56796 matches found
Webmin 0.x RPC Function Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5591/info In cases where users of Webmin do not have root access on the underlying host, it may be possible to mount privilege escalation attacks on the underlying host. This normally occurs in configurations where multip...
Joomla Component com_datsogallery 1.6 - Blind SQL Injection Exploit
No description provided by source. ? //Joomla Component comdatsogallery 1.6 Blind SQL Injection Exploit by +toxa+ //Greets: all members of antichat.ru & cih.ms //options settimelimit0; ignoreuserabort1; $normua='Mozilla/5.0 Windows; U; Windows NT 6.0; ru; rv:1.8.1.14 Gecko/20080404...
vtiger CRM 4.2 - SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to multiple SQL injection, HT...
Kerio Firewall 2.1.4 Authentication Packet Overflow
No description provided by source. $Id: kerioauth.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
MongoDB 远程代码注入漏洞
BUGTRAQ ID: 58695 CVECAN ID: CVE-2013-1892 MongoDB是用C++编写的开源文档数据库。 MongoDB 在服务器端包含了JavaScript,攻击者可利用此漏洞在受影响应用中注入和执行任意代码。 0 MongoDB 厂商补丁: MongoDB ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.mongodb.org/...
Linux Kernel KVM 拒绝服务漏洞(CVE-2013-1798)
BUGTRAQ ID: 58604 CVECAN ID: CVE-2013-1798 Linux Kernel是Linux操作系统的内核。 如果客户端指定了带有无效值的IOAPICREGSELECT,然后读取IOAPICREGWINDOW,KVM就不会正确验证该请求。ioapicreadindirect包含了ASSERTredirindex IOAPICNUMPINS,但ASSERT在非调试build中不起作用。在最近版本中,读取无效内存会造成内核崩溃,在较早版本内,会允许客户端读取较大范围的主机内存。攻击者可利用此漏洞触发内核崩溃,拒绝服务合法用户。 0 Linux kernel 3....
动网论坛 (DVBBS) PHP 2.0++ dispbbs.php sql注入漏洞
动网(DVBBS)论坛系统是一个采用PHP和MYSQL的数据架构的高性能网站论坛解决方案。 在文件dispbbs.php中: if $boardsettings55 != 0 && $TopicInfo'locktopic' == 0 && dateDiff'd',$TopicInfo'dateandtime',TIMENOW $boardsettings55 //第85行 $TopicInfo'locktopic' = 1; $setStmt = ',locktopic=1'; $db-query"UPDATE $dvtopic SET hits=CASE WHEN hits IS...
MySQL畸形报文处理远程拒绝服务漏洞
BUGTRAQ ID: 40100 CVE ID: CVE-2010-1849 MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 远程攻击者可以通过向MySQL数据库发送超长报文导致服务器陷入锁定状态。 MySQL 5.1/5.0 厂商补丁: Oracle ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://bugs.mysql.com/bug.php?id=50974...
Microsoft Windows SMTP服务DNS响应字段验证DNS欺骗漏洞(MS10-024)
BUGTRAQ ID: 39910 CVE ID: CVE-2010-1690 Microsoft Windows是微软发布的非常流行的操作系统。 Windows系统中的SMTP服务没有检查从网络所接收到DNS响应的ID字段值是否实际匹配之前所发送DNS查询报文的ID字段值,恶意服务器可以通过返回伪造的查询响应执行中间人等网络欺骗攻击。 微软通过MS10-024公告中所提供的补丁修复了这个漏洞,但并没有在公告中披露这个漏洞。以下代码段显示的是补丁对 CAsyncDns::ProcessReadIO所添加的验证代码: /----- 4FB5517F 4FB5517F loc4FB5517F...
OpenSSH CBC模式信息泄露漏洞
BUGTRAQ ID: 32319 OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。 如果配置为CBC模式的话,OpenSSH没有正确地处理分组密码算法加密的SSH会话中所出现的错误,导致可能泄露密文中任意块最多32位纯文本。在以标准配置使用OpenSSH时,攻击者恢复32位纯文本的成功概率为2^-18,此外另一种攻击变种恢复14位纯文本的成功概率为2^-14。 OpenSSH OpenSSH 4.7p1 SSH Communications Security Tectia Server 6.x SSH...
Integramod Portal Phpbb_Root_Path远程文件包含漏洞
Integramod Portal是一款基于PHP的WEB应用程序。 Integramod Portal不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'functionsportal.php'脚本对用户提交的'PhpbbRootPath'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 IntegraMOD IntegraMOD Portal 2 http://www.integramod.com/...
