3100 matches found
Job Site 1.0 - Multiple Vulnerabilities
Job Site 1.0 - Multiple Vulnerabilities Jobsite logo - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...
VLC 2.1.2 (.asf) - Crash PoC
Exploit for multiple platform in category dos / poc !/usr/bin/python VLC Media Player up to 2.1.2 DOS POC Integer Division By zero in ASF Demuxer VLC Media Player is prone to DOS utilizing a division by zero error if minimium data packet size is equal to zero. this was tested on windows XP sp3 an...
IBM Business Process Manager - User Account Reconfiguration
Exploit Title: IBM BMPS BPM User account reconfiguration/Privilege Escalation/Information Disclosure Date: 31.01.14 Exploit Author: 0in Software link: http://www-03.ibm.com/software/products/en/business-process-manager-family/ Version: 8.0.1.1 newest versions can also be vulnerable Vulnerability...
Eventy Online Scheduler V1.8 - Multiple Vulnerabilties
Eventy Online Scheduler version 1.8 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Eventy Online Scheduler V1.8 - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:...
Adult WebMaster PHP - Password Disclosure
Adult WebMaster PHP - Password Disclosure + Exploit:Adult Webmaster PHP - Password Disclosure + Author: vinicius777 + Email/Twitter: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/adultweb/ 1 Administrative Credential Disclosure PoC: root@kali:/ curl...
Adult Webmaster PHP - Password Disclosure Vulnerbility
Exploit for php platform in category web applications + Exploit:Adult Webmaster PHP - Password Disclosure + Author: vinicius777 + Email/Twitter: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/adultweb/ 1 Administrative Credential Disclosure PoC:...
PHPYUN会员中心之外的模块可伪造任意用户登录
简要描述: 任意用户登录 详细说明: 之前看到一个cookie里面的uid 都可以做任意文件删除。 那么 肯定cookie没有效验合法性于是review代码 发现直接设置cookie可以登录用户 并且具有一定的权限(非member模块均有权限) 漏洞证明: 在网站提问区找一个ID 设置cookieuidcookieusernamecookieusertype 访问会员中心会提示登录 但是到提问板块 成功伪造用户提交一个问答 在测试一下邀请面试 可以邀请 不过没有分。。 其他地方应该还有 我就不一一列举了!...
PHPYUN逻辑错误无限刷积分
简要描述: PHPYUN逻辑错误无限积分所以标题党了一下! 详细说明: 逻辑错误 未对用户输入严格过滤! 问题发生在 member/model/com.class.php 1158行 $integral=$this-config"integralcomcomments"$POST'time'; ..... if$statis"integral"obj-ACTmsg"index.php?C=pay","你的".$this-config"integralpricename"."不足,请先充值";...
PHPJabbers Hotel Booking System V3.0 - Multiple Vulnerabilties
Exploit for php platform in category web applications Hotel Booking System V3.0 - Multiple Vulnerabilties ==================================================================== .:. Author : HackXBack .:. Contact : email protected .:. Home : http://www.iphobos.com/blog/ .:. Script :...
JCMS /jcms/m_5_5/m_5_5_3/import_style.jsp 文件上传漏洞
No description provided by source...
Uebimiau 3.2.0 /admin/editor.php 代码执行漏洞
No description provided by source...
YXcmsApp某处xss导致getshell
简要描述: xss到后台导致getshell一条龙服务不过略鸡肋。 详细说明: YXCMS是一款面向企业的内容管理系统,采用三级缓存,MVC架构以BSD协议开源。 注册了用户以后来到用户管理页面,点击信息发布 - 增加咨询,发现是一个富文本编辑器,kindeditor。不管是什么编辑器,既然给了一个用户这么大的权限,这种情况下很容易出现xss。 随便输入点什么东西,抓包,修改content字段内容,写你的xss代码,什么都行。 好了。管理员在后台就能看到我提交的文章: 然后编辑的话就能触发xss:...
yxcms sql注入漏洞
简要描述: yxcms注入漏洞 详细说明: protected/apps/members/conttoller/photocontroller.php 343行 else if'del'!=$POST'dotype' $this-error'操作类型错误',url'photo/index'; ifempty$POST'delid' $this-error'您没有选择',url'photo/index'; $delid=implode',',$POST'delid'; $photos=model'photo'-select'id in...
Cisco EPC3925 - Persistent Cross-Site Scripting
Exploit Title: Cisco EPC3925 - Persistent Cross Site Scripting Google Dork: N/A Date: 12-11-2013 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.cisco.com Software Link: Not public Version: epc3925-E10-5-v302r125572-130520c Tested on: Cisco EPC3925 CVE: N/A Description The paramet...
RealPlayer 'RMP'文件处理远程堆缓冲区溢出漏洞
BUGTRAQ ID: 64398 CVECAN ID: CVE-2013-6877 RealPlayer是网上收听收看实时音频、视频和Flash的工具。 RealPlayer 16.0.2.32、16.0.3.51版本处理RMP文件时存在安全漏洞,远程攻击者可诱使客户端用户打开特制的RMP文件,利用此漏洞执行任意代码。 0 Real Networks RealPlayer 16.0.3.51 Real Networks RealPlayer 16.0.2.32 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Cisco EPC3925 Cross Site Request Forgery
Exploit Title: Cisco EPC3925 � Cross Site Request Forgery Google Dork: N/A Date: 12-11-2013 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.cisco.com Software Link: Not public Version: epc3925-E10-5-v302r125572-130520c Tested on: Cisco EPC3925 CVE: N/A Description: This proof of...
Cisco WebEx Multiple Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by convincing a user ...
ShopEx 最新版后台getshell
简要描述: 最新版shopex-single-4.8.5.81518 后台某处设计缺陷,可以绕过限制,导致可以操作任意文件,最终getshell。 详细说明: 现在流传的拿shell的方法好像都失效了,最新版的getshell。 在后台页面管理——模版列表——模板文件管理中,编辑任意文件: 然后在文件的内容中写入php木马,然后保存,截包: 在修改截获的数据包,修改name的值为php后缀的,这里直接输入php后缀是不行的,可以使用%00绕过: 保存成功。模板文件列表中已经生产了xiaoma.php文件。 最后连接一下:...
TCCMS全版本COOKIE注入(已演示证明)
简要描述: TCCMS teamcen.com Cookie Injection 具体请见详细说明 证明处使用SQLMAP注射成功 详细说明: /public/Class/Authen.class.php 省略无关代码 请注意添加注释处代码,下同 public static function checkUserLogin $Obj = M"user"; if empty$COOKIE'userId' || empty$COOKIE'AuthenId' return false; //下面的语句直接使用$COOKIE'userId'没有过滤 $sql="select password fr...
cmseasy xss+csrf getshell
简要描述: 第一次XSS处就给了你了。 详细说明: lib/tool/frontclass.php None 访问http://localhost/template/default/test.php 漏洞证明: 第一次XSS处就给了你了。...