D-Link DNS-323 - Multiple Vulnerabilities

Exploit Title: D-Link DNS-323 Multiple Vulnerabilities Author: sghctoma E-mail: [email protected] Category: Hardware Vendor: http://www.dlink.com/ Firmware Version: 1.09 Product:...

phpMyAdmin preg_replace()远程PHP代码执行

BUGTRAQ ID: 59460 CVECAN ID: CVE-2013-3238 phpmyadmin是MySQL数据库的在线管理工具，主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 3.5.8、4.0.0-rc2及其他版本的pregreplace函数可被利用在服务器端执行任意PHP代码，攻击者用特制参数作为常规表达式，在此表达式内包含空字节，当phpMyAdmin使用"Replace table prefix"功能时，会错误地过滤传递到pregreplace的特制参数。导致在Web服务器上下文中执行任意PHP代码。 0...

JBoss 4.2.0 BSHDeployer 代码执行漏洞

JBoss是基于J2EE的开放源代码的应用服务器，其4.2.0版本默认会开启BSHDeployer服务， 当攻击者绕过JMX-console拦截里， 可以利用BSHDeployer服务方便地（将war信息直接写在bsh文件里）部署一个war，从而成功地远程部署了恶意代码。 JBoss 4.2.0...

Out-of-bounds write in Cairo library — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading t...

ThinkSNS V3缺陷-02

简要描述： ThinkSNS V3正式放出，特表示祝贺。 不带刷的，友情检测（因为我们公司要用！真的要用！！） 详细说明： 关键词：任意用户微博（动态）删除！ 删除个人微博（动态）请求如下 POST /t3/index.php?app=public&mod=Feed&act=removeFeed HTTP/1.1 Host: demo.thinksns.com User-Agent: Mozilla/5.0 Windows NT 6.1; rv:19.0 Gecko/20100101 Firefox/19.0 Accept: application/json,...

The GNU/Linux kernel new features initiator to mention the right vulnerability-vulnerability warning-the black bar safety net

SUSE security research members of the Sebastian Krahmer has published the GNU/Linux kernel to mention the right vulnerability, recent GNU/Linux kernel3.8+have introduced a In order to facilitate the container to achieve the new features: user-namespacesuser-ns, CLONENEWUSER flag, this feature...

Cool PDF Reader Image Stream Stack Overflow

Added: 03/11/2013 CVE: CVE-2012-4914 BID: 57461 OSVDB: 89349 Background Cool PDF Reader is a small viewer/reader that can view, print, and convert PDF files to TXT, BMP, JPG, GIF, PNG, WMF, EMF, EPS. Problem Cool PDF Reader versions 3.0.2.256 and prior do not perform proper bounds checking on ima...

Qool CMS v2.0 RC2 XSRF Add Root Exploit

Summary Qool CMS is a content management system that helps web masters be more productive. Qool has been built with both worlds web master, web developer in mind. It is easy to create addons extensions for the system but you can really do without them too. Description Qool CMS allows users to...

Question2Answer - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/58414/info Question2Answer is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible...

Ultra Light Forum Cross Site Scripting

Ultra Light Forum Persistant XSS Vulnerability By cr4wl3r http://bastardlabs.info http://bastardlabs.info/advisories/?id=86 Script: http://sourceforge.net/projects/ultralightforum/files/ Tested: Win 7 Description : Ultra Light Forum developed in PHP and MySQL as a standalone forum with high speed...

osCommerce 2.3.3 Cross Site Request Forgery

your shell should be here: catalog/includes/languages/english/download.php?cmd=id...

Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode

/ Title: Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode Date: 2013-22-01 Author: RubberDuck Web: http://bflow.security-portal.cz http://www.security-portal.cz Tested on: Win 2k, Win XP Home SP2/SP3 CZ 32, Win 7 32/64 -- file is downloaded from URL...

NConf 1.3 - Arbitrary File Creation

NConf 1.3 - Arbitrary File Creation Exploit Title: nconf file read and wrtite exploit Date: 2013/1/20 Exploit Author: haidao，[email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Version: nconf 1.3 Tested on: Server: Apache/2.2.15 Centos PHP/5.3.3 nconf can modify t...

Nagios3 history.cgi Host Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 'Nagios3 history.cgi Hos...

DedeCMS 5.7 plus/search.php SQL注入漏洞

No description provided by source...

Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP Bypass) (MS12-037)

function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length...

FoxPlayer 2.9.0 - Denial of Service

!/usr/bin/python Exploit Title:Denial of Service in FoxPlayer version 2.9.0 Download link :http://www.foxmediatools.com/installers/fox-player-setup.exe Author: metacom version: version 2.9.0 Category: poc Tested on: windows 7 German filename="evil.m3u" buffer = "\x41" 5000 textfile = openfilename...

phpwcms 'preg_replace()'多个远程PHP代码注入漏洞

BUGTRAQ ID: 56964 phpwcms是开源内容管理系统。 phpwcms 1.5.4.6及其他版本在实现上存在多个代码注入漏洞，通过身份验证的远程攻击者可以用"backend user""admin user""backend user"账户利用这些漏洞（"frontend user"账户不能利用这些漏洞）在受影响计算机内执行任意PHP脚本代码。 0 phpwcms = v1.5.4.6 厂商补丁： phpwcms ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.phpwcms.de/...

Joomla Component com_jooproperty Sql Injection / Xss Vulnerability

JooProperty is a real estate component developed for Joomla 1.7 and 2.5 with complex integrated booking features, price calculation for different seasons and comment and rating functions. The component is based on com-property for Joomla 1.5 of Fabio Ueltzinger and offers the possibility to impor...

Sourcefabric Newscoop - 'f_email' SQL Injection

source: https://www.securityfocus.com/bid/56800/info Newscoop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data...