56796 matches found
Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability(CVE-2016-1681)
SUMMARY An exploitable heap buffer overflow vulnerability exists in the Pdfium PDF reader included in the Google Chrome web browser. A specially crafted PDF document with embedded jpeg2000 image can cause a heap buffer overflow potentially resulting in an arbitrary code execution. An attacker can...
Remote Command Execution in git client (CVE-2017-12426)
Remote Command Execution in git client CVE-2017-12426 An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...
finecmsV5.0.8 \finecms\dayrui\controllers\member\Account.php getshell
Vulnerability in the file C:\phpStudy\WWW\finecms\dayrui\controllers\member\Account. in php upload function public function upload // Create the picture storage folder $dir = SYSUPLOADPATH.'/ member/'.$ this-uid.'/'; @drdirdelete$dir; ! isdir$dir && drmkdirs$dir; if $POST'tx' $file = strreplace' ...
Pivotal Spring Web Flow Security Bypass Vulnerability(CVE-2017-4971)
Author: iswin@ThreatHunter A. Vulnerability description This vulnerability is in year 6 at the beginning has just been submittedtransfer Gate, the official and there is no detailed information, by the official Description and a patch of the contrast, we can roughly infer should be the Spring Web...
源天(Velcro)协同OA /ServiceAction/com.velcro.base.DataAction?sql= SQL语句执行漏洞
ServiceAction/com.velcro.base.DataAction?sql=|20select|20categoryids|20from|20project|20where|20id=%27%27%20and%201=2%20union%20all%20select%20select%20banner%20from%20sys.v$version%20where%20rownum=1%20from%20dual&isworkflow=trueE 任意SQL语句执行...
源天(Velcro)协同OA /ServiceAction/com.velcro.base.GetDataAction formid SQL注入漏洞
No description provided by source...
PHPMyWind 5.0后台管理界面的SQL注入漏洞
No description provided by source...
phpMyAdmin 4.2.12 /gis_data_editor.php 本地文件包含漏洞
0x01 漏洞描述 phpmyadmin是一款应用非常广泛的mysql数据库管理软件,基于PHP开发。 最新的CVE-2014-8959公告中,提到该程序多个版本存在任意文件包含漏洞,影响版本如下: phpMyAdmin 4.0.1 – 4.0.10.6 4.1.1 – 4.1.14.7 4.2.1 – 4.2.12 0x02 补丁分析 前几天phpmyadmin出了个新的补丁。 地址在此:http://www.phpmyadmin.net/homepage/security/PMASA-2014-14.php...
HydraIrc <= 0.3.164 (last) Remote Denial of Service Exploit
No description provided by source. Vendor : http://www.hydrairc.com/ Remote : Yes Impact : Remote crash Bug : Null Pointer Dereference Working on : all browsers Include this in any webpage or xss & see it with any browser , wait 15sec, and boom. PoC : html head titleHydraIRC Remote Denial Of...
Libpng库未知类型块处理远程代码执行漏洞
BUGTRAQ ID: 28770 CVECAN ID: CVE-2008-1382 libpng是多种应用程序所使用的解析PNG图形格式的函数库。 libpng库在处理畸形格式的PNG文件时存在漏洞,成功利用此漏洞允许本地攻击者读取敏感信息、导致拒绝服务或执行任意指令。 libpng库没有正确地处理未知类型的PNG块,如果使用该库的应用程序在特定情况下调用了pngsetreaduserchunkfn或pngsetkeepunknownchunks函数的话,长度为0的PNG块就会导致通过free调用使用未初始化的内存。 0 libpng libpng 1.2.0 - 1.2.26...
PHPBB2 Modificat PHPBB_Root_Path远程文件包含漏洞
PHPBB2 Modificat是一款基于PHP的WEB应用程序。 PHPBB2 Modificat不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'functions.php'脚本对用户提交的'PHPBBRootPath'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 phpBB2-MODificat phpBB2-MODificat 0.2 目前没有解决方案提供,请关注以下链接: http://sourceforge.net/project/showfiles.php?groupid=110366...
Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities
Summary Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon 2.2.1. mmmagentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a...
Eir’s D1000 Modem Is Wide Open To Being Hacked.
Background The Eir D1000 Modem has bugs that allow an attacker to gain full control of the modem from the Internet. The modem could then be used to hack into internal computers on the network, as a proxy host to hack other computers or even as a bot in a botnet. A port scan of the the modem...
Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability(CVE-2017-2818)
Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to...
Discuz! X2 X3多个版本无须登陆无须条件SSRF漏洞
No description provided by source...
Windows NDPROXY - 本地权限提升漏洞(MS14-002)
漏洞成因 这是一个windows内核漏洞,漏洞的触发需要开启Routing and Remote Access服务,影响 windowsxp,windows2003. 先上 poc c include include int main HANDLE hDev = CreateFile"\\.\NDProxy", GENERICREAD | GENERICWRITE, FILESHAREREAD | FILESHAREWRITE, NULL, OPENEXISTING , 0, NULL; ifhDev==INVALIDHANDLEVALUE printf"CreateFile...
IMAP4rev1 12.261/12.264/2000.284 - (lsub) Remote Exploit
No description provided by source. / !!! Private !!! imapd IMAP4rev1 v12.261, v12.264 and 2000.284 Remote Exploit. Others? Yes! By: SkyLaZarT [email protected] .aka. Felipe Cerqueira Homepage: www.BufferOverflow.Org Thankz: cync, oldm and Jans. BufferOverflow.org Team Antonio Marcelo...
Coppermine Photo Gallery 1.x init.inc.php Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly...
vtiger CRM <= 4.2 (calpath) Multiple Remote File Include Vulnerabilities
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV54$2006 ----------------------------------------------------------------------------------------------- ECHOADV54$2006vtiger CRM =4.2 calpath Multiple Remote File Inclusion...
Multiple Vendor ICMP Implementation Spoofed Source Quench Packet DoS
No description provided by source. source: http://www.securityfocus.com/bid/13124/info Multiple vendor implementations of TCP/IP Internet Control Message Protocol ICMP are reported prone to several denial-of-service attacks. ICMP is employed by network nodes to determine certain automatic actions...
Apache Tomcat 不完整修复拒绝服务漏洞
BUGTRAQ ID: 65767 CVECAN ID: CVE-2013-4322 Apache Tomcat是一个流行的开源JSP应用服务器程序。 Tomcat 8.0.0-RC1-8.0.0-RC5、Tomcat 7.0.0-7.0.47、Tomcat 6.0.0-6.0.37在实现上存在拒绝服务漏洞,攻击者可利用此漏洞造成拒绝服务。该漏洞源于CVE-2012-3544的不完整修复。所有使用Oracle Java 7 1.7, 1.7.0的系统都受到影响。Oracle Java 7 Update...
Sun xVM VirtualBox 'VBoxDrv.sys'本地特权提升漏洞
BUGTRAQ ID: 30481 CVE ID:CVE-2008-3431 CNCVE ID:CNCVE-20083431 Sun xVM VirtualBox是一款功能强大的虚拟机程序。 Sun xVM VirtualBox存在设计错误,本地攻击者可以利用漏洞提升特权。 当处理部分IOCTLs时VBoxDrv.sys驱动中存在错误,可导致在受影响宿主上以内核进程权限执行任意指令。...
phpRaid < 3.0.7 (rss.php phpraid_dir) Remote File Inclusion Exploit
No description provided by source. !/usr/bin/perl phpraid = 3.x.x rss.php Remote File Inclusion Exploit Download Script : http://up.9q9q.net/up/index.php?f=994a86950 Founded & Coded by: Cold z3ro , [email protected] Dork : inurl:"phpRaid" , "phpRaid" , "roster.php?Sort=Race" perl cold-z3ro.pl...
齐治堡垒机任意用户登录漏洞
...
Network Time Protocol Crypto-NAK Preemptible Association Denial of Service Vulnerability(CVE-2016-1547)
SUMMARY An off-path attacker can cause a preemptible client association to be demobilized by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. Furthermore, if the attacker keeps sending cryp...