IdeaBox <= 1.1 (gorumDir) Remote File Include Vulnerability
No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ IdeaBox = 1.1 gorumDir Remote File Include Vulnerability $$ script site: http://ideabox.phpoutsourcing.com/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by:...
V2视频会议系统 /Conf/jsp/systembulletin/bulletinAction.do sysId参数SQL注入漏洞
No description provided by source...
大米CMS存在0元购物逻辑漏洞(demo演示)
简要描述: 大米CMS存在0元购物逻辑漏洞,当然要注册会员咯。但是可以0元购物 详细说明: 漏洞文件:Web/Lib/Action/MemberAction.class.php //413行 if!isnumeric$POST'id'$i || !isnumeric$POST'price'$i || !isnumeric$POST'qty'$icontinue; $data'gid' = $POST'id'$i; //这里把传入的商品id传给了 $data'gid' $data'uid' = $SESSION'damiuid'; $data'price' =...
jetty 6.x - 7.x xss, information disclosure, injection
No description provided by source. Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...
Apple iPhone Safari (decodeURIComponent) Remote Crash
No description provided by source. ?php / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...
Gemitel 3.50 Affich.PHP Remote File Include Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10156/info A vulnerability has been identified in the handling of input by Gemitel. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the vulnerable software. It is possib...
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2)
No description provided by source. source: http://www.securityfocus.com/bid/754/info A specially crafted packet can cause a denial of service on an NT 4.0 host, rendering local administration and network communication nearly unusable. This attack will crash the services executable, which in turn,...
OpenVPN OpenSSL TLS心跳信息泄漏漏洞
CVE ID:CVE-2014-0160 OpenVPN是一款开源VPN实现。 OpenVPN所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 OpenVPN 2.x OpenVPN 2.3.3-I002版本已修复该漏洞,建议用户下载使用: https://openvpn.net/...
Apache Tomcat不完整修复信息泄漏漏洞
Bugtraq ID:65773 CVE ID:CVE-2013-4286 Apache Tomcat是一款开放源码的JSP应用服务器程序。 在使用块编码时如果请求包含多个或者单个content-length头时,Apache Tomcat应用没有正确把该请求拒绝为非法请求,当多个组件如防火墙,缓存,代理和Tomcat处理该请求序列时,会做出不同的动作,而使攻击者可进行WEB缓存"毒药"攻击,执行跨站脚本攻击,或获取其他用户请求中的敏感信息。此漏洞是由于不完整修复CVE-2005-2090造成的。 0 Apache Tomcat 8.0.0-RC1 Apache Tomcat 7.0.0...
Perl格式串处理整数溢出漏洞
BUGTRAQ ID: 15629 CVECAN ID: CVE-2005-3962,CVE-2005-3912 Perl是一种免费且功能强大的编程语言。 由于Perl没有正确的处理格式化打印函数中的格式指示符导致了格式串溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。 参数格式串(%I$n)中的INTMAX值可能导致Perlsvvcatpvfn函数中的efix出现整数溢出。攻击者可以利用这个漏洞远程执行任意指令或导致拒绝服务。 Larry Wall Perl http://www.debian.org/security/2005/dsa-943 补丁下载: Source...
feifeicms前台任意文件读取
...
Tugux CMS (nid) BLIND SQL Injection Vulnerability
No description provided by source. =================================================================== Tugux CMS nid BLIND sql injection vulnerability =================================================================== Software: Tugux CMS Vendor: www.tugux.com Vuln Type: BLind SQL Injection...
AV Arcade Search Field XSS/HTML Injection
No description provided by source. Exploit Title: AV Arcade Search Field XSS/HTML Injection Date: 6/5/2010 Author: Vadim Toptunov, http://www.twitter.com/pentesting Software Link: http://www.avscripts.net/avarcade/ Version: 5.1.4 Free and Pro latest and prior Tested on: Any NIX CVE : N/a Code :...
globalSCAPE CuteZIP Stack Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex/zip' cla...
Kide Shoutbox 0.4.6 - XSS & AXFR
No description provided by source. andresg888 Web: : www.ilegalintrusion.nethttp://www.ilegalintrusion.net & www.bl4ck-p0rtal.orghttp://www.bl4ck-p0rtal.org Exploit : Go to the shoutbox and type: font color=redred text/font or marqueehi/marquee or 3xplo!t :...
WordPress Ajax Pagination插件'admin-ajax.php'本地文件包含漏洞
Bugtraq ID:66526 WordPress是一款内容管理系统。 由于'admin-ajax.php'脚本没有正确过滤用户提交的输入,攻击者可以利用漏洞包含本地文件,以WEB权限查看系统文件。 0 WordPress Ajax Pagination Plugin 1.1 目前没有详细解决方案: http://wordpress.org/plugins/ajax-pagination/...
