Microsoft Windows SMB NT Trans2请求远程拒绝服务及代码执行漏洞（MS09-001）

BUGTRAQ ID: 33122 CVECAN ID: CVE-2008-4835 Windows是微软发布的非常流行的操作系统。 Microsoft服务器消息块（SMB）协议软件处理特制SMB数据包的方式存在安全漏洞，未经认证的远程攻击者可以在NT Trans2请求中指定畸形的值导致内核忙碌，必须重启系统才能恢复操作。利用此漏洞的大多数尝试会导致系统拒绝服务，但是远程执行代码在理论上是可行的。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft Windows...

DNS BailiWicked Host Attack

No description provided by source. /msf3/msfconsole require 'msf/core' require 'net/dns' require 'scruby' require 'resolv' module Msf class Auxiliary::Spoof::Dns::BailiWickedHost Msf::Auxiliary include Exploit::Remote::Ip def initializeinfo = superupdateinfoinfo, 'Name' = 'DNS BailiWicked Host...

Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability

No description provided by source. ---- Uebimiau Web-Mail Remote File Reader ... ITDefence.ru Antichat.ru Uebimiau Web-Mail Remote File Reader Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /...

IBM AIX邮件服务绕过认证漏洞

IBM AIX是一款商业性质的UNIX操作系统。 AIX的各种邮件服务（pop3d、pop3ds、imapd和imapds）在认证过程中存在漏洞，在某些环境下可能允许本应拒绝的服务通过认证，这样攻击者就可以获得非授权访问。 IBM AIX 5.3 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： ftp://aix.software.ibm.com/aix/efixes/security/pop3difix.tar.Z...

默安蜜罐管理平台未授权问漏洞

...

BMC BladeLogic 8.3.00.64 - Remote Command Execution

Exploit Title: BMC BladeLogic RSCD agent remote exec - XMLRPC version Filename: BMCrexec.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-24 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-1542...

深澜安全认证网络管理计费系统(Srun 3000) /srun3/srun/services/modules/login/controller/login_controller.php任意文件下载漏

0x01 漏洞框架 Srun3000深澜校园宽带客户端是深澜软件面向校园网推出的安全认证网络管理计费产品。 /srun3/srun/services/modules/login/controller/logincontroller.php存在任意文件下载漏洞。 影响厂商：深澜软件 官方主页：http://www.srun.com/ 深澜软件的Srun 3000 安全认证网络管理计费产品家族由Srun 3000 Gateway System和 Srun 3000 Radius System组成。获得众多用户好评的Srun 3000 Gateway 认证计费系统在...

QEMU pcnet_receive 堆缓冲区溢出漏洞(CVE-2015-7504)

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html pcnet是虚拟化软件QEMU中实现AMD PCNET网卡功能模拟的组件，相关的代码实现位于/hw/net/pcnet.c中。 在qemu软件中使用pcnet网卡，需要如下的命令行进行配置： qemu-system-x8664 centos-6.5-x64.img -m 1024 - net nic,model=pcnet -net user...

用友集团某平台弱口令导致泄漏大量敏感信息(机密信息)

简要描述： 一个低微的弱口令 泄漏出多少机密信息啊 用友软件：提交了多少个漏洞你都忽略了，现在这个漏洞你该不会又忽略吧 此次与贵公司相关的任何信息并未泄漏他人,请及时修复以免被不法人员利用，谢绝查水表 详细说明： http://ufsdp.ufida.com/（用友集团开发管理部YSDP平台） 存在测试员账户 用户test 密码test 导致下面外网能访问的模块都能访问并且存在最新数据 泄漏重要资料在于一个叫：YSDP研发资产借阅系统 从2010-9-19 16:42:14到目前为止一个4769条数据,其中的附件泄漏了有关很多行业的机密文档，用友软件你罪过..罪过啊..... 漏洞证明：...

