15 matches found
PT-2026-30242
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the admin only option, allowing unauthenticated users to access the full browsing history of all gallery visitors. This issue has been patched...
EUVD-2019-10771
Malware in sbrugna...
EUVD-2009-2549
Malware in sbrugna...
EUVD-2019-10770
Malware in sbrugna...
D-Link DIR-859 ssdpcgi() M-SEARCH arbitrary command execution vulnerability (CNVD-2020-13689)
The D-Link DIR-859 is a router device. A security vulnerability exists in the D-Link DIR-859 ssdpcgi M-SEARCH method handling, which can be exploited by remote attackers to submit a special request to execute arbitrary commands...
CVE-2019-20216
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because REMOTEPORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an...
CVE-2019-20217
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because SERVERID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attack...
Design/Logic Flaw
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because SERVERID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attack...
CVE-2019-20215
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because HTTPST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker t...
CVE-2014-8083
SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action...
Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (MS03-007) (Metasploit)
$Id: ms03007ntdllwebdav.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Editor vulnerability summary-vulnerability warning-the black bar safety net
How to search editor vulnerability? site:editor inurl:asp? id inurl:ewebeditornet Such as the common editor of the vulnerability are: ewebeditor ewebeditornet fckeditor editor southidceditor SouthidcEditor bigcneditor A:ewebeditor is an example 1:default download down the back:...
Buffer overflow
Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument varBrowser argument to the search method. NOTE: some of these details are obtained from third...
MS03-007 Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
This exploits a buffer overflow in NTDLL.dll on Windows 2000 through the SEARCH WebDAV method in IIS. This particular module only works against Windows 2000. It should have a reasonable chance of success against SP0 to SP3. This module requires Metasploit: https://metasploit.com/download Current...
Reverse thinking about the Google search URL and decryption-bug warning-the black bar safety net
Google each of the search sequences linked by a plurality of instruction parts, these instructions carry out their duties, constitute the full search results of“filter”. If we mastered the whole Google search URL in the configuration mode, it is possible to very easily feel free to create we need...