Joomla Component rapidrecipe <= 1.6.5 SQL Injection Vulnerability
No description provided by source. joomla SQL Injectioncomrapidrecipe AUTHOR : S@BUN HOME : http://www.hackturkiye.com MA陌L : [email protected] DORK 1 : allinurl: "comrapidrecipe"userid DORK 2 : allinurl: "comrapidrecipe" categoryid EXPLOIT : after userid or catogryid add exploit...
MailBee Objects 5.5 (MailBee.dll) Remote Insecure Method Exploit
No description provided by source. body bgcolor="000000" div align="center" precodespan style="font: 10pt verdana;"font color="00FF00"=======================================================================/font /divcenter font face="Verdana" color="00FF00"bMailBee Objects v5.5 MailBee.dll Insecur...
Squirrelcart <= 1.x.x (cart.php) Remote File Inclusion Vulnerability
No description provided by source. Title : Squirrelcart = 1.x.x Remote File Inclusion URL : http://squirrelcart.com/ Google Dork : inurl:"/squirrelcart/" -squirrelcart.com Author : ShaiMagal Vulnerable file : popupwindow.php - config.php, line 13 - $siteisproot = "blablabla"; Exploit :...
PHP-Nuke Module htmltonuke 2.0alpha (htmltonuke.php) RFI Vuln
No description provided by source. htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork : "/nuke/htmltonuke.php" - "htmltonuke.php" Found by &...
Adobe Acrobat Reader DC ANFancyAlertImpl Remote Code Execution Vulnerability(CVE-2018-4947)
Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...
Joomla 3.4.4 - 3.6.3 not authorized to create user vulnerability
Author: p0wd3r know Chong Yu 404 security lab Date: 2016-10-26 0x00 vulnerability overview 1. Vulnerability description Joomla is a free open source content management system, recently researchers found in its 3. 4. 4 to 3. 6. 3 version there are two vulnerabilities: CVE-2016-8869, the...
CmsEasy 5.6 /celive/live/header.php SQL注入漏洞
整个漏洞详情在书安杂志中进行了详细的说明。链接:https://www.secbook.net在parseObjXml 凼数中$rootTag 就是传入的 xml 中的第一个标签,返里判断是 xjxobj 还是 xjxquery当$rootTag 为 xjxquery 时将传入的参数内容通过 parsestr 处理 parsestr$sQuery, $aArray;然后当 getmagicquotesgpc == 1 == on的时候候,将传入的参数值反转义$newArray$sKey = stripslashes$sValue;进入postdata函数。function...
Adobe Acrobat ActiveX Control 1.3.188 ActiveX Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/666/info There is a buffer overflow in the 1.3.188 version of the Adobe Acrobat ActiveX control pdf.ocx that ships with Acrobat Viewer 4.0. This ActiveX control is marked 'Safe for Scripting' within Internet Explorer 4.X...
Drummond Miles A1Stats 1.0 a1disp4.cgi Traversal Arbitrary File Read
No description provided by source. source: http://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as querystrings to the A1Stats script. An...
Websense Email Security xss
No description provided by source. Security Advisory NSOADV-2009-003 Title: Websense Email Security Cross Site Scripting Severity: Low Advisory ID: NSOADV-2009-003 Found Date: 28.09.2009 Date Reported: 01.10.2009 Release Date: 20.10.2009 Author: Nikolas Sotiriu Mail: nso-research at sotiriu.de UR...
KarjaSoft Sami FTP Server多个命令远程缓冲区溢出漏洞
KarjaSoft Sami FTP Server是一款FTP服务程序。 KarjaSoft Sami FTP Server处理多个命令存在缓冲区溢出问题,远程攻击者可以利用漏洞以应用程序执行任意指令。 发送超长UER/PASS请求给服务器,可触发缓冲区溢出,精心构建提交数据可能以进程权限执行任意指令。 KarjaSoft Sami FTP Server 2.0.2 目前没有解决方案提供: http://www.karja.com/samiftp/main.php / KarjaSoft Sami FTP Server 2.0.2 USER/PASS buffer overflow &n...
FineCMS v5.2.0 SQL注入
在/finecms/dayrui/controllers/Api.php第45行: template-cron = 0; $GET'page' = max1, int$this-input-get'page'; $params = drstring2arrayurldecode$this-input-get'params'; $params'get' = @jsondecodeurldecode$this-input-get'get', TRUE; $this-template-assign$params; $name = strreplacearray'\', '/', '..',...
