Lucene search
K

2138 matches found

CNVD
CNVD
added 2016/03/28 12:0 a.m.1 views

Multiple vulnerabilities in the Nepalese national government's common website building system

Nepal National Government Universal System NGUS is a website builder system. There are multiple vulnerabilities in the NGN Universal System that can be exploited by an attacker to obtain sensitive information from the database, upload a webshell, and gain access to the server...

6.9AI score
Exploits0References1
exploitpack
exploitpack
added 2016/02/17 12:0 a.m.14 views

OCS Inventory NG 2.2 - SQL Injection

OCS Inventory NG 2.2 - SQL Injection Exploit Title: OCS Inventory NG /ocsreports/index.php?function=visusearch - Time-based SQL Injection Choose a parameter, use EXACTLY operator: ' union select sleep5; - Code execution Bypass input escape and write to filesystem webshell PoC: ' union select...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/12 12:0 a.m.34 views

SIMOGEO FileManager 2.3.0 File Upload

Exploit Title: SIMOGEO FileManager 2.3.0 - File Upload Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone http://github.com/simogeo/Filemanager.git Version: 2.3.0 Test...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2016/01/28 12:0 a.m.383 views

Kangle虚拟主机本地文件包含漏洞

测试环境:kangle-3.3.9.msi,ep-2.6.4.exe(官方4-18日更新),windows XP 首先安装kangle server,然后安装easypanel,安装成功后访问http://127.0.0.1:3312/,会自动跳转到http://127.0.0.1:3312/vhost/?c=session&a=loginForm。 然后随便输入用户名密码登陆,如图发送的请求: 然后修改请求url中的参数c的值,将session改为: C=../../../../../../../../../../../windows/system.ini%00...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/01/28 12:0 a.m.2 views

Digital Paradise Mobile Office Middleware Interface Arbitrary File Write Vulnerability

Digital Paradise's MKey3G mobile office middleware is an enterprise-oriented application BYOD middleware platform, which has been widely used in energy, finance, government and enterprises. There is an arbitrary file writing vulnerability in the interface of Digital Paradise's mobile office...

7AI score
Exploits0
CNVD
CNVD
added 2016/01/14 12:0 a.m.2 views

KingTop CMS -- Tupy Technology Backend File Upload Vulnerability

KingTop CMS is a set of easy to learn , simple operation of the open source content management system . KingTop CMS -- Tupy Technology backend file upload vulnerability , attackers can upload webshell through the vulnerability , so as to obtain sensitive information...

6.7AI score
Exploits0
CNVD
CNVD
added 2016/01/07 12:0 a.m.4 views

E-commerce platform of Beijing 3D World Technology Co., Ltd. suffers from java deserialization vulnerability

Ltd. is a professional software and application service provider of domestic inspection and testing management platform, master data management platform, e-commerce platform and so on. A java deserialization vulnerability exists in the e-commerce platform of Beijing 3D World Technology Co., Ltd...

7.4AI score
Exploits0References1
seebug.org
seebug.org
added 2016/01/07 12:0 a.m.641 views

WordPress Revslider 插件任意文件上传漏洞与任意文件下载漏洞 (SoakSoak)

漏洞描述 据报道,此次SoakSoak恶意软件在大量WordPress站点中的爆发源于一款名为Revslider的幻灯片插件,该插件曾被爆多个安全漏洞,涉及任意文件下载、任意文件上传等。Revslider由ThemePunch出品,属于一款商业性插件(收费),因其具有强大的功能和良好的易用性而有着不错的销量,并且在ThemePunch出品的一些WordPress主题中也自带有该款插件。...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2016/01/02 5:44 p.m.13 views

Blade - A Webshell Connection Tool With Customized WAF Bypass Payloads

Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper 中国菜刀. Chooper is a very cool webshell client with widly typies of server side scripts supported, but Chooper can only work on Windows opreation system, so this is th...

