56796 matches found
iG Shop 1.4 (page.php) Remote SQL Injection Vulnerability
No description provided by source. Discovered by: gsy & kerem125 Website: www.kerem125.com Script Download: http://www.igeneric.co.uk/ig-shopping-cart.html exploit:/shop/page.php?pagetype=catalognavigate&typeid=-99%20union//select//password//from//users/...
Photofiltre Studio v8.1.1 (.TIF File) Local Buffer Overflow Exploit
No description provided by source. / Photofiltre Studio v8.1.1 .TIF File Buffer Overflow &nb...
Joomla! 3.7.5 LDAP injection vulnerability(CVE-2017-14596)
Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection With over 84 million downloads, Joomla! is one of the most popular content management systems in the World Wide Web. It powers about 3.3% of all websites’ content and articles. Our code analysis solution RIPS detected a previously unknown...
Remote Command Execution in git client (CVE-2017-12426)
Remote Command Execution in git client CVE-2017-12426 An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...
CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux
======================================================================== Contents ======================================================================== Analysis Exploitation Example Acknowledgments ======================================================================== Analysis...
Discuz X2.5 /source/class/class_image.php 命令执行漏洞
/source/module/aforum/forumimage.php $nocache = !empty$GET'nocache' ? : ; $daid = intval$GET'aid'; $type = !empty$GET'type' ? $GET'type' : 'fixwr'; list$w, $h = explode'x', $GET'size'; $dw = intval$w; $dh = intval$h; $thumbfile = 'image/'.$daid.''.$dw.''.$dh.'.jpg'; $parse =...
FishCart 3.1 upstnt.php cartid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injection issues coul...
linux/x86 if(read(fd,buf,512)<=2) _exit(1) else buf(); 29 bytes
No description provided by source. / h3ll-core.c by Charles Stevenson [email protected] I made this as a chunk you can paste in to make modular remote exploits. I use it as a first stage payload when I desire to follow up with a real large payload of goodness. This actually is a bit larger than...
Apache Tomcat 跨站请求伪造漏洞
BUGTRAQ ID: 56814 CVECAN ID: CVE-2012-4431 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Tomcat v7.0.31、6.0.35之前版本在实现上存在跨站请求伪造漏洞,远程攻击者可利用此漏洞当前用户权限执行某些操作,访问受影响应用程序。 0 Apache Group Tomcat 7.0.0 - 7.0.29 Apache Group Tomcat 6.0.0 - 6.0.35 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载更高版本。...
Microsoft IIS 7.5 remote heap buffer overflow
No description provided by source. |=-----------------------------------------------------------------------=| |=-------------= The Art of Exploitation =-----------------=| |=-----------------------------------------------------------------------=| |=-------------------= Exploiting MS11-004...
PHP-Nuke多个SQL注入漏洞
BUGTRAQ ID: 39922 PHP-Nuke是一个广为流行的网站创建和管理工具,可使用很多数据库软件作为后端,如MySQL、PostgreSQL、mSQL、 Interbase、Sybase等。 PHP-Nuke没有正确地过滤提交给/modules/Journal/savenew.php页面的mood变量,以及提交给/modules /YourAccount/admin/index.php页面的chnguser变量。远程攻击者可以通过提交恶意查询请求执行SQL注入攻击,完全入侵数据库系统。 PHP-Nuke PHP-Nuke 8.1.35 PHP-Nuke PHP-Nuke 8....
WordPress Plugin KBoard 2.7 board.php parameters uid SQL injection vulnerability
No description provided by source...
BlueCMS v1.6 sp1 /admin/tpl_manage.php 本地文件包含漏洞
No description provided by source...
Shop7z /orderpro_del.asp id参数SQL注入漏洞
0x01 框架概述 相关厂商: shop7z 公开时间: 2015-04-23 官方主页: http://www.shop7z.com/ Shop7z网上购物系统是国内优秀的网上开店软件,模板新颖独特,功能强大,可以快速建立自己的网上商城。 0x02 漏洞细节 漏洞文件:orderprodel.asp 问题参数:id TEST:http://www.125309.com/orderprodel.asp?id= sqlmap证明: Place: GET Parameter: id Type: boolean-based blind Title: Microsoft Access...
EduSoho 最新版两处泄露accessKey和secretKey
简要描述: 可在官网重新绑定,发送云短信,下载安装应用。 详细说明: 出现问题的地方在安装文件/start-install.php false, ; $twig-addGlobal'edushoversion', \Topxia\System::VERSION; $step =intvalempty$GET'step' ? 0 : $GET'step'; $functionName = 'installstep' . $step; $functionName; use Topxia\Service\Common\ServiceKernel; use...
