in medialize/uri.js

Description Bypass for https://huntr.dev/bounties/1625558772840-medialize/URI.js/ urijs fixed the issue for CVE-2021-3647, however an attacker can still exploit the issue due to case-sensitive checks in the earlier patch. Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp et...

phpyun v3.2 (20141226) 两处注入。

简要描述： 最近更新日期（2014-12-26） 又更新了, 麻烦别再给5rank了 20走起可好。 一处是新的 一处算是绕过补丁了。 之前还有一两个没打补丁哦 加快速度把。 详细说明： 第一处 新发现的在兑换奖品的时候 在model/redeem.class.php中 function dhaction $this-publicaction; if!$this-uid && !$this-username $this-obj-ACTlayermsg"您还没有登录，请先登录！",8,$SERVER'HTTPREFERER'; if$POST'submit'...

Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python", 'Description' = %q This module exploits a vulnerabilit...

Majordomo2 Directory Traversal

-------------------------- NSOADV-2011-003 --------------------------- Majordomo2 'help' Command Directory Traversal Patch Bypass 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1...