Lucene search
+L

461 matches found

myhack58
myhack58
added 2012/09/12 12:0 a.m.17 views

PHP source code in the unserialize function throws a vulnerability analysis-vulnerability warning-the black bar safety net

0×0 1 unserialize function concept First look at the official given explanation: unserialize on single serialized variable operation, convert back to PHP values. The return is after the conversion the value can be integer, float, string, array or object. If the passed string cannot be serialized,...

2AI score
Exploits0
seebug.org
seebug.org
added 2012/09/11 12:0 a.m.17 views

anwsion问答系统存在任意文件上传重大漏洞

简要描述: 上传只做了js验证貌似 详细说明: 本人只在topic话题下上传了,貌似头像上传那里也存在该问题(没测试) 点击话题图像,就可以编辑上传图像了。 使用火狐的TAMPER DATA插件,并打开开始截获。 选择一个2bb.jpg(内涵php一句话的正常图片即可 该文件目录内还有一个2bb.php(留作备用 在tamaper data内修改数据,把2bb.JPG改成2bb.php即可 就可以看到上传上去的php图片小马了,但是这个是经过处理的 只要把url后面的100X100参数或者50x50参数去除,就可以得到一个没有经过处理的PHP小马了。 漏洞证明: 官方已经拿到shell了...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/08/01 12:0 a.m.46 views

Microsoft Internet Explorer Fixed Table Col Span Heap Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 OperatingSystems::WINDOWS, :uaminver =...

9.3CVSS6.3AI score0.64962EPSS
Exploits27
0day.today
0day.today
added 2012/07/30 12:0 a.m.61 views

Microsoft Office SharePoint Server 2007 Remote Code Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

7.1AI score0.93916EPSS
Exploits9
myhack58
myhack58
added 2012/07/08 12:0 a.m.81 views

Struts2 remote command execution vulnerability analysis and prevention-vulnerability and early warning-the black bar safety net

Struts 2 is the struts and WebWork technology based on a merge of the new framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the interceptor mechanism to deal with user's request, such design also makes the...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2012/06/15 12:0 a.m.39 views

Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution

!/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles @bclose and mrme @netninja exploit by...

7.4AI score
Exploits0
myhack58
myhack58
added 2012/05/09 12:0 a.m.17 views

Discuz NT multiple versions of a file upload vulnerability-vulnerability warning-the black bar safety net

Affected versions: seems to have affected. Vulnerability file:tools/ajax. aspx Vulnerability analysis:the page where the ajax request, there is no permission validation, visitors to the permissions you can call all the methods, it is dangerous to write, so with the following vulnerabilities. ! Wh...

7.1AI score
Exploits0
myhack58
myhack58
added 2012/04/26 12:0 a.m.23 views

Jackie CMS (<=1.7) SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

Jackie CMS Jieqi CMS is a novel system based CMS, currently the latest version is 1. 7, in the novel class of station use rate is still relatively high, these days took some time to look at his code, but quite interesting, to share with you a bit. The entire system of the core code is zend...

8.5AI score
Exploits0
myhack58
myhack58
added 2012/03/10 12:0 a.m.18 views

Struts2 and Webwork remote command execution vulnerability analysis-vulnerability warning-the black bar safety net

The vulnerability discovered by the publisher of the POC, and can not affect the xwork 2.1.2 prior to some versionthis version before some of the versions below will be collectively referred to as the old version, then called the new version, such as struts 2.0.14that is, the struts patch A N...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2012/02/17 12:0 a.m.15 views

pcAnywhere 12.5.0 build 463 - Denial of Service

!/usr/bin/python ''' Exploit Title: PCAnywhere Nuke Date: 2/16/12 Author: Johnathan Norman spoofy exploitscience.org or @spoofyroot Version: PCAnyWhere 12.5.0 build 463 and below Tested on: Windows Description: The following code will crash the awhost32 service. It'll be respawned so if you want ...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2012/02/16 12:0 a.m.97 views

[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow

CAL-2011-0071Adobe Shockwave Player Parsing cupt atom heap overflow Discover: instruder of code audit labs of vulnhunt.com CAL: CAL-2011-0071 CVE: CVE-2012-0758 http://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0071adobe-shockwave-player-parsing-cupt-atom-heap-overflow/ adobe security...

