56796 matches found
PHP <= 5.3.6 shmop_read() Integer Overflow DoS
No description provided by source. ?php Exploit Title: PHP =5.3.5 Integer Overflow DoS Date: 12-03-11 Author: Jose Carlos Norte - www.rooibo.com Software Link: www.php.net Version: = 5.3.5 Tested on: Ubuntu Linux CVE : CVE-2011-1092 $shmkey = ftokFILE, 't'; $shmid = shmopopen$shmkey, c, 0644, 100...
Simple Web Server 2.2 rc2 Remote Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl use IO::Socket; Exploit Title: SimpleWebServer 2.2-rc2 - Remote Buffer Overflow Exploit Date: 19/07/2012 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ Software Link: http://www.pmx.it/download/sws-2.2-rc2-i686.exe Version: 2....
TinyMCE / flvPlayer Cross Site Scripting / Disclosure
No description provided by source. I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in...
Linux kernel 2.6.x net/ipv4/tcp_input.c文件释放后使用漏洞
CVE ID: CVE-2010-1188 Linux Kernel是开放源码操作系统Linux所使用的内核 Linux Kernel的net/ipv4/tcpinput.c文件中存在释放后使用漏洞。在对监听套接字设置IPV6RECVPKTINFO时,这个漏洞允许攻击者在套接字仍处于监听状态(TCPLISTEN)期间发送SYN报文导致内核忙碌。...
多个浏览器HTTPS内容上下文中的HTTP资源安全绕过漏洞
Bugraq ID: 35403 CVE ID:CVE-2009-2065 CVE-2009-2064 CVE-2009-2066 CVE-2009-2067 CNCVE ID:CNCVE-20092065 CNCVE-20092064 CNCVE-20092066 CNCVE-20092067 当页面通过不安全方法对安全内容请求资源进行操作时不正确显示警告,可导致绕过多个WEB浏览器安全限制。 攻击者可以利用这个漏洞进行钓鱼攻击或获得敏感信息。不过要利用此漏洞,攻击者必须截获或控制网络通信,如通过中间人,DNS毒药等攻击。 如下浏览器受此漏洞影响: Microsoft Internet...
Easy Scripts Answer and Question Script Multiple Vulnerabilities
No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...
perlshop.cgi远程执行任意命令程序
BugCVE: CAN-1999-1374 perlshop.cgi是一个用Perl编写的基于Web的在线购物程序。perlshop.cgi实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在主机上以Web进程的权限执行任意命令。 有问题的代码在这里:open MAIL, |$blatloc - -t $to -s $subject || &errtrap Can t open $blatloc!\n $blatloc定义的是NT下的一个命令行发信程序blat,$to是用户输入的邮件地址,程序中没有过滤“|&”等特殊字符,入侵者可以在邮件地址中插入系统命令。 3.1 临时解决方法:...
Count.cgi(wwwcount)远程缓冲区溢出漏洞
BugCVE: CVE-1999-0021 BUGTRAQ: 128 Count.cgi wwwcount是一个非常流行的Web站点跟踪统计CGI程序。一般它作为Web页面点击数统计。1997年10月,这个程序被发现了两个远程漏洞。第一个漏洞比较轻微,它能允许远程用户浏览到受限制的.GIF文件,可能泄漏.GIF文件里潜在的敏感数据。 第二个漏洞比较严重,count.cgi程序在处理QUERYSTRING环境变量的时候存在缓冲区溢出漏洞。远程攻击者可以发送一个超长的请求给程序就能进行溢出攻击,以Web用户的权限在系统执行任意命令。 2.3 Muhammad A. Muquit...
Apache Tomcat UTF-8目录遍历漏洞
BUGTRAQ ID:30633 CVE ID:CVE-2008-2938 CNCVE ID:CNCVE-20082938 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。。 Apache Tomcat不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB服务程序上下文查看任意本地文件。 此漏洞发生是由于JAVA处理输入存在问题,如果context.xml或server.xml允许'allowLinking'和'URIencoding'为'UTF-8',攻击者可以以WEB权限获得重要的系统文件内容。 Apache Software Foundation Tomca...
Microsoft Excel多个远程代码执行漏洞(MS08-014)
BUGTRAQ ID: 28095,28166,28170,27305 CVECAN ID: CVE-2008-0112,CVE-2008-0114,CVE-2008-0117,CVE-2008-0081 Excel是微软Office办公软件家族中的电子表格工具。 Excel导入文件时处理数据的方式、处理Style记录数据的方式、处理条件格式值和处理宏的方式存在多个代码执行漏洞,如果用户受骗打开了恶意的Excel文件,就会触发这些漏洞,导致执行任意指令。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP2 Microsoft Exce...
