56796 matches found
AIDeX Mini-WebServer <= 1.1 - Remote Denial of Service Crash Exploit
No description provided by source. import socket print --------------------------------------------------------------------- print AID'eX Mini-Webserver Verion 1.1 early Release 3 Denial of Service print url: http://www.aidex.de/software/webserver/ print author: shinnai print mail:...
FaMarket 2 - (Auth Bypass) Vulnerability
No description provided by source...
WHMCS Admin Credit Routines SQL注入漏洞
WHMCS是一款集主机财务管理系统,主机财务系统,域名财务管理系统, 域名注册业务系统为一体的财务管理系统。 WHMCS Admin Credit Routines不正确过滤用户提交的输入参数,允许远程攻击者利用漏洞提交恶意查询,可操作数据库信息或控制应用系统。 0 WHMCS 5.x 厂商补丁: WHMCS ----- WHMCS 5.2.15已经修复该漏洞,建议用户下载更新: http://www.whmcs.com/...
Apache Tomcat 5.5.25跨站请求伪造漏洞
CVE ID:CVE-2013-6357 Apache Tomcat是一款开放源码的JSP应用服务器程序。 Apache Tomcat 管理应用程序中存在跨站请求伪造漏洞,攻击者可以通过POST方法操纵应用程序部署。 0 Apache Tomcat 5.5.25 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://tomcat.apache.org/ Undeploy Applications html body onload="javascript:document.forms0.submit" H2CSRF Exploit to...
VSFTPD v2.3.4 Backdoor Command Execution
No description provided by source. $Id: vsftpd234backdoor.rb 13099 2011-07-05 05:20:47Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
PHP session.save_path()函数任意命令执行漏洞
BUGTRAQ ID: 37390 CVE ID: CVE-2009-4143 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP在处理会话信息的功能函数实现上存在漏洞,远程攻击者可能利用此漏洞以PHP进程的权限执行任意命令,导致权限提升。 PHP = 5.2.11 PHP 5.2.0 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...
PHP cURL 'safe mode'安全绕过漏洞
BUGTRAQ ID: 27413 CVE ID:CVE-2007-4850 CNCVE ID:CNCVE-20074850 PHP是一款流行的网络编程语言。 PHP cURL存在'safe mode'安全绕过问题,远程攻击者可以利用漏洞访问受限制文件,获得敏感信息。 vardumpcurlexeccurlinit"file://safemodebypass\x00&qu ot;.FILE; is caused by error in curl/interface.c - --- define PHPCURLCHECKOPENBASEDIRstr, len, ret if...
Gentoo Linux Acme Thttpd文件访问信息泄露漏洞
Gentoo Linux是一个基于源码包的Linux系统。 Gentoo的www-servers/thttpd软件包实现上存在漏洞,远程攻击者可能利用此漏洞非授权获取敏感信息。 如果在新的Gentoo baselayout中使用start-stop-daemon命令的话,就会导致thttpd在启动时将文档根设置为系统的根目录“/”,这允许非授权用户远程访问thttpd进程可读的所有系统文件。 Gentoo Linux 1.12.6 临时解决方法:...
Telnet-FTP Server目录遍历及远程拒绝服务漏洞
Telnet-Ftp Server是一款Windows平台上的多用户Telnet/Ftp服务器。 Telnet-Ftp Server的GET和PUT等命令的处理过程中存在输入验证错误,允许攻击者通过目录遍历攻击列出并下载FTP根目录外的任意文件。 此外,攻击者还可以通过发送两个连续的RETR命令导致服务崩溃。 Sorin Chitu Telnet-FTP Server 1.0 build 1.250 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://slimbyte.sufx.net/...
齐治堡垒机任意用户登录漏洞
...
Linux Kernel AF_PACKET Use-After-Free(CVE-2017-15649)
Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AFPACKET that can lead to privilege escalation. AFPACKET sockets “allow users to send or receive packets on the device driver level. This for example lets them to...
ASUSWRT - Multiple Vulnerabilities
ASUSWRT is a wireless router operating system that powers many routers produced by ASUS. Multiple exploitable vulnerabilities could be identified in the current version of ASUSWRT. Published: 08 Mar 2017 Affected routers: - RT-AC53 3.0.0.4.380.6038 ---------- Cross-Site Scripting XSS Component:...
TRSIDS系统任意账户密码重置漏洞
No description provided by source...
MacCMS v8 /inc/api.php SQL注入漏洞
No description provided by source...