某通用型电子采购系统Oracle盲注漏洞

简要描述： 捡漏啊 详细说明： 前人有经验： WooYun: 某通用型电子采购平台SQL注射（涉及大量企业） 厂商： http://www.1caitong.com/ 北京网达信联科技发展有限公司 SQL注入点： /GetPassWord.aspx POST参数txtUserName存在注入 Case: http://eps.umgg.com.cn/GetPassWord.aspx http://ygcg.xuangang.com.cn/GetPassWord.aspx http://222.134.89.6/GetPassWord.aspx...

DESTOON前台getshell

简要描述： 如题。。 详细说明： \module\know\answer.inc.php 143 - 161行 case 'raise': //这个功能是 "知道功能" 悬赏的次数更新,因为默认只允许2次提高悬赏的次数 if$credit $credit dalert$L'lackcredit', 'goback'; $couldraise = $couldadmin;//是否是 "知道"发布的作者. if$item'process' != 1 $couldraise = false; if$item'raise' = $MOD'maxraise' $couldraise = false...

PHPSecurityAdmin 4.0.2 Logout.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23801/info PHPSecurityAdmin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the...

VMware Remote Console e.x.p build-158248 - format string vulnerability

No description provided by source. DSECRG-09-053 VMware Remote Console - format string vulnerability http://www.dsecrg.com/pages/vul/show.php?id=153 VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed...

AWStats < 6.4 (referer) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl AWStats 6.4 command execution exploit based on http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities coded by 1dt.w0lf 11.08.2005 RST/GHC http://rst.void.ru http://ghc.ru Note Exploitation will not occur until the stats page...

PHP-Fusion 4.01 'readmore.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30680/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise th...

Java Applet Field Bytecode Verifier Cache Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

iGenus邮件系统 邮件储存型XSS(打开自动触发，多家政府，企业在使用）

简要描述： - iGenus邮件系统 邮件储存型XSS打开自动触发，多家政府，企业在使用） - 中国科学技术大学选用爱琴思邮件系统 - 北京市丰台教委量身定制教委应用邮件系统 - 浙江财经学院牵手爱琴思邮件系统 - 北京锐迪科微电子再次牵手爱琴思邮件 - 北京汉王科技再次选购爱琴思邮件系统 - 西安乐尚网络选购爱琴思邮件系统 - 北京瑞地通信选购爱琴思邮件系统 - 北京理工大学再次签约爱琴思邮件 - 上海宏洋网络选购爱琴思邮件系统 - 东软集团股份有限公司选购爱琴思邮件系统 - 上海劲霸投资公司选购爱琴思邮件系统 - 热烈祝贺中铁八局再次采购爱琴思邮件系统 - 卢米埃影业选购爱琴思邮件系...

欧朋网数据库可被直接下载导致大量用户信息泄露

简要描述： 欧朋网数据库被直接下载，用户信息泄露，有用户名、邮箱、手机号，密码（已破解了一些），QQ号等。 详细说明： 下载地址： http://r.oupeng.com/tmp/users.sql 下载后不想麻烦建个表了，用记事本将就着看： 表结构： CREATE TABLE users uid int10 unsigned NOT NULL AUTOINCREMENT, username char20 NOT NULL, password char64 NOT NULL, email char125 NOT NULL, emailstate tinyint1 NOT NULL...

Apache Struts 多个开放重定向漏洞(CVE-2013-2248)

BUGTRAQ ID: 61196 CVECAN ID: CVE-2013-2248 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。它是WebWork和Struts社区合并后的产物。 Apache Struts 2.0.0没有有效过滤"redirect:"/"redirectAction:"参数前缀内容，存在多个开放重定向漏洞，攻击者通过构建特制的URI并诱使用户点击，利用这些漏洞将这些用户重定向到攻击者控制的站点，执行钓鱼攻击。 0 Struts 2.3.15.1 厂商补丁： Apache Group...

