Node.js third-party modules: property-expr - Prototype pollution

I would like to report Prototype pollution in property-expr It allows attacker to modify the prototype of a base object. Module module name: property-expr version: 2.0.2 npm page: https://www.npmjs.com/package/property-expr Module Description Tiny property path utilities, including path parsing a...

systemd - chown_one() can Dereference Symlinks Exploit

Exploit for linux platform in category dos / poc I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When chownone in the recursive chown logic decides that it...

QEMU pcnet_receive 堆缓冲区溢出漏洞(CVE-2015-7504)

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html pcnet是虚拟化软件QEMU中实现AMD PCNET网卡功能模拟的组件，相关的代码实现位于/hw/net/pcnet.c中。 在qemu软件中使用pcnet网卡，需要如下的命令行进行配置： qemu-system-x8664 centos-6.5-x64.img -m 1024 - net nic,model=pcnet -net user...

anwsion任意文件下载漏洞

简要描述： anwsion任意文件下载漏洞 详细说明： 不解释，代码逻辑有问题。 http://wenda.anwsion.com/file/download/?filename=Y29uZmlnLnBocA==&url=Lmh0dHA6Ly93ZW5kYS5hbndzaW9uLmNvbS91cGxvYWRzLi9zeXN0ZW0vY29uZmlnL2RhdGFiYXNlLnBocA== 漏洞证明：...

shopex密码取回处新生成密码可预测漏洞

简要描述： shopex在找回密码的地方存在一些逻辑设计问题，导致可以预测新生成的密码，可能被用来攻击获取他人密码 详细说明： 相关代码 /core/shop/controller/ctl.passport.php中： function sendPSW $this-begin$this-system-mkUrl'passport','lost'; $member=&$this-system-loadModel'member/member'; $data=$member-getMemberByUser$POST'uname';...

boblog arbitrary variable overwrite vulnerability(II)-vulnerability warning-the black bar safety net

Previously 80vul. com published on a bo-blog of vulnerabilities1,this vulnerability has already been an official patch,but then the tick. com released a bypass patch Method2,shame is triggered when there is a certain limit,here I come again published a without any limitation bypassing the patch t...