金蝶某软件存在多个安全漏洞(通用管理账号+获得数据库密码+远程代码执行)
简要描述: 金蝶某软件存在多个安全漏洞(通用管理账号+获得数据库密码+远程代码执行) 详细说明: 实际上是2个软件的漏洞,放在一起就不单独发了。金蝶eas存在通用管理账号+获得数据库密码漏洞,金蝶apusic存在远程代码执行漏洞。 下面的信息希望乌云在确认漏洞予以模糊处理,以免对厂商和用户产生不良影响:...
Splunk OpenSSL TLS心跳信息泄漏漏洞
CVE ID:CVE-2014-0160 Splunk是机器数据的引擎。使用Splunk可收集、索引和利用所有应用程序、服务器和设备(物理、虚拟和云中)生成的快速移动型计算机数据。 Splunk所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用 0 Splunk 6.x Splunk 6.0.3版本已修复该漏洞,建议用户下载使用: http://www.splunk.com...
Apache Tomcat DIGEST身份验证多个安全漏洞(CVE-2012-3439)
BUGTRAQ ID: 56403 CVE ID: CVE-2012-3439 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat 7.0.0-7.0.27、6.0.0-6.0.35、5.5.0-5.5.35存在多个安全漏洞,成功利用后可允许攻击者绕过安全限制并执行非法操作。 0 Apache Group Tomcat 7.x Apache Group Tomcat 6.x Apache Group Tomcat 5.x 厂商补丁: Apache Group ------------ 请更新到5.5.36、6.0.36、7.0.30...
Oracle MySQL 5.1.x 拒绝服务漏洞
BUGTRAQ ID: 55120 CVE ID: CVE-2012-2749 MySQL是一个小型关系型数据库管理系统,开发者为瑞典MySQLAB公司,在2008年1月16号被Sun公司收购。 MySQL 5.1.63之前的5.1.x版本和5.5.24之前的5.5.x版本在实现上存在安全漏洞,可允许已验证用户通过错误计算和排序索引造成拒绝服务,mysqld崩溃。 0 MySQL 5.1.x 厂商补丁: MySQL AB -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mysql.com/...
PHP Web表单哈希冲突拒绝服务漏洞
BUGTRAQ ID: 51193 CVE ID: CVE-2011-4885 PHP 5.3.9之前版本在计算表单参数哈希值的实现上没有提前限制哈希冲突,存在拒绝服务漏洞,通过发送小量的特制webform表单张贴到受影响应用程序,攻击者可利用此漏洞导致使用PHP的站点失去响应正常请求的能力 0 PHP 5.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...
Apache mod_proxy模块HTTP分块编码整数溢出漏洞
BUGTRAQ ID: 37966 CVECAN ID: CVE-2010-0010 Apache HTTP Server是一款流行的Web服务器。 Apache服务器的modproxy模块在执行字符类型转换时存在最终可导致堆溢出的整数溢出漏洞。以下是有漏洞的代码段: "./src/modules/proxy/proxyutil.c" long int approxysendfbBUFF f, requestrec r, cachereq c, offt len, int nowrite, int chunked, sizet recvbuffersize ... sizet...
MySQL sql_parse.cc远程格式串漏洞
BUGTRAQ ID: 35609 MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 MySQL的sqlparse.cc文件中的dispatchcommand函数存在格式串错误: 2084行: case COMCREATEDB: // QQ: To be removed char db=thd-strduppacket, alias; HACREATEINFO createinfo; statisticincrementthd-statusvar.comstatSQLCOMCREATEDB, &LOCKstatus; // null test to...
Downline Goldmine paidversion (tr.php id) SQL Injection Vulnerability
No description provided by source. paidversion tr.php id Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.downlinegoldmine.com/ DorK : inurl:tr.php?id= Exploit :...
Icon Labs Iconfidant SSH服务器多个拒绝服务漏洞
BUGTRAQ ID: 29609 Iconfident SSH是运行在基于VxWorks系统上的SSH服务器。 Iconfidant SSH服务器中存在多个漏洞,可能导致系统不稳定。在SSH登录期间,如果在积极时间帧中执行了登录,或发送了无效的认证凭据,或在登录时同时执行了其他管理操作的话,就可以触发这些漏洞,导致拒绝服务。 Icon Labs Iconfidant SSH 2.3.7 Icon Labs --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.icon-labs.com/...
yaSSL多个远程溢出及无效内存访问漏洞
BUGTRAQ ID: 27140 yaSSL是用于实现SSL的开源软件包。 yaSSL实现上存在多个远程溢出及无效内存访问问题,远程攻击者可能利用此漏洞控制服务器。 ------------------------------------------- A ProcessOldClientHello缓冲区溢出 ------------------------------------------- 用于包含客户端所接收的Hello报文中的数据的缓冲区结构如下(源自yasslimp.hpp): class ClientHello : public HandShakeBase...
