crazymatures.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-49904 Description| Value ---|--- Affected Website:| crazymatures.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

Cisco Prime Data Center Network Manager 6.x XSS (uncredentialed check)

According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by a cross-site scripting vulnerability due to insufficient validation of input parameters by its web server component. Using a specially crafted URL...

zoombucks.com XSS vulnerability

Open Bug Bounty ID: OBB-48839 Description| Value ---|--- Affected Website:| zoombucks.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

CVE-2014-5194

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

Code injection

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

CVE-2014-3914

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager TSM in Rocket ServerGraph 1.2 allows remote attackers to 1 create arbitrary files via a .. dot dot in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. dot d...

TinyShop 多处sql注入#2

简要描述： rt 详细说明： 看到 /framework/lib/util/filterclass.php ...... public static function sql$str if getmagicquotesgpc $str = stripslashes$str; else //不使用主要是因为，先有mysql的连接 //$str = mysqlrealescapestring$str; $str = addslashes$str; return $str; ..... 当php为低版本或者 gpc开启（php默认是开启的吧）时。 $str = stripslashes$str...

74cms (20140709) 最新版二次注入一弹

简要描述： 74cms V3.4.20140709 不好好的修改漏洞代码 而是修改过滤函数。 虽然那过滤代码我绕不过去。。 但是还是找到了处能出数据。 在修改过滤函数的基础上,还是好好的修改代码把。 详细说明： 首先来看看过滤函数 function removexss$string $string = pregreplace'/\x00-\x08\x0B\x0C\x0E-\x1F\x7F+/S', '', $string; $parm1 = Array'javascript', 'union','vbscript', 'expression', 'applet', 'xml',...

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection Exploit Title: Joomla component comyoutubegallery - SQL Injection vulnerability Google Dork: inurl:index.php?option=comyoutubegallery Date: 15-07-2014 Exploit Author: Pham Van Khanh [email protected] Vendor Homepage:...

CVE-2014-4671

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows...

Destoon最新 V5.0-UTF8 正式版命令执行漏洞（后台）

简要描述： RT 详细说明： 后台一处命令执行漏洞，可添加系统账户。 漏洞位于admin/tag.inc.php case 'preview': $db-halt = 0; $destoontask = ''; if$tagcss $tagcss = stripslashes$tagcss; if$taghtmls $taghtmls = stripslashes$taghtmls; if$taghtmle $taghtmle = stripslashes$taghtmle; if$tagcode $tagcode = stripslashes$tagcode; if$tagjs...

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually...

Breed <= patch #1 zero-length Remote Crash Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h...

Winamp 5.05-5.13 .ini local stack buffer overflow PoC

No description provided by source. /Winamp 5.05-5.13 .ini local stack buffer overflow poc The problem is in the skin field when a long string is writen it causes the buffer overflow. All u have to do is replace this file with the initial one. -snipp-- Winamp vispluginname=visavs.dll vispluginnum=...

Microsoft Internet Explorer 6.0 Search Pane URI Obfuscation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11851/info A remote URI obfuscation vulnerability has been found in Internet Explorer's search pane functionality. This issue is due to a failure of the application to present the URI address of HTML and script code loade...

WordPress SH Slideshow plugin <= 3.1.4 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress SH Slideshow plugin = 3.1.4 SQL Injection Vulnerability Date: 2011-08-29 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/sh-slideshow.3.1.4.zip Version: 3.1.4 tested...

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot ../ directory traversal exploitation if extended UNICODE character representations are used in substitution for / and . Unauthenticated users may acces...

信游科技页游平台程序通用型SQL注入（一个文件多处）

简要描述： 看了@wefgod 大牛以前提交的 有空看了看这套代码 又发现了注入 官网几套系统都存在通用性注入漏洞 只是有安全狗 本人很菜不会过狗 但是漏洞是存在的 详细说明： 存在漏洞的文件： xykj/jsondata.ashx 三个分支 都存在注入 源码如下 using System; using System.Collections.Generic; using System.Collections.Specialized; using System.Web; using com.xykj.common; /// /// 请求处理 /// 发送到客户端为json格式。 ///...

EasyTalk以系统身份向用户发XSS

简要描述： EasyTalk以系统身份向用户发XSS 详细说明： 出现问题的代码文件路径 : easytalk/Home/Lib/Action/ImAction.class.php 代码加载时 public function initialize parent::init; 没要求登录 而EasyTalk存储型XSS和以系统身份向任意用户发私信的漏洞在这代码 //发表聊天 public function sendmsg $ret=D'Messages'-sendmsgdaddslashes$POST'content' ,daddslashes$POST'nickname',$this-m...

Thinksaas最新版注入无视GPC

简要描述： thinksaas最新版2.1某处sql注入修补不完善，继续注入。 详细说明： Thinksaas是一款轻量级开源社区系统，界面我很喜欢。官网在http://www.thinksaas.cn/。 说到无视GPC，大家想到什么。Get、Post、Cookie请求不好用的时候，还能用到什么？ 当然是SERVER或FILE。 这个cms在全局文件中使用了addslashes对GET、POST、COOKIE进行了过滤，而且在操作数据库的函数中，在where的位置又用了mysqlrealescapestring，所以使得游戏变得很难。...