56796 matches found
ProFTPD "mod_sftp/mod_sftp_pam"整数溢出拒绝服务漏洞
CVE ID: CVE-2013-4359 ProFTPD是一个Unix平台上或是类Unix平台上(如Linux, FreeBSD等)的FTP服务器程序。 ProFTPD 1.3.4d及其他在函数 "sftpkbdintrecvresponse" contrib/modsftp/kbdint.c中存在整数溢出错误,远程攻击者通过发送特制的TCP报文,可耗尽内存资源。要利用此漏洞需要启用 "modsftp" 和 "modsftppam"模块 0 ProFTPD 1.3.4d 厂商补丁: ProFTPD Project ---------------...
Microsoft IIS 6.0 DOS设备请求安全限制绕过漏洞
BUGTRAQ ID: 51527 CVE ID: CVE-2007-2897 Internet Information Services(IIS,互联网信息服务)是由微软公司提供的基于运行Microsoft Windows的互联网基本服务。 IIS 6.0在请求特制路径时存在拒绝服务漏洞,远程攻击者可利用此漏洞使应用程序挂起或泄漏敏感信息,物理接触系统的攻击者可以当前用户权限执行任意代码。 0 Microsoft IIS 6.0 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
AWStats 5.x/6.x Debug Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12545/info A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. An attacker may leverage this issue to...
PHPWIND v8.7 querybuilder.class.php SQL注入漏洞
phpwind在实现占位符SQL过程中,代码质量出现了一个小黑点。 在 phpwind/lib/utility/querybuilder.class.php parseStatement函数内 在/phpwind/actions/ajax/leaveword.php 的一个引用处 Line 78行 $db-updatepwQuery::buildClause"UPDATE :pwtable SET leaveword=" . S::sqlEscape$atccontent . " $sqladd WHERE pid=:pid AND tid=:tid", array$pwposts,...
deV!Lz Clanportal [DZCP] <= 1.4.5 Remote File Disclosure Vulnerability
No description provided by source. DZCP Devilz Clanportal = 1.4.5 Mysql Data viewable Found by: Kiba Solution: Install security Fix! Exploit: http://SITE/PATH/inc/filebrowser/browser.php?file=inc/mysql.php Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php...
phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit
No description provided by source. !/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC...
Apache HTTP Server envvars本地权限提升漏洞
CVE ID: CVE-2012-0883 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行,由于其多平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server 2.4.2之前版本的envvars 即envvars-std在LDLIBRARYPATH中放置了零长度的目录名称,可允许本地用户在执行apachectl过程中通过当前工作目录中的木马DSO获取权限。 0 Apache Group HTTP Server 2.4.2 厂商补丁: Apache Group...
ProFTPD Prior To 1.3.3g Use-After-Free 远程代码执行漏洞
CVE-2011-4130 ProFTPD的是一个远程代码执行漏洞, 允许攻击者执行任意代码。失败的攻击尝试将导致拒绝服务, 1.3.3g前的ProFTPD存在此漏洞 Red Hat Fedora 16 Red Hat Fedora 15 Red Hat Fedora 14 ProFTPD Project ProFTPD 1.3.3 rc2 ProFTPD Project ProFTPD 1.3.3 ProFTPD Project ProFTPD 1.3.2 rc3 ProFTPD Project ProFTPD 1.3.2 rc2 ProFTPD Project ProFTPD 1.3...
glFusion <= 1.1.2 COM_applyFilter()/order SQL Injection Exploit
No description provided by source. ?php / glFusion = 1.1.2 COMapplyFilter/order sql injection exploit by Nine:Situations:Group::bookoo working against Mysql = 4.1 php.ini independent our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: Page created in...
spring-messaging Remote Code Execution(CVE-2018-1270)
漏洞公告 2018年4月5日漏洞公布: https://pivotal.io/security/cve-2018-1270 漏洞影响版本: Spring Framework 5.0 to 5.0.4 Spring Framework 4.3 to 4.3.14 Older unsupported versions are also affected 环境搭建 利用官方示例 https://github.com/spring-guides/gs-messaging-stomp-websocket ,git clone后checkout到未更新版本: git clone...
Elgg <= 1.7.10 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Elgg 1.7.10 = Multiple Vulnerabilities Google Dork: intext:Powered by Elgg, the leading open source social networking platform Date: 2011-08-18 Author: Aung Khant YGN Ethical Hacker Group - http://yehg.net/ Software Link:...
Apache HTTP Server mod_dav.c 拒绝服务漏洞(CVE-2013-1896)
CVE ID:CVE-2013-1896 Apache HTTP Server是一款流行的WEB服务器 Apache HTTP Server 2.2.25之前版本中的moddav.c没有正确判断URI是否启用DAV,允许远程攻击者提交URI由moddavsvn模块处理,但XML数据中的某些href属性引用非DAV URI的MERGET请求,可使服务程序触发段错误而崩溃 0 Apache HTTP Server 2.2.25 http://www.apache.org/dist/httpd/Announcement2.2.html...
