LFCMS Directory Traversal Vulnerability

Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. LFCMS version 3.8.6 of http://www.a.com:84/admin.php?s=/Template/index.html页面存在目录遍历漏洞. An attacker can exploit this vulnerability with the help of the '...' sequence in the Template/edit/path URIs. ' sequence in...

Joyplus CMS Cross-Site Request Forgery Vulnerability

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site request forgery vulnerability exists...

Arbitrary file download vulnerability in the fileName parameter of GoodVision video conferencing system

GoodVision Video Conferencing System is a software application for pc platforms in Simplified Chinese language. There is an arbitrary file download vulnerability in the fileName parameter of GoodVision Video Conferencing System. This allows attackers to exploit the vulnerability to obtain sensiti...

iDVR mobile video system arbitrary file read vulnerability

No description provided by source...

齐博CMS视频系统 showsp.php和list.php 两处SQL注入漏洞

0x01漏洞描述 齐博CMS视频系统 showsp.php和list.php 两处SQL注入漏洞。 0x02漏洞详情 video/member/special.php elseif$job=='addsp' if$step==2 $yz=$groupdbPassContributeSP||$webadmin?1:0; $db-query"INSERT INTO $prespecial fid , title , keywords , style , template , picurl , content , aids ,uid , username , posttime , list,...

齐博视频系统 video/member/special.php SQL注入漏洞

0x01漏洞简介 齐博视频系统在文件/video/member/special.php处$TBpre未初始化，由于qibo存在伪全局变量注册，所以造成了sql注入。 0x02漏洞详情 video/member/special.php elseif$job=="showBBSiframe" $rsdb=$db-getone"SELECT FROM $prespecial WHERE uid='$lfjuid' AND id='$id'"; if!$rsdb showerr"资料不存在",1; //专题内的贴子排序 if$act=="order" unset$array; foreach...

Qibo Video System SQL Injection Vulnerability

Zibo video system can achieve all static, custom static page URL rules, you can copy the system into multiple subsystems in the background. A SQL injection vulnerability exists in Qibo Video System.' video/member/special.php' where $TBpre is not initialized, due to the existence of pseudo-global...

Sensitive Information Leakage Vulnerability in Beijing Melting Point's Video Communication System

Melting Point Netcom Beijing Technology Co., Ltd. is a high-tech company engaged in unified video operation services. The video system is one of the company's systems. A sensitive information disclosure vulnerability exists in the Beijing Melting Point Webcam video system. The vulnerability allow...

SQL Injection Vulnerability in Gobetters Video Conferencing System /web/server/serverstart.php?machineid= Parameter

GoBetter video conferencing system is a pure software video conferencing system with high-performance audio and video interactions, as well as perfect data functions launched by GoBetter. A SQL injection vulnerability exists in the Gobetters Video Conferencing...

qibocms 多个系统同一原因的sql注入

简要描述： 因为qibocms 拥有很多系统。 看了看昨天发的那个洞 今天再下载了几个qibo其他的系统 发现有一部分系统存在该洞。 鉴于之前qibocms打补丁的时候总是打了几个系统 而遗漏了其他几个系统。 就把存在这洞的系统全部一个一个的写出来。 详细说明： 统一来看看全局文件 $POST=AddS$POST; $GET=AddS$GET; $COOKIE=AddS$COOKIE; function AddS$array foreach$array as $key=$value if!isarray$value $value=strreplace"&x","& x",$value;...

马克斯CMS2.0beta (maxcms)SQL注入漏洞

这个系统是国内非常流行的视频点播系统，之前的1.5版本漏洞非常多，2.0版本在安全方面有所提高，但是依然有漏洞存在。 \inc\ajax.asp dim action : action = getForm"action", "get" response.Charset="gbk" Select case action case "newslist" : viewNewsList case "newscontent" : viewNewsContent case "digg","tread" : scoreVideoaction case "reporterr" : reportErr...