56796 matches found
cPanel跨站脚本和跨站请求伪造漏洞
BUGTRAQ ID: 29125 CVECAN ID: CVE-2008-2070,CVE-2008-2071 cPanel是基于web的工具,用于自动化控制网站和服务器。 cPanel的WHM接口允许用户管理和访问cPanel及WHM软件包的核心。这个接口没有正确地防范跨站脚本和跨站请求伪造攻击,允许远程攻击者通过提交恶意请求在服务器上执行任意代码。 所有管理用户输入的函数都存在跨站脚本漏洞,以下为部分有漏洞的函数列表: Knowlege Base(/scripts2/knowlegebase?issue=INJECTION&domain=) Change Ip to...
Symantec Enterprise Security Manager远程升级远程代码执行漏洞
Symantec Enterprise Security Manager ESM可以在整个企业范围内为关键性应用程序和服务器自动搜索发现其漏洞隐患和不符合安全策略的设定。 Symantec Enterprise Security Manager存在设计问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于ESM代理端的远程升级接口中,ESM代理端接收从熟悉升级协议的任意实体上的升级请求,并没有对源头进行任何可信认证。熟悉代理端协议的攻击者可以以应用程序进程权限执行任意指令。ESM代理端一般以管理员权限执行。 Symantec Enterprise Security...
CodeBB 1.0 beta 2 (phpbb_root_path) Remote File Inclusion Vulnerability
No description provided by source. codebb 1.1b3 phpbbrootpath Remote File Include Vulnerability D.Script: http://rd.cycnus.de/download/codebb-1.1b3.tar.bz2 Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net V.Code includeonce$phpbbrootpath . 'includes/codebb/config.'.$phpEx;...
PHP 4.4.5 / 4.4.6 session_decode() Double Free Exploit PoC
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || // // | |/ || '|/ |/ -| ' / -/ |||| /| || / //...
Ivanti Avalanche目录遍历漏洞
SSD Advisory – Ivanti Avalanche Directory Traversal May 11, 2021 SSD Disclosure / Technical Lead Uncategorized TL;DR Find out how a directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the ‘image’ folder. Vulnerability Summar...
cisco RV34X系列身份绕过和远程命令执行漏洞(CVE-2021-1472 CVE-2021-1473)
Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution APRIL 13, 2021 TL;DR In early 2021, we reported a few security issues to Cisco related to their RV34X series of routers, two of which have been recently patched. The issues in question were an authentication bypass...
GitLab 未授权RCE漏洞(CVE-2021-22192)
When rendering wiki content with certain extensions such as .rmd, renderwikicontent will call othermarkupunsafe which will end up calling GitHub::Markup.render from the github-markup gem. Files with any extension can be uploaded by checking out the wiki with git, commiting the files and pushing t...
Foscam IP Video Camera webService 3322.net DDNS Client Code Execution Vulnerability(CVE-2017-2855)
Summary An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating...
McAfee ePolicy Orchestrator DataChannel Blind SQL Injection Vulnerability(CVE-2016-8027)
Summary An exploitable blind sql injection vulnerability exists within McAfee's ePolicy Orchestrator 5.3.0 that is accessible without authentication. A specially crafted HTTP post can allow an aggressor to alter a sql query which can result in disclosure of information within the database or...
Hancom Thinkfree NEO Hangul Word Processor HWPTAG_TAB_DEF Tab Count Code Execution Vulnerability(CVE-2017-2819)
Summary An exploitable heap-based buffer overflow exists in the Hangul Word Processor component version 9.6.1.4350 of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under th...
Foscam C1 Webcam FTP Hard Coded Password Vulnerability(CVE-2016-8731)
Summary Hard-coded FTP credentials r:r are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. Tested Versions Foscam C1 Firmware Version...
fastjson < 1.2.24 remote code execution vulnerability
No description provided by source...
ILas图书馆自动化集成系统 NTReaderCritic.aspx等2处 时间盲注漏洞
0x01漏洞简介 ILas图书馆自动化集成系统在NTReaderCritic.aspx和NTUniBookRetrInfo.aspx两个页面存在时间延迟注入漏洞。 0x02漏洞详情 NTReaderCritic.aspx sqlmap -u ".../NTReaderCritic.aspx?strRenco=1&strTitle=1" 相关代码如下: protected void PageLoadobject sender, EventArgs e if !base.IsPostBack if base.Request.QueryString"strRenco" != null &&...