ISC BIND 9 DNSSEC验证远程拒绝服务漏洞
BUGTRAQ ID: 54658 CVE ID: CVE-2012-3817 BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成。 BIND 9.6-ESV-R1至9.6-ESV-R7-P1、BIND 9.7.1至9.7.6-P1、BIND 9.8.0至9.8.3-P1、BIND 9.9.0至9.9.1-P1版本在实现上存在远程拒绝服务漏洞,攻击者可利用此漏洞造成指定进程中的断言失败,拒绝服务合法用户,也可能泄露某些内存信息到客户端 0 ISC BIND BIND 9.9.0 - 9.9.1-P1 ISC BIND BIND 9.8.0 ...
Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
No description provided by source. / Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit CVE-2010-0425 ------------------------------------------------------------------------------ Advisory: http://www.senseofsecurity.com.au/advisories/SOS-10-002 Description: pwn-isapi.cpp exploits a...
Apache / PHP 5.x Remote Code Execution Exploit
No description provided by source. / Apache Magica by Kingcope / / gcc apache-magika.c -o apache-magika -lssl / / This is a code execution bug in the combination of Apache and PHP. On Debian and Ubuntu the vulnerability is present in the default install of the php5-cgi package. When the php5-cgi...
Buffalo和Arcadyan多款路由器认证绕过RCE等多个漏洞
Tenable has discovered multiple vulnerabilities in routers manufactured by Arcadyan. During the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying...
Atlassian Jira 文件读取漏洞(CVE-2021-26086)
...
万户ezOffice协同办公管理平台singleupload.jsp任意文件上传漏洞
No description provided by source...
Ruby on Rails 路径穿越与任意文件读取漏洞(CVE-2018-3760)分析
漏洞公告 该漏洞由安全研究人员 Orange Tsai发现。漏洞公告来自 https://groups.google.com/forum/!topic/rubyonrails-security/ftJ--l55fM There is an information leak vulnerability in Sprockets. This vulnerability has been assigned the CVE identifier CVE-2018-3760. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower,...
Joomla Component VJDEO com_vjdeo 1.0 LFI Vulnerability
No description provided by source. o=====================================================================================o Joomla Component VJDEO 1.0 LFI Vulnerability Vendor : http://www.joomla.ternaria.com/ Author : Angela Zhang Contact : [email protected] Date : 07 - April - 2010...
Apache HTTP Server日志内终端转义序列命令注入漏洞
BUGTRAQ ID: 59826 CVECAN ID: CVE-2013-1862 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server modrewrite向日志文件写入数据时,没有过滤不能打印的字符。如果 modrewrite 使用了指令RewriteLog,远程攻击者可利用此漏洞向日志文件写入终端转义序列。如果HTTP请求包含终端模拟器的转义序列,此漏洞也可造成任意命令执行。 0 Apache Group HTTP Server 2.2.x 厂商补丁: Apache Group ------------...
IBM WebSphere MQ队列管理器大型消息拒绝服务漏洞
BUGTRAQ ID: 56471 IBM WebSphere MQ用于在企业中提供消息传输服务。 IBM WebSphere MQ 7.1在执行下列条目时,意外中断并生成一个FDC文件,在实现上存在拒绝服务漏洞,成功利用后可允许攻击者造成应用崩溃。 PIDS :- 5724H7220 LVLS :- 7.1.0.0 Product Long Name :- WebSphere MQ for Windows Probe Id :- XC130031 Application Name :- MQM Component :- xehExceptionHandler SCCS Info :-...
万户OA系统formClassUpload.jsp任意文件上传漏洞
万户OA系统formClassUpload.jsp文件存在任意文件上传漏洞 上传路径: /defaultroot/customize/formClassUpload.jsp 此处没有任何限制直接上传,上传后的文件名是原文件名。 文件位置: defaultroot/devform/customize/原文件名...
phpok 4.8.338版本存在 任意文件上传漏洞
phpok 4.8.338版本存在 任意文件上传漏洞 漏洞描述 phpok是深圳市锟铻科技有限公司一套采用PHP+MYSQL语言开发的企业网站系统。 phpok 4.8.338版本存在任意文件上传漏洞,攻击者可利用漏洞上传任意文件,获取网站权限。 漏洞分析 在 www/framework/admin/rescate\control.php 第 53行 public function savef $id = $this-get'id','int'; if!$id if!$this-popedom'add' $this-jsonPLang'您没有权限执行此操作'; else...
deV!Lz Clanportal [DZCP] <= 1.34 (id) Remote SQL Injection Exploit
No description provided by source. ? errorreportingEERROR; function exploitinit if !extensionloaded'phpcurl' && !extensionloaded'curl' if !dl'curl.so' && !dl'phpcurl.dll' die oo error - cannot load curl extension!; function exploitheader echo...
