56796 matches found
glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit
No description provided by source. ?php / glFusion = 1.1.2 COMapplyFilter/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Found...
FreeBSD 9.1 ftpd Remote Denial of Service
No description provided by source. FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 01.02.2013 URL: http://cxsecurity.com/issue/WLB-2013020003 --- 1. Description --- I have decided check BSD ftpd servers once again for...
DotNetNuke arbitrary code execution vulnerability(CVE-2017-9822)
0x00 background description DNN uses web cookies to identify users. A malicioususer can decode one of such cookies and identify who that user is, and possiblyimpersonate other users and even upload malicious code to the server. --DNNsecurity-center 2017 7 November 5, DNN security sector released ...
BlueBorne RCE on Android 6.0.1 (CVE-2017-0781)
A few days ago, the company Armis published a proof of concept PoC of a remote code execution vulnerability in Android via Bluetooth CVE-2017-0781, known as BlueBorne. Although BlueBorne refers to a set of 8 vulnerabilities, this PoC uses only 2 of them to achieve its goal. The exploitation proce...
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device (BlueBorne)
General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air airborne and attacks devices via...
elgg <= 1.5 (/_css/js.php) Local File Inclusion Vulnerability
No description provided by source. Product: elgg.org Version: = 1.5 Dork: "Powered by Elgg, the leading open source social networking platform" eLwauxc2009 UASC.org.UA POC: /css/js.php?js=../../../../tmp/sessiondir%00&viewtype=xD need: in table datalists must be record simplecacheenabled = 0...
SuSE Linux <= 9.3, 10 (chfn) Local Root Privilege Escalation Exploit
No description provided by source. !/bin/sh Exploit for SuSE Linux 9.1,2,3/10.0, Desktop 1.0, UnitedLinux 1.0 and SuSE Linux Enterprise Server 8,9 'chfn' local root bug. by Hunger [email protected] Advistory: http://lists.suse.com/archive/suse-security-announce/2005-Nov/0002.html hunger@suse: id...
OpenSSH authentication security bypass Vulnerability, CVE-2016-10012)
No description provided by source...
PHPLinks 2.1.2 Add Site HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6632/info phpLinks is prone to HTML injection. phpLinks does not sufficiently sanitized HTML and script code supplied via form fields before displaying this data to administrative users. This issue exists in the 'add.php'...
PostgreSQL 临时文件创建漏洞(CVE-2013-1902)
BUGTRAQ ID: 58877 CVECAN ID: CVE-2013-1902 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL 9.2.4, 9.1.9, 9.0.13之前版本存用可预测的文件名生成了不安全的临时文件,本地攻击者可以进行符号链接攻击。 0 Debian Linux 6.0 x PostgreSQL 9.x 厂商补丁: PostgreSQL ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.postgresql.org...
Microsoft Outlook Web Access redir.asp URI重新定向漏洞
BUGTRAQ ID: 31765 CVECAN ID: CVE-2008-1547 Microsoft Exchange Server是一款流行的邮件服务器,Outlook Web Access是Exchange中用于通过Web浏览器读取和发送邮件的工具。 Outlook Web Access的exchweb/bin/redir.asp页面存在重新定向漏洞,远程攻击者可以在邮件中发送特制的URL,如果用户已经登录的话,则点击该链接就会被立即重新定向到钓鱼网站;如果用户未登录,则点击后会显示登录页面,然后在成功认证后将用户重新定向到钓鱼网站。 Microsoft Outlook Web...
Apache Range Header Denial Of Service
No description provided by source. / This is a reverse engineered version of the exploit for CVE-2011-3192 made by ev1lut10n http://jayakonstruksi.com/backupintsec/rapache.tgz. Copyright 2011 Ramon de C Valle [email protected] This is a reverse engineered version of the exploit by ev1lut10n that...
Apple Mac OS X Server Wiki服务器目录遍历漏洞
BUGTRAQ ID: 28278 CVECAN ID: CVE-2008-1000 Mac OS X Server也被称为Leopard Server,是苹果发布的集成了多种功能的服务器。 MacOS X Server中默认启用的python Web服务器Wiki Server受目录遍历攻击的影响,远程攻击者可能利用此漏洞控制服务器。 可以编辑wiki内容的用户可以上传文件替换wiki服务器可写入的内容,导致以wiki服务器的权限执行任意代码。以下是/usr/share/wikid/lib/python/applewlt/ContentServer.py文件中有漏洞的代码段:...