威速科技官网某子站SQL注入可提权服务器
简要描述: 详细说明: 第三方会议系统,V2 Conference. 见: WooYun: V2视频会议系统某处SQL注射、XXE漏洞可getshell 漏洞证明: http://zuyong.v2tech.com/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=-1%20union%20select%201,user%28%29,3,version%28%29,5%23 mysql root权限注入,可写shell. 查看远程桌面端口:39556 创建了wooyun用户,连接远程桌面: img...
Hishop易分销系统 /wapshop/productlist.aspx 文件 sort 参数SQL注入漏洞
No description provided by source...
金蝶某重要系统漏洞可导致大量信息泄露以及资金操作
简要描述: 金蝶某重要系统漏洞可导致大量信息泄露/可影响在线交易 详细说明: 存在漏洞的系统为 金蝶商城 http://shop.k3cloud.kingdee.com/ 其中 http://shop.k3cloud.kingdee.com/show.aspx?type=1&action=GetImg&pids=1 参数pids存在注入漏洞 漏洞证明: 直接爆出后台管理员密码: 密码比较简单,登陆后后台,有大量会员信息 包括16位MD5密码,部分信息如下: 另外可以在线生成礼品卡,可以换取商品: 总之 后台功能比较强大,权限大 可以更改添加商品 修改商品价格等等,危害相当严重!...
金蝶某系统管理后台密码泄露可getshell
简要描述: 不知道是否处在内网,看起来像是测试程序,求大牛带内网漫游 详细说明: http://k3shop.k3cloud.kingdee.com/ ip 202.104.120.51 http://k3shop.k3cloud.kingdee.com/admin/打开后台地址吓到我了,竟然直接跳转登陆。抓了下密码 admin kingdee&admin 怀疑多套系统使用此密码 上传文件地址 http://k3shop.k3cloud.kingdee.com/admin/Marketing/upload.aspx?tempFolder=aspx tempFolder该参数可控...
Apache James Server 2.3.2 - Remote Command Execution
Exploit Title: Apache James Server 2.3.2 Authenticated User Remote Command Execution Date: 16\10\2014 Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip 版本: Apache James Server 2.3.2 Tested on: Ubuntu, Debian...
NRPE 2.15 - Remote Code Execution Vulnerability
No description provided by source. !/usr/bin/python Exploit Title : NRPE = 2.15 Remote Code Execution Vulnerability Discovered by : Dawid Golunski dawid at legalhackers dot com legalhackers.com Exploit Author : Claudio Viviani http://www.homelab.it [email protected] [email protected]...
XAMPP Insecure Default Password Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13131/info An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords. An attacker may leverage this issue to gain...
PHP-Nuke-8.1-seo-Arabic Remote File Include
No description provided by source...
Heartbleed OpenSSL - Information Leak Exploit (1)
No description provided by source. / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted...
LetterIt 2.0 - (inc/session.php) Remote File Include Vulnerability
漏洞软件:LetterIt 2.0 软件下载:http://sourceforge.net/projects/letterit.berlios/ 漏洞类型:RFI 远程文件包含漏洞 软件介绍: LetterIt 2.0 是一个基于WEB页面的邮件列表管理器,安装简单并且支持多国语言。它可以通过PHP Mail,sendmail,qmail,SMTP 或者pickup mode(Windows下)等多种方式发送HTML 或者 Text文本消息以及附件到指定邮件列表。 漏洞分析: 这个远程文件包含漏洞出现在LetterIt 2.0的 “inc/session.php” 文件中。 漏洞代码:...
MidiCart ASP Item_Show.ASP ID2006quant Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21273/info MidiCart ASP is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...
Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit
No description provided by source. !/bin/sh NTLM && BASIC AUTH BYPASS : sha0atbadchecksum.net Based on my adv: http://www.securityfocus.com/bid/24105/info CVE-2007-2815 if $ != 2 then printf USAGE:\t\t$0 Site Protected Object\nExample:\t$0 http://www.microsoft.com /en/us/default.aspx\n\n; exit 0 ...
Max Network Technology BBSMAX <= 4.2 'post.aspx' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38592/info Max Network Technology BBSMAX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
H-Sphere 2.x WebShell Login.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20532/info H-Sphere WebShell is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the...
cubecart 2.0.7 - Multiple Vulnerabilities
No description provided by source. Exploit Title: CubeCart 2.0.7 XSS && Remote SQL Injection = Multiple Vulnerabilities Date: June, 14th 2011 GMT +7 Author: Shamus Software Link: http://www.cubecart.com/ Version : CubeCart 2.0.7 Tested on: windows 7, ubuntu 11.04 CVE : -...
xdcms 后台绕过文件上传限制直接getshell(测试最新版)
简要描述: 后台绕过文件过滤限制可shell 详细说明: system/libs/upload.class.php 上传的核心验证文件 public function uploadprocess $num=count$FILES $this-uploadformfield 'name'; for$key=0;$keycleanpaths; //创建存储路径 $savepath=$this-outsavedir."uploadfile/".$this-uploadfolder."/"; if !fileexists$savepath mkdir$savepath; $ymd =...