Apache HTTP Server 'ap_pregsub()'函数本地拒绝服务漏洞(CVE-2011-4415)
BUGTRAQ ID: 50639 CVE ID: CVE-2011-4415 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行。 Apache HTTP Server 2.0.x至2.0.64及2.2.x至2.2.21内server/util.c中的appregsub函数,在启用了modsetenvif模块后,没有限制环境变量的值大小,通过带有特制SetEnvIf指令的.htaccess文件和HTTP请求标头,导致拒绝服务(内存破坏或空指针引用)。 0 Apache 2.2.x 厂商补丁: Apache Group...
Apache HTTP Server 'LD_LIBRARY_PATH'不安全库装载任意代码执行漏洞
Bugtraq ID: 53046 CVE ID:CVE-2012-0883 Apache HTTP Server是一款流行的HTTP服务程序 由于不安全处理LDLIBRARYPATH,可导致在当前工作目录中搜索DSO,攻击者可以利用此漏洞以HTTPD服务上下文执行任意代码 0 Apache 2.0.x Apache 2.1.x Apache 2.2.x Apache 2.3.x 厂商解决方案 Apache ----- Apache Software Foundation Apache 2.4.2已经修复此漏洞,建议用户下载使用: http://www.apache.org/...
ClipShare < 3.0.1 (tid) Remote SQL Injection Vulnerability
No description provided by source. // / / / Clipshare / / / / Remote SQL Injection Vulnerability / / / / / // AUTHOR : SuNHouSe2 ALGERIAN HaCkEr DORK : "powered by clipshare" VERSION : less than v3.0.1 EXPLOIT :...
PHP多版本(5.2,5.4.38~5.6.6)任意文件上传漏洞
PHP任意文件上传漏洞(CVE-2015-2348)。通常情况下,php的开发者会对文件名后缀、文件类型Content-Type、Mime type、文件大小等进行检查来限制恶意php脚本的上传,但是攻击者可以利用该漏洞绕过这些限制,直接上传恶意的文件。 漏洞详情 该漏洞存在于php的moveuploadedfile函数中,这个函数一般在上传文件时被使用,用途是将上传的文件移动到新位置。 moveuploadedfile string $filename , string $destination...
Apache 2.4.x mod_proxy 拒绝服务攻击 PoC
No description provided by source. Exploit Title: Apache 2.4.x modproxy Denial Of ServiceCVE-2014-0117 Date: 2014-07-20 Exploit Author: aisyhi Version: 0.1 Apache httpd 2.4.6 to 2.4.9 Tested on: Apache/2.4.7 CVE : CVE-2014-0117 import httplib import logging import time import socket import sys...
Dokuwiki 20090214 /doku.php 任意文件下载漏洞
No description provided by source...
JBOSSAS 4.x 反序列化命令执行漏洞(CVE-2017-7504)
The MITRE CVE dictionary describes this issue as: HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows...
MS16-075 Windows SMB Server Elevation of Privilege Vulnerability (CVE-2016-3225)
Overview As we mentioned a number of times throughout our talk, this work is derived directly from James Forshaw’s BlackHat talk and Google Project Zero research. I highly recommend reviewing both of these resources to anyone interested in pursuing this topic. The idea behind this vulnerability i...
中企动力门户CMS membersarticCategoryId SQL注入漏洞
通用Sql 注入点:...
用友多个系统通用漏洞导致接口信息泄露引发多数据库信息泄露(涉及多个大型厂商)
简要描述: 详细说明: 通过webservice接口泄露,涉及多个系统 一、NC系统 http://123.232.105.202/ http://erp.suning.com.cn/ http://115.238.57.245/ 以苏宁为例。 接口地址:http://erp.suning.com.cn/uapws/service 会发现很多接口,以数据库内网链接泄露为例太多接口了,不一一测试了 得到数据库内网链接为:http://erp.suning.com.cn/uapws/service/nc.itf.ses.inittool.PortalSESInitToolService?ws...
