Mt. Vernon Media 1.12 Cross Site Scripting

MT.VERNON MEDIA Web-Design v1.12 Multiple XSS Cross-site Scripting Web Security Vulnerabilities Exploit Title: MT.VERNON MEDIA Web-Design v1.12 Multiple XSS Security Vulnerabilities Product: Web-Design Vendor: MT.VERNON MEDIA Vulnerable Versions: v1.12 Tested Version: v1.12 Advisory Publication:...

Discuz! 7.x csrf+存储xss(富文本)脱裤(2处)和后台sql(root getshell)(附带exploit)

简要描述： Discuz! 7.x csrf xss富文本脱裤和后台sqlroot getshell,这回个真的给你们发一个实实在在的xss,美包包！！！，求加精！ 详细说明： 今天审核了一下dz 7系列的内容，发现富文本一处代码，可绕过进行xss 首先我们看一下这个富文本绕过，直接看代码： diszuscode.func.php:305-317: function parseaudio$url, $width = 400, $autostart = 0 $ext = strtolowersubstrstrrchr$url, '.', 1, 5; switch$ext case 'mp3...

Discuz! xxe 可破坏数据库结构，导致脏数据进入

简要描述： Discuz! xxe 可破坏数据库结构，导致脏数据进入.......dz太变态了，小引号也过滤了，妹的，没办法只能分析到这里，但是隐约感觉到，这里存在很大的风险，因为改变了系统模板风格，先发个福利，大家自己看吧 详细说明： 首先我们看文件: portalcpdiy.php（lines:301-324）: if submitcheck'importsubmit' $isinner = false; $filename = ''; if$POST'importfilename' $filename =...

PHP-Nuke 1.0/2.5 Administrative Privileges Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1592/info PHP-Nuke is a website creation/maintainence tool written in PHP3. It is possible to elevate priviliges in this system from normal user to administrator due to a flaw in authentication code. The problem occurs...

[oss-security] Fwd: [exim-announce] Exim 4.82.1 Security Release

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Short version: Exim MTA, CVE-2014-2957, remote code execution based on email header content when built with the EXPERIMENTALDMARC option. Flaw introduced with that option in Exim 4.82, which was previously the current release; no prior releases...

A lot of Taobao guest V7. 4 injection vulnerability-vulnerability warning-the black bar safety net

Penetration a station to engage the C-segment across a station. Since the app is open source program And download their app to see a lot. In fact, the programmer still has little Safety awareness: Anti-injection code: //To filter the illegal characters $ArrFiltrate =array...

Quality Coding Takes A Break For The Holidays. But Why?

I recently read a blog post by CloudFlare and Shawn Graham that asked a fantastic and timely question: “Do Hackers Take The Holidays Off?” CloudFlare sees traffic for hundreds of thousands of websites and was able to answer the question. They looked at the average percentage of requests that...

Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the normalizeDocument...

odlican.net CMS 1.5 - Arbitrary File Upload

odlican.net cms v.1.5 remote file upload vulnerability Author: Anonymous you can download following cms here http://cms.odlican.net/files/cmsv1-5.zip Info:odlican.net cms v.1.5 is simple opensource cms made by croatian web designers and it has serious flaw. dork:Powered by odlican.net cms v.1.5...

odlican cms v.1.5 remote file upload vulnerability

Exploit for unknown platform in category web applications ================================================== odlican cms v.1.5 remote file upload vulnerability ================================================== odlican.net cms v.1.5 remote file upload vulnerability you can download following cms...

XSS bug in wiki markup link rendering

The following wikimarkup creates links with an onclick event. noformat test link|mailto:[email protected]" onclick="alert'hi. I am a fun onclick event' test link|mailto:[email protected]" onclick="alert'hi. I am a fun onclick event' noformat This is due to the following code in...

SA-Blog Injection Vulnerability

sablog是国内安全研究人员写的一款blog程序,但是代码中有一点瑕疵导致可能被获取管理员权限: 问题出在wap/index.php里的652行左右 ------------ $hash = getuserhash$user'userid', $user'username', $user'password', $user'logincount'+1; $DB-query"delete FROM $dbprefixsessions where uid='".$user'userid'."' or lastactivity+3600'$timestamp' or hash='$hash'"...

Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6

A security issue has been found which allows an unauthenticated user to bypass the authentication system in LedgerSMB 1.2.0 through 1.2.6. Severity: Highly Critical Versions affected: 1.2.0 through 1.2.6 Status: Vendor solution available upgrade to 1.2.7 Effect: Authentication bypass. Required...