SiteServer 3.6.4 /siteserver/bbs/background_user.aspx SQL注入漏洞
SiteServer 3.6.4 /siteserver/bbs/backgrounduser.aspx 文件keyword使用了位于/Bin/SiteServer.BBS.dll代码,在接收参数没有合适过滤,导致SQL注入漏洞。 SiteServer 3.6.4...
BlackBerry Link OpenSSL TLS心跳信息泄漏漏洞
CVE ID:CVE-2014-0160 BlackBerry Link是黑莓设备的同步软件。 BlackBerry Link所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 BlackBerry Link 1.x 目前没有详细解决方案: http://www.blackberry.com...
Barracuda Load Balancer‘/cgi-mod/index.cgi’远程命令注入漏洞
BUGTRAQ ID: 65508 Barracuda Load Balancer是美国梭子鱼(Barracuda Networks)公司的一款应用交付控制器。该控制器提供对入侵和攻击事件的防护功能,并同时优化应用负载和提供强大的性能支持。 Barracuda Load Balancer中存在远程命令注入漏洞。攻击者可利用该漏洞在受影响应用程序上下文中执行任意命令。Barracuda Load Balancer 340 4.2.2.007版本中存在漏洞,其他版本也可能受到影响。 0 Barracuda Load Balancer 340 4.2.2.007...
SiteServer 3.6.4 /siteserver/bbs/background_thread.aspx SQL注入漏洞
No description provided by source...
JBoss 4.2.0 BSHDeployer 代码执行漏洞
JBoss是基于J2EE的开放源代码的应用服务器,其4.2.0版本默认会开启BSHDeployer服务, 当攻击者绕过JMX-console拦截里, 可以利用BSHDeployer服务方便地(将war信息直接写在bsh文件里)部署一个war,从而成功地远程部署了恶意代码。 JBoss 4.2.0...
Linux Kernel OOPS "qdisc_dev()"引用远程拒绝服务漏洞
BUGTRAQ ID: 48641 CVE ID: CVE-2011-2525 Linux Kernel是Linux操作系统的内核。 Linux Kernel在qdiscdev引用的实现上存在远程拒绝服务漏洞,本地攻击者可利用此漏洞造成内核崩溃。 不应为内建qdisc调用tcfillqdisc或使其引用空指针以获取设备ifindex。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
Linux RDS Protocol Local Privilege Escalation
No description provided by source. Source: http://www.vsecurity.com/resources/advisory/20101019-1/ / Linux Kernel = 2.6.36-rc8 RDS privilege escalation exploit CVE-2010-3904 by Dan Rosenberg [email protected] Copyright 2010 Virtual Security Research, LLC The handling functions for sending...
Linux kernel 2.6.x网络队列功能内存信息泄露漏洞
BUGTRAQ ID: 42529 CVECAN ID: CVE-2010-3477,CVE-2010-2942 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的网络队列功能中net/sched/actpolice.c下的tcfactpolicedump函数没有正确地初始化某些结构成员,这允许本地用户通过dump操作从内核内存获取敏感信息。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
帝国(EmpireCMS)6.0 /search/keyword/index.php 存在多个跨站漏洞
帝国软件是一家专注于网络软件开发的科技公司,其主营产品“帝国网站管理系统EmpireCMS”是目前国内应用最广泛的CMS程序。通过多年的不断创新与完善,使系统集安全、强大、稳定、灵活于一身。 目前EmpireCMS程序已经广泛应用在国内数十万家网站,覆盖国内上千万上网人群,并经过上千家知名网站的严格检测,被称为国内最稳定的CMS系统。 /search/keyword/index.php 存在多个跨站漏洞 http://ssvdb.com/search/keyword/index.php?show=3"xss...
PostgreSQL bitsubstr函数远程溢出漏洞
BUGTRAQ ID: 37973 CVECAN ID: CVE-2010-0442 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 远程攻击者可以利用PostgreSQL的bitsubstr函数处理超长字符串时的缓冲区溢出导致拒绝服务或执行任意代码。 PostgreSQL 8.0.23 厂商补丁: PostgreSQL ---------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.postgresql.org testdb= select...
