PHPCodeCabinet <= 0.5 (Core.php) Remote File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '63800' ssvid version = '1.0' author = '周神' vulDate = '2006-08-09' createDate = '2015-12-24...

MyABraCaDaWeb <= 1.0.3 (base) Remote File Include Vulnerabilities

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class MyABraCaDaWebRemoteFileIncludePOCBase: vulID = '63954' version = '1' vulDate = '2006-09-08' author = ' '...

Insky CMS 006-0111 - Multiple Remote File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class InskyCMSRemoteFileIncludePOCBase: vulID = '68005' version = '1' vulDate = '2006-06-25' author = ' '...

doorGets CMS SQL injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability version: doorGets CMS 5.2 Vulnerability description: CVE ID:CVE-2 0 1 4-1 4 5 9 doorGets CMS is a content management system. Since the transfer to"/dg-admin/index.php"script"positiondownid" HTTP POST parameters failed to adequately filtered, the attacker can access the management...

Joomla! ‘index.php’ SQL injection vulnerability-vulnerability warning-the black bar safety net

SSV-ID:6 1 4 5 9 Ranking Wiki contributions to vulnerability scanning to cloud storage VPS Mac SSV-AppDir:Joomla vulnerability Published: 2014-02-06 Vulnerability version: Joomla! 3.2.1 Vulnerability description: BUGTRAQ ID: 6 5 4 1 0 Joomla! Is the United States the Open Source Matters team...

Apple iOS6 特殊阿拉伯字符拒绝服务漏洞

Apple iOS是由苹果公司开发的手持设备操作系统。 Apple iOS6版本在处理包含某些特殊阿拉伯字符字符的邮件、短信或是微博时，就会造成应用程序闪退。此漏洞系iOS6相关漏洞，iOS7无此现象。mac chrome／safrari也受影响。 0 Apple MacOS 10.8.x Apple iOS 6 临时解决方法： Sebug建议您根据需要升级到iOS7. 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://support.apple.com/...

phpcms 2007 onunload.inc.php update SQL注入漏洞

code!--?php defined'INPHPCMS' or exit'Access Denied'; $serverid ? 1 : showmessage$LANG'illegaloperation'; $db---query"UPDATE ".TABLEMOVIESERVER." SET num = num-1 WHERE serverid = $serverid AND num 0 "; 2 ?/code $serverid没有进行任何过滤也没有用单引号括起来，所以无视gpc。 核心文件include\common.inc.php里大概80左右变量覆盖漏洞。...

Microsoft Internet Explorer 中心元素远程代码执行漏洞 (MS12-037)

CVE ID: CVE-2012-1523 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer 访问已经删除的对象时存在远程代码执行漏洞。攻击者可利用当前用户权限执行任意代码以破坏内存。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x 临时解决方法：...

Microsoft IE insertAdjacentText远程代码执行漏洞漏洞 (MS12-037)

CVE ID: CVE-2012-1879 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 IE访问未定义的内存位置时存在远程代码执行漏洞。攻击者可利用当前用户权限执行任意 代码以破坏内存。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x 临时解决方法： 如果您不能立刻安装补丁或者升级，SEBUG建议您采取以下措施以降低威胁：...

Microsoft IE insertRow远程代码执行漏洞 (MS12-037)

CVE ID: CVE-2012-1880 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer访问已经删除的对象时存在远程代码执行漏洞，攻击者可利用当前用户权限执行任意代码以破坏内存。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x 临时解决方法：...

phpMyAdmin Setup接口跨站脚本漏洞

Bugtraq ID: 50175 CVE ID：CVE-2011-4064 phpMyAdmin是一款基于PHP的MySQL管理程序。 部分传递给setup.php的输入在返回用户之前缺少过滤，攻击者构建恶意链接，诱使用户解析，可导致恶意脚本在目标用户浏览器上执行，可获得目标用户敏感信息或劫持用户会话。 如果存在配置目录并可写，那么XSS负载可保存在此目录中。 phpMyAdmin 3.x 厂商解决方案 phpMyAdmin 3.4.6已经修复此漏洞，建议用户下载使用： http://www.phpmyadmin.net/ !/usr/bin/env python coding:...

