11967 matches found
pigcms /index.php injection Vulnerability
0x01 漏洞简介 关键词:inurl:index.php?g=Home&m=Index&a=help intitle:营销系统 inurl:login 漏洞位置:index.php?m=Index&a=reg(注册页面) 0x02 漏洞利用 这里以http://.../index.php?m=Index&a=reg为例: 测试数据,截取数据包: POST /index.php?m=Users&a=checkreg HTTP/1.1 Host: ... Proxy-Connection: keep-alive Content-Length: 151 Cache-Control:...
PHP Utility Belt Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'PHP Utility Belt Remote Code Execution', 'Description' = %q This module exploits a remote code execution vulnerability in PHP Utilit...
MyBB < 1.6.10 Multiple Vulnerabilities
Binary data 9119.prm...
LeaseWeb: Server version is disclosure in http://leasewebnoc.com/
Hello Leaseweb It's my same report but it's for different web application http://leasewebnoc.com here is sever version disclosure in http://leasewebnoc.com as when I have request about .htaccess , that returns result of forbidden but following server version publicly disclosure. Apache/2.2.22...
Vulnerability in OpenSSL - Fix memory issues in BIO_*printf functions
The internal |fmtstr| function used in processing a “%s” format string in the BIOprintf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doaproutch| function can attempt to write to an OOB memory...
Cisco NX-OS OpenSSL Multiple Vulnerabilities
The remote Cisco device is running a version of NX-OS software that is affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this iss...
namnak.com XSS vulnerability
Vulnerable URL: http://namnak.com/?a=%3C/title%3E%3C/script/%22-alert%280%29-%22--%3E%3Cimg/onerror=%27;alert%28/XSSPOSED/%29;%27src=1%3E%3Cscript/src=data:,alert%282%29-%26quot;%22%3E%3Cimg%20src=1%20onerror=alert%283%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest...
jcms系统session重置导致getshell
简要描述: 详细说明: jcms系统session重置导致getshell 在/jcms/jcmsfiles/jcms1/web1/site/module/oss/quecode.jsp String sessionId = request.getParameter"sessionid"; 直接通过sessionid获取值 code1.setSessionNamesessionId; 然后又直接设置session 而在我们的jcms中的setup后台管理制作端中又只判断其中cookieusername是否为空 不为空即就登录 可参考如下:...
Microsoft Windows WebDAV BSoD Proof Of Concept
/ Source: https://github.com/koczkatamas/CVE-2016-0051 Proof-of-concept BSoD Blue Screen of Death code for CVE-2016-0051 MS-016. Full Proof of Concept: https://github.com/koczkatamas/CVE-2016-0051/archive/master.zip...
SIMOGEO FileManager 2.3.0 Path Traversal
Exploit Title: SIMOGEO FileManager 2.3.0 - Path Traversal Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone http://github.com/simogeo/Filemanager.git Version: 2.3.0...
Shopify: XSS on hardware.shopify.com
Hello @Shopify. I found CSRF and XSS, that very good combine with each other. CSRF This CSRF is not dangerous, but is serves me in order to perform other bugs. For example, here CSRF for adding product: http://hardware.shopify.com/cart/add?&id=1106494145&iPad Stand=1120276481&Cash...
botan: multiple issues
CVE-2016-2194 denial of service The ressol function implements the Tonelli-Shanks algorithm for finding square roots could be sent into a nearly infinite loop due to a misplaced conditional check. This could occur if a composite modulus is provided, as this algorithm is only defined for primes...
ProjectSend r582 - Multiple Vulnerabilities
Exploit for php platform in category web applications Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference Risk...
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery
Exploit Title: Wordpress simple add pages or posts CSRF Vulnerability Date: 2016/29/01 Exploit Author: ALIREZAPROMIS Vendor Homepage: https://wordpress.org/plugins/simple-add-pages-or-posts/ Software Link: https://downloads.wordpress.org/plugin/simple-add-pages-or-posts.1.6.zip Version: 1.6 Teste...
earthpulse.nationalgeographic.com XSS vulnerability
Open Bug Bounty ID: OBB-131255 Description| Value ---|--- Affected Website:| earthpulse.nationalgeographic.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6...
BlackEnergy APT Group Spreading Malware via Tainted Word Docs
Attackers have begun using rigged Microsoft Word documents propagated via spearphishing emails to spread the BlackEnergy Trojan. Researchers with Kaspersky Lab’s Global Research and Analysis Team discovered a malicious Word document last week that appears to stem from a campaign against one of th...
Linux x86/x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
/ + Author : B3mB4m Contact : email protected Project : https://github.com/b3mb4m/Shellsploit Greetz : Bomberman,T-Rex,KnocKout,ZoRLu If you want test it, you must compile it within x86 OS. Or basically you can get it with shellsploit. Default setthings for port:4444 00000000 31C0 xor eax,eax...
Rails Dynamic Render 远程命令执行漏洞 (CVE-2016-0752)
如果你的应用程序使用的动态模版路径 例如: render params:id 那么你的程序将会存在远程代码执行和本地文件包含漏洞. 请把你的 Rails 升级到最新版本, 或者重构你的 controllers。 我们将展示如何在特定环境下使用代码执行和本地包含漏洞去攻击 Ruby on Rails 。 Rails的控制器有包含指定渲染文件的功能,举个例子, 当我们调用 show 方法的时候,如果没有定义其他渲染方法,该框架将会隐藏渲染 show.html.erb 文件。 在绝大多数情况下,开发者会输出不同的格式,例如:文本, JSON, XML 或者其他任何格式,或者查看一个文件,...
Tor: [tor] libevent dns remote stack overread vulnerability
Hello, the nameparse function in libevent's DNS code is vulnerable to a buffer overread. c 935 static int 936 nameparseu8 packet, int length, int idx, char nameout, int nameoutlen 937 int nameend = -1; 938 int j = idx; 939 int ptrcount = 0; 940 define GET32x do if j + 4 length goto err; memcpy&t3...
Apple iOS < 9.2.1 Multiple Vulnerabilities
Binary data appleios921check.nbin...