520 matches found
Nakid-CMS CSRF, Persistent XSS & LFI
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NAKIDCMS0611.txt Vendor: ================================ http://kilrizzy.github.io/Nakid-CMS/ Product: ================================ kilrizzy-Nakid-CMS-f274624 Nakid CMS is...
Nakid CMS - Multiple Vulnerabilities
Nakid CMS - Multiple Vulnerabilities Exploit Title: CSRF, Persistent XSS & LFI Google Dork: intitle: CSRF, Persistent XSS & LFI Date: 2015-06-11 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: kilrizzy.github.io/Nakid-CMS Software Link:...
Docker /proc/ directory insecure permission configuration vulnerability
Docker is an open source application container engine that allows developers to package their applications as well as dependency packages into a portable container and then distribute it to any popular Linux machine, also enabling virtualization. Docker insecurely sets up the /proc/ directory and...
XYCMS企业建站系统 2.5(注射&&后台配置插马)
简要描述: 前年她17岁,她看到我的IPad,说“姐夫,你的IPad不错嘛!” 她回去的时候,她姐姐把IPhone给她带上了。 去年她18岁,她看到我的IBM后,说“姐夫,你的IBM不错嘛!” 她回去的时候,她姐姐把IBM笔记本给她带上了。 今年她19岁,她看到我后,害羞的说:“姐夫,其实你这人挺不错的” 我在等她姐姐发话。 详细说明: 1 存在注入漏洞文件: newsdetail.asp 1-14行 无此新闻信息!" response.End end if % id没过滤进入查询 同样的问题:common.asp pro.asp news.asp prodetail.asp 漏洞证明:...
CVE-2014-1217
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors...
Fortigate Firewalls - CSRF Vulnerability
Exploit for hardware platform in category web applications Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version:...
Fortigate Firewalls - Cross-Site Request Forgery
Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version: i...
Android platform and exposure feel free to turn on and turn off the phone wifi function vulnerability-vulnerability warning-the black bar safety net
Disclosure of status: 2013-03-05: positive contact vendors and wait for manufacturers to claim, details not open to the public 2013-03-05: vendor has been active ignored vulnerabilities, the details disclosed to the public Brief description: The Settings application contains com. android. setting...
SonicWALL CDP 5040 6.x Cross Site Scripting
Title: ====== SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Date: ===== 2012-11-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=549 VL-ID: ===== 549 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
I-GEN opLYNX Central Authentication Bypass
Overview This advisory provides mitigation details for a vulnerability that impacts the i-GEN opLYNX Central software. Exploitation of this vulnerability would allow partial leakage of information and access to system settings. Independent researcher Anthony Cicalla has identified an authenticati...
Anwsion background feature of the design defects can be obtained SHELL-vulnerability warning-the black bar safety net
The vulnerabilities affect all versions. Binding Anwsion 0.7 all of the following versions can lead to the site being invaded. Design flaws in the code are as follows see 7 5-9 6 line will be the website background configuration is saved to the database at the same time and save to a local PHP fi...
CVE-2012-2164
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack...
Design/Logic Flaw
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack...
CVE-2012-2164
The CVE-2012-2164 entry affects IBM Rational ClearQuest Web. The Web client on ClearQuest versions 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions and use the Site Administration menu to modify system settings via a parameter-ta...
CVE-2012-2164
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack...
LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues
Severity: Critical Effect: Compromise of FInancial Data, deletion of audit trails, alteration of system settings, disclosure of confidential information possible in some setups. Affected products: LedgerSMB 1.0.0-1.2.7 , SQL-Ledger 2.x all versions. 1: SQL injection issue in invoice quantity fiel...
Cisco Trust Agent for Mac OS X privilege escalation
It's possible to manipulate system settings with root permissions while message is displayed during user logon...
With the rabbit plus WinRAR play dead charge encryption software-bug warning-the black bar safety net
Currently on the network encryption software have mushroomed General everywhere, their price is often in the 3 0 yuan, and many friends also have to fork out money to buy these encryption software, but they really can play the role of encryption? Author Super rabbit and WinRAR both software for...
Crack the password file with spear and shield encryption and decryption battle-vulnerability warning-the black bar safety net
Currently on the network encryption software have mushroomed General everywhere, their price is often in the 3 0 yuan, and many friends also have to fork out money to buy these encryption software, but they really can play the role of encryption? Author Super rabbit and WinRAR both software for...
Elevated administrator permissions:startup script method-vulnerability warning-the black bar safety net
We watched“my non-IF. S. T”summary elevated administrator privileges 8 of the law, and now we use the startup script and batch in to get the shell of the case under the elevated No. 9: startup script method! of! The first batch of leakage Ah, we can get optimistic, and I try to cut the crap,...