131 matches found
CVE-2020-11815
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting...
CVE-2020-11535
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to rewrite this binary and/or libxcb.so.1, and execute code on a victim's server...
Valve: Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution
A crafted map detailed texture file maps/detail.txt can be used to exploit a stack overflow vulnerability in hw.dll that can lead to remote code execution. Reproduction I used Counter-Strike for PoCs. Using a listen server - Place attached csassaultdetail.txt in cstrike/maps folder - Start the ga...
Weblate: No Rate Limit On Add new word
Hello I found in that there is no limit in the place of adding a new word which allows the attacker to add an infinite number of words which may cause a problem in the site and the server Steps To Reproduce : 1. Go To https://hosted.weblate.org/dictionaries/andors-trail/en/add And Fill in fields...
ArcGIS Server 10.3.1 RMIClassLoader useCodebaseOnly=false Code Execution Exploit
ArcGIS Server version 10.3.1 suffers from an RMIClassLoader useCodebaseOnly=false remote code execution vulnerability. Using an Esri-provided image on Azure's Marketplace, ArcGIS Server 10.3.1 started Java's rmid on port 1098 and explicitly set the property java.rmi.server.useCodebaseOnly equal t...
RubyGems: Remote code execution on rubygems.org
When parsing a gem POSTed to the /api/v1/gems endpoint, the rubygems.org application immediately calls Gem::Package.newbody.spec inside app/models/pusher.rb. The authors of the application correctly observed that parsing untrusted YAML is dangerous since it can serialize more or less arbitrary...
CVE-2017-1000029
Removed by vendor...
Autobahn|Python Origin Header Manipulation
Observation: Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context. Proof of Concept: The...
OpenSSL SSLv2 DROWN Attack Vulnerability - Windows
OpenSSL is prone to the DROWN attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescripti...
Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion
Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion ------------------------------------------------------------------------ Glype proxy cookie jar path traversal allows code execution ------------------------------------------------------------------------ Securify, September...
Zimbra - Privilegie Escalation via LFI (0day)
No description provided by source. Exploit Title: Zimbra 0day exploit / Privilegie escalation via LFI Date: 06 Dec 2013 Exploit Author: rubina119 Contact Email : rubina119atgmail.com Vendor Homepage: http://www.zimbra.com/ Version: 2009, 2010, 2011, 2012 and early 2013 versions are afected, Teste...
Gattaca Server 2003 Language Variable Path Exposure
No description provided by source. source: http://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error...
MS02-065 Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
This module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components MDAC Remote Data Service RDS DataFactory service. The service is exploitable even when RDS is configured to deny remote connections handsafe.reg. The service is...
TailoredWeb Shell Upload
Title : TailoredWeb FileShell Upload Vulnerability Author: eXeSoul Home : www.indishell.in or www.andhrahackers.com Email : [email protected] date : 19/3/2011 D0rk : Developed By TailoredWeb.com category : Web Apps php .-" "-. / \ | eXeSoul | |, .-. .-. ,| | o/ \o | |/ /\ | @ ^^ \|IIIIII|/ @8@8 /...
Microsoft SharePoint Server Arbitrary File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Office Document...
Borrow from the administrator login penetration-vulnerability warning-the black bar safety net
Software author: withered Ling roseN. C. P. H Information source: evil octal information security team The most important experience is that we have a thought:the administrator how to get in,we'll how to get in. This station of penetration is relatively slow,it took more than a week. The site ver...
phpNULL.txt
Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte vulnerability for perl CGI applications was described in 1...
Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload Vulnerability
No description provided by source. +File Inclusion: Input passed to the "rub" parameter in "lire.php" isn't properly verified, before it is used to include remote files Successful exploitation requires that "registerglobals" is enabled. lire.php code ? 73 ifempty$GET"rub"$rub=rtrim$rubriques0; el...
Golden FTP Server 2.02b - Remote Buffer Overflow
Golden FTP Server 2.02b - Remote Buffer Overflow !/usr/bin/perl -w Barabas - www.whitehat.co.il - cheers to muts and all peeps at WH. XPSP2 goldenftpserver sploit - bind 4444 use strict; use Net::FTP; my $payload="\x41"x260; $payload .="\x65\x82\xa5\x7c";jmpesp $payload .="\x90"x32;not really...
MySQL Eventum index.php email Parameter XSS
The MySQL Eventum install hosted on the remote web server is vulnerable to a cross-site scripting attack because it fails to sanitize user-supplied input to the 'email' parameter of the 'index.php' script before using it to generate dynamic HTML output. With a specially crafted URL, an attacker c...