JettyWebServer 9.2.3-9.2.8 shared-buffer 信息泄露漏洞
No description provided by source...
shopNC O2O系统任意文件删除漏洞
简要描述: 齐博齐博快确认,确认了我再送个0day shopNC的任意文件删除挺多的,我拿O2O系统来说明问题吧。 详细说明: /circle/control/cut.php 46行 / 图片裁剪 / public function piccutOp import'function.thumb'; if chksubmit $thumbwidth = $POST'x'; $x1 = $POST"x1"; $y1 = $POST"y1"; $x2 = $POST"x2"; $y2 = $POST"y2"; $w = $POST"w"; $h = $POST"h"; $scale =...
vuBB <= 0.2 (Cookie) Final Remote SQL Injection Exploit (mq=off)
No description provided by source. !/usr/bin/perl print q ---------------------------------------------------------------------- vuBB =0.2 Final Remote SQL Injection cookies Exploit exploit discovered and coded by KingOfSKa https://contropotere.netsons.org...
Early Impact ProductCart 2.6/2.7 viewPrd.asp idcategory Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13881/info ProductCart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
PostgreSQL安全限制绕过漏洞
BUGTRAQ ID: 65727 CVECAN ID: CVE-2014-0062 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20之前版本的CREATE INDEX中存在竞争条件,经过身份验证的数据库用户可利用此漏洞提升自己的权限。 0 PostgreSQL PostgreSQL 8.x 厂商补丁: PostgreSQL ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.postgresql....
YXcmsApp某处xss导致getshell
简要描述: xss到后台导致getshell一条龙服务不过略鸡肋。 详细说明: YXCMS是一款面向企业的内容管理系统,采用三级缓存,MVC架构以BSD协议开源。 注册了用户以后来到用户管理页面,点击信息发布 - 增加咨询,发现是一个富文本编辑器,kindeditor。不管是什么编辑器,既然给了一个用户这么大的权限,这种情况下很容易出现xss。 随便输入点什么东西,抓包,修改content字段内容,写你的xss代码,什么都行。 好了。管理员在后台就能看到我提交的文章: 然后编辑的话就能触发xss:...
startbbs开源论坛csrf可导致后台添加管理员+修改任意用户密码
简要描述: startbbs某处设计不当导致可csrf添加管理员 详细说明: 经过对startbbs源代码白盒分析,发现了关键部分(添加管理员+修改任意用户密码)的token设计存在缺陷。 为了防止是token随机生成,我还特地去官网再下了几次源码回来。得到的结果都一样; token值如下: token值遍布以下文件当中: 最新下载的源码包: token值对比,依然是一样的: 估计是开发人员偷懒了吧。 既然知道是这么样的结果,对源码分析就不难构造添加管理员的代码了: 访问poc之前,我的用户组是(2)普通会员...
Nginx proxy_pass模块远程安全漏洞(CVE-2013-2070)
BUGTRAQ ID: 59824 CVECAN ID: CVE-2013-2070 Nginx是HTTP及反向代理服务器,同时也用作邮件代理服务器,由Igor Sysoev编写。 Nginx 1.1.4 proxypass模块存在远程缓冲区溢出安全漏洞。如果HTTP后端返回特制的响应,proxypass模块会将工作进程内存返回给客户端。攻击者可利用此漏洞造成拒绝服务,也可以获取敏感信息。 0 Igor Sysoev nginx 1.1.19 Igor Sysoev nginx 1.1.17 Igor Sysoev nginx 1.0.9 Igor Sysoev nginx 1.0.8...
Xoops 2.5.4 Blind SQL Injection Vulnerability
No description provided by source. Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian Squeeze Note: In order to be successful an attacker must have permission to access the...
Apache Tomcat XML解析器非授权文件读写漏洞
CVECAN ID: CVE-2009-0783 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat允许Web应用替换其他Web应用所使用的XML解析器。如果特制的应用早于目标应用加载的话,本地用户就可以读取或修改任意Web应用的web.xml、context.xml或tld文件。 Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group Tomcat 4.1.x 厂商补丁: Apache Group ------------...