新云cms(yxcms)建站系统V1.2.7 shownews.asp SQL注入漏洞
No description provided by source...
PHPizabi 0.848b C1 HFP3 - Database Information Disclosure Vuln
No description provided by source. -------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is...
ProFTPD响应池释放后重用代码执行漏洞
CVE ID: CVE-2011-4130 ProFTPD是免费的Unix和Linux FTP服务器。 ProFTPD在管理响应池的方式上存在代码执行漏洞,远程已验证攻击者可利用此漏洞在远程主机上执行任意代码。 ProFTPD 1.3.3g / 1.3.4 厂商补丁: ProFTPD Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.proftpd.org/...
Cisco Smart Install Remote Code Execution(CVE-2018-0171)
Introduction Application: Cisco IOS, Cisco IOS-XE Vendor: Cisco Bugs: Stack-based buffer overflow CWE-20, CWE-121 Risk: Critical; AV:N/AC:L/Au:N/C:C/I:C/A:C 10.0 A stack-based buffer overflow vulnerability was found in Smart Install Client code. This vulnerability enables an attacker to remotely...
PHPizabi 0.848b C1 HFP1 Remote File Upload Vulnerability
No description provided by source. Powered by PHPizabi v0.848b C1 HFP1 remote file upload author: ZoRLu home: www.yildirimordulari.org contact: [email protected] dork: "Powered by PHPizabi v0.848b C1 HFP1" exploit: http://localhost/izabi/system/cache/pictures/idshell.php -first register web si...
Apache HTTP Server 'LD_LIBRARY_PATH'不安全库加载任意代码执行漏洞
BUGTRAQ ID: 53046 CVECAN ID: CVE-2012-0883 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行,由于其多平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server 2.4.2之前版本内的envvars 即envvars-std在LDLIBRARYPATH内放置了零长度的目录名称,通过在执行apachectl时在前工作目录内木马DSO,可允许本地用户获取权限。 0 Apache 2.2.x 厂商补丁: Apache Group...
Wordpress < 4.7.1 - Username Enumeration (CVE-2017-5487)
Author: p0wd3r know Chong Yu 404 security lab Date: 2017-03-05 0x00 vulnerability overview Vulnerability description Recently exploit-db is published on a Wordpress 4.7.1 username enumeration vulnerabilities: , in fact, the vulnerability to 1-month 14, has been posted on the Internet, and given t...
ClanSphere 2011.3 (cs_lang cookie parameter) Local File Inclusion
No description provided by source. Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Include Vulnerability Google Dork: Copyright 2012 Seitentitel. All rights reserved. || inurl:index.php?mod=clansphere Date: 10/22/2012 Author: Marco Tulio blkhtc0rp Vendor Homepage:...
Iwebshop最新版注入又一枚
简要描述: Iwebshop最新版注入又一枚 详细说明: 看到wooyun上有人提了几个iweshop(2014-11-18更新)的漏洞( WooYun: iWebShop开源电子商务系统SQL注入漏洞 ),去官网看了看,在2014-12-16 已更新到了 iwebshop2.9.14121000,下下来研究研究,希望不要重复。 注入一枚:POST /index.php?controller=seller&action=goodslist这个注入藏的相对比较深,在HTML文件中。POST参数中的search作为一个数组传入,search的KEY and VALUE...
Xoops 2.5.4 - Blind SQL Injection
No description provided by source. ------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: Powered by XOOPS 2.5.4 Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom...
deV!Lz Clanportal [DZCP] <= 1.3.6 Arbitrary File Upload Vulnerability
No description provided by source. S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code and execute it,...
OpenSSH privilege escalation Vulnerability, CVE-2016-10010)
No description provided by source. Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 This issue affects OpenSSH if privilege separation is disabled config option UsePrivilegeSeparation=no. While privilege separation is enabled by default, it is documented as a hardening optio...
Wordpress Plugin WP-Cal 0.3 editevent.php SQL Injection Vulnerability
No description provided by source. -------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------------------------------------------------------------- Author : Houssamix From H-T Team Script : Wordpress Plugin WP-Cal Download :...
XMB <= 1.9.6 (u2uid) Remote SQL Injection Exploit (mq=off)
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "XMB = 1.9.6 'u2uid' SQL injection / admin credentials disclosure\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork: "Powered by XMB"\n\n"; / works with magicquotes=off...
