Design/Logic Flaw

Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an...

Design/Logic Flaw

Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse appprocess program via a crafted PATH environment variable for a /system/xbin/su process...

CVE-2014-0343

The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable...

Improper access control

The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable...

CVE-2014-0343

The CVE concerns Virtual Access GW6110A routers. Affected software versions are 9.00–before 9.09.27, 9.50–before 9.50.21, and 10.00–before 10.00.21. The vulnerability allows an authenticated remote user to escalate privileges by modifying a JavaScript variable that checks user access level on the...

CVE-2014-0343

The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable...

USN-2155-1: OpenSSH vulnerability

Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to possibly bypass certain intended environment variable restrictions...

Java Faces Miniwebshell

Всем привет, немного посмотрел java server faces. Если у вас есть возможнось загрузить shell.xhtml и как-то проинклудить его, то вот небольшой вебшелл. Соус в том, что мы не можем создавать переменные или что-то куда-то нормально присваивать. Но можем вызывать стейтменты, подгружать классы и в...

Command injection

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...

Sql injection

Multiple SQL injection vulnerabilities in the agent interface agc/ in VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allow 1 remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPTmultirecordingAJAX.php, 2 remote authenticated users to...

sudo: certain environment variables not sanitized when env_reset is disabled

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...

QNX 6.5.0 x86 io-graphics - Local Privilege Escalation

/ QNX 6.5.0 x86 io-graphics local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/io-graphics on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTON2HOME environment variable. - vulnerable platforms: QNX...

QNX 6.5.0 x86 phfont - Local Privilege Escalation

/ QNX 6.5.0 x86 phfont local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/phfont on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTONHOME environment variable. - vulnerable platforms: QNX 6.5.0SP1 QNX...

QNX 6.5.0 x86 phfont - Local Privilege Escalation

QNX 6.5.0 x86 phfont - Local Privilege Escalation / QNX 6.5.0 x86 phfont local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/phfont on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTONHOME environment...

Senior PHP application vulnerability auditing techniques-vulnerability warning-the black bar safety net

Senior PHP application vulnerability auditing techniques Foreword Traditional code auditing techniques PHP version and application code audit Other factors and application code audit The expansion of our dictionary The variable itself is the key Variable coverage Traverse initialize variables...

ibstat $PATH Privilege Escalation

This module exploits the trusted $PATH environment variable of the SUID binary "ibstat". This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ibstat $PATH Privilege Escalation', 'Description' = %q...

phpmps 注入一枚

简要描述： 过滤不严。 详细说明： 在member.php case 'checkinfogold': $json = new ServicesJSON; extract$REQUEST; $mgold = $db-getOne"select gold from $tablemember where userid='$userid' "; $data'kou' = $CFG'infotopgold' intval$number; $data'gold' = $mgold - $data'kou'; $data=$json-encode$data; echo $data; break;...

phpmywind最新版本注入漏洞第二弹

简要描述： 继续之前的代码审计，发现其他地方还有类似的问题存在，都是没有对变量进行适当的过滤就直接拼接到sql语句里面执行，导致任意sql指令的执行。 详细说明： 漏洞位于member.php 689行处： $r = $dosql-GetOne"SELECT checkinfo FROM @goodsorder WHERE username='$cuname' AND id=$id"; id参数未做任何过滤直接放到sql语句里面执行。 利用分析：...

CSCMS V3.5 最新补丁后 又一个SQL注射（源码详析）

简要描述： CSCMS V3.5 最新补丁后 又一个SQL注射（源码详析） 之前的注射已经修补了，但是还有几处注射点没有注意到 详细说明： 在addslash + 引号保护 的情况下 要格外注意数字型变量的处理 /app/controllers/home.php line:1020 public function gbookdel header"Expires: Mon, 26 Jul 1997 05:00:00 GMT"; header"Cache-Control: no-cache, must-revalidate"; header"Pragma: no-cache";...

UBUNTU-CVE-2013-7205

Off-by-one error in the processcgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the last key value in the variable list,...