7.4AI score
Exploits0References1
CNVD
CNVD
added 2015/12/31 12:0 a.m.3 views

Arbitrary File Upload Vulnerability in Broadband Authentication and Billing System of Chengdu Starry Blue Ocean Network Technology Co.

Blue Ocean Premier Broadband Access Gateway is a specialized intelligent device for Ethernet broadband access. An arbitrary file upload vulnerability exists in the broadband authentication billing system of Chengdu Starry Blue Ocean Network Technology Co., Ltd. An upload point exists in the...

7.4AI score
Exploits0References1
seebug.org
seebug.org
added 2015/12/16 12:0 a.m.29 views

aspcms后台备份逻辑错误导致被注入一句话木马

简要描述: aspcms后台的备份逻辑存在严重的逻辑问题,可导致一句话木马被“引入”执行 详细说明: 众所周知,对以xxx.asp命名的access数据库,只要插入著名的一句话: ┼攠數畣整爠煥敵瑳∨≡┩愾 访问该asp即可得到webshell aspcmsv2.5.8 最新版虽然对正在使用的数据库的名字加了号,导致无法直接访问,但是数据库的备份功能却是直接把数据备份成了 xxx.asp 导致访问备份的数据库网址即可得到webshell 利用过程: 1、在站点前台留言本以 " ┼攠數畣整爠煥敵瑳∨≡┩愾 "做标题留言一则...

7.1AI score
Exploits0
myhack58
myhack58
added 2015/12/08 12:0 a.m.57 views

LuManager high-risk SQL injection 0day analysis-vulnerability warning-the black bar safety net

2 0 1 5 year 9 month 7 day Ali cloud shield situational awareness system captures the LuManager system of 0day a gold that confirmed that the vulnerabilities once a hacker can use directly to the highest authority of the login background, upload webshell, the control system database, the operatio...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2015/12/08 12:0 a.m.43 views

SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities

Exploit Title: SIMOGEO FileManager 2.3.0 - Path Traversal Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone http://github.com/simogeo/Filemanager.git Version: 2.3.0...

7.4AI score
Exploits0
n0where
n0where
added 2015/12/07 3:34 p.m.31 views

Automatic SQL Database Injection: jSQL Injection

jSQL Injection is a lightweight application used to find database information from a distant server. Tool is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic best algorit...

8.3AI score
Exploits0References1
0day.today
0day.today
added 2015/11/14 12:0 a.m.585 views

b374k 3.2.3 2.8 CSRF / Command Injection Vulnerabilities

b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection. Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2015/11/13 12:0 a.m.39 views

b374k 3.2.3 2.8 CSRF / Command Injection

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-B374K-CSRF-CMD-INJECTION.txt Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/11/06 12:0 a.m.37 views

China Chopper Caidao PHP Backdoor Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'China Chopper Caidao PHP Backdoor Code Execution', 'Description' = %q This module takes advantage of the China Chopper Webshell that...

0.5AI score
Exploits0
0day.today
0day.today
added 2015/11/06 12:0 a.m.47 views

China Chopper Caidao PHP Backdoor Code Execution Exploit

This Metasploit module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'China Chopper Caidao...

7AI score
Exploits0
seebug.org
seebug.org
added 2015/11/03 12:0 a.m.47 views

cmseasy官网无条件getshell

简要描述: CMS官网 无条件getshell 想走个大场商 求20rank 详细说明: 首先先看webshell 要不直接把我的webshell给覆盖掉了 菜刀地址 http://www.cmseasy.cn/post/list.php?list=@eval%28$POST%27a%27%29; 密码a 漏洞证明: view-source:http://www.cmseasy.cn/post/list.php?list=echo%20filegetcontents%27list.php%27; http://www.cmseasy.cn/post/list.php?list=phpin...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2015/11/02 8:54 a.m.126 views

China Chopper Caidao PHP Backdoor Code Execution

This module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'China Chopper Caidao PHP Backdoor Code...

7.3AI score
Exploits0
Rows per page
Query Builder