泛微OA系统第三方组件jqueryFileTree不安全配置导致目录遍历
可遍历至操作系统任意目录,只能查看文件名及大小等信息,但是遍历整个oa的目录,收获还是很大的,比如log文件、文本文件等都会对渗透有很大的帮助。有些log文件会包含数据库操作记录,比如更改oa登录密码等,如此便可不费吹灰之力登录oa。 文件:/js/jquery/plugins/jqueryFileTree/connectors/jqueryFileTree.jsp jqueryFileTree在很多通用软件中用的还比较多,该文件接受dir参数来浏览指定的目录,部分代码: / jQuery File Tree JSP Connector Version 1.0 Copyright 200...
ProductCart 1.x/2.x Custva.asp redirectUrl Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/9669/info EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data suc...
CA ARCserve D2D r15 Web Service Servlet Code Execution
No description provided by source. Computer Associates ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc product homepage: https://support.ca.com/phpdocs/0/8363/support/arcserved2dsupport.html vulnerability: The Tomcat Server, which listens for...
CoolPlayer Portable 2.19.2 - Buffer Overflow
No description provided by source. CoolPlayer+ Portable Buffer Overflow Version: 2.19.2 Author: Securityxxxpert Date Submitted: May 16, 2011 Download Link: http://download.cnet.com/CoolPlayer-Portable/3000-21394-75448619.html Tested on: Windows Xp Sp3 print...
FathFTP 1.8 (EnumFiles Method) ActiveX Buffer Overflow (SEH)
No description provided by source. html object classid='clsid:62A989CE-D39A-11D5-86F0-B9C370762176' id='target'/object script language='vbscript' ' Exploit Title: FathFTP 1.8 SEH EnumFiles ActiveX Buffer Overflow ' Author: MadjiX ' Software Link: http://www.fathsoft.com/fathftp.html ' Version 1.7...
PHP-CGI Argument Injection Remote Code Execution
No description provided by source. !/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution This exploit abuses an arguement injection in the PHP-CGI wrapper to execute code as the PHP user/webserver user. Feel free to give me abuse abo...
Apache Tomcat RemoteFilterValve绕过安全限制漏洞
BUGTRAQ ID: 31698br / CVECAN ID: CVE-2008-3271br / br / Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。br / br / Apache Tomcat在检查IP地址时存在同步问题,在极少的环境下,这可能允许非允许的IP地址绕过RemoteFilterValve过滤器值并访问受保护的内容。仅在使用调试器在两个线程之间强制特定的处理序列的情况下才可以利用这个漏洞。br / Apache Tomcat 5.5.0 Apache Tomcat 4.1.0 - 4.1.31 Apache ------...
Linux Kernel BER Decoding Remote Buffer Overflow Vulnerability
CVE-2008-1673 The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue wil...
Apache mod_proxy_ftp模块通配符字符跨站脚本漏洞
BUGTRAQ ID: 30560 CVECAN ID: CVE-2008-2939 Apache HTTP Server是一款流行的Web服务器。 如果将Apache HTTP Server配置了代理支持(配置文件中ProxyRequests On)且启用了modproxyftp模块以提供HTTP上FTP支持的话,则类似于以下的包含有通配符字符(“”、“'”、“”等)的请求: GET ftp://host/foo HTTP/1.0 就会在modproxyftp所返回的响应中导致跨站脚本攻击: ... h2Directory of a href="/"ftp://host/a/foo/h...
Microsoft Windows递归DNS欺骗漏洞(MS07-062)
BUGTRAQ ID: 25919 CVECAN ID: CVE-2007-3898 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的DNS服务器实现上存在漏洞,远程攻击者可能利用此漏洞导致DNS欺骗。 在向上游DNS服务器发送请求时Windows的DNS服务(dns.exe)使用了可预测的事件,这允许攻击者执行DNS缓存破坏攻击。当DNS服务器执行递归查询的时候,攻击者就可以通过特制的DNS响应导致欺骗或者从合法位置重定向Internet流量。 Microsoft Windows Server 2003 x64 Edition Microsoft...
ASPCMS最新版V2.5.6权限提升漏洞
简要描述: ASPCMS最新版V2.5.6存在权限提升漏洞,注册普通用户的时候可以直接注册成超级管理员。 详细说明: ASPCMS最新版V2.5.6下载地址: http://www.aspcms.com/aspcms-2179839-1-1.html 该版本存在insert注入,在注册用户的时候没有判断性别参数Gender是否为数字,插入数据库的时候没有用引号引起来,导致过滤函数不起作用。利用Access 16%截断技巧注释掉后面的语句,可以直接注册GroupID为1的超级管理员组用户。 /member/reg.asp Sub addUser 'dim...