HFS HTTP File Server多个远程安全漏洞
BUGTRAQ ID: 27423 CVECAN ID: CVE-2008-0405,CVE-2008-0406,CVE-2008-0407,CVE-2008-0408,CVE-2008-0409,CVE-2008-0410 HTTP File Server是用于共享文件的开源HTTP服务器。 HFS没有正确地记录某些输入,用户可以在登陆时伪造用户名将任意内容注入到日志文件中。 HFS没有正确地过滤某些输入便将其返回给了用户,这可能导致在受影响服务器的用户浏览器会话中执行任意HTML和脚本代码。...
Apple CFNetwork HTTP空指针引用拒绝服务漏洞
BUGTRAQ ID: 22249 CVECAN ID: CVE-2007-0464 Apple Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的CFNetwork处理畸形回应数据时存在漏洞,远程攻击者可能利用此漏洞导致客户端崩溃。 CFNetwork是一个Core Services框架,可提供解压网络协议所需的函数库。Mac OS X的CFNetwork没有正确地处理某些HTTP响应,CFNetConnectionWillEnqueueRequests函数可能会引用空指针。如果服务器向使用这个API的客户端发送了特制响应的话,就可以触发这个漏洞,导致拒绝服务的情况。...
WarFTP 1.65 (USER) Remote Buffer Overlow Exploit (multiple targets)
No description provided by source. include stdio.h include string.h include winsock.h define VULNSERVER "WAR-FTPD 1.65" define VULNCMD "x55x53x45x52x20" define ZERO 'x00' define NOP 'x90' define VULNBUFF 485...
Mani Stats Reader <= 1.2 (ipath) Remote File Include Vulnerability
No description provided by source. Mani Admin Plugin Stats Reader V1.2 rfi : dork:"2006 by www.mani-stats-reader.de.vu" "allinurl:.php?ipath= inurl:"css"" vuln:index.php?ipath=evilshit greetz:RST, LinuxPakistan phpfreaks [email protected]...
Intel PROSet/Wireless软件本地信息泄露漏洞
Intel PROSet/Wireless Software是一款无线网络处理软件。 Intel PROSet/Wireless Software不安全设置共享内存信息,本地攻击者可以利用漏洞获得敏感信息。 问题存在于Intel PROSet/Wireless Software 7.x, 8.x, 9.x, 和10.x PROSet application中,恶意用户可以访问共享内存信息获得WLAN预共享WEP密钥和验证信息,目前没有详细漏洞细节提供。 Intel PRO/Wireless 2100 Network Connection Intel PRO/Wireless 2200BG...
xeCMS 1.0.0 RC 2 (cookie) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl xeCMS 1.0.0 RC 2 Remote Command Execution Exploit Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to 'http://target.com/dir' cijfer$ greets to JagX $Id: cijfer-xecmsxpl.pl...
Open Distro for Elasticsearch SSRF漏洞(CVE-2021-31828)
SSRF in Open Distro for Elasticsearch CVE-2021-31828 Rotem Bar Published on May 11, 2021 7 min read After an interesting adventure, it's now possible to announce a new CVE-2021-31828 which effects Open Distro for ElasticSearch ODFE , versions until 1.12.0.2. Open Distro is a plugin for...
Full Disclosure of Highly-Manipulatable, tradeTrap-Affected ERC20 Tokens in Multiple Top Exchanges(CVE-2018-11446)
Update: 2018-06-12 The BMB BMB contract 0x0e935e976a47342a4aee5e32ecf2e7b59195e82f is NOT affected by tradeTrap. We sincerely apology for mistakenly listing it as a vulnerable ERC20 token. Quoted from our last blog 1, “publicly tradable ERC-20 tokens have considerable high market value. Various...
Code Injection in Moodle
Moodle is a widely-used open-source e-Learning software with more than 127 million users allowing teachers and students to digitally manage course activities and exchange learning material, often deployed by large universities. In this post we will examine the technical intrinsics of a critical...
shopnc /circle/index.php groupbuy_order参数 SQL注入漏洞
No description provided by source...
华夏创新智能加速路由器 /acc/vpn/download.php 任意文件下载
No description provided by source...
用友某软件存在通用XXE漏洞
简要描述: 详细说明: 1.民生证券 http://.../uapws/ 抓包 POST /uapws/soapFormat.ajax HTTP/1.1 Host: ... User-Agent: Mozilla/5.0 Windows NT 6.1; rv:43.0 Gecko/20100101 Firefox/43.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3...
致远协同OA 3.5 /seeyon/fileUpload.do 文件上传漏洞
No description provided by source...
