9592 matches found
GNU Bash - Shellshock Environment Variable Command Injection
GNU Bash - Shellshock Environment Variable Command Injection Exploit Database Note: The following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Like “real” programming languages, Bash has functions, though in a...
DSA-3035-1 bash - security update
Bulletin has no description...
GNU Bash - Environment Variable Command Injection (Metasploit)
require 'msf/core' class Metasploit3 'bashedCgi', 'Description' = %q Quick & dirty module to send the BASH exploit payload CVE-2014-6271 to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. , 'Author' = 'Stephane Chazelas', vuln discovery 'Shaun Colley '...
GNU Bash - 'Shellshock' Environment Variable Command Injection
Exploit Database Note: The following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Like “real” programming languages, Bash has functions, though in a somewhat limited implementation, and it is possible to put the...
MGASA-2014-0388 Updated bash packages fix CVE-2014-6271
Updated bash packages fix security vulnerability: A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...
GNU Bash Environment Variable Handling Code Injection (Shellshock)
The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via...
Internet Bug Bounty: GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability
GNU Bash versions 1.14 through 4.3 contain a flaw that processes commands placed after function definitions in the added environment variable, allowing remote attackers to execute arbitrary code via a crafted environment which enables network-based exploitation. Original disclosure:...
Joomla Mac Gallery 1.5 Arbitrary File Download
Exploit Title : Joomla Mac Gallery = 1.5 Arbitrary File Download Exploit Author : Claudio Viviani Vendor Homepage : https://www.apptha.com Software Link : https://www.apptha.com/downloadable/download/sample/sampleid/18 Dork Google: inurl:option=commacgallery Date : 2014-09-17 Tested on : Windows ...
Joomla Mac Gallery <= 1.5 Arbitrary File Download Exploit
Joomla Mac Gallery component versions 1.5 and below suffer from an arbitrary file download vulnerability. Exploit Title : Joomla Mac Gallery = 1.5 Arbitrary File Download Exploit Author : Claudio Viviani Vendor Homepage : https://www.apptha.com Software Link :...
Livefyre LiveComments Plugin - Persistent Cross-Site Scripting
Livefyre LiveComments Plugin - Persistent Cross-Site Scripting Title : Stored XSS in Livefyre LiveComments Plugin CVE : 2014-6420 Vendor Homepage : http://livefyre.com Software Link : http://web.livefyre.com/streamhub/liveComments Version : v3.0 Author : Brij Kishore Mishra Date : 03-Sept-2014...
PhpMyAdmin REQUEST Superglobal Remote Variable Manipulation
A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...
Microsoft Internet Explorer Empty CAttrValue Uninitialized Variable Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)
Multiple vulnerabilities has been found and corrected in glibc : When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv segfaults CVE-2012-6656. Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C...
Joomla Spider Form Maker 3.4 SQL Injection
Exploit Title : Joomla Spider Form Maker = 3.4 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link : http://web-dorado.com/products/joomla-form.html Dork Google: inurl:comformmaker Date : 2014-09-07 Tested on : Windows 7 / Mozilla Firefox Linux /...
Joomla! Component com_formmaker 3.4 - SQL Injection
Joomla! Component comformmaker 3.4 - SQL Injection Exploit Title : Joomla Spider Form Maker = 3.4 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link : http://web-dorado.com/products/joomla-form.html Dork Google: inurl:comformmaker Date : 2014-09-...
CVE-2014-5119
Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...
CVE-2014-5119
Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...
CVE-2014-5119
Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...
Code injection
Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...
frcms 注入一枚 。
简要描述: 无视gpc。 详细说明: 在plus/count/count.php中 if$ccome=='' $ccome="网址输入或收藏夹打开"; $cpage=$SERVER"HTTPREFERER"; $cyear=date'Y';$cmonth=date'm';$cday=date'd';$chour=date'H'; $ctime=date'Y-m-d H:i:s';$cweek=date'w'; $cwhere=trimgetipfrom$cip; $date=date"Y-m-d"; $rss = $db-getone"SELECT cip FROM...