QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass

Exploit QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass Date: 10.05.2017 Software Link: https://www.qnap.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: web 1. Description $COOKIESTATIONSID is not...

WordPress User Meta Manager 3.4.6 Plugin - Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: WordPress User Meta Manager Plugin Blind SQLI Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://jasonlau.biz/home/...

Calendar Express 2.2 Month.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18314/info Calendar Express is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit coul...

大汉jbook、jget、jvideo、source、jphoto和lm的通用越权漏洞

简要描述： jbook=订阅系统（好像是） source=数据源采集系统 jget=信息采集系统 jvideo=视频系统 jphoto=图片系统 lm=互动系统 大概就是这样。 详细说明： 某个同名文件虽然代码大同小异，但是都产生了同样的越权漏洞，可以重置这几个系统的安装目录相关配置信息。 漏洞证明： None 先用jphoto来做例子。 http://www.yzwh.gov.cn/jphoto/setup/ 这是jphoto的setup目录，先用exp提交数据： 提交成功后，提示配置文件修改完成，重启服务。 Exp里面是把密码设置为123456的...

ISC BIND 9 DNS64 远程拒绝服务漏洞

BUGTRAQ ID: 57556 CVECAN ID: CVE-2012-5689 BIND是一个应用非常广泛的DNS协议的实现。 ISC BIND 9.8.x、9.9.x在某些配置中，DNS64的响应策略区域缺少AAAA重写规则，远程攻击者通过AAAA记录查询，可造成拒绝服务（断言失败并退出指定程序）。 0 ISC BIND 9.9.x ISC BIND 9.8.x 临时解决方法： 2013年1月24日厂商已经发布beta版本，修复了此漏洞。如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 确保RPZ包含每个A重写规则的AAAA重写规则。 厂商补丁： IS...

SQLiteManager 1.2.4 Remote PHP Code Injection Vulnerability

Exploit for multiple platform in category remote exploits Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit Author: RealGa...

DNS zone transfer exploit and fix-vulnerability warning-the black bar safety net

In fact, the use of the method is divided into manual and tool two, we can use BT5 the following tools Dnsenum or other tools, hand while you use the nslookup. 1, Using the tool to get DNS information cd /pentest/enumeration/dns/dnsenum ./ dnsenum.pl --enum domain.com This can be simple to make u...

Chi Sepang international series system to kill exploit 0day and fix-vulnerability warning-the black bar safety net

Chi Sepang international series system to kill exploit 0day and fix Brief description: this vulnerability should be a series system to kill, in the background Annex to the upload not the file format limit, can lead to upload any type of file. Use method: can be utilized where there are two, one i...

PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit

Exploit for unknown platform in category web applications =========================================================== PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit =========================================================== !/usr/bin/php ?php / Found this after getting my inet back...

OpenOffice 'rtl_allocateMemory()'远程代码执行漏洞

BUGTRAQ ID: 30866 CVE ID: CVE-2008-3282 CNCVE ID：CNCVE-20083282 OpenOffice是一款开源的办公文字处理应用程序。 OpenOffice内存分配中存在一个数字截断错误，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 sal/rtl/source/allocglobal.c中的rtlallocateMemory函数接受salSize n参数，在64位平台如x8664上，salsize定义为无符号长整数，请求的内存块大小之后以size type...

Sun Solaris 'snoop(1M)' Utility Multiple Remote Vulnerabilities

The Solaris 'snoop1M' network utility is prone to multiple remote vulnerabilities, including: - Multiple stack-based buffer-overflow vulnerabilities - Multiple format-string vulnerabilities Exploiting these issues will allow attackers to execute arbitrary code with the privileges of the 'nobody'...

Sun Java System Access Manager XSLT样式表单XML签名远程代码执行漏洞

BUGTRAQ ID: 29988 CNCAN ID：CNCAN-2008063001 Sun Java System Access Manager是一款安全单点登录、认证、授权解决方案。 Sun Java系统访问管理器没有正确安全处理XML签名中的XSLT样式表单，远程攻击者可以利用漏洞以应用程序权限执行任意代码。 能建立使用访问管理器本地可查看的XML签名的远程用户可以访问管理器应用程序权限执行任意代码。访问管理器由WEB'容器'应用程序运行，如Sun Java System Application...

Linux Kernel fcntl_setlk()函数本地竞争条件漏洞

BUGTRAQ ID: 29076 CVECAN ID: CVE-2008-1669 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux kernel没有对fcntl功能应用某些保护机制，本地攻击者可以在SMP系统上利用fcntlsetlk与close调用之间的竞争条件获得对文件描述符表的不正确序列访问，这可能导致拒绝服务的情况。 Linux kernel 2.6.25.2 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Slackware 12.0 / current : kernel exploit fix (SSA:2008-042-01)

New kernel packages are available for Slackware 12.0, and -current to fix a local root exploit. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2008-042-01. The text itself is copyright C...

Debian Security Advisory DSA 101-1 (sudo)

The remote host is missing an update to sudo announced via advisory DSA 101-1. OpenVAS Vulnerability Test $Id: deb1011.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 101-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

IBM AIX snappd本地权限提升漏洞

IBM AIX是一款商业性质的UNIX操作系统。 AIX的snappd工具实现上存在漏洞，本地snapp组的攻击者可能利用此漏洞以root用户权限执行任意指令。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法： 删除setuid root位： chmod 550 /usr/sbin/snappd 厂商补丁： IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： ftp://aix.software.ibm.com/aix/efixes/security/snappdifix.tar.Z...

Joomla Artlinks Component <= 1.0b4 Remote Include Vulnerability

No description provided by source. .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Artlinks v1.0 Beta 4 Mambo/Joomla CMS...

phpDEV5 - Remote Default Insecure Users

------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL : www.firepages.com.au -...

invision131xss.txt

Description: Lack of checking in the SML codes. Exploit: Put this into any signature or post on an invision forum: COLOR=IMGhttp://aaa.aa/=aaa.jpg/IMGstyle=background:url"javascript:document.location.replace'http://www.hackthissite.org';" /color Fix: I'm not good at regexes :...

directory traversal in RaidenHTTPD 1.1.27

Donato Ferrante Application: RaidenHTTPD http://www.raidenhttpd.com/ Version: 1.1.27 Bug: directory traversal Date: 05-Feb-2005 Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Descripti...