27 matches found
discuz!某自带工具可拿shell
简要描述: discuz!某自带工具,由于使用不当,可以造成webshell。 而且经过调查,使用者数量较大。 详细说明: discuz! 安装包中会自带一个转换工具 convert 这个工具由于存在安全问题,可以拿shell 一般存在网站目录 convert 或 utility/convert 而且经过调查,使用数量还是很大的。 使用前题是data目录可写,这也是这个工具的使用前题。 分析: 文件: utility\convert\include\doconfig.inc.php 中 保存配置,跟踪到saveconfigfile...
MemDb - Multiple Remote Denial of Service Vulnerabilities
!/usr/bin/python Title: MemDb Multiple Remote Dos Products: MemCompany v1.0- Memdb Memory Database System v1.02- Memdb Online Survey Sistem v2006 Date: 28/06/2010 Author: Markot Advisory: http://www.corelan.be:8866/advisories.php?id=CORELAN-10-054 Platform: Windows XP sp3 En Greetz to: Corelan...
Max.Blog 1.0.6 Arbitrary Delete Post Exploit
No description provided by source. html head titleMax.Blog 1.0.6 Delete Post Exploit/title /head body p align="center" bMax.Blog 1.0.6 Delete Post Exploit/bbr /br / bDiscovered by bSirGod/bbr / Thanks to bNytro/bbr / Please visit : br / ------------------------br / www.mortal-team.orgbr /...
Max.Blog 1.0.6 Arbitrary Delete Post Exploit
Exploit for unknown platform in category web applications ============================================ Max.Blog 1.0.6 Arbitrary Delete Post Exploit ============================================ Max.Blog 1.0.6 Delete Post Exploit Max.Blog 1.0.6 Delete Post Exploit Discovered by SirGod Thanks to Nyt...
CVE-2002-1087
The scripts 1 createdir.php, 2 removedir.php and 3 uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request...
Cisco ATA-186 Password Circumvention / Recovery
The remote host appears to be a Cisco ATA-186 - an analog telephone adapter used to interface analog telephones to VoIP networks. The adapter is configured via a web interface that has a security bypass vulnerability. It is possible to bypass authentication by sending an HTTP POST request with a...
Fastgrafs whois.cgi - Remote Command Execution
Fastgrafs whois.cgi - Remote Command Execution !/usr/bin/perl whois.pl - Marco van Berkum - [email protected] homepage: http://ws.obit.nl - exploits Fastgraf's whois.cgi DO NOT EDIT THIS HEADER, else the bedbugs will bite Greets to sigmo for finding stupid POST examples Also greetings to DUCKEL...