Checkmarx CxQL Sandbox bypass (CVE-2014-8778)

Checkmarx CxQL Sandbox bypass CVE-2014-8778 Vendor: Checkmarx - www.checkmarx.com Product: CxSuite Version affected: 7.1.5 and prior Credit: Huy-Ngoc DAU @ngocdh of Deloitte Conseil, France ================================ Introduction ================================ Checkmarx is a static source...

Kaspersky AntiVirus - ExeCryptor Parsing Memory Corruption

Kaspersky AntiVirus - ExeCryptor Parsing Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=525 Fuzzing packed executables found the attached crash, it might be usable as an information leak as part of another bug, so filing as a low-risk bug. If I had t...

Checkmarx CxSAST Sandbox Bypass Vulnerability

Checkmarx CxSAST formerly CxSuite is a source code analysis SCA solution developed by Checkmarx, Inc. in the United States. The solution provides features such as identifying and tracking application layer security vulnerabilities and showing where and how to fix them. A security vulnerability...

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment...

Technical analysis: on the Android libStagefright series vulnerability analysis-vulnerability warning-the black bar safety net

The article corresponds to the CVE-2 0 1 5-1538,1539,3824,3826,3827,3828,38297 a CVE, the specific mapping relationship is currently unknown. The security vulnerability known as the impact of the“9 5%”Android phone security. To follow through on the vulnerability of the attack surface of view, th...

BWA - OWASP Broken Web Applications Project

A collection of vulnerable web applications that is distributed on a Virtual Machine. Description The Broken Web Applications BWA Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: learning about web application security testin...

PHPCMS \phpcms\modules\member\index.php user login SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

catalog 1. Vulnerability description 2. Vulnerability trigger conditions 3. Vulnerability scope 4. Vulnerability code analysis 5. Defense method 6. Offensive and defensive thinking 1. Vulnerability description 2. Vulnerability trigger conditions 0x1: POC http://localhost/phpcmsv9/index. php?...

Discuz full version of the stored DOM XSS that can be hit, the administrator attached to the Discuz official development 4 pit&validation script-vulnerability warning-the black bar safety net

Discuz editor JS to improper handling of lead storage typeXSS. Reason: JS native take ELEMENT in the HTML content of the method, the service side escape single double quotes entity encoding is inverted. Code analysis: Here with the latest version of the local test payload is:...

Multi Purpose Fuzzer: zzuf

Multi Purpose Fuzzer zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data which more than often comes from untrusted sources on the Internet. It works by intercepting file and network operations and changing random...

mcms最新版SQL注入6枚打包（可出任意数据）

简要描述： mcms最新版SQL注入6枚打包（可出任意数据） 详细说明： 掌易科技的程序员反应相当快啊，确认漏洞当天就修复以后出新版本了，前面在wooyun提的几个漏洞新版的mcms做了相应的处理，发布了新版v3.1.3.enterprise，再来研究研究。 注入一枚：/app/public/flink.php?m=save&ajax=1 post中有6个参数，虽然都经过了xss和sql的过滤，但是过滤的并不完全，我们看看是如何注入的。这里以forder为例进行说明（虽然下面的代码中，forder被intval了，但是不影响注入啊，慢慢看下去吧）。 function msave glob...

Shopify: Force 500 Internal Server Error on any shop (for one user)

There is very strange behavior. If user open urls like below: - https://whashp.myshopify.com/?previewthemeid=11288717 - or https://lmfshp.myshopify.com/?previewthemeid=11290937 He got redirect to shop https://whashp.myshopify.com/ and 500 Internal Server Error response, and reload does not help i...

Discuz全版本存储型DOM XSS（可打管理员）附Discuz官方开发4大坑&验证脚本

简要描述： 由此次漏洞和上次的命令注入，看出Discuz官方开发4大坑： 1.发的补丁和diff官方最新版本安装包的结果不一定相同（导致后台升级，手动更新后已经在新版本修了的漏洞还在） 2.发补丁不发修复点的公告（导致二次开发的站考虑到兼容性不愿第一时间更新） 3.在线上改代码修漏洞却不发补丁 4.发补丁，发新版本安装包的时间，论坛发补丁帖的时间不一致，参见：http://download.comsenz.com/DiscuzX/3.2/ http://www.discuz.net/forum-10-1.html 详细说明： Discuz编辑器JS处理不当导致的存储型XSS。 产生原因：...

Mango cloud KODExlporer information leak+arbitrary command execution getshell(a-vulnerability warning-the black bar safety net

Do you want to blast your entire chrysanthemum it??? I take it slow and... Don't be afraid to hurt it. Give up Detailed description: Code I from official website next. Dog brother, waiting for the Universal rewards. I don't have how analysis, own download sets of source code to build it! I don't...

KPPW最新版SQL注入漏洞九(全局问题导致大面积注入及总结)

简要描述： KPPW最新版SQL注入漏洞九，也是全局问题导致的大面积注入，这里申明不是在刷漏洞，因为每一个问题都很严重，都能引发很多问题... 详细说明： KPPW最新版SQL注入漏洞九，也是全局函数的问题，导致大面积注入... 文件/control/user/accountauth.php if $code&&inarray$code,$arrAllowAuth $code or $code = $keys '0'; $code or kekezu::showmsg $lang 'paramerror', "index.php?do=auth", 3, '', 'warning' ;...

Discuz! Micro-channel public platform plug-ins patch to bypass the override to delete the database-vulnerability warning-the black bar safety net

Discuz! Micro-channel public platform plug-ins patch to bypass the override to delete the database, and can completely bypass the Baidu cloud waf A vulnerability published is getshell, the results of the plug-in in response to the rapid Ah, today hit the patch, have to say dz is awesome Then real...

[CVE-2 0 1 4-8 9 5 9] phpmyadmin arbitrary file include vulnerability analysis with presentation-vulnerability warning-the black bar safety net

0x01 vulnerability description phpmyadmin is a widely used mysql database management software, based on PHP development. Latest CVE-2 0 1 4-8 9 5 9 announcement, mentioned the program several versions exist of any of the files containing the vulnerability, affected versions are as follows:...

CVE-2 0 1 4-1 8 0 6 . NET Remoting Services vulnerability analysis-vulnerability warning-the black bar safety net

0x00 description Microsoft . NET Remoting is a distributed processing manner, there is provided a method that allows the object by the application domain with the other objects to interact with the framework. A few days ago James Forshaw posted a CVE-2 0 1 4-1 8 0 6 . NET Remoting Services exploi...

Radare - The Reverse Engineering Framework

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files This is the rewrite of radare 1.x branch to provide a framework with a set of libraries and programs to work with binary data. Radare project started as a forensics tool, an scriptabl...

cmseasy的SQL注射漏洞（附分析和exp）

简要描述： cmseasy sql注射漏洞 详细说明： 先看 manageact.php 174行 if!session::get'from' session::set'from',front::$from; 如果 session中没有 from这个的话就设置front类中$from这个为值,我们追追他的$from怎么产生的。 在 frontclass.php 312-313 if isset$SERVER'HTTPREFERER' self::$from=$SERVER'HTTPREFERER'; 看了下,好像没有对...

CVE-2 0 0 9-1 1 5 1 phpMyadmin Remote Code Injection && Execution-vulnerability warning-the black bar safety net

Directory 1. Vulnerability Description 2. Vulnerability trigger conditions 3. Vulnerability the range of 4. Vulnerability code analysis 5. Defense method 6. Offensive and defensive thinking 1. Vulnerability description Insufficient output sanitizing when generating configuration file phpMyAdmin i...