WordPress Plugin Survey and Poll 1.1 - Blind SQL Injection

Exploit Title : Wordpress Survey and poll Blind SQL Injection Data : 2015 – 02 - 11 Exploit Author : Securely Yoo Hee man Plugin : WordPress Survey and Poll Vender Homepage : http://modalsurvey.sympies.com Tested On : Windows XP / sqlmapv1.0 Software Link :...

RedHat Update for kernel RHSA-2015:0164-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ThinkSNS任意代码执行漏洞

简要描述： 代码执行漏洞 详细说明： 漏洞文件： /addons/widget/FeedListWidget/FeedlistWidget.class.php 漏洞函数： getData getData函数位于/addons/widget/FeedListWidget/FeedlistWidget.class.php 在第262行处调用renderFile函数进行渲染模版。 private function getData$var, $tpl = 'FeedList.html' $var'feedkey' = t$var'feedkey'; $var'cancomment' =...

Metinfo V5.2 /job/job.php SQL注入漏洞

该问题出现在/job/job.php中，对于全局变量$mobilesql审查没有进行过滤和转义，导致该全局变量可以被覆盖，导致SQL注入的发生，下面来看看漏形成的原因。 首先全局变量被定义在methtml.inc.php中，在job.php的require方法中可以看到。 requireonce '../public/php/methtml.inc.php'; 在methtml.inc.php中可以看到对全局变量的定义，第723行的methtmlgetarray方法中 global...

Fedora 20 : vorbis-tools-1.4.0-13.fc20 (2015-1191)

do not use stack variable out of its scope of validity CVE-2014-9640 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

IBM AIX and VIOS Elevation of Privilege Vulnerability

IBM AIX is a UNIX operating system; VIOS is a virtual IO server. An elevation of privilege vulnerability exists in lquerylv in cmdlvm in IBM AIX and VIOS. A local attacker can exploit the DBGCMDLQUERYLV environment variable to elevate privileges...

Sql injection

SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...

CVE-2014-9464

SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...

UBUNTU-CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...

PT-2015-6797 · Nts +5 · Ntp +5

Name of the Vulnerable Software and Affected Versions: ntp versions prior to 4.2.7p42 Description: The issue allows remote attackers to cause a denial of service, resulting in the ntpd crash, via crafted logconfig commands. This is due to an uninitialized variable when processing malformed...

Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)

According to its self-reported version number, the remote Junos Space version is prior to 14.1R2, and may be affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of...

齐博地方门户系统sql注入

简要描述： 变量未初始化导致注入 详细说明： 齐博地方门户系统 齐博的全局过滤系统中由于存在如下代码，导致传入的参数可以成为全局变量 foreach$COOKIE AS $key=$value unset$$key; foreach$POST AS $key=$value !ereg"^\A-Z+",$key && $$key=$POST$key; foreach$GET AS $key=$value !ereg"^\A-Z+",$key && $$key=$GET$key; 所以系统中如果存在未初始化的变量，容易导致注入 2shou/post.php中 180行...

Qibo CMS SQL Injection Vulnerability

Qibo CMS system is a PHP168 website management system created by Guangzhou Xietian Software Technology Co. A SQL injection vulnerability exists in Qibo CMS v7.0, due to the omission of the variable $TBpre, which can be exploited by attackers to obtain sensitive information...

WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download

WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download Exploit Title : Wordpress Ajax Store Locator = 1.2 Arbitrary File Download Exploit Author : Claudio Viviani Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356 Software Link : Premium Dork Google:...

WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download

Exploit Title : Wordpress Ajax Store Locator = 1.2 Arbitrary File Download Exploit Author : Claudio Viviani Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356 Software Link : Premium Dork Google: inurl:ajax-store-locator index of ajax-store-locator Date : 2014-12-06...

Samsung SmartViewer STWConfig ActiveX Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SmartViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the STWConfi...

Discuz! 6. x/7. x a global variable Defense bypass lead to command execution-vulnerability warning-the black bar safety net

Vulnerability overview: Due to php5. 3. x version php. ini settings requestorder the default value for the GP, resulting in Discuz! 6. x/7. x a global variable Defense bypass vulnerability. Vulnerability analysis: | 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 2 0 | include/global...

Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)

According to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment...

PHPMyWind 5.1 /include/common.func.php 代码执行漏洞

/include/common.func.php/字符串转数组/ if!functionexists'String2Array' function String2Array$data if$data == '' return array; @eval"$array = $data;"; return $array; $data变量进入eval执行，当传入$data为：111|222$phpinfo执行的PHP语句为：@eval"$array = array"1"="111|222$phpinfo","2"="";;"页面返回：...

Joomla! Component com_hdflvplayer 2.1.0.1 - Arbitrary File Download

Joomla! Component comhdflvplayer 2.1.0.1 - Arbitrary File Download !/usr/bin/env python Exploit Title : Joomla HD FLV 2.1.0.1 and below Arbitrary File Download Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : http://www.hdflvplayer.net/ Software Link :...