CVE-2015-0986

Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey 1 set or 2 get command...

Design/Logic Flaw

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...

Simple Invoice 2011.1 Cross Site Request Forgery

Affected software: simple invoice Type of vulnerability:adding admin user via csrf URL:simpleinvoices.org Discovered by: provensec Website: provensec.com version:2011.1 Proof of concept...

Agilent Technologies Feature Extraction AnnotationX.AnnList.1 ActiveX Control Arbitrary Code Execution Vulnerability

Agilent Technologies Feature Extraction is a set of feature extraction software for automatically reading and processing image files from multiple original chips from Agilent Technologies. A security vulnerability exists in Agilent Technologies Feature Extraction's AnnotationX.AnnList.1 ActiveX...

CVE-2015-2092

The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to "Index Out-Of-Bounds."...

嘉缘人才系统sql注入#3

简要描述： 求20rank 详细说明： 首先看到frcms\member\requireslist.php if$do=="savedata" if$POST'id'=="" $POST'sid'=intval$Memberid; $POST'member'=getcookie'userlogin'; $POST'school'=getcookie'username'; ifempty$POST'title' showmsg'标题不能为空！','-1';exit; $POST'adddate'=date'Y-m-d H:i:s';...

(0Day) Agilent Technologies Feature Extraction ActiveX Control Index Out-Of-Bounds Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Agilent Technologies Feature Extraction. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the INSERT page in Cisco Prime Infrastructure PI allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868...

CVE-2014-2152

Cisco Prime Infrastructure (PI) contains a Cross-Site Request Forgery (CSRF) vulnerability on the INSERT page that could allow an unauthenticated/remote attacker to hijack the authentication of an authenticated PI user and perform actions on behalf of that user. Root cause is insufficient CSRF pr...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...

CVE-2015-1373

Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...

PHPAPP注入第九枚（insert无视过滤）

简要描述： PHPAPP注入第九枚（insert无视过滤） 详细说明： 在wooyun上看到了有人提了PHPAPP的漏洞： http://wooyun.org/bugs/wooyun-2010-055604，然后去官网看了看，前几天刚有更新，就在官网下了PHPAPP最新的v2.6来看看2014-12-11更新的。 PSOT注入点：wwww.xxx.com/member.php?action=1&app=43&cid=2&rid=-1, 存在漏洞的文件在/phpapp/apps/refund/memberphpapp.php...

74cms最新版 二次注入

简要描述： 详细说明： 74cms 20141128最新版 漏洞文件:/wap/plus/wapajax.php 610-654行： elseif $act == 'invitedadd' $smarty-cache = false; $resume=resumeone$POST"resumeid"; $jobs=jobsone$POST"jobsid"; if$SESSION'utype'!=1 exit"企业会员请登录后邀请面试"; if checkinterview$POST"resumeid",$POST"jobsid",$SESSION'uid' exit"repeat";...

Supesite 前台注入 #2 (Insert)

简要描述： Insert 无视GPC 装supesite会有ucenter 如果在一个裤的话 可以尝试把uckey注入出来 然后…… 详细说明： 来看看全局文件 if!getmagicquotesgpc $GET = saddslashes$GET; $POST = saddslashes$POST; $COOKIE = saddslashes$COOKIE; 判断gpc 是否开启 如果没有开启 就对get post cookie 转义 这里没有对files转义。 在batch.upload.php中 elseif !empty$POST //如果POST不为空 //编辑标题...

mongodb: memory over-read via incorrect BSON object length

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service crash or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read...

DEBIAN-CVE-2014-3507

Memory leak in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via zero-length DTLS fragments that trigger improper handling of the return value of a certain...

Memory corruption

Memory leak in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via zero-length DTLS fragments that trigger improper handling of the return value of a certain...

Fengcms SQL注入漏洞

简要描述： 官方给的测试站似乎被getshell了，吓坏了呀不是我干的 详细说明： app/controller/messageController.php class messageController extends Controller private $model = "message"; public function index return $this-display"message.html";//,M$this-model-page; public function add return...

74cms (20140709) 二枚二次注入

简要描述： 不好好的通过修改造成漏洞的代码 而是通过修改过滤函数。 现在的过滤函数, 虽然我是绕不过去了。 但是还是能找到几处能出数据的。 之前未通过,这次两个打个包来。 P.S:这很不好意思 之前测试demo的时候 因为有个是个update的点 忘记加where限制条件了 导致给某处全部都出数据了。。。。。 不只应该修改过滤函数,而且也应该在造成漏洞的代码好好的修复一下。 详细说明： 第一枚。 第一枚就不分析代码了。 首先注册一个企业会员 然后创建企业 单引号会被转义 然后转义入库。 找找出库的地方。 然后创建好企业后 发布招聘 如下。 点击发布后 可以看到报错了。 这里刚才的企业名出...

DMXReady Photo Gallery Manager <= 1.1 Contents Change Vulnerability

No description provided by source. Title : DMXReady Photo Gallery Manager = 1.1 Remote Contents Change Vulnerability Author : ajann from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 39.97 $ Dork : inurl:incphotogallerymanager.asp DorkEx :...