Joomla Component com_bookjoomlas 0.1 SQL Injection Vulnerability
No description provided by source. Salvatore "drosophila" Fresta + Application: Joomla Component combookjoomlas + Version: 0.1 + Website: http://www.alikonweb.it + Bugs: A SQL Injection + Exploitation: Remote + Dork: inurl:"index.php?option=combookjoomlas" + Date: 06 Apr 2009 + Discovered by:...
HoMaP-CMS 0.1 (index.php go) Remote SQL Injection Vulnerability
No description provided by source. -------------------------------------------------------------------------------------------------------------------------------- // HoMaP-CMS 0.1 index.php go SQL Injection Vulnerability // Author: SxCx // Download: SourceForge.net // Version affected: 0.1 //...
EasyNews 40tr (SQL/XSS/LFI) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl EasyNews-40tr Multiple Remote Vulnerabilities SQL Injection Exploit/XSS/LFI Discovered by : IRCRASH By Dr.Crash &...
Ruby WEBrick远程目录遍历及信息泄露漏洞
BUGTRAQ ID: 28123 Ruby是一种功能强大的面向对象的脚本语言。 WEBrick是Ruby中内嵌的HTTP服务器程序库。如果程序使用WEBrick::HTTPServer.new方式的:DocumentRoot选项或WEBrick::HTTPServlet::FileHandler方式发布文件的话,就可能没有正确地过滤URL输入,允许攻击者在URL请求中使用“"..%5c..%5c”执行目录遍历攻击,显示任意文件内容。成功攻击要求应用程序所运行的操作系统接受反斜线字符作为路径分隔符,如Windows系统。...
BlackBerry 7270 Phone SIP堆栈格式串漏洞
BlackBerry 7270 Phone是一款IP电话解决方案。 BlackBerry 7270 Phone处理INVITE消息存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 由于存在格式串问题,提交包含恶意数据的SIP INVITE消息,可导致程序不能使用,必须重新启动获得正常功能。当漏洞被利用时,设备生成如下错误: "Uncaught exception: java.lang.IllegalArgumentException" BlackBerry Device Software 4.0.1 .83 BlackBerry 7270 0 可联系供应商获得补丁信息:...
Kerio WebStar本地权限提升漏洞
Kerio WebSTAR是运行在Mac OS X平台上的WEB服务器。 Kerio WebSTAR在不安全的权限安装程序文件,本地攻击者可能利用此提升自己的权限。 在安装Kerio WebSTAR时/Applications中继承了两个setuid二进制程序: kevin-finisterres-computer:/Desktop kf$ find /Applications/Kerio\ WebSTAR -perm -4000 -ls 978790 3016 -rwsrwx--x 1 root admin 1542556 Apr 10 2006 /Applications/Kerio...
Pie Cart Pro (Home_Path) Remote File Include Vulnerability
No description provided by source. ==================================================================== Pie Cart Pro = HomePath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz http://www.doodlebabies.com...
CCBILL CGI Remote Exploit for whereami.cgi (ccbillx.c)
No description provided by source. / ===================================== CCBILL CGI Remote Exploit for /ccbill/whereami.cgi By: Knight420 7/07/03 spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid C COPYRIGHT Blue Ballz , 2003 all...
Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection(CVE-2018-2660) / XSS(CVE-2018-2661)
Vendor description: ------------------- "Oracle is the unchallenged leader in Financial Services, with an integrated, best-in-class, end-to-end solution of intelligent software and powerful hardware designed to meet every financial service need." Source:...
MS14-040 Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (CVE-2014-1767)
No description provided by source. Exploit Title: MS14-040 - AFD.SYS Dangling Pointer Date: 2016-02-05 Exploit Author: Rick Larabee Vendor Homepage: www.microsoft.com Version: Windows 7, 32 bit Tested on: Win7 x32 afd.sys - 6.1.7600.16385 ntdll.dll - 6.1.7600.16385 CVE : CVE-2014-1767 Category:...
Django.views.static.serve url跳转漏洞(CVE-2017-7234)
来源:同程安全应急响应中心 作者:Nearg1e@YSRC 来自 @Phithon 的一个漏洞。 问题出现在:django.views.static.serve函数上。该函数可以用来指定web站点的静态文件目录。如: python urlpatterns = urlr'^admin/', admin.site.urls, urlr'^staticp/?P.$', serve, 'documentroot': os.path.joinsettings.BASEDIR, 'staticpath'...
