1619 matches found
Wordpress drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: Wordpress drag and drop file upload 0.1 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/drag-drop-file-uploader/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.ali.dj/ Software Link:...
Wordpress Mac Photo Gallery 2.7 - Arbitrary File Upload
No description provided by source. Exploit Title: Wordpress Mac Photo Gallery 2.7 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/mac-dock-gallery/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.apptha.com Software Link:...
Wordpress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: Wordpress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Google Dork: inurl:wp-content/plugins/custom-content-type-manager/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.fireproofsocks.com/ Software Lin...
Intel Corporation NetStructure 7110 Undocumented Password Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1182/info NetStructure formerly known as Ipivot Commerce Accelerator is a multi-site traffic director. This internet equipment is designed for businesses with multiple Web site locations, routing traffic to the best...
Wordpress Top Quark Architecture 2.10 - Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://topquark.com/ Software...
SuperMicro IPMI PSBlock File Plaintext Password Disclosure
The remote SuperMicro IPMI device is affected by an information disclosure vulnerability because it exposes all usernames and passwords in plaintext via the PSBlock file. A remote, unauthenticated attacker can exploit this vulnerability to download all usernames and passwords and gain a shell on...
WordPress image-symlinks Plugin Arbitrary File Upload Vulnerability
Author = X-Bruno E-mail = email protected Facebook = http://fb.me/Inj3ct.Bruno Google Dork = inurl:/wp-content/plugins/image-symlinks/ Usage Info = Exploit Info : The attacker can uplaod file/shell.php "php" // Allowed file extensions "/uploadify/"; // The path were we will save the file getcwd m...
FreeBSD : asterisk -- multiple vulnerabilities (f109b02f-f5a4-11e3-82e9-00a098b18457)
The Asterisk project reports : Asterisk Manager User Unauthorized Shell Access. Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is...
CVE-2013-6876 s3dvt Root shell
CVE-2013-6876 s3dvt Root shell About s3dvt: s3dvt is part of the 3d network display server which can be used as 3d desktop environment. Vulnerability: A vulnerability in s3dvt for versions prior to 0.2.2 allows to obtain a root shell. Details, patches, discussion and strategy to exploit at:...
AST-2014-006: Asterisk Manager User Unauthorized Shell Access
Asterisk Project Security Advisory - AST-2014-006 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On April 9, 2014 Reported By Corey Farrell...
asterisk -- multiple vulnerabilities
The Asterisk project reports: Asterisk Manager User Unauthorized Shell Access. Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is...
Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability
Overview Dell ML6000 and Quantum Scalar i500 tape backup system contain a command injection vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'Dell's and Quantum's advisories state the following: The tape library's remote use...
turbomail无任何限制getshell
简要描述: turbomail 官方windows版本存在多个漏洞,综合利用,没有任何限制getshell 详细说明: 今天看到 WooYun: TurboMail邮箱系统默认配置不当可进入任意邮箱及获取管理员密码(官网也中招及大量实例) 看到此系统影响如此深远,因此自己也下载一个学习分析一下。 找到官方地址 下载: http://www.turbomail.org/download.html 我下载的是windows版本,安装之后 开始学习使用。 由于是邮件系统,因此首先需要用户输入口令才能登录,当然正常邮件服务器都是这样的,因此首先看一下 对用户的验证过程。...
HP StoreVirtual Storage Remote Unauthorized Access
The remote HP storage system running LeftHand OS has an SSH support backdoor mechanism built in that may allow a remote attacker to gain root shell access to the system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid73461; scriptversion"2.4"; scriptcvsdate"Date:...
Wordpress Themify Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Title : Wordpress Themify Arbitrary File Upload Vulnerability Author : Jje Incovers Date : 31/03/2014 Category : Web Applications Type : TXT, PHP, HTML, HTM, ASP, Etc. Vendor : http://themify.me/ Download : http://themify.me/themes Tested :...
CVE-2013-6770
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then...
ownCloud 6.0.0a File Deletion / XSS / CSRF
Exploit Title: ownCloud 6.0.0a File Deletion XSS and CSRF Protection Bypass Vendor Homepage: www.ownCloud.org OwnCloud Version: 6.0.0a Browsers tested: Iceweasel 22.0; Internet Explorer 11; Server: Debian. Default LAMP set-up. Exploit Author: James Sibley absane Blog: http://blog.noobroot.com...
Joomla Aclassfb Shell Upload
Title : Joomla comaclassfb File Upload Vulnerability Author : DevilScreaM Date : 10 January 2014 Category : Web Applications Vendor : http://www.almondsoft.com Type : PHP Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker | Indonesian Exploiter ...
discuz!某自带工具可拿shell
简要描述: discuz!某自带工具,由于使用不当,可以造成webshell。 而且经过调查,使用者数量较大。 详细说明: discuz! 安装包中会自带一个转换工具 convert 这个工具由于存在安全问题,可以拿shell 一般存在网站目录 convert 或 utility/convert 而且经过调查,使用数量还是很大的。 使用前题是data目录可写,这也是这个工具的使用前题。 分析: 文件: utility\convert\include\doconfig.inc.php 中 保存配置,跟踪到saveconfigfile...
CmsEasy后台多处文件包含
简要描述: CmsEasy 存在多处文件包含,可以结合其他漏洞利用,直接GetShell。 详细说明: 第一处,后台自定义——添加表单 先来看看/cmseasy/template/admin/form/addform.php文件: 直接获取到template参数的值 再来看看/cmseasy/lib/admin/formadmin.php 没有判断template参数的值是否合法,是否是在允许的范围内等,直接进行保存。 我们在添加表单时抓包,修改这里template默认的值为我们自己的payload文件boot.php Boot.php文件的内容为 看看数据库存储的内容,直接进行了存储...