Vanilla Forums <= 2.3 Unauth Remote Code Execution (CVE-2016-10033)
I. VULNERABILITY ------------------------- Vanilla Forums = 2.3 Unauth. Remote Code Execution RCE exploit CVE-2016-10033 0day II. BACKGROUND ------------------------- "Community Forums Reinvented Create an online community that your customers will love. Vanilla's forum software is used by top...
Windows: ManagementObject Arbitrary .NET Serialization RCE(CVE-2017-0160)
Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10 Anniversary Edition Class: Remote Code Execution Summary: Accessing a compromised WMI server over DCOM using System.Management classes or the Powershell...
pixelpost 1.7.3 - Multiple Vulnerabilities
No description provided by source. 1 +Exploit Title: pixelpostv1.7.3 Multiple vulnerabilities 0 0 +Date: 15/09/2010 1 1 +Author: Sweet 0 0 +Contact : [email protected] 0 1 +Software Link: http://www.pixelpost.org/ 0 0 +Download: http://www.pixelpost.org/ 1 1 +Version: 1.7.3 0 0 +Tested on: WinX...
Linux Kernel <= 2.6.37 - Local Privilege Escalation
No description provided by source. / Linux Kernel = 2.6.37 local privilege escalation by Dan Rosenberg @djrbliss on twitter Usage: gcc full-nelson.c -o full-nelson ./full-nelson This exploit leverages three vulnerabilities to get root, all of which were discovered by Nelson Elhage: CVE-2010-4258...
PHPNuke-Clan <= 4.2.0 - (mvcw_conver.php) RFI Vulnerability
No description provided by source. '/ -.- --------------------------oOO------OOo------------------------- | PHPNuke-Clan = v4.2.0 mvcwconver.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------------------ ! Discovered: DNX ! Vendor:...
PHPizabi 0.848b C1 HP3 'id' Parameter Local File Include Vulnerability
No description provided by source...
FaMarket 2 - (Auth Bypass) Vulnerability
No description provided by source...
yungoucmsSQL注入漏洞
简要描述: 官网 : http://www.yungoucms.com/ 演示站: http://www.yungoucms.cn/ 商品搜索可以构建SQL语句! http://www.yungoucms.cn/?/stag/ public function tag $search =$this-segment4; if!$searchmessage"输入搜索关键字"; $search = urldecode$search; $search = htmlspecialchars$search; if!isutf8$search $search = iconv"GBK", "UTF-8",...
Apache Tomcat DIGEST身份验证多个安全漏洞(CVE-2012-3439)
BUGTRAQ ID: 56403 CVE ID: CVE-2012-3439 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat 7.0.0-7.0.27、6.0.0-6.0.35、5.5.0-5.5.35存在多个安全漏洞,成功利用后可允许攻击者绕过安全限制并执行非法操作。 0 Apache Group Tomcat 7.x Apache Group Tomcat 6.x Apache Group Tomcat 5.x 厂商补丁: Apache Group ------------ 请更新到5.5.36、6.0.36、7.0.30...
phpMyAdmin 3.x preg_replace RCE POC
No description provided by source. ?php echo phpsapiname!=='cli'?'pre':'';? . , \ . . ,/ , / , \ \ // / / / \ | | \ / | |\ /| | | | | | | | / | | | | / | | | || | | | | | \ \ | | | || | \ \ | | | | | | | | | | | | / / | | | | | | | | | | | | | | | |// || || | |// || || ||| | || || \|| || || ||...
lighttpd畸形HTTP请求远程拒绝服务漏洞
BUGTRAQ ID: 38036 CVE ID: CVE-2010-0295 Lighttpd是一款轻型的开放源码Web Server软件包。 Lighttpd服务器每次接收到网络报文都会分配4K或16K的堆内存,如果远程攻击者缓慢的发送HTTP请求(如每秒钟发送1字节),就会耗尽所有可用内存导致服务器终止。 LightTPD LightTPD 1.5 LightTPD LightTPD 1.4.x 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1987-1)以及相应补丁: DSA-1987-1:lighttpd -- denial of...
