976 matches found
Huawei SmartAX MT880 - Multiple CSRF Vulnerabilities
No description provided by source. Description: Huawei MT880 is a device offered by the algerian telecom operator - FAWRI, to provide ADSL Internet connexion and it's already widely in use. Overview: Huawei MT880 firmware and its default configuration has flaws, which allows LAN users to gain...
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)
Multiple vulnerabilities were fixed in java-160-openjdk : - CVE-2010-4448: CVSS v2 Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N: DNS cache poisoning by untrusted applets - CVE-2010-4450: CVSS v2 Base Score: 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P: Launcher incorrect processing of empty library path entries ...
Respondly: Allowed method disclosure
The URL "https://respond.ly/" has the following allowed methods, which include DAV methods: ACL, BASELINECONTROL, CHECKIN, CHECKOUT, CONNECT, COPY, DEBUG, GET, HEAD, INDEX, INVALID, INVOKE, LABEL, LINK, LOCK, MERGE, MKACTIVITY, MKCOL, MKDIR, MKWORKSPACE, MOVE, NOTIFY, OPTIONS, PATCH, PIN, POLL,...
Phabricator: Bypass auth.email-domains
Email addresses are stored as VARCHAR128. However, Phabricator does not verify the length of an email address upon registration. This allows attackers to bypass the allowed email-domains defined in auth.email-domains. Exploiting this is rather straightforward: get an email address of 128 characte...
HackerOne: GIF flooding
Current limits --------------------- Image size: 1 MB Image dimensions: 2048x2048px File types: jpg/png/gif Another image hack --------------------- A GIF composed of 40k 1x1 images made Paperclip freeze until timeout. As attachments I sent the file composed of 40k images, and a screenshot of the...
python-django: directory traversal with "ssi" template tag
Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. dot dot in a ssi template tag...
DEBIAN-CVE-2013-4315
Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. dot dot in a ssi template tag...
DEBIAN-CVE-2013-5738
The getallowedmimetypes function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfilteredhtml capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file...
DEBIAN-CVE-2013-5739
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file, related to the getallowedmimetypes function in wp-includes/functions.php...
UBUNTU-CVE-2013-5738
The getallowedmimetypes function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfilteredhtml capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file...
dav
This plugin finds WebDAV configuration errors. These errors are generally server configuration errors rather than a web application errors. To check for vulnerabilities of this kind, the plugin will try to PUT a file on a directory that has WebDAV enabled, if the file is uploaded successfully, th...
espcms后台getshell-2
简要描述: 第二集 详细说明: espcms后台可以在后台把php设为允许的图片类型,然后在广告位上传图片处上传shell此处方便演示,用了phpinfo 1.在后台把php文件设为允许的图片类型 http://127.0.0.1/espcms/adminsoft/index.php?archive=management&action=syssetting&listfunction=syssetting&groupid=&iframeheightwindow=621&iframewidthwindow=1430 2.广告位添加图片处,上传shell...
WordPress plugins wp-catpro arbitrary file upload-vulnerability warning-the black bar safety net
----------------------------------------------------------------------- Wordpress plugins - wp-catpro Arbitrary File Upload Vulnerability ----------------------------------------------------------------------- Author = Zikou-1 6 Mailbox = [email protected] Test System : Windows 7 , Backtrack 5r3...
Wordpress plugins wp-3dflick-slideshow Arbitrary File Upload Vulnerability
The attacker can uplaod file/shell.php.gif 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...
Wordpress plugins powerzoomer Arbitrary File Upload Vulnerability
The attacker can uplaod file/shell.php.gif 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...
sip-methods NSE Script
Enumerates a SIP Server's allowed methods INVITE, OPTIONS, SUBSCRIBE, etc. The script works by sending an OPTION request to the server and checking for the value of the Allow header in the response. Script Arguments sip.timeout See the documentation for the sip library. Example Usage nmap...
CVE-2012-2213
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and...
WordPress timthumb. php remote file storage vulnerability analysis-vulnerability warning-the black bar safety net
Source:http://xuser. org/read. php? 1 8 作者 :xuser@fsafe Today on Twitter, see the About wordpress appeared vulnerability, then hastened to open the relevant page of the analysis of specific causes found to be timthumb. php remote storage file when the validation is insufficient and the resulting...
Maximus CMS 1.1.2 - FCKeditor Arbitrary File Upload
Maximus CMS 1.1.2 - FCKeditor Arbitrary File Upload | | /||\ / \ /===============================================================================\ |Exploit Title: maximus-cms fckeditor Arbitrary File Upload Vulnerability | |develop: http://www.php-maximus.org | |Version: Maximus 2008 CMS: Web...
mod_auth_mysql: character encoding SQL injection flaw
SQL injection vulnerability in modauthmysql.c in the mod-auth-mysql aka libapache2-mod-auth-mysql module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ backslash as part of the character encoding, allows remote attackers to execute arbitrary SQL...