Apache HTTP Server畸形Range选项处理远程拒绝服务漏洞
BUGTRAQ ID: 49303 CVE ID: CVE-2011-3192 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器,可以在大多数电脑操作系统中运行,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server在处理Range选项生成回应时存在漏洞,远程攻击者可能利用此漏洞通过发送恶意请求导致服务器失去响应,导致拒绝服务。 此漏洞源于Apache HTTP...
Microsoft IIS FTP服务远程命令注入漏洞(MS12-073)
BUGTRAQ ID: 56440 CVE ID: CVE-2012-2532 Internet Information Services(IIS,互联网信息服务)是由微软公司提供的基于运行Microsoft Windows的互联网基本服务。 Microsoft IIS FTP服务在与加密通讯渠道协商时,存在信息泄露漏洞。通过某些FTP命令可泄露某些信息。 0 Microsoft IIS 7.x 临时解决方法: 如果已经启用了IIS的"Operational"日志,则在分配给应用池自定义账户之前,请禁用...
Watchguard Fireware XTM OpenSSL TLS心跳信息泄漏漏洞
CVE ID:CVE-2014-0160 WatchGuard Fireware XTM是一款防火墙设备。 WatchGuard Fireware XTM所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 WatchGuard Fireware XTM 11.x WatchGuard Fireware XTM 11.8.3 Update 1版本已修复该漏洞,建议用户下载使用: http://watchguardsecuritycenter.com...
MongoDB 2.2.3 nativeHelper.apply - Remote Code Execution
No description provided by source. Title: MongoDB nativeHelper.apply Remote Code Execution Author: agixid http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/ Software Link: http://fastdl.mongodb.org/linux/mongodb-linux-i686-2.2.3.tgz Version: 2.2.3 The following PoC exploits the nativeHelpe...
Linux kernel 2.6.22 < 3.9 elevation of privilege vulnerability (Dirty COW)
Summary A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. All the information we have so far is included in this page. The bug has existed since around 2.6.22 released in 2007 and was fixed on Oct...
ISC BIND 9 DNS RDATA处理远程拒绝服务漏洞
Bugtraq ID:61479 CVE ID:CVE-2013-4854 ISC BIND是一款DNS协议的实现 ISC BIND在解析DNS查询中的RDATA数据时存在错误,允许远程攻击者利用漏洞提交包含畸形RDATA数据的特殊查询可触发REQUIRE断言,使服务程序崩溃。此漏洞已经在网络上积极利用,权威和递归服务器都受此漏洞影响 0 ISC BIND 9.8.0 - 9.8.5-P1 ISC BIND 9.9.0 - 9.9.3-P1 厂商解决方案 ISC BIND 9.8.5-P2,9.9.3-P2和9.9.3-S1-P1已经修复此漏洞,建议用户下载更新:...
Dnsmasq DoS Vulnerability(CVE-2017-14496)
No description provided by source. !/usr/bin/python Copyright 2017 Google Inc Licensed under the Apache License, Version 2.0 the "License"; you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless...
Reading privileged memory with a side-channel (Meltdown & Spectre)
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to at worst arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. Variants of this issue are known to affect many mode...
用友CRM注入漏洞(无需登录通杀所有版本)
简要描述: 用友某系统注入漏洞,无需登录,通杀所有版本 详细说明: 用友TurboCRM存在通用sql注入。 http://crm.varsal.com.cn:8081/login/login.php 如下图找到找回密码页 访问 http://crm.varsal.com.cn:8081/login/changepswd.php?orgcode=1&loginname=system 输入信息抓包 POST /login/changepswd.php?orgcode=1&loginname=system HTTP/1.1 Host: crm.varsal.com.cn:8081...
OpenSSH 'schnorr.c'远程内存破坏漏洞
BUGTRAQ ID: 65230 CVECAN ID: CVE-2014-1692 OpenSSH是SSH协议的开源实现。 OpenSSH 6.4版本及之前版本,如果Makefile.inc修改为启用J-PAKE协议,schnorr.c内的hashbuffer函数就不会初始化某些数据结构,这可使远程攻击者造成拒绝服务(内存破坏)。 0 OpenSSH OpenSSH 6.4 厂商补丁: OpenSSH ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.openssh.com/...
