Microsoft Internet Explorer CMarkup::Insert Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Snowden reveals, GCHQ planted malware via LinkedIn and Slashdot traffic to hack Belgacom Engineers

Edward Snowden, a former contractor at America's National Security Agency NSA, has rocked the intelligence world by leaking secret documents which reveal the previously unknown extent of global spying. But looks like the NSA isn't the only one using dirty digital tricks to hack its targets. Back ...

IBM DB2 10.1 < Fix Pack 3 Multiple Vulnerabilities (credentialed check)

According to its version, the installation of IBM DB2 10.1 on the remote host is affected by the following vulnerabilities : - When a multi-node configuration is used, an error exists in the Fast Communications Manager FCM that could allow denial of service attacks. CVE-2013-4032 / IC94434 - An...

Apache 'mod_accounting'模块SQL注入漏洞(CVE-2013-5697)

BUGTRAQ ID: 62677 CVE ID: CVE-2013-5697 modaccounting是Apache 1.3.x上的流量计费模块，该模块使用数据记录流量，支持的数据库类型包括MySQL及PostgreSQL。 modaccounting 0.5模块在Host报文头中存在SQL注入漏洞，攻击者可利用此漏洞破坏应用，执行未授权数据库操作。该漏洞源于用户提供的HTTP报文头未经过滤即用在查询内。该模块使用了简单的字符串串联来修改已定义查询内的占位符，然后再发送到数据库内。该代码位于modaccounting.c内。 0 modaccounting 0.5 临时解决方法：...

织梦内容管理系统(DedeCms) 小说模块insert注入漏洞

DedeCms是免费的PHP网站内容管理系统。 织梦内容管理系统DedeCms 以简单、实用、开源而闻名，是国内最知名的PHP开源网站管理系统，也是使用用户最多的PHP类CMS系统。 在gpc=off的情况下，小说模块添加章节insert注入漏洞。 0 Dedecms 厂商补丁： dedecms ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.dedecms.com/products/dedecms/...

MySQL: Вытягивание записей в строку с использованием встроенной функции insert

Все вы знаете о выводе колонок MySQL таблицы в одну строку, итак, встречаем - Четвертый метод! Но об этом немного позже, а сейчас вспомним то, что имеется на сегодняшний день. Из статьи Dr.Z3r0: MySQL SQL Injection полный FAQ: 1. groupconcat + Простое использование, небольшой размер - Ограничение...

ecshop最新版本前台二次注入系列(2)

简要描述： 二次注入第二枚，这个点的注入内容至少进出数据库6次才最终到达了注入结果页面，当然全程可控。 详细说明： 先上注入结果图： SQL注入流程： 1.插入注入代码goodsattr至订单商品/wholesale.php可以插入,即商品批发页面，这里的goodsattr和 WooYun: ecshop最新版本前台二次注入系列1 里goodsattrid是不同的，之前的漏洞即正常在商品页面加入购物车是不能控制goodsattr的，当时goodsattr从数据库商品属性表读取。 2.将1生成的订单在用户中心订单查看页执行“放回购物车”操作。 3.查看购物车页面，注入代码执行 代码分析：...

Drupal Htmlarea 4.7.x-1.x Shell Upload

. \ \ | | | / | \ | | / | \ \ / | |/ / / / \ | | \ |/ \ | | / /\ | \ | /\ / / / / / /// .ORG + Info================================================================= Title: Drupal Htmlarea Modules 4.7.x-1.x / Arbitary File Upload Vulnerabilities Author: Net.Edit0r Contact:...

EggBlog 4.1.2 - Arbitrary File Upload

EggBlog 4.1.2 - Arbitrary File Upload Exploit Title: eggBlog Arbitrary File Upload Vulnerability Google Dork:"powered by eggBlog.net" Date: 28/04/2013 Exploit Author: Pokk3rs Vendor Homepage: http://eggblog.net/ Software Link: http://sourceforge.net/projects/eggblog/files/eggBlog%204/v4.1.2/ Test...

Deserialization of untrusted data

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action...

CVE-2012-4197

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action...

vBulletin vBay 11.9 SQL Injection

!/usr/bin/env python -W ignore::DeprecationWarning """ VBay input variable "type" being assigned with the datatype NOHTML. Using this data type allows malicious attacks to still be executed. At line 448, it is used within the insert into statement, without any sanitization. POC - You will need to...

openwysiwyg Remote File Upload Vulnerability

Exploit for php platform in category web applications db 88 d88b "" d8'8b d8' 8b ,adPPYba, ,adPPYba, ,adPPYba, 88 8b,dPPYba, ,adPPYba, d8YaaaaY8b I8 "" a8P88 I8 "" 88 88P' "8a a8" "8a d8""""""""8b "Y8ba, 8PP""""""" "Y8ba, 88 88 88 8b d8 d8' 8b aa 8I "8b, ,aa aa 8I 88 88 88 "8a, ,a8" d8' 8b "YbbdP...

CVE-2011-2503

The insertmodule function in runtime/staprun/staprunfuncs.c in the systemtap runtime tool staprun in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module...

Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38)

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via...

Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38)

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via...

Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities

This host is running Oracle GlassFish Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboracleglassfishservermultvuln.nasl 5956 2017-04-14 09:02:12Z teissa $ Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities Authors: Sooraj KS Copyright: Copyright c 20...

Wordpress Plugin Wp-insert [FCKeditor] Upload Shell

Exploit for php platform in category web applications Exploit Title: Wp-insert Wordpress Plugin FCKeditor Upload Date: 06-04-2012 Author: Hacker-Fire Category:: webapps Software Link: http://wordpress.org/extend/plugins/wp-insert/ Google dork: /wp-insert/fckeditor/ Tested on: Windows 7 & BT5r2 De...

Plume CMS 1.2.4 - Cross-Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS CSRF Exploit to add and publish News inp...

Windows Manage Certificate Authority Injection

This module allows the attacker to insert an arbitrary CA certificate into the victim's Trusted Root store. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Certificate Authority...