11967 matches found
PHPYUN设计缺陷可批量重置全部用户密码
简要描述: 不过重置成了什么我也不知道。 但如果有一天,一个网站所有用户密码全部被重置成随机字符了,所有遗失邮箱的用户就完全丢失自己的账号了。就算没有遗失邮箱,但莫名其妙地被重置密码了,谁会开心? 详细说明: 0x01. 访问链接friend/index.php?C=profile&id=1可以查看uid=1的用户的信息,其中就有用户名。 因为uid是数字,所以存在遍历的可能,我可以写一个脚本,把数据库中所有用户用户名遍历出来。 0x02...
Hubdia: Subscribe User bug
Hi Hubdia, i found a bug in your subscribe page https://hubdia.com/ which this bug can subscribe multiple emails. Vulnerable Link: https://hubdia.com/ Proof of Concept: 1. use Live HTTP Headers firefox addon 2. change the email see in attached photo 3. submit the request in many times Thanks,...
Yokogawa CS3000 BKESimmgr.exe Buffer Overflow
This module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the BKESimmgr.exe service when handling specially crafted packets, due to an insecure usage of memcpy, using attacker controlled data as the size count. This module has been tested successfully in...
Google Chrome Canary Bug Could Facilitate Phishing Attacks
Borrowing a tactic from the mobile Safari browser in iOS, Google may soon abandon displaying complete URLs in Chrome. The Canary version of the browser, an unstable version designed for developers and early adopters, is toying with the idea of no longer displaying full URLs in its Omnibox—what...
Seagate BlackArmor NAS - Multiple Vulnerabilities
Exploit Title: Seagate BlackArmor NAS Multiple Vulnerabilities Date: 2/17/14 Exploit Author: Shayan Sadigh twitter.com/r1pplex | Vendor Homepage: http://www.seagate.com/external-hard-drives/network-storage/ Version: All BlackArmor NAS devices.. Tested on: Linux CVE : N/A 1. some sort of backdoor...
GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection
Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/2014 +----------+ | OVERVIEW | +----------+ GeoCore is t...
ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities
ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities ----------exploit Debut Multiple Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com ----------Script Info Site : http://www.apphp.com Download : http://www.apphp.com/downloadsfree/phpmicroblog101.zip ----------exploit Info RCE...
Localize: XSS in Groups
Visit the following link after logging in: http://www.localize.io/pages/createproject/3D Add a new group with an XSS string as group name and you will see the XSS execting. String used: ? Thanks, Ben...
Yahoo!: readble .htaccess + Source Code Disclosure (+ .SVN repository)
Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...
Xerox DocuShare - SQL Injection
The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...
OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)
Exploit for multiple platform in category remote exploits Exploit Title: OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions Date: 2014-04-09 Exploit Author: Csaba Fitzl Vendor Homepage: http://www.openssl.org/ Software Link:...
XAMPP 3.2.1 / phpMyAdmin 4.1.6 XSS / CSRF
Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 = multiple vulnerabilities Date: 6/04/2014 Author: Software Link: http://www.apachefriends.org/en/xampp-windows.html Version: 3.2.1 & 4.1.6 Tested on: Windows 7 CVE : ██░ ██ ▄▄▄ ▄████▄ ██ ▄█▀▓█████ ██▀███ ▓█████▄ ▓█████ ██████ ██ ▄█▀ ▓██░ ██▒▒████▄ ▒██▀ ▀█...
CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities
Exploit Title : CMS Made Simple 1.11.10 Multiple XSS Vulnerability Google dork : N/A Date : 02/04/2014 Exploit Author : Blessen Thomas Vendor Homepage : http://www.cmsmadesimple.org/ Software Link : N/A Version : 1.11.10 Tested on : Windows 7 hosted in WAMP server Type of Application : open sourc...
Wordpress Themify Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Title : Wordpress Themify Arbitrary File Upload Vulnerability Author : Jje Incovers Date : 31/03/2014 Category : Web Applications Type : TXT, PHP, HTML, HTM, ASP, Etc. Vendor : http://themify.me/ Download : http://themify.me/themes Tested :...
Amazon Linux AMI : php55 (ALAS-2014-314)
A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before...
Kemana Directory 1.5.6 - qvc_init() Cookie Poisoning CAPTCHA Bypass
Kemana Directory 1.5.6 - qvcinit Cookie Poisoning CAPTCHA Bypass !C:\Perl64\bin\perl.exe Kemana Directory 1.5.6 qvcinit Cookie Poisoning CAPTCHA Bypass Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution...
Cisco Unified SIP Phone 3905 unauthorized access
Undocumented TCP/7870 service...
CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3948. Reason: This candidate is a duplicate of CVE-2013-3948. Notes: All CVE users should reference CVE-2013-3948 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Remote Buffer Overflow (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow in Yokoga...