10CVSS0.06012EPSS
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/02/05 12:0 a.m.33 views

HITB2011KUL - Mobile Malware Analysis

Document Title: =============== HITB2011KUL - Mobile Malware Analysis References: =========== Download: http://www.vulnerability-lab.com/resources/videos/424.wmv View: http://www.youtube.com/watch?v=nVAuZ7jf7Sk Release Date: ============= 2012-02-05 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
myhack58
myhack58
added 2011/11/10 12:0 a.m.15 views

Remember the vulnerability analysis for the first time-the vulnerability warning-the black bar safety net

Just getting started in heroic and wretched kk under the guidance of the analysis of the first vulnerability program, today writing from scratch process. The vulnerability program is in ahttp://www.exploit-db.com/exploits/17854/to download, this site provides not only the vulnerability of the...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2011/11/02 12:0 a.m.27 views

Microsoft Excel 2007 SP2 - Buffer Overwrite (MS11-021)

Abysssec Research 1 Advisory information Title : Microsoft Excel 2007 SP2 Buffer Overwrite Vulnerability Analysis : Abysssec.com Vendor : http://www.microsoft.com Impact : Critical Contact : info at abysssec.com Twitter : @abysssec Microsoft : A remote code execution vulnerability exists in the w...

7.4AI score
Exploits0
myhack58
myhack58
added 2011/10/01 12:0 a.m.15 views

For Norman Security Suite 8 local provide the right 0Day analysis-vulnerability warning-the black bar safety net

| Norman Security Suite is a paragraph from the Norway of the HIPS software, yesterday on EXPLOIT-DB to see friends Xst3nZ released its a local mention of the right to 0Day POC. Don't know why the EXPLOIT-DB has not been authenticated ! Said to fun, EXPLOIT-DB on the drive-level vulnerability POC...

7.1AI score
Exploits0
myhack58
myhack58
added 2011/09/06 12:0 a.m.39 views

A simple analysis of the mplayer player to read. m3u File format vulnerability-vulnerability warning-the black bar safety net

Foreword:this time has been in efforts to study vulnerability analysis,and with reference to the failwest large cattle production0day, Second Edition, the storm m3u file reading vulnerabilitysee snow network-the fresh fruit was also analyzed,the younger brother not,can only follow a large cattle...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2011/08/15 5:22 a.m.2 views

Matriux Krypton security distribution Released

Matriux Krypton security distribution Released The Matriux is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network...

7.2AI score
Exploits0
myhack58
myhack58
added 2011/07/12 12:0 a.m.17 views

dotnot editor vulnerability analysis and fix-vulnerability warning-the black bar safety net

Not for some character filtering caused by the vulnerability. dotnot 百科 http://baike.baidu.com/view/1678378.htm 1. IIS6. 0+0 3 directly x. asp;x.jpg can also be built X. ASP folder 2. If the Upload Directory does not have execute permissions, again using the Rename function can rename the name...

1.2AI score
Exploits0
myhack58
myhack58
added 2011/07/05 12:0 a.m.40 views

Discuz X2 Safety study: SQL and XSS injection vulnerability 0day analysis-vulnerability warning-the black bar safety net

Recently, DiscuzX2 is out with two 0day, aSQL injectionvulnerability, an attacker can use this vulnerability to obtain the username and password, another is toXSSinjection vulnerabilities, the attacker can achieve the website hanging horse, Web sites, phishing and other acts, the current official...

0.6AI score
Exploits0
ThreatPost
ThreatPost
added 2011/06/08 2:33 p.m.6 views

Time to Focus on Results-Oriented Security

The security industry is full of pernicious problems with no easy solutions. Take spam, for example. The current best defense is filtering out the obvious spam messages. Yet, the countermeasure is not a solution: As anti-spam technology gets better, spammers merely churn out more spam and achieve...

7.2AI score
Exploits0References5
Rows per page
Query Builder