DeDeCMS(weaving dreams)variable overwrite 0day getshell-a vulnerability warning-the black bar safety net

! usr/bin/php-w ? php errorreportingEERROR; settimelimit0; printr' DEDEcms Variable Coverage Exploit Author: www.heixiaozi.com www.webvul.com ; echo "\r\n"; if$argv2==null printr' +---------------------------------------------------------------------------+ Usage: php '.$ argv0.' url aid path aid...

WordPress Super CAPTCHA plugin &lt;= 2.2.4 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Super CAPTCHA plugin = 2.2.4 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/super-capcha.2.2.4.zip Version: 2.2.4 tested...

WordPress Collision Testimonials plugin &lt;= 3.0 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Collision Testimonials plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/collision-testimonials.zip Version: 3.0...

马克斯CMS(Maxcms) admin_inc.asp SQL注入漏洞

在文件admin/ admininc.asp中： Sub checkPower //第103行 dim loginValidate,rsObj : loginValidate = "maxcms2.0" err.clear on error resume next set rsObj=conn.db"select mrandom,mlevel from premanager where musername='"&rCookie"musername"&"'","execute" rCookie函数在文件inc/ CommonFun.asp中 Function rCookiecookieNa...

Php168 v2008 special.php sql注入漏洞

PHP168整站是PHP领域当前功能最强大的建站系统,代码全部开源,可极其方便的进行二次开发,所有功能模块可以自由安装与删除,个人用户完全免费使用。 在文件member/ special.php中： elseif$job=="showiframe" //第126行 $rsdb=$db-getone"SELECT FROM $prespecial WHERE uid='$lfjuid' AND id='$id'"; …… if$act=="del"&&$aid //第155行 $detail=explode",",$rsdbaids; foreach $detail AS...

Php168 v2008 list.php sql注入漏洞

PHP168整站是PHP领域当前功能最强大的建站系统,代码全部开源,可极其方便的进行二次开发,所有功能模块可以自由安装与删除,个人用户完全免费使用 在文件member/ list.php中： if!$aidDB //第127行 showerr"请至少选择一篇文章"; …… if$Type=='delete' //第49行 makemorearticlehtml"$FROMURL","del0",$aidDB; makemorearticlehtml函数在inc/articfunction.php文件中： function...

Phpcms 2 0 0 8 query.php SQL injection vulnerability and repair programme-vulnerability warning-the black bar safety net

Affected version: Phpcms 2 0 0 8 vulnerability description: In the file the ask/query. php: case 'editanswer': //paragraph 3, line 9 if$dosubmit ifstrlen$answertext 1 0 0 0 0 showmessage'answer the number of words cannot exceed 1 0 0 0 0 characters'; $posts'message' = $M'useeditor' ? $answertext ...

Phpcms 2008 query.php SQL注入漏洞

在文件ask/query.php中： case 'editanswer': //第39行 if$dosubmit ifstrlen$answertext 10000 showmessage'回答字数不能超过10000个字符'; $posts'message' = $M'useeditor' ? $answertext : striptags$answertext; $answer-edit$pid, $posts, $userid; $answer-edit在文件ask\include\answer.class.php中： function edit$id, $posts, $useri...

BlueCMS v1. 6 sp1 ad_js.php SQL injection vulnerability-vulnerability warning-the black bar safety net

Affected version: BlueCMS v1. 6 sp1 Vulnerability description: The defect file: adjs.php Vulnerability causes: the 1 2: $adid = ! empty$GET'adid' ? trim$GET'adid' : "; //root directory of the other files are doing a very good filter, the logarithm of the font variables almost always use intvalto ...