Sun Java运行时环境XML解析拒绝服务漏洞
BUGTRAQ ID: 35958 CVECAN ID: CVE-2009-2625 Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。 JRE在解析包含有非预期字节值和递归括号的XML元素时可能导致程序越界访问内存或陷入死循环。攻击者可以通过诱骗用户打开特制文件或向服务器提交恶意XML内容来利用这个漏洞,导致拒绝服务的情况。 Sun JDK 6 Sun JDK 5.0 Sun JRE 6 Sun JRE 5.0 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1199-01)以及相应补丁:...
Blackboard CourseInfo 4.0数据库任意修改漏洞
Blackboard CourseInfo在执行更新数据库操作时缺乏完整的权限检查。任意用户只要有一个合法的 Blackboard CourseInfo账号,就可以利用它的cgi程序修改其他用户的资料信息,包括口令及身份 状态等等。 4.0 更新到Blackboard CourseInfo 5.0,下载地址: http://download.blackboard.com 下列URL可以改变任意已知账号的口令:...
xine-lib NES声音格式解码器copyright字段栈溢出漏洞
BUGTRAQ ID: 28908 xine是一款免费的媒体播放器,支持多种格式。 xine播放器的demuxnfs.c文件中没有正确地验证媒体文件中的copyright字段: line 111: this-copyright = strdup&header0x4E; line 189: char copyright100; line 208: sprintfcopyright, "C %s", this-copyright; 如果用户受骗打开了带有超长copyright字段的媒体文件的话,就可能触发栈溢出,导致执行任意指令。 xine-lib 1.1.12 xine ----...
Joovili <= 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability
No description provided by source. found by EcHoLL version: 2. include/images.inc.php?picture=../../../../../../../../etc/passwd&thumbnail=FALSE include/images.inc.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE version 3...
phpFFL 1.24 PHPFFL_FILE_ROOT Remote File Inclusion Vulnerabilities
No description provided by source. Title : phpFFL 1.24 Remote File Inclusion Vulnerability Title : phpFFL 1.24 Remote File Inclusion Vulnerability Author : Dj7xpl Contact : [email protected] Dawnload : http://sourceforge.net/project/showfiles.php?groupid=137531 Gr33tZ : Y! Underground Group , IrR57 ...
maGAZIn 2.0 (phpThumb.php src) Remote File Disclosure Vulnerability
No description provided by source. \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...
KarjaSoft Sami HTTP Server POST请求远程拒绝服务漏洞
Sami HTTP Server是一款小型的HTTP服务软件,支持PHP功能。 Sami HTTP Server处理畸形的POST请求时存在漏洞,远程攻击者可能利用此漏洞在导致服务器意外中止。 远程攻击者可以通过向Sami HTTP Server发送POST /%请求导致服务器意外终止,需要重启才能恢复正常运行。 KarjaSoft Sami HTTP Server 2.0.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.karja.com/ http://www.sebug.net/show-exp-1706.h...
PHP会话数据反序列化代码执行漏洞
PHP是一款广泛使用的WEB开发脚本语言。 PHP会话数据反序列化存在问题,远程攻击者可利用此漏洞以应用程序权限执行任意指令。 当registerglobals激活时,会话数据反序列化可以覆盖任意全局变量,包括SESSION数组。特殊的实现可导致任意代码执行。 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP PHP 5.1 PHP PHP 5.0.5 PHP PHP 5.0.4 PHP PHP 5.0.3 + Trustix Secu...
ScriptMagix Lyrics <= 2.0 (index.php recid) SQL Injection Exploit
No description provided by source. !/usr/bin/perl Script Name: ScriptMagix Lyrics = 2.0 index.php recid Remote Blind SQL Injection Exploit Coded by : ajann Author : ajann Contact : : S.Page : http://www.scriptmagix.com $$ : 35$ .. : ajann,Turkey use IO::Socket; if@ARGV 1 print "...
Barracuda Networks Spam Firewall存在多个漏洞
Barracuda Networks Spam Firewall是一款用于保护邮件服务器的集成硬件和软件垃圾邮件解决方案。 Barracuda Networks Spam Firewall存在多个安全问题,远程攻击者可以利用漏洞获得密码和文件信息。 Barracuda Networks Spam Firewall 3.3.01.001到3.3.02.053版本存在内置"guest"帐户密码"bnadmin99",利用这个帐户可登录WEB接口。...
Knusperleicht Quickie Quick_Path远程文件包含漏洞
Knusperleicht Quickie是一款基于PHP的WEB应用程序。 Knusperleicht Quickie不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'quickie.php'脚本对用户提交的"QUICKPATH"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Knusperleicht Quickie http://knusperleicht.at/index.php?knuspi=Quickie...