecshop一处验证码绕过逻辑漏洞
简要描述: 一处逻辑漏洞导致绕过 详细说明: 虽然验证码进行了加密,但是逻辑上还有点问题 问题出在 ..\includes\clscaptcha.php 通过验证函数可以看到直接返回,并没有对验证失败进行处理 function checkword$word $recorded = isset$SESSION$this-sessionword ? base64decode$SESSION$this-sessionword : ''; $given = $this-encryptswordstrtoupper$word; //MD5加密处理 return pregmatch"/$given/...
CVE-2014-3399
The SSL VPN implementation in Cisco Adaptive Security Appliance ASA Software 9.2.2.4 and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and...
Paypal Bug Bounty #102 QRL - Auth Bypass Vulnerability
Document Title: =============== Paypal Bug Bounty 102 QRL - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=995 PayPal Security UID: ZVf25kC Release Date: ============= 2013-07-04 Vulnerability Laboratory ID VL-ID:...
Barracuda SSL VPN 680 Cross Site Scripting
Exploit for php platform in category web applications Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities Introduction: ============= The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote access to internal network resources from any Web...
phpcms 2008多个文件包含漏洞
文件包含 ?php define'INYP', TRUE; define'ADMINROOT', strreplace"\", '/',dirnameFILE.'/'; require '../include/common.inc.php'; 要登陆 if!$userid showmessage'您还没有登陆,即将跳转到登陆页面',$MODULE'member''url'.'login.php?forward='.urlencodeURL; sessionstart; $file变量可控制 if!isset$file || empty$file $file = 'panel'; /...
IBM Website Service - Cross Site Scripting Vulnerabilities
Document Title: =============== IBM Website Service - Cross Site Scripting Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=480 Release Date: ============= 2012-07-05 Vulnerability Laboratory ID VL-ID: ====================================...
eSyndiCat Pro 2.4.1 CSRF / XSS / SQL Injection
Title: ====== eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=575 VL-ID: ===== 575 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...
SSL Resume With Different Cipher Issue
The SSL implementation on the remote host has been shown to allow a cipher other than the one originally negotiated when resuming a session. An attacker that sees e.g. by sniffing the start of an SSL connection may be able to manipulate session cache to cause subsequent resumptions of that sessio...
CsForum 0.8 Cross Site Scripting
Title: ====== CsForum v0.8 - Cross Site Scripting Vulnerability Date: ===== 2012-04-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=496 VL-ID: ===== 496 Introduction: ============= Forum very simple installation, this script is very light and yet it has several...
Barracuda Cloud CC v3.04.015 - Multiple Vulnerabilities
Document Title: =============== Barracuda Cloud CC v3.04.015 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=441 Release Date: ============= 2012-03-28 Vulnerability Laboratory ID VL-ID: ==================================== 441...
Apache Struts会话篡改安全绕过漏洞
Bugtraq ID: 50940 Apache Struts是一款建立Java web应用程序的开放源代码架构 Apache Struts存在安全漏洞,允许恶意用户绕过部分安全限制。 org.apache.struts2.interceptor.SessionAware或org.apache.struts2.interceptor.RequestAware接口没有正确阻止对会话映射的访问,可被利用向使用组合自动绑定接口的应用程序发送特制请求,可更改会话映射 Apache Software Foundation Struts 2.1.8 .1 Apache Software...