56796 matches found
NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit
No description provided by source. !/usr/bin/php URL: http://www.acid-root.new.fr/ ------------------------------------------------------------------ Usage: $argv0&nbs...
Kaspersky反病毒扫描引擎PE文件拒绝服务漏洞
Kaspersky Antivirus是一款流行的客户端和网关病毒扫描。 Kaspersky Antivirus处理特殊构建的PE文件存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 PE文件中其中之一的头数据是可选Windows头数据段,这个PE头字段数据包含Windows链接器和装载器所需的信息,如果'NumberOfRvaAndSizes'字段中数据包含非法值,可导致应用程序崩溃。 Kaspersky Anti-Virus Personal Pro 5.0 Kaspersky Anti-Virus Personal 5.0 Kaspersky Anti-Virus fo...
DocuWiki With ImageMagick远程命令执行和拒绝服务漏洞
DocuWiki是一款基于web的WIKI程序。 DocuWiki存在多个安全问题,远程攻击者可以利用漏洞进行拒绝服务和命令执行攻击。 问题一是对图像的调整大小处理没有进行限制,可导致拒绝服务攻击。当libGD使用时(默认需要)必须先计算所需RAM,如果没有足够的RAM(一般8到20MB)给php进程使用,那么函数就会放弃。但是如果使用ImageMagick $conf'imconvert'使用时,没有限制存在,允许攻击者利用此特性消耗大量内存,造成拒绝服务攻击。...
CWMExplorer Index.PHP源代码信息泄露漏洞
CWMExplorer是一款基于PHP的WEB应用程序。 CWMExplorer不正确过滤用户提交的输入,远程攻击者可以利用漏洞获得敏感信息。 问题是'index.php'脚本对用户提交的'file'参数缺少过滤,提交脚本文件作为参数,可导致源代码泄露。 cwm-design cwmExplorer 1.0 http://explorer.cwm-design.de/ http://www.example.com/path/index.php?d=0&showfile=file...
VerliAdmin <= 0.3 (index.php) Remote File Include Exploit
No description provided by source. ? / P.S Chcialem serdecznie niepozdrowic wszystkie kurwy takie jak Ne0 i jego dziwki!! Mam was w dupie, a Ty Ne0 pryszczu jebany pogodz sie z porazka bo to ja zawsze bede lepszy od Ciebie! Nie pozdrawiam tez wszystkie gnidy jakie chowaja sie na swoich smiesznych...
FusionPHP Fusion News Index.PHP远程文件包含漏洞
Fusion News是一款基于PHP的新闻管理程序。 Fusion News不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Fusionphp Fusion News 3.7 http://www.fusionphp.net/index.php?cat=fnews&page=features !/usr/bin/perl Aria-Security.net Advisory Discovered by: OUTLAW...
CA BrightStor ARCserve Backup Tape Engine服务远程缓冲区溢出漏洞
BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。 BrightStor ARCserver Backup的Tape Engine服务(tapeeng.exe)没有正确处理RPC请求,远程攻击者可以通过向该服务(默认端口6502/TCP)发送特制报文触发缓冲区溢出,导致执行任意代码。 Computer Associates BrightStor ARCserve Backup 11.5 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.cai.com/...
杭州潮流公司虚拟主机业务平台系统漏洞
杭州潮流信息技术公司是国内一家专业的电信级软件产品服务提供商,主要专注于为国内电信运营商提供Internet系统软件,是面向电信运营商提供电信级软件产品、技术支持、服务的高新技术企业。公司1999年成立,注册于浙江杭州高新区,其软件研发中心设在成都。 公司拥有一批高技术水平人员,其中有博士、硕士研究生、双学位、全国重点大学本科学历的技术开发人员占公司总人数70%以上。公司核心、技术骨干自中国互联网出现伊始就活跃在该领域,主要软件开发工程师具有多年的电信ISP工作经验。 他们公司网站http://www.tideinfo.com.cn...
Microsoft Windows RASMAN服务栈溢出漏洞(MS06-025)
Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows远程访问连接管理器RASMAN存在可远程调用的RPC接口,其中RPC接口 RasRpcSubmitRequest存在若干安全漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 函数RasRpcSubmitRequest及其子函数对作为参数的函数指针的有效性检查不足;某些子函数对参数的处理存在缓冲区溢出漏洞;这些漏洞都可能被攻击者利用在服务器上执行任意指令,从而控制系统。 Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microso...
phpQuiz 0.1 (pagename) Remote File Include Vulnerability
No description provided by source. SolpotCrew Community phpQuiz v0.01 design and coding byJule Slootbeek pagename Remote File Inclusion Download file : http://www.furor-normannicus.de/phpQuiz/download/phpQuiz.zip Bug Found By :Solpot a.k.a k. Hasibuan 14-09-2006 contact: [email protected]...
Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
No description provided by source. !/usr/bin/ruby cyrus-imapd pop3d exploit by bannedit 05/23/2006 This exploit takes advantage of a stack based overflow. Once the stack corruption has occured it is possible to overwrite a pointer which is later used for a memcpy this gives us a write anything...
Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit
No description provided by source. !/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 marcbevandatrapid7.com Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with o...
bsdi/x86 execve /bin/sh 46 bytes
No description provided by source. / BSDi execve of /bin/sh by v9 [email protected] / static char exec= "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c" / 14 characters. / "\x89\x76\x08\x50\x8d\x5e\x08\x53\x56\x56\xb0\x3b\x9a\xff" / 14 characters. /...
泛微OA8 前台SQL注入漏洞
...
Insteon Hub PubNub Firmware Upgrade Confusion Permanent Denial Of Service Vulnerability(CVE-2018-3834)
Summary An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is...