Joomla Module AutoStand 1.0 Remote File Inclusion Vulnerability
No description provided by source. ======================================================= Joomla Module AutoStand Category = 1.1 Remote File include Vulnerabilities ======================================================= Found By : Cold z3ro , [email protected]...
WebCalendar 0.9.45 (includedir) Remote File Inclusion Vulnerability
No description provided by source. |-------------------------------------------------------------------------------| | | | WebCalendar v0.9.45 13 Dec 2004 login.php Remote File include | | | | Script : WebCalendar | | Version : v0.9.45 13 Dec 2004 | | Authord : Drackanz | | Contact : Drackanz at...
QNAP Music Station/Malware Remover未授权远程代码执行漏洞(CVE-2020-36197 CVE-2020-36198)
QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution Summary QNAP MusicStation and MalwareRemover official apps are affected by an arbitrary file upload and a command injection vulnerabilities, leading to pre-auth remote root command execution. Product description from vendor “QNAP...
Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities
Summary Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon 2.2.1. mmmagentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a...
Foscam IP Video Camera CGIProxy.fcgi FTP Startup Configuration Command Injection Vulnerability(CVE-2017-2833)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection...
Vanilla Forums <= 2.3 Unauth Remote Code Execution (CVE-2016-10033)
I. VULNERABILITY ------------------------- Vanilla Forums = 2.3 Unauth. Remote Code Execution RCE exploit CVE-2016-10033 0day II. BACKGROUND ------------------------- "Community Forums Reinvented Create an online community that your customers will love. Vanilla's forum software is used by top...
Django is_safe_url() the URL to jump to the filter function of the Bypass(CVE-2017-7233)
Source: same thread safety Emergency Response Center Author: Nearg1e@YSRC Foreign security researcher roks0n provided to the Django official of a vulnerability. On issafeurl function Django comes with a function: django. utils. http. issafeurlurl, host=None, allowedhosts=None, requirehttps=False...
PHP Use of uninitialized memory in unserialize() (CVE-2017-5340)
Description: ------------ There was found a bug showing that PHP uses uninitialized memory during calls to unserialize. As the following report shows, the payload supplied to unserialize may control this uninitialized memory region and thus may be used to trick PHP into operating on faked objects...
Linux af_packet.c race condition (local root) (CVE-2016-8655)
To create AFPACKET sockets you need CAPNETRAW in your network namespace, which can be acquired by unprivileged processes on systems where unprivileged namespaces are enabled Ubuntu, Fedora, etc. It can be triggered from within containers to compromise the host kernel. On Android, processes with...
cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...
MySQL多个畸形SQL操作处理拒绝服务漏洞
BUGTRAQ ID: 37297 CVE ID: CVE-2009-4019 MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 MySQL的在处理特定的SQL操作时存在拒绝服务漏洞,本地或远程攻击者可能利用此漏洞导致服务器崩溃。 MySQL AB MySQL 6.0.x MySQL AB MySQL 5.1.x MySQL AB MySQL 5.0.x 厂商补丁: MySQL AB -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mysql.com/...
Windows 2000 TCP/IP窗口大小拒绝服务漏洞(MS09-048)
CVE ID:CVE-2008-4609 Microsoft Windows是一款流行的操作系统。 Microsoft Windows TCP/IP堆栈处理存在一个错误,可导致连接一直处于FIN-WAIT-1或FIN-WAIT-2状态,攻击者构建一个TCP接收窗口大小设置为零或极小值的恶意报文,"淹没"受此漏洞影响的系统,可导致系统停止对新请求的响应,造成拒绝服务攻击。 Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000...
VMware产品Descheduled Time Accounting Driver拒绝服务漏洞
Bugraq ID: 35141 CVE ID:CVE-2009-1805 CNCVE ID:CNCVE-20091805 VMware提供包含多个虚拟主机和服务器的解决方案。 VMware Descheduled Time Accounting driver存在一个未明的安全问题,本地攻击者可以利用漏洞对虚拟机进行拒绝服务攻击。 符合如下条件的虚拟机受此漏洞影响: -虚拟机运行在windows操作系统下。 -VMware Descheduled Time Accounting driver安装在虚拟机上。 -VMware Descheduled Time...
Xpdf JBIG2处理多个缓冲区溢出和拒绝服务漏洞
BUGTRAQ ID: 34568 CVECAN ID: CVE-2009-0146,CVE-2009-0147,CVE-2009-0166,CVE-2009-0799,CVE-2009-0800,CVE-2009-1179,CVE-2009-1180,CVE-2009-1181,CVE-2009-1182,CVE-2009-1183,CVE-2009-1187,CVE-2009-1188 Xpdf是便携文档格式(PDF)文件的开放源码查看器。...