Oracle MySQL Server 'MyISAM'子组件远程安全漏洞(CVE-2013-0371)

BUGTRAQ ID: 57415 CVECAN ID: CVE-2013-0371 Oracle MySQL Server是一个小型关系型数据库管理系统。 Oracle MySQL Server 5.5.28及更早版本存在远程安全漏洞，此漏洞可通过'MySQL Protocol'协议加以利用，'MyISAM'子组件受到影响。通过身份验证的远程攻击者可利用此漏洞造成影响可用性。 0 Oracle MySQL Server = 5.5.28 厂商补丁： Oracle ------ Oracle已经为此发布了一个安全公告（cpujan2013-1515902）以及相应补丁:...

Unix平台Apache mod_proxy_http模块超时处理信息泄露漏洞

BUGTRAQ ID: 42102 CVECAN ID: CVE-2010-2791 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server的modproxyhttp模块中的modproxyhttp.c文件没有正确地检测超时，在某些超时情况下服务器可能返回属于其他用户的响应，导致泄漏敏感信息。仅有可触发使用代理worker池的配置才受影响。 该漏洞与CVE-2010-2068中所述漏洞相同，但影响的是Unix系统上的httpd。 Apache 2.2.9 厂商补丁： Apache Group ------------...

IntelliTamper 2.07/2.08 (SEH) Remote Buffer Overflow

No description provided by source. IntelliTamper 2.07/2.08 SEH Remote Buffer Overflow Based on PoC: http://www.exploit-db.com/exploits/11217 Author: loneferret Big thanks to: dookie Tested on WinXP SP3 English Just copy the resulting html file on a web server, and point Intelli Tamper to that...

ACDSee产品TIFF及字体文件解析缓冲区溢出漏洞

BUGTRAQ ID: 35175,35176 ACDSee是一款图象查看、转换、管理工具，可使用在Microsoft Windows操作系统下。 如果用户使用ACDSee产品打开了畸形的TIFF图形或字体文件的话，就可以触发多个缓冲区溢出，导致执行任意代码。 ACD Systems, Inc ACDSee 9.x ACD Systems, Inc ACDSee 11.x ACD Systems, Inc ACDSee 10.x ACD Systems, Inc ACDSee Photo Manager Pro 2.5 ACD Systems, Inc ACDSee Photo...

动力文章(Powereasy)存在严重上传漏洞

动力文章采用无惧上传方式，对于上传文件的判断，只过滤了asp,aspx,asa等扩展上，忽略了cer,cdx等经过asp.dll映射过的其它扩展，以及，动力文章其upfileclass.asp对扩展的判断不严，导致asp 后面有空格，被当作合法的扩展，恶意用户可以通过构造表单，上传asp,asa等恶意扩展。 Access&SQL www.asp163.net下载最新的补丁，用最新的动力文章的upfileclass.asp和upfile.asp替换有漏洞的文件。...

BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)

No description provided by source. from scapy import import random Copyright C 2008 Julien Desfossez [email protected] http://www.solisproject.net/ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Softwa...

Apache Tomcat Manager和Host Manager上传跨站脚本漏洞

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat包含的管理和主机管理WEB应用程序不正确处理URL数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 提交恶意POST请求，由于不充分过滤，可导致提交恶意脚本代码作为参数，当其他用户解析时可泄露敏感信息。 Apache Tomcat 6.0.13 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.10 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat...

aspWebCalendar 4.5 (calendar.asp eventid) SQL Injection Vulnerability

No description provided by source. Title : aspWebCalendar Remote SQL Injection Vulnerability Author : parad0x Contact : : D.Page : http://www.scriptdungeon.com/script.php?ScriptID=4306 $$ : free S.Page : http://fullrevolution.com http://target/path/calendar.asp?action=viewevent&eventid=SQL Exampl...