ISC BIND 9 DNS资源记录处理远程拒绝服务漏洞
BUGTRAQ ID: 53772 CVE ID: CVE-2012-1667 BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成。 ISC BIND的下列版本9.0.x - 9.6.x, 9.4-ESV-9.4-ESV-R5-P1, 9.6-ESV-9.6-ESV-R7, 9.7.0-9.7.6, 9.8.0-9.8.3, 9.9.0-9.9.1在处理DNS资源记录时存在错误,可被利用通过包含零长度rdata的记录造成递归服务器崩溃或泄漏某些内存到客户端,导致敏感信息泄漏或拒绝服务。 0 ISC BIND 9.9.x ISC BIND...
IndexScript <= 2.8 (show_cat.php cat_id) SQL Injection Vulnerability
No description provided by source. Site: http://indexscript.com Found By: xssvgamer Google Dork: allintext: This site is powered by IndexScript exploit: http://www.example.com/showcat.php?catid=-1 UNION ALL SELECT login,password FROM dirlogin / Blind SQL injection in indexscript.. Vul Code: $sql ...
GNUboard /bbs/poll_update.php SQL注入漏洞
Bugtraq ID:66228 CVE ID:CVE-2014-2339 Gnuboard是韩国Sir公司开发一套PHP+Mysql可扩展论坛程序。 Gnuboard存在未明SQL注入漏洞,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 GNUboard 目前没有详细解决方案提供: http://sir.co.kr/main/gnuboard4/...
MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞(CVE-2016-6663)
Release date: 01.11.2016 - Discovered by: Dawid Golunski I. VULNERABILITY ------------------------- MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition MariaDB 5.5.52 10.1.18 10.0.28 MySQL = 5.5.51 = 5.6.32 = 5.7.14 Percona Server 5.5.51-38.2 5.6.32-78-1 5.7.14-8 Percona XtraDB...
Huawei HG532 Router Remote Code Execution(CVE-2017-17215)
A Zero-Day vulnerability CVE-2017-17215 in the Huawei home router HG532 has been discovered by Check Point Researchers, and hundreds of thousands of attempts to exploit it have already been found in the wild. The delivered payload has been identified as OKIRU/SATORI, an updated variant of Mirai...
OpenLD <= 1.2.2 (index.php id) Remote SQL Injection Vulnerability
No description provided by source. --==+================================================================================+==-- --==+ OpenLD = 1.2.2 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody CypherXero...
蓝科cms(lankecms)V1.9 eShowNews.asp SQL注入漏洞
简介已经说明了注入位置了。然后谷歌一下。搜索了有关案例: http://www.ampixel.com/eshownews.asp?id=61 http://ampixel.com/eshownews.asp?id=62 http://www.up-real.com/eshownews.asp?id=106 http://www.trendtronic.com.cn/eshownews.asp?id=65 http://www.jeffhouse.net/eshownews.asp?id=103 http://www.sdrunzhou.com/showcases.asp?id=60...
Microsoft IIS重复参数请求拒绝服务漏洞(MS10-065)
BUGTRAQ ID: 43140 CVE ID: CVE-2010-1899 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 IIS中的脚本处理代码在处理重复的参数请求时存在栈溢出漏洞,远程攻击者可以通过对IIS所承载网站的ASP页面发送特制URI请求来利用这个漏洞,导致服务崩溃。 Microsoft IIS 7.5 Microsoft IIS 7.0 Microsoft IIS 6.0 Microsoft IIS 5.1 临时解决方法: 在IIS服务器上临时禁用ASP。 厂商补丁:...
glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit
No description provided by source. ?php / glFusion = 1.1.2 COMapplyFilter/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: Page created in seconds by glFusion +RSS Found anoth...
PageAdmin CMS e\master\build_static.aspx SQL注入
No description provided by source...
MySQL vulnerabilities
No description provided by source. =========================================================== Ubuntu Security Notice USN-897-1 February 10, 2010 mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030, CVE-2009-4484...
泛微 E-mobile 登录处 loginid 参数注入漏洞
No description provided by source...
E-topbiz ViralDX 2.07 (adclick.php bannerid) SQL Injection Vulnerability
No description provided by source. Viral DX 1 SQL Injection Vulnerability ======================================================== Author: Hussin X Home : www.tryag.cc/cc email: darkangel...