安脉学生综合管理系统5处SQL注入漏洞
简要描述: 安脉学生综合管理系统5处SQL注入漏洞 详细说明: 5处利用payload分别如下 /Asset/Device/DeviceLeadInfoView.aspx?LeadID=1 and @@version=1 /Asset/Device/DeviceLeadSearch.aspx?hidsearch=search&outstoreid=1' and @@version=1-- /Asset/Device/DeviceRebuildInfoView.aspx?DeviceRebuildID=1' and @@version=1--...
phpems 多处sql注射
简要描述: phpems 多处sql注射 详细说明: 百度搜索: title:PHPEMS无纸化模拟考试系统 ev.cls.php: public function getClientIp if!isset$this-e'ip' if getenv"HTTPCLIENTIP" && strcasecmpgetenv"HTTPCLIENTIP", "unknown" $ip = getenv"HTTPCLIENTIP"; else if getenv"HTTPXFORWARDEDFOR" && strcasecmpgetenv"HTTPXFORWARDEDFOR", "unknown" $...
Windows OLE - Remote Code Execution "Sandworm" Exploit (MS14-060)
No description provided by source. !/usr/bin/python Windows OLE RCE Exploit MS14-060 CVE-2014-4114 Sandworm Author: Mike Czumak Tv3rn1x - @SecuritySift Written: 10/21/2014 Tested Platforms: Windows 7 SP1 w/ exploit script run on Kali Linux You are free to reuse this code in part or in whole wit...
DouPHP v1.1 /kindeditor/php/file_manager_json.php 备份文件发现漏洞
No description provided by source...
JEECMS任意命令执行漏洞(涉及大量案例,Administrator权限)
简要描述: JEECMS任意命令执行漏洞(涉及大量案例,Administrator权限) 详细说明: 谷歌搜索:inurl:jeecms/ArtiSearch.do 涉及大量案例 http://www.wwxzfw.gov.cn/jeecms/ArtiSearch.do?count=10&searchKey=a%27+and+1%3D1&chnlId= http://www.cnfamily.com/family/jeecms/ArtiSearch.do?count=10&searchKey=%C1%BD%BB%E1...
Internet Security Systems ICECap Manager 2.0.23 Default Username and Password
No description provided by source. source: http://www.securityfocus.com/bid/1216/info ICECap Manager is a management console for BlackICE IDS Agents and Sentries. By default, ICECap Manager listens on port 8081, transmits alert messages to another server on port 8082, and has an administrative...
TP-Link TD-W8951ND - Multiple Vulnerabilities
No description provided by source. ----------- Author: ----------- xistence xistenceat0x90.nl ------------------------- Affected products: ------------------------- Tested on TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Rel.30923 ------------------------- Affected vendors:...
shop7z 注入漏洞
简要描述: shop7z 注入漏洞 详细说明: Advsearchadmin.asp kindnum=trimrequest"kindnum" pipai=trimrequest"pipai" model=trimrequest"model" productname=trimrequest"productname" price11=trimrequest"price11" price12=trimrequest"price12" price21=trimrequest"price21" price22=trimrequest"price22" if price11="" then...
Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009)
当指定的元素设置white-space属性为pre-line时,IE会通过AllocData2Pos函数分配内存,并通过CTreeDataPos来实例化该内存块。 CTreeDataPos将作为CTreePos,其中保存了CTreePos对应元素(white-space属性为pre-line的元素)的CTreeNode地址,同时将其加入DOM树。...
Java CMM readMabCurveData - Stack Overflow
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' ''' Title : Java CMM readMabCurveData stack overflow Version : Java runtime 6.19 Analysis : http://www.abysssec.com Vendor :...
Catalog Builder - Ecommerce Software - Blind SQL Injection
No description provided by source. +------------------------------------------------------------------------------------------+ |------- Catalog Builder - Ecommerce Software - Blind SQL Injection Vulnerability -------|...
Java CMM Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...
4images 1.7.9 - Multiple Vulnerabilities
No description provided by source. ================================ Vulnerability ID: HTB22950 Reference: http://www.htbridge.ch/advisory/sqlinjectionin4images.html Product: 4images Vendor: http://www.4homepages.de/ http://www.4homepages.de/ Vulnerable Version: 1.7.9 Vendor Notification: 07 April...
AfterLogic WebMail Lite PHP 7.0.1 - CSRF Vulnerability
No description provided by source. 1. 2. 3. + Exploit Title : AfterLogic WebMail Lite PHP CSRF 4. + Author : Pablo '7days' Riberio 5. + Team: So Good Security 6. + Other 0days : http://pastebin.com/u/7days 7. + Version : = 7.0.1 8. + Tested on : windows/internet explorer 9. + Details: Reset admin...
TotalCalendar <= 2.30 (inc) Remote File Include Vulnerability
No description provided by source. Title: TotalCalendar =2.30 - Remote File Include Vulnerability ----------------------------------------------------------------- Vendor: SweetPHP URL: http://sweetphp.com ----------------------------------------------------------------- Credits: Discovered by:...
WMAPM 3.1 Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8995/info wmapm has been reported prone to a local privilege escalation vulnerability. The vulnerability has been conjectured to result from a lack of relative path usage while the vulnerable dock app is invoking a third...
