2675 matches found
OpenShift: openshift-origin-broker plugin allows impersonation
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...
phpcms foreground and(background permissions)getshell1-vulnerability warning-the black bar safety net
1, The first first reception of it, to estimate a lot of stations are starting to fill up. For phpcms 2 0 0 8, the secondary attack category, a secondary analysis getshell it. In uploadfield. php br / $uploadallowext = ! empty$C'uploadallowext' ? $C'uploadallowext' : $info'uploadallowext';/p p //...
Sandbox Escape: Linux 3.4+: arbitrary write with CONFIG_X86_X32
asmlinkage long compatsysrecvmmsgint fd, struct compatmmsghdr user mmsg, unsigned int vlen, unsigned int flags, struct compattimespec user timeout int datagrams; struct timespec ktspec; if flags & MSGCMSGCOMPAT return -EINVAL; if COMPATUSE64BITTIME return sysrecvmmsgfd, struct mmsghdr user mmsg,...
PHPYun任意文件删除漏洞(后台触发)
简要描述: PHPYun任意文件删除漏洞 详细说明: /admin/model/database.class.php,44行开始; function delaction extract$GET; $delid=@unlinkCONFIGPATH."backup/".$sql; $GET,$sql没有做过滤,直接可任意删除文件; 漏洞证明: 可利用../等跨目录删除任意文件; 例:http://yun.wooyun.org/admin/index.php?M=database&C=del&sql=../../data/phpyun.lock 结合XSS/CSRF,管理员点击后可以触发;...
PHPYun任意文件删除漏洞(需后台触发)
简要描述: RT 详细说明: /admin/model/commember.class.php,279行开始: function delaction if$GET"delsub" $del=$GET"del"; if$del if@isarray$del $uids = @implode",",$del; foreach$del as $k=$v $this-obj-delfiledir"..https://images.seebug.org/upload/tel/".$v; $GET"del"没有做任何过滤,进入delfiledir前,$v没有过滤...
SDCMS somewhere stored xss can hijack administrator-vulnerability warning-the black bar safety net
SDCMS somewhere storage typexss, you can cross into the background directly hijack the administrator The problem or in the short message. Before SDCMS short message exists atxsscan be directly hijack any given user, the Modify bug, but not fix completely, this time to a more ruthless, directly...
GC hazard with default compartments and frame chain restoration — Mozilla
Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger...
StarUML WinGraphviz.dll - ActiveX Buffer Overflow Vulnerability
Exploit for windows platform in category dos / poc Exploit Title: StarUML WinGraphviz.dll ActiveX buffer overflow vulnerability Date: 03.8.2013 Exploit Author: d3b4g Vendor Homepage:http://staruml.sourceforge.net/en/ Software Link: http://staruml.sourceforge.net/en/ Tested on: Windows XP SP3 Abou...
fail2ban DoS
It's possible to trigger a block for arbitrary client...
Updated python-pymongo packages fix CVE-2013-2132
PyMongo before 2.5.2 is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash CVE-2013-2132...
Xpient POS / Iris 3.8 Cash Drawer Operation Remote Trigger
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Xpient Cash Drawer Operation Vulnerability 1. Advisory Information Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:...
Targeted Phishing Attacks
Summary This advisory is intended to provide general guidance to public and private sector organizations on events potentially triggering targeted phishing attacks often referred to as spear phishing and to offer some suggested methods that may minimize the likelihood of a successful attack. This...
Fedora Update for drupal7-rules FEDORA-2013-4532
Check for the Version of drupal7-rules OpenVAS Vulnerability Test Fedora Update for drupal7-rules FEDORA-2013-4532 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Windows Manage User Level Persistent Payload Installer
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
dzX 2.0/2. 5 pass to kill 0day stored XSS a gold-bug warning-the black bar safety net
The vulnerability occurs in the plug attachment to the place. Says to plug in the Annex you tell me what also should be thought about certainly is the file name. Because the file name is in accordance with the local Upload File name to be displayed. If youroperating systemis a linux you can...
CVE-2012-6270
CVE-2012-6270 concerns Adobe Shockwave Player up to version 11.6.8.638. A crafted HTML document referencing Shockwave content with a specific compatibility parameter can trigger installation of the Shockwave 10.4.0.025 compatibility feature, enabling a “downgrading” scenario. Publicly available s...
CVE-2012-6270
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack...
Oracle MySQL Privilege Escalation
use DBI; $|=1; =for comment MySQL privilege elevation Exploit This exploit adds a new admin user. By Kingcope Tested on Debian Lenny mysql-5.0.51a OpenSuSE 11.4 5.1.53-log How it works: This exploit makes use of several things: The attacker is in possession of a mysql user with 'file' privileges...
MySQL (Linux) Database Privilege Elevation Zeroday Exploit
No description provided by source. use DBI; $|=1; =for comment MySQL privilege elevation Exploit This exploit adds a new admin user. By Kingcope Tested on Debian Lenny mysql-5.0.51a OpenSuSE 11.4 5.1.53-log How it works: This exploit makes use of several things: The attacker is in possession of a...
MySQL (Linux) - Database Privilege Escalation
MySQL Linux - Database Privilege Escalation use DBI; $|=1; =for comment MySQL privilege elevation Exploit This exploit adds a new admin user. By Kingcope Tested on Debian Lenny mysql-5.0.51a OpenSuSE 11.4 5.1.53-log How it works: This exploit makes use of several things: The attacker is in...