Insteon Hub HTTPExecuteGet Firmware Update URL Parameter Code Execution Vulnerability(CVE-2017-14444)
Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET reque...
Chromium: Incorrect size calculation when deserializing Mojo "Event" messages leading to OOB access
VULNERABILITY DETAILS Mojo IPC allows endpoints to communicate with one another, potentially across process boundaries. Each endpoint initially receives a handle to the broker host node, using which it can request subsequent "child" channels to be created...
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433
VENDOR DESCRIPTION “Sprecher Automation GmbH offers switchgears and automation solutions for energy, industry and infrastructure processes. Our customers are power utilities, industries, transportation companies, municipal utilities and public institutions. Company-own developments and cooperatio...
CPP-Ethereum JSON-RPC miner_stop improper authorization Vulnerability(CVE-2017-12118)
Summary An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigge...
InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
Remote Stack Format String in 'nsd' binary from multiple OEM
Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full Disclosure: 0-Day PoC 1 $ curl...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...
Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...
Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass
Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...
Linux Kernel XFRM Privilege Escalation
Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer information between the kernel and user-space processes. It...
Circle with Disney Rclient SSH Persistent Remote Access Vulnerability(CVE-2017-12084)
Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...
Circle with Disney libbluecoat.so SSL TLD MITM Vulnerability(CVE-2017-2913)
Summary An exploitable vulnerability exists in filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...
Ruby WIN32OLE ole_invoke and ole_query_interface Type Confusion Vulnerabilities(CVE-2016-2336)
DESCRIPTION Type Confusion exists in two methods of Ruby's WIN32OLE class, oleinvoke and olequeryinterface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. TESTED VERSIONS Ruby 2.3.0 dev Ruby 2.2.2 PRODUCT URLs https://www.ruby-lang.or...
IBM Domino KeyView PDF Filter Trailer ID Code Execution Vulnerability(CVE-2016-0301)
SUMMARY A heap based buffer overflow vulnerability present in KeyView PDF filter as used by Domino can lead to remote arbitrary code execution. TESTED VERSIONS KeyView 10.16 as used by IBM Domino 9.0.1 PRODUCT URLs http://www-03.ibm.com/software/products/en/ibmdomino DETAILS While parsing an ID...
Pidgin MXIT Custom Resource Denial of Service Vulnerability(CVE-2016-2370)
DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle can send invalid data to trigger this vulnerability...
Mac OS X 10.12 isolation mechanism bypass vulnerability
Vulnerability summary Mac OS X a vulnerability exists that could allow an attacker to bypass the Apple of the isolation mechanism, without any restrictions to execute arbitrary JavaScript code. Vulnerability submitter From WeAreSegment security researcher Filippo Cavallarin to Beyond Security SSD...
Hopper Disassembler ELF Section Header Size Code Execution Vulnerability(CVE-2016-8390)
Summary An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with...
Nitro Pro 10 PDF Handling Code Execution Vulnerability(CVE-2016-8711)
Summary A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. Tested...
Ichitaro Office Excel File Code Execution Vulnerability(CVE-2017-2790)
Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro handles Microsoft Excel's .xls file format. When processing a record type of 0x3c from a Workbook...
Moxa AWK-3131A Web Application bkpath HTTP Header Injection Vulnerability(CVE-2016-8720)
Summary An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the...
Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability(CVE-2016-8716)
Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of...
MuPDF Fitz library font glyph scaling Code Execution Vulnerability(CVE-2016-8728)
Summary An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victi...
Foscam IP Video Camera CGIProxy.fcgi SMTP Test User Parameter Configuration Command Injection Vulnerability(CVE-2017-2842)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...
Foscam IP Video Camera CGIProxy.fcgi Account Password Command Injection Vulnerability(CVE-2017-2828)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resultin...
Apple MacOS 32-Bit Syscall Exit Kernel Register Leak(CVE-2017-2509)
The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in bsd/dev/i386/systemcalls.c calls threadexceptionreturn in osfmk/x8664/locore.s, which in turn...
Drupal Core - Access Bypass vulnerability (CVE-2017-6919)
This is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met: The site has the RESTful Web Services rest module enabled. The site allows PATCH requests. An attacker can get or register a user account on the site. While we don't normall...
DedeCMS stored xss vulnerability
Vulnerability description: Dedecms is an open source PHP open source website management system. Dedecms member function shopsdelivery. in php des parameters there is stored XSS vulnerability, the attacker may exploit the vulnerability to obtain the users cookie. Test environment: DedeCMS-V5...
南京擎天政务系统 /webpages/login_ex.aspx POST型sql注入
用户名输入:test';WAITFOR DELAY '0:0:5' -- 密码:随便输入 就可以看到明显的延时:...
科创CMS /web/doc_hit.jsp等3处 SQL注入漏洞
No description provided by source...
泛微协同商务系统e-cology某处SQL注入(附验证中转脚本)
简要描述: RT 详细说明: 官网http://...//services/ 随便找个吧 以http://...//services/MobileService?wsdl为例 使用wvs checkUserLogin方法 三个参数 分别为字符型、字符型和数字 正确的时候返回3 错误返回4 (本想采用抓包工具(WSockExpert ) 使用某度搜索了一个 评分还挺高 结果系统多了个某度影音 和某度输...
Thinksns cms v4存在越权漏洞
No description provided by source...
正方教务管理系统 /service.asmx SOAP无条件注入
No description provided by source...
Windows ATMFD.DLL CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access
CVE-2015-2460We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: ---PAGEFAULTINNONPAGEDAREA 50Invalid system memory was referenced. This cannot be protected by try-except,it must be protected by a Probe...