OpenSIS 'modname' - PHP Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "OpenSIS 'modname' PHP Code Execution", 'Description' = %q This module exploits a PHP code execution vulnerability in OpenSIS versions...

OpenSIS 'modname' PHP Code Execution

This module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval' with user controlled data from the 'modname' parameter. This module...

XADV-2013003 Linux Kernel fbdev Driver arcfb_write() Overflow

+----------------------------------------------------------------+ | XADV-2013003 Linux Kernel fbdev Driver arcfbwrite Overflow | +----------------------------------------------------------------+ Vulnerable versions: - linux kernel 3.12 = - linux kernel 2.6.x Testbed: linux kernel 2.6.18 Type:...

Invision Power Board 1.x / 2.x / 3.x Admin Account Takeover

IPB Invision Power Board all versions 1.x? / 2.x / 3.x Admin account Takeover leading to code execution Written on : 2013/05/02 Released on : 2013/05/13 Author: John JEAN @johnjean on twitter Affected application: Invision Power Board = 3.4.4 Type of vulnerability: Logical Vulnerability / Bad...

Foe CMS 1.6.5 - Multiple Vulnerabilities

Foe CMS 1.6.5 - Multiple Vulnerabilities Title: Foe CMS 1.6.5 SQL Injection Vulnerability Vendor: http://foecms.com/ Download: http://code.google.com/p/foecms/downloads/list Versions: 1.6.5 Platform: linux, windows Bug: SQL Injection | Cross Site Scripting...

Foe CMS 1.6.5 - Multiple Vulnerabilities

Title: Foe CMS 1.6.5 SQL Injection Vulnerability Vendor: http://foecms.com/ Download: http://code.google.com/p/foecms/downloads/list Versions: 1.6.5 Platform: linux, windows Bug: SQL Injection | Cross Site Scripting ------------------------------------------------------- 1 Introduction 2 Bug 3...

Firefox Continues to Curb Out-of-Date, Flawed Third-Party Plug-ins

After pushing its “click-to-play” blacklisting function live last fall, Mozilla has announced plans to further implement the security feature in its Firefox browser. The company is planning to make it so only the most recent version of Flash is automatically run on web pages while users will have...

Privacy Protests Cause Instagram to Rethink Changes

Instagram cofounder Kevin Systrom responded to a firestorm of protests from users of the photo-sharing social network’s proposed terms of service changes that could impact the privacy of its users. Systrom blamed confusing legal jargon for the misunderstanding and said Instagram would not be...

Instagram Privacy Changes Start Clock Ticking for Users Who Want to Opt-Out

Instagram users have some soul searching to do between now and Jan. 16 when new terms of service kick in that give the photo-sharing social network the right to sell personal photos without the user’s permission or compensating them. The most startling change reads: “To help us deliver interestin...

Calling Foul on the Political Football That is Do Not Track

It looks like it’s time for a do-over for DNT. The oft-maligned specification has become—like many other standards efforts before it—a political football. Parties with interests on both sides of the issue have their own agendas, cannot agree on semantics and ignore, in this case, what should be t...

Openfiler v2.x NetworkCard Command Execution

This module exploits a vulnerability in Openfiler v2.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'openfiler' user. The 'system.html' file uses user controlled data from the 'device' parameter to create a new 'NetworkCard' object. The cla...

Kevin Mitnick's website open to Cross-Site Scripting ( XSS ) vulnerability

Kevin Mitnick's website open to Cross-Site Scripting XSS vulnerability Cross-Site Scripting XSS vulnerability discovered in official website of Kevin Mitnick one of the most talented hackers, and the one one most prosecuted by the state. Mitnick's hacker handle was "Condor". He became the first...

Fork CMS 3.2.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/52319/info Fork CMS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the...

Oracle Hyperion Strategic Finance Formula One ActiveX控件"SetDevNames()"

Oracle Hyperion Financial Management是综合性的、可扩展的、基于Web的国际财务集成、报告和分析的解决方案。 Oracle Hyperion Strategic Finance在实现上存在安全漏洞，可被恶意用户利用控制用户系统。 此漏洞源于Formula One ActiveX控件TTF16.ocx的"SetDevNames"方法中的边界错误，通过 "DriverName" 参数中传递的超长字符串可造成堆缓冲区溢出。 Oracle Hyperion Strategic Finance 11.x Oracle Hyperion Strategic...

Oracle Hyperion Enterprise Performance Management arsqls24.dll缓冲区溢出漏洞

Oracle Hyperion Enterprise Performance Management是性能管理软件。 Oracle Hyperion Enterprise Performance Management在实现上存在安全漏洞，可被恶意用户利用控制用户系统。 在解析数据库连接字符串时，arsqls24.dll中存在边界错误。通过诱使用户打开特制的Hyperion Interactive Reporting Studio .oce文件造成栈缓冲区溢出。 Oracle Hyperion Enterprise Performance Management EPM 11.x 厂商补丁：...

Apple iTunes多个安全漏洞

CVE ID:...

Mozilla Releases Field Guide to Do Not Track

Mozilla has released a comprehensive guide to the use and implementation of the Do Not Track technology that’s included in its Firefox browser, in an effort to give developers and advertisers a better handle on how the technology works and how users are taking advantage of it. The Do Not Track...

inappropriate GSSAPI delegation

When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a sensitive operation, which...

Discuz! NT 2. x – 3.5.2 user control poster SQL injection vulnerability-vulnerability warning-the black bar safety net

ajaxtopicinfo. ascx user control poster SQL injectionvulnerability Combined with ajax. aspx call any user control vulnerability In the file admin/UserControls/ ajaxtopicinfo. ascx in Go to the function GetCondition WebsiteManage. cs //6 2 rows if posterlist != “” string poster = posterlist...

Discuz!NT 2.*-3.5.2 SQL注入漏洞

Discuz!NT 是康盛创想Comsenz旗下的一款功能强大的基于 ASP.NET 平台的社区软件。ajaxtopicinfo.ascx用户控件 poster SQL注入漏洞。结合ajax.aspx调用任意用户控件漏洞 admin/UserControls/ ajaxtopicinfo.ascx 函数 GetCondition WebsiteManage.cs //62 行 if posterlist != "" string poster = posterlist.Split','; condition += " AND poster in "; string tempposerli...