Brim &lt;= 1.2.1 (renderer) Multiple Remote File Include Vulnerabilities

No description provided by source. Brim 1.2.0pre3 , 1.2.1 renderer Remote File Include Vulnerability Turkish Hacker's Discovered By : mdx and TheBatHacker ------------------------------------------------------ Cyber-Warrior TIM Ay ve Y.ld.zlar Geceye Yak...r... the moon and the stars suit the nig...

MySpeach &lt;= 3.0.2 (my_ms[root]) Remote File Include Vulnerability

No description provided by source. ============================================================================================== MySpeach = v3.0.2 mymsroot Remote File Inclusion Exploit =============================================================================================== Critical Level...

Google Chrome: Integer Overflow when Processing WebAssembly Locals(CVE-2018-6092)

When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an integer overflow. This allows the number of function loca...

Spring data rest 远程代码执行(cve-2017-8046)

漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器，使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制，编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本： Spring...

Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE (CVE-2017-0561)

详细分析：https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi4.html Posted by Gal Beniamini, Project Zero It's a well understood fact that platform security is an integral part of the security of complex systems. For mobile devices, this statement rings even truer; modern...

Apache Tomcat denial of service vulnerability, CVE-2016-6817）

The HTTP/2 header parser entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. This was fixed in revision 1765794. This issue was reported as 60232 on 10 October 2016 and the security implications identified by...

Android Rowhammer attack vulnerability (Drammer)

Project Description Drammer is a new attack that exploits the Rowhammer hardware vulnerability on Android devices. It allows attackers to take control over your mobile device by hiding it in a malicious app that requires no permissions. Practically all devices are possibly vulnerable and must wai...

Hampshire Trading Standards Script SQL Injection Vulnerability

No description provided by source. Title: Hampshire Trading Standards Script SQL Injection Vulnerability Version: 1.0 Author: Mr.P3rfekT Software Link:N/A Tested on Lunix CVE : N/A Founded By Mr.P3rfekT Dork : inurl:tradeCategory.php?id= Helllo Allz. Exploit :...

Microsoft .NET Framework 远程权利提升漏洞(CVE-2014-0257)(MS14-009)

BUGTRAQ ID: 65417 CVECAN ID: CVE-2014-0257 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft.NET Framework内存在权限提升漏洞，可使攻击者提升其在受影响系统上的权限。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft...

nginx 'ngx_http_parse.c'栈缓冲区溢出漏洞

BUGTRAQ ID: 59699 CVECAN ID: CVE-2013-2028 nginx是HTTP及反向代理服务器，同时也用作邮件代理服务器。 nginx 1.3.9 - 1.4.0在解析HTTP块时，"ngxhttpparsechunked"函数 http/ngxhttpparse.c中存在错误，可被利用造成栈缓冲区溢出。 0 Nginx 1.3.9 - 1.4.0 临时解决方法： 建议您升级到nginx 1.4.1或者是1.5.0。但如果您不能立刻安装补丁或者升级，您可以采取以下措施以降低威胁： 在每个server块中使用如下配置 if $httptransferencodi...

VMware宿主产品VMSA-2009-0005多个远程漏洞

BUGTRAQ ID: 34373 CVE ID：CVE-2008-4916 CVE-2008-3761 CVE-2009-1146 CVE-2009-1147 CVE-2009-0910 CVE-2009-0909 CVE-2009-0908 CVE-2009-0177 CVE-2009-0518 CNCVE ID：CNCVE-20084916 CNCVE-20083761 CNCVE-20091146 CNCVE-20091147 CNCVE-20090910 CNCVE-20090909 CNCVE-20090908 CNCVE-20090177 CNCVE-20090518...

Maran PHP Shop (prod.php cat) SQL Injection Vulnerability

No description provided by source. Maran PHP Shop prod.php cat SQL Injection Vulnerability url: http://www.maran.pamil-visions.com/maranshop.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose...