泛微ecology系统所有版本SQL注入(官网为例)二
简要描述: 详细说明: 注入点:/hrm/resource/HrmResourceContactEdit.jsp?isfromtab=true&id=29&isView=1 注入参数为id 需要普通用户登录。 案例一: 在官网用手机号码登陆后进行测试,登陆后访问:...
Hikvision web 弱口令
No description provided by source...
Ipswitch IMail 5.0.8/6.0/6.1 IMonitor status.cgi DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/914/info IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of...
PHPizabi 0.8 'notepad_body' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/34223/info PHPizabi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Oracle Document Capture empop3.dll Insecure Methods
No description provided by source. Source: http://packetstormsecurity.org/files/view/97868/DSECRG-11-005.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture Versions Affected:...
Newswriter SW <= 1.42 (editfunc.inc.php) File Include Vulnerability
No description provided by source. ============================================================================================== Newswriter SW = 1.42 NWCONFSYSTEMserverpath Remote File Inclusion Vulnerability...
PostgreSQL远程栈缓冲区溢出漏洞
BUGTRAQ ID: 65719 CVECAN ID: CVE-2014-0063 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20之前版本的常数MAXDATELEN对于类型interval的最长值过小,这可使intervalout缓冲区溢出。为避免缓冲区溢出,日期时间函数会拒绝包含了较长时间域名称的有效输入。ecpg库内包含了这些漏洞。经过身份验证的数据库用户可利用此漏洞造成PostgreSQL服务器崩溃或执行任意代码。 0 PostgreSQL...
AspCms 2.2.9 /inc/AspCms_CommonFun.asp 登录绕过漏洞
ASPCMS是国内一款非常流行的CMS 建站系统,其2.2.9版本inc/AspCmsCommonFun.asp文件,在问题函数checkLogin中, line 1152:只检测了从cookie取出的adminName是否为空,只要adminName不为空即可绕过第一个检测逻辑,然后在line 1157又检测了Permissions是否等于all,所以当构造cookie中Permissions的值为all即可绕过第二个检测逻辑,然后程序又在line 1162检测了从cookie中取出的adminrand值是否为空,只要adminrand不为空即可绕过第三个检测逻辑,接着在line...
Oracle MySQL Server 'InnoDB'子组件远程安全漏洞(CVE-2012-0572)
BUGTRAQ ID: 57385 CVECAN ID: CVE-2012-0572 Oracle MySQL Server是一个小型关系型数据库管理系统。 Oracle MySQL Server 5.1.66、5.5.28及更早版本存在远程安全漏洞,此漏洞可通过'MySQL'协议加以利用,'InnoDB'子组件受到影响。通过身份验证的远程攻击者可利用此漏洞影响可用性。 0 Oracle MySQL Server = 5.5.28 Oracle MySQL Server = 5.1.66 厂商补丁: Oracle ------...
WordPress Comment Rating SQL Injection
No description provided by source. Exploit Title: Wordpress comment rating plugin multiple Vulnerabilities Google Dork: 1- inurl:"/wp-content/plugins/comment-rating/" 2- inurl:"/ck-processkarma.php?id=" Date: 2/1/2012 Author: The Evil Thinker Contact : [email protected] Software Link:...
Discuz!NT 3.1.0 多处存在跨站漏洞
北洋贱队(http://bbs.seceye.org)首发 1.在快速搜索区域的“板块”搜索提交跨站测试语句"iframe+Src=http://www.gohack.org, 获得地址:http://localhost/bbs/forumsearch.aspx?q=%22%3E%3Ciframe%20src%3Dhttp%3A//www.gohack.org%3E 2.在论坛板块版面出随意选择一种浏览方式,然后修改或添加加入跨站语句,获得地址:...
Foxit Reader PDF文件处理多个代码执行和绕过授权漏洞
BUGTRAQ ID: 34035 CVECAN ID: CVE-2009-0191,CVE-2009-0836,CVE-2009-0837 Foxit Reader是一款小型的PDF文档查看器和打印程序。 1 Foxit Reader在处理JBIG2符号字典段时存在错误,特制的PDF文件可能导致引用未经初始化的内存。 2 如果PDF文件中定义了Open/Execute a file操作,Foxit Reader可能会未经用户确认便打开或执行PDF文件创建者所定义的文件。 3 如果带有超长文件名参数的PDF文件中定义了Open/Execute a...
Arab Portal 2.1 Remote File Disclosure Vulnerability (win only)
No description provided by source. Arab Portal v2.1 Remote File Disclosure Win32 AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : www.arabportal.ne...
NUCMS 前台SQL注入漏洞
...