Zeroboard文件泄露远程任意命令执行漏洞
BUGTRAQ: 12258 Zeroboard不正确过滤用户提交的URL请求,远程攻击者可以利用这个漏洞查看系统文件内容或以进程权限执行任意命令。 Zeroboard 4.1 pl2-p15 厂商补丁: Zeroboard --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.zeroboard.com/ 远程用户可以提供包含多个'../'字符的数据作为参数提交给有漏洞的脚本处理,可以WEB进程权限查看任意文件内容:...
GNOME Evolution S/MIME邮件签名验证漏洞
BUGTRAQ ID: 33720 Evolution是个人和工作组信息管理解决方案,可使用在Linux和Unix操作系统下,集成Email、日历、会议安排、联系人管理等功能。 evolution处理S/MIME邮件消息的方式存在漏洞。如果S/MIME邮件已经签名之后又修改了邮件消息,evolution仍会认为S/MIME消息的签名是有效的。攻击者可以利用这个漏洞伪造邮件消息,执行中间人或其他类型的欺骗攻击。 GNOME Evolution 2.22.2 GNOME Evolution 2.22.1 厂商补丁: GNOME -----...
Exploits Mcafee Network Agent (mcnasvc.exe) Remote DoS
No description provided by source. ///////////////////////////////////////////////////// // Mcafee Network Agent mcnasvc.exe Remote DoS // By JAAScois http://www.jaascois.com // Teston mcnasvc.exe ver1.0.178.0 // Path C:\Program Files\Common Files\McAfee\MNA // Port: 6646...
KGUARD DVR 未授权命令执行漏洞
...
NagiosXI <= 5.4.12 logbook.php SQL injection(CVE-2018-10737)
NagiosXI = 5.4.12 logbook.php SQL injectionCVE-2018-10737 Description A SQL injection issue was discovered in Nagios XI via the admin/logbook.php txtSearch parameter. Affected Version Nagios XI 5.2.x Nagios XI 5.4.x before 5.4.13 Proof of concept http://xxxx/nagiosql/admin/logbook.php postdata:...
Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application is vulnerable to a DOM-based cross-site scripting. Da...
Network Time Protocol Broadcast Mode Poll Interval Enforcement Denial of Service Vulnerability(CVE-2016-7428)
Summary An exploitable denial of service vulnerability exists in the broadcast mode poll interval enforcement functionality of ntpd. To limit abuse, ntpd restricts the rate at which each broadcast association will process incoming packets. ntpd will reject broadcast mode packets that arrive befor...
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch(CVE-2017-1000112)
Bug details When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append. However in between two send calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb-len...
Microsoft Windows PowerShell Security Feature Bypass Vulnerability (CVE-2017-0007)
Over the past few months, I have had the pleasure to work side-by-side with Matt Graeber @mattifestation and Casey Smith @subtee in their previous job roles, researching Device Guard user mode code integrity UMCI bypasses. If you aren't familiar with Device Guard, you can read more about it here:...
Magento < 2.0.6 - Unauthenticated Remote Code Execution
参考来源:http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/ The vulnerability CVE-2016-4010 allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities Magento is an extremely...
phpwind命令执行getshell(后台)
简要描述: 官网下载最新版 详细说明: v9.0.1 搭建好,登陆 在门户里选择页面管理,新增模块。自定义html 写入phpinfo,提交,然后调用代码 选择调用站外代,复制连接,访问 调用xml,json都可以。以xml为例, http://127.0.0.1/phpwind/www/index.php?m=design&c=api&token=RTwtIGEOYM&id=5&format=xml 去掉xml,会执行phpinfo img src="https://images...
WordPress Double-Opt-in-for-Download插件SQL注入漏洞
No description provided by source...
WebPhotoPro Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/32829/info WebPhotoPro is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
Virtual Programming VP-ASP 4/5 shopdisplayproducts.asp Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9164/info A vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this issue to potentially execute HTML or script...