Global variable scope injection.

PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope injection. Description The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. Severity We consider this...

phpMyAdmin -- Global variable scope injection

The phpMyAdmin development team reports: The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents...

One dedecms variable coverage holes of the wretched use of the method-vulnerability warning-the black bar safety net

The most recent dedecms variable coverage holes, and finally can control the global variables, but can not completely control $GLOBALS$v1 .= $v2; Note that there is a sliding scale, is in an initialized global variable content on a sliding scale the content. It has now been disclosed the exploit...

phpcms 2007 onunload.inc.php update SQL注入漏洞

code!--?php defined'INPHPCMS' or exit'Access Denied'; $serverid ? 1 : showmessage$LANG'illegaloperation'; $db---query"UPDATE ".TABLEMOVIESERVER." SET num = num-1 WHERE serverid = $serverid AND num 0 "; 2 ?/code $serverid没有进行任何过滤也没有用单引号括起来，所以无视gpc。 核心文件include\common.inc.php里大概80左右变量覆盖漏洞。...

Dedecms v57 sp1 plus/download.php SQL注入漏洞

起因是全局变量$GLOBALS可以被任意修改，随便看了下，漏洞一堆，我只找了一处。 codeinclude/dedesql.class.php ifisset$GLOBALS'arrs1' $v1 = $v2 = ''; for$i=0;isset$arrs1$i;$i++ $v1 .= chr$arrs1$i; for$i=0;isset$arrs2$i;$i++ $v2 .= chr$arrs2$i; //解码ascii $GLOBALS$v1 .= $v2; //注意这里不是覆盖，是+ function SetQuery$sql $prefix="@"; $sql =...

Apple iOS ‘openSharedCacheFile’函数基于栈的缓冲区溢出漏洞

CVE-2013-3950 Apple iOS是美国苹果（Apple）公司为移动设备所开发的操作系统。支持的设备包括iPhone、iPod Touch、iPad、Apple TV。 Apple iOS 5.1.x版本和6.x至6.1.3版本中的dyld中的dyld.cpp中的‘openSharedCacheFile’函数中存在基于栈的缓冲区溢出漏洞。攻击者可通过DYLDSHAREDCACHEDIR环境变量中较长的字符串利用该漏洞实施越狱攻击。 0 Apple iOS 5.1.x Apple iOS 6.x Apple iOS 6.1.3...

Stack overflow

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLDSHAREDCACHEDIR environment variable...

CVE-2013-3950

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLDSHAREDCACHEDIR environment variable...

phpcms 2 0 0 7 onunload. inc. php page to an update-type implant is attached using the EXP-bug warning-the black bar safety net

Download a set of phpcms 2 0 0 7 analysis, in the module\movie\onunload. inc. php found a update type of injection. query"UPDATE ". TABLEMOVIESERVER." SET num = num-1 WHERE serverid = $serverid AND num 0 "; ? $serverid is not any filtering and also not enclosed in single quotation marks, so ignor...

74CMS talent system v3. 2 injection and full version pass rounded out the background is attached using the EXP-bug warning-the black bar safety net

Set of procedures filter is still relatively full, but all versions are GBK encoding is his flawed but basically the string into the library when the author used the iconv to convert the submitted over the data encoding into utf8 So the use of wide-character injection there is no way out but the...

DEBIAN-CVE-2013-3557

The dissectberchoice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service application crash via a malformed packet...

MetInfo 5.1 /include/common.php SQL注入漏洞

\include\common.inc.php代码第30行产生了变量覆盖漏洞，代码33行的$tablepre可以覆盖掉，所以导致SQL注入漏洞产生。 MetInfo 5.1...

php character comparison Double equal characteristics may be references made to the security-vulnerability warning-the black bar safety net

Title party!, the The article is relatively short, ha ha! Before learning php, research. php auto similar conversion,this is php a feature, not a 0day,phper know something, There are similar perl. Straight cut body, we learn php know that“==”with”===”the difference,the former in the comparison of...

CentOS Update for libvirt CESA-2013:0831 centos6

Check for the Version of libvirt OpenVAS Vulnerability Test CentOS Update for libvirt CESA-2013:0831 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

DEBIAN-CVE-2013-1884

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service segmentation fault and crash via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable...

CVE-2013-1884

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service segmentation fault and crash via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable...

CVE-2013-1884

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service segmentation fault and crash via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable...

CVE-2013-3228

The irdarecvmsgdgram function in net/irda/afirda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

UBUNTU-CVE-2013-3222

The vccrecvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

Mandriva Linux Security Advisory : backuppc (MDVSA-2013:062)

Updated backuppc packages fix security vulnerabilities : Cross-site scripting XSS vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.c...