青果教务管理系统管理功能越权
简要描述: 通过浏览器调试模式将管理端已关闭的功能重新开启 详细说明: 系统仅通过样式表禁用系统功能,并未从业务层禁止。 通过开发者模式可以在本地实现修改。 漏洞证明: 1.启动F12开发者模式,定位到被禁用的功能。 2.修改style color样式(如果没有新添加该属性)为任意颜色。...
SiteServer 3.6.4 /siteserver/cms/console_logSite.aspx SQL注入漏洞
No description provided by source...
大汉通版cms上传设计缺陷
简要描述: RT 详细说明: WooYun: 大汉jiep信息交换平台某处越权及sql注入 根据wefgod牛的测试站点进行测试得到的。 http://www.dx.gansu.gov.cn/cms/common/filechoose/filedialog.jsp?webappcode=A61&filetype=1&webapppath=freeform&uploadpath=../../../ 具体%00截图没有绕过上传jsp等脚本文件。 但是如果cms在iis下面可以触发iis解析漏洞,所以还是存在威胁的。 漏洞证明: Content-Disposition: form-data;...
Microsoft Windows Kernel 'Win32k.sys'本地权限提升漏洞(CVE-2013-3881)(MS13-081)
BUGTRAQ ID: 62830 CVECAN ID: CVE-2013-3881 Windows是一款由美国微软公司开发的窗口化操作系统。 Windows内核模式驱动程序处理内存对象时存在本地权限提升漏洞,成功利用后可在内核模式中运行任意代码。 0 Microsoft Windows XP Microsoft Windows Windows Server 2012 Microsoft Windows Windows RT Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 200...
OpenSSL DTLS中间人攻击多个安全措施绕过漏洞
BUGTRAQ ID: 64618 CVECAN ID: CVE-2013-6450 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 OpenSSL 0.9.8y, 1.0.0-1.0.1e的DTLS中继实现中,摘要及加密上下文的数据结构没有被正确维护,可使中间人攻击者通过干涉数据包传输(相关ssl/d1both.c、ssl/t1enc.c),使用不同的上下文,获取敏感信息。 0 OpenSSL Project OpenSSL 1.0.0 厂商补丁: OpenSSL Project ---------------...
欧朋浏览器官方网易微博被劫持(社工)
简要描述: 大数据HACK 详细说明: 本来想用大数据的能力搞到欧朋论坛的admin,但是admin没搞到,反而弄到了欧朋的网易微博,从而可以发布欺骗或者危害的信息 怎么开始的? 首先我是查看了http://bbs.oupeng.com/home.php?mod=space&username=admin的信息,发现她的名字有点特别,于是,我就利用大数据的能力,获得了Csineneo用户的密码信息等 [email protected] loveyou...
F5 BIG-IP remote root authentication bypass Vulnerability(CVE-2012-1493)
No description provided by source. Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: F5 BigIP 11.x F5 BigIP 10.x F5 BigIP 9.x Date: 2012-February-16 Security risk: High Vulnerability: F5 BIG-IP remote root authentication bypass...
Samba 'AndX'请求堆缓冲区溢出漏洞(CVE-2012-0870)
No description provided by source...
IBM WebSphere ILOG Rule Team Server未明跨站脚本漏洞
Bugtraq ID: 50368 IBM WebSphere ILOG是一款业务规则管理系统。IBM WebSphere ILOG Rule Team Server是一个基于Web的规则管理和授权环境,它允许业务用户查看、创建和修改规则。 IBM WebSphere ILOG Rule Team Server content/error.jsp存在一个未明跨站脚本漏洞,允许攻击者构建恶意链接,诱使用户解析,可获得敏感信息或劫持用户会话。 IBM WebSphere ILOG Rule Team Server 7.1.1 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...
Smarty3远程代码执行漏洞
Smarty是PHP下广泛使用的前端模板框架。但由于Smarty3引入了新的特性,导致在某些情况下,可以利用特性组合直接远程执行任意代码。 由于Smarty3中引入了两个特性: 1、如果display,fetch等方法的模板路径参数接受到的模板文件名是以“string:”或者“eval:”开头的,smarty3就会将此后的字符串值作为模板文件内容,重新编译并执行之。参考连接:http://www.smarty.net/docs/en/template.resources.tpltemplates.from.string...
phpMyAdmin 3.x 多个安全漏洞
CVE ID: CVE-2011-2505,CVE-2011-2506,CVE-2011-2507,CVE-2011-2508 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin在实现上存在多个漏洞,可被恶意用户利用泄露敏感信息并控制受影响系统。 1)libraries/auth/swekey/swekey.auth.lib.php中的"Swekeylogin"函数中存在错误,可被利用覆盖会话变量并注入和执行任意PHP代码;...