RTSP 服务未授权访问漏洞
网络摄像机作为安防设备,被广泛的用于交通、学校、企业、商场等公共场所。网络摄像机为方便管理员远程监控,一般会有公网IP(或端口映射),接入互联网。因此许多暴露在公网的网络摄像机也成了黑客眼中的目标。 摄像头 RTSP 服务存在未授权访问漏洞,远程攻击者可直接获取摄像头内容。 关于 RTSP 协议 RTSP(Real Time Streaming Protocol),实时流传输协议,是TCP/IP协议体系中的一个应用层协议,该协议定义了一对多应用程序如何有效地通过IP网络传送多媒体数据,被广泛用于视频直播领域。RTSP协议的默认端口是554,默认的承载协议为TCP。 rtsp地址格式为:...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-base...
deV!Lz Clanportal [DZCP] <= 1.34 (id) Remote SQL Injection Exploit
No description provided by source. ? errorreportingEERROR; function exploitinit if !extensionloaded'phpcurl' && !extensionloaded'curl' if !dl'curl.so' && !dl'phpcurl.dll' die "oo error - cannot load curl extension!"; function exploitheader echo...
PHP Links <= 1.3 (vote.php id) Remote SQL Injection Vulnerability
No description provided by source. ------------------------------------------------------------- ----- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------- ------------------------------------------------------------- = Author : Houssamix From H-T Team = Script : PHP Links from DeltaScripts = 1.3 ...
jQuery Mobile redirect XSS vulnerability
TL;DR - Any website that uses jQuery Mobile and has an open redirect is now vulnerable to XSS - and there's nothing you can do about it, there's not even patch \ツ/ . jQuery Mobile is a cool jQuery UI system that makes building mobile apps easier. It does some part of what other frameworks like...
Master IP CAM 01 Vulnerabilities
Some time ago I analized this ipcam with my friend Dzonerzy: var serialNum="VVVIPCSBC150617Z-06929VjmJH54vkK"; var model="RTIPC"; var hardVersion="5900-gc1004"; var softVersion="V3.3.4.2103-S50-SBC-B20150721E"; var ipcname="WIFICAM"; var startdate="2017-8-5 0:0:2"; var runtimes="0 day, 0:54"; var...
Jenkins 任意文件读取漏洞(CVE-2018-1999002)
SECURITY-914 / CVE-2018-1999002 An arbitrary file read vulnerability in the Stapler web framework used by Jenkins allowed unauthenticated users to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master process has access to. Input...
ModSecurity 'mod_headers'模块安全限制绕过漏洞
Bugtraq ID:66550 CVE ID:CVE-2013-5704 ModSecurity是Web应用服务器。 ModSecurity在实现上存在安全限制绕过漏洞,成功利用后可使攻击者绕过过滤规则。 0 modsecurity 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://sourceforge.net/projects/mod-security/...
Nginx SPDY缓冲区溢出漏洞
CVE ID:CVE-2014-0133 Nginx是HTTP及反向代理服务器,同时也用作邮件代理服务器,由Igor Sysoev编写。 nginx SPDY实现存在基于堆的缓冲区溢出,允许攻击者利用漏洞提交特殊的请求使应用程序崩溃或执行任意代码。 0 nginx 1.3.15 nginx 1.5.x nginx 1.5.12, 1.4.7版本已修复该漏洞,建议用户下载使用: http://www.manageengine.com/products/opstor/...
ESXi OpenSLP堆溢出漏洞(CVE-2021-21974)
My RCE PoC walkthrough for CVE-2021–21974 VMware ESXi OpenSLP heap-overflow vulnerability Introduction During a recent engagement, I discovered a machine that is running VMware ESXi 6.7.0. Upon inspecting any known vulnerabilities associated with this version of the software, I identified it may ...
PHP Easy Downloader <= 1.5 (save.php) Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl +------------------------------------------------------------------------------------------- + PHP Easy Download = 1.5 Remote Code Execution Vulnerability +-------------------------------------------------------------------------------------------...
FastAdmin 框架RCE漏洞
...
HFS HTTP File Server存在多个漏洞
HFS HTTP File Server是一款HTTP文件服务程序。 HFS HTTP File Server存在多个安全问题,远程攻击者可以利用漏洞进行跨站脚本,信息泄漏,拒绝服务,任意文件建立和用户名伪造等攻击。 1)使用"mkd"和"manipf"命令可导致任意文件和目录建立或操作: mkd ..\Syhunt manipf inject.html ..\Syhunt\index.html 2)发送特殊构建的请求,可导致服务程序崩溃。 3)不正确过滤用户的URI输入,可导致跨站脚本攻击:...
Torrent Hoster Remont Upload Exploit
No description provided by source. ======================================================================================== | Title : Torrent Hoster Remont Upload Exploit | Author : El-Kahina | Home : www.h4kz.com | | Script : Powered by Torrent Hoster. | Tested on: windows SP2 Franais V.Pnx2 2.0...
Jcow 4.2.1 LFI Vulnerability
No description provided by source. ------------------------------------------------------------------------ Software................Jcow 4.2.1 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.jcow.net/ Discovery...