GNOME Evolution S/MIME邮件签名验证漏洞
BUGTRAQ ID: 33720 Evolution是个人和工作组信息管理解决方案,可使用在Linux和Unix操作系统下,集成Email、日历、会议安排、联系人管理等功能。 evolution处理S/MIME邮件消息的方式存在漏洞。如果S/MIME邮件已经签名之后又修改了邮件消息,evolution仍会认为S/MIME消息的签名是有效的。攻击者可以利用这个漏洞伪造邮件消息,执行中间人或其他类型的欺骗攻击。 GNOME Evolution 2.22.2 GNOME Evolution 2.22.1 厂商补丁: GNOME -----...
Asterisk日志函数及管理器远程格式串处理漏洞
BUGTRAQ ID: 28311 CVECAN ID: CVE-2008-1333 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk的日志和管理器功能实现上存在漏洞,远程攻击者可能利用此漏洞导致拒绝服务。 使用astverbose日志API调用所显示的日志消息没有显示为字符串,而是格式串;管理器命令command结果输出没有作为字符串附加到生成的响应消息中,而是附加为格式串。这两种情况都允许攻击者在输入中提交特意的格式串值导致崩溃。 Asterisk Asterisk 1.6.x Asterisk --------...
Joomla Component joom12Pic 1.0 Remote File Inclusion Vulnerability
No description provided by source. Joom!12Pic Component RFI Bug in : /administrator/components/comjoom12pic/admin.joom12pic.php?mosConfiglivesite= Variable : $mosConfiglivesite Dork: "comjoom12pic" Example:...
X-Cart <= ? Multiple Remote File Inclusion Vulnerabilities
No description provided by source. xCart Remote file inclusion Download script : http://www.x-cart.com// Discovered By : aLiiF a.k.a arif @debuteam 07/09/2007 HomePage : http://www.debuteam.net// Thx to : Debu Newbie Payment Yogac nyubi Rozi ^S0ng0ku^ Kuris Sonix Toxicity newbi3 R4yn4ld0 DisJocKe...
PHPBB2 Modificat PHPBB_Root_Path远程文件包含漏洞
PHPBB2 Modificat是一款基于PHP的WEB应用程序。 PHPBB2 Modificat不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'functions.php'脚本对用户提交的'PHPBBRootPath'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 phpBB2-MODificat phpBB2-MODificat 0.2 目前没有解决方案提供,请关注以下链接: http://sourceforge.net/project/showfiles.php?groupid=110366...
Simplog <= 0.9.2 (s) Remote Commands Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Simplog = 0.9.2 "s" remote cmmnds xctn\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: intext:"Powered by simplog"\r\n\r\n"; if $argc5 echo "Usage: php...
Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11238)
During my research into the Java Remote Method Invocation RMI protocol, the most common RMI service that I came across was Adobe ColdFusion’s Flex integration service which is used to support integration between Flash applications and ColdFusion components. A quick look at this service led to the...
Pivotal Spring Web Flow Security Bypass Vulnerability(CVE-2017-4971)
Author: iswin@ThreatHunter A. Vulnerability description This vulnerability is in year 6 at the beginning has just been submittedtransfer Gate, the official and there is no detailed information, by the official Description and a patch of the contrast, we can roughly infer should be the Spring Web...
OnePlus 3/3T Bypassing the Bootloader’s Lock (CVE-2017-5626)
Bypassing the Bootloader’s Lock CVE-2017-5626 OnePlus 3 & 3T running OxygenOS 3.2 - 4.0.1 had two proprietary fastboot oem commands: 1. fastboot oem 4F500301 – bypasses the bootloader’s lock – allowing one with fastboot access to effectively unlock the device, disregarding OEM Unlocking, without...
源天(Velcro)协同OA /ServiceAction/com.velcro.base.DataAction?sql= SQL语句执行漏洞
ServiceAction/com.velcro.base.DataAction?sql=|20select|20categoryids|20from|20project|20where|20id=%27%27%20and%201=2%20union%20all%20select%20select%20banner%20from%20sys.v$version%20where%20rownum=1%20from%20dual&isworkflow=trueE 任意SQL语句执行...
pigcms /index.php injection Vulnerability
0x01 漏洞简介 关键词:inurl:index.php?g=Home&m=Index&a=help intitle:营销系统 inurl:login 漏洞位置:index.php?m=Index&a=reg(注册页面) 0x02 漏洞利用 这里以http://.../index.php?m=Index&a=reg为例: 测试数据,截取数据包: POST /index.php?m=Users&a=checkreg HTTP/1.1 Host: ... Proxy-Connection: keep-alive Content-Length: 151 Cache-Control:...
泛微E-mobile /calendar_page.php 文件 detailid 参数 SQL注入漏洞
No description provided by source...