PHP 'create_function()'代码注入漏洞

BUGTRAQ ID: 31398 CNCAN ID：CNCAN-2008092610 PHP是一款流行的WEB编程语言。 PHP不正确过滤传递给'createfunction'的输入，远程攻击者可以利用漏洞以特权应用程序权限执行任意代码。 PHP使用createfunction函数用于CREATE一个匿名函数： 1，使用createfunction建立一个匿名函数： ?php $newfunc = createfunction'$a,$b', 'return "ln$a + ln$b = " . log$a $b;'; echo "New anonymous function:...

RunCMS 1.6 Multiple Remote Vulnerabilities

No description provided by source. Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007...

Ajax File Browser 3b (settings.inc.php approot) RFI Vulnerability

No description provided by source. Ajax File Browser 3 Beta Remote File Inclusion found by the "arfis project" http://arfis.wordpress.com/ Project Info: ------------- Name: Ajax File Browser Link: http://sourceforge.net/projects/ajaxfb/ DL:...

Ajax File Browser 3b (settings.inc.php approot) RFI Vulnerability

No description provided by source. Ajax File Browser 3 Beta Remote File Inclusion found by the "arfis project" http://arfis.wordpress.com/ Project Info: ------------- Name: Ajax File Browser Link: http://sourceforge.net/projects/ajaxfb/ DL:...

0irc-client v1345 build20060823 Denial of Service Exploit

No description provided by source. / 0irc-client v1345 build 20060823 DoS Exploit By DiGitalX [email protected] Date: 22/3/2007 -- MicroSystem Team -- Site: http://DiGitalX.I.am Description: 0irc-client suffers from a NULL pointer derefrencing bug. / define WIN32LEANANDMEAN include winsock2.h...

myEvent Myevent.PHP远程文件包含漏洞

myEvent是一款基于PHP的事件管理程序。 myEvent不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'myevent.php'脚本对用户提交的"myeventpath"参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 myWebland myEvent 1.3 myWebland myEvent 1.2 http://mywebland.com/download.php?id=6...

Microsoft Windows　TCP连接重置漏洞 (MS05-019/MS06-064)

Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows的TCP实现中存在拒绝服务漏洞，远程攻击者可能利用此漏洞进行拒绝服务攻击。 攻击者可以向受影响的系统发送特制的TCP消息导致重置已有的TCP连接。 Microsoft Windows ME Microsoft Windows 98se Microsoft Windows 98 Microsoft Windows 2000 SP4 Microsoft Windows 2000 SP3 Microsoft Windows XP SP1 Microsoft Server 2003...

Squirrelcart &lt;= 2.2.0 (cart_content.php) Remote Inclusion Vulnerability

No description provided by source. Title : Squirrelcart = 2.2.0 Remote File Inclusion URL : http://www.ldev.com/ google Dork : inurl:/squirrelcart/ Author : OLiBekaS greetz : Skulmatic, weleh, brokencode, bigmaster and all papmahackerlink crew Exploit :...

Jellyfin 任意文件读取漏洞（CVE-2021-21402）

GHSL-2021-050: Unauthenticated abritrary file read in Jellyfin - CVE-2021-21402 Jaroslav Lobacevski Coordinated Disclosure Timeline - 2021-03-19: Issue reported to maintainers. - 2021-03-22: Version 10.7.1 with fixes was released. Summary Jellyfin allows unauthenticated arbitrary file read. Produ...

Multiple Vulnerabilities in NagiosXI

We found four vulnerabilities in NagiosXI, and chained them together to create a root RCE exploit, available here. Vulnerability chaining can increase the risk posed by individual vulns, it takes a village to raise a root RCE etc. etc. If you’re running NagiosXI = 5.4.12, update. If you perform...

Microsoft Office SMB Information Disclosure

Vulnerability Summary The following advisory describes an information disclosure found in Microsoft Office versions 2010, 2013, and 2016. Microsoft Office is: “Whether you’re working or playing, Microsoft is here to help. We’re the company that created Microsoft Office, including Office 365 Home,...