56796 matches found
PHP "Intl"扩展"NumberFormatter::setSymbol()"函数拒绝服务漏洞
BUGTRAQ ID: 46968 CVE ID: CVE-2011-1467 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP "Intl"扩展"NumberFormatter::setSymbol"函数在实现上存在拒绝服务漏洞,远程攻击者可利用此漏洞造成应用程序崩溃,拒绝服务和任意代码执行。 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 PHP PHP 5.x 厂商补丁: PHP ---...
Linux Kernel "ib_uverbs_poll_cq()"整数溢出漏洞
BUGTRAQ ID: 46073 CVE ID: CVE-2010-4649 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的"ibuverbspollcq"在实现上存在整数溢出漏洞,攻击者可利用此漏洞以提升的权限执行任意代码,使受影响内核崩溃,拒绝服务合法用户。 如果用户空间计入较大的cmd.ne,ibuverbspollcq代码会出现整数溢出。对kmalloc的调用将分配较小的缓冲区,导致内存破坏。如果没有使用完resp,也会造成信息泄露。虽然目前仅存在使用此函数的RDMA设备,无权限用户空间也将调用此函数。 Debian Linux...
Sun Solaris多个libc库数字转换函数缓冲区溢出漏洞
BUGTRAQ ID: 40309 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris操作系统的libc库中所使用的econvert、ecvt、fcvt和gcvt等函数在执行数字转换操作时存在缓冲区溢出漏洞,攻击者提交恶意请求就可以触发这些溢出,导致执行任意指令。 Sun Solaris 10.0x86 Sun Solaris 10.0 厂商补丁: Sun --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://sunsolve.sun.com/security - --- 1. Sun Solar...
MIT Kerberos GSS-API校验和空指针引用拒绝服务漏洞
BUGTRAQ ID: 40235 CVE ID: CVE-2010-1321 Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。 MIT Kerberos的GSS-API库中存在空指针引用错误,通过认证的远程攻击者可以通过发送缺少校验和字段的特制GSS-API令牌来利用这个漏洞,导致使用GSS-API认证机制的服务器应用崩溃。 MIT Kerberos 5 1.8 MIT Kerberos 5 1.7 MIT Kerberos 5 1.6 厂商补丁: MIT ---...
JDownloader JDExternInterface.java远程代码执行漏洞
BUGTRAQ ID: 38143 JDownloader是专为Rapidshare等站点设计的网盘下载工具。 JDownloader在下载过程中所传输的密钥可能为明文或JavaScript代码,之后在Mozilla Rhino Javascript实现中执行。以下是相关代码: (plugins/JDExternInterface.jar/JDExternInterface.java): String jk = Encoding.urlDecoderequest.getParameters.get"jk", false; ... Context cx = Context.enter;...
IBM Rational ClearQuest CQWeb界面口令信息泄露漏洞
BUGTRAQ ID: 37385 CVE ID: CVE-2009-4357 IBM Rational ClearQuest是全面的软件变更、追踪管理解决方案。 IBM Rational ClearQuest的CQWeb界面没有正确地处理自动登录所遗漏的URL,远程攻击者可以从中获取账号的口令信息。 IBM Rational ClearQuest 7.1 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377...
mysql_error() XSS Vulnerability
不正确使用mysqlerror导致的Vul。当然前提是$db可以覆盖,那么就很鸡肋了,或者就不能叫Vul了,O∩∩OJust For Fun mysqlerror http://hi.baidu.com/menzhi007/blog/item/7583dc0390316d7d3912bbbf.html ?php $db='menzhi007'; extract$GET; $link = mysqlconnect"localhost", "root", ""; mysqlselectdb$db, $link; echo mysqlerror$link; ?...
WordPress Privileges Unchecked in admin.php and Multiple Information
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures 1. Advisory Information Title: WordPress Privilege...
多个BSD系统gdtoa/misc.c文件内存破坏漏洞
BUGTRAQ ID: 35510 CVECAN ID: CVE-2009-0689 OpenBSD、NetBSD、FreeBSD都是流行的BSD操作系统,是Unix的衍生系统。 OpenBSD、NetBSD、FreeBSD的dtoa实现中存在数组溢出漏洞。在src/lib/libc/gdtoa/gdtoaimp.h中: - ---gdtoaimp.h--- ... define Kmax 15 ... - ---gdtoaimp.h--- 最大的Kmax长度为15,如果提供了更大的值(如17),程序就会溢出freelist数组,bss为0x1。 以NetBSD为例: -...
DBD::Pg 'pg_getline()'和'getline()'堆缓冲区溢出漏洞
BUGTRAQ ID: 34755 CVE ID:CVE-2009-0663 DBD::Pg是一款用于PostgreSQL数据库访问的DBI驱动模块。 DBD::Pg存在基于堆的缓冲区溢出,远程攻击者可以利用漏洞执行任意代码。 使用pggetline和getline函数可从数据库中读取行信息的应用程序可通过触发堆溢出而执行任意代码。 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux...
ClamAV UPack拒绝服务和cli_url_canon()栈溢出漏洞
BUGTRAQ ID: 34446 CVECAN ID: CVE-2009-1371,CVE-2009-1372 Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。 ClamAV的libclamav/phishcheck.c文件中的cliurlcanon函数存在栈溢出漏洞,远程攻击者可以通过提交恶意的URL来触发这个溢出,导致执行任意代码。 如果用户使用ClamAV扫描到了UPack编码的畸形文件的话,libclamav/others.h文件的CLIISCONTAINED宏中的安全漏洞可能导致应用程序崩溃。 ClamAV 0.95.1 ClamAV...
Microsoft Windows DNS服务器缓存中毒漏洞(MS08-037)
BUGTRAQ ID: 30132 CVECAN ID: CVE-2008-1454 Microsoft Windows是微软发布的非常流行的操作系统。 Windows系统的DNS服务实现上存在漏洞,在某些情况下Windows的DNS服务器可能接受远程服务器权威以外的响应。未经认证的远程攻击者可以向有漏洞系统的DNS请求回复恶意响应,从而使DNS缓存中毒,并将Internet通讯从合法位置重定向至其他位置。 Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 20...
SNMPv3 HMAC validation error Remote Authentication Bypass Exploit
No description provided by source. snmpv3exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem on multiple vendor Copyright c 2008 @ Mediaservice.net Srl. All rights reserved Wrote by Maurizio Agazzini inodeatmediaservice.net http://lab.mediaservice.net/...
Cisco IOS双栈路由器IPv6拒绝服务漏洞
BUGTRAQ ID: 28461 CVECAN ID: CVE-2008-1153 Cisco IOS是思科网络设备中所使用的互联网操作系统。 运行Cisco IOS软件的设备如果启用了IPv6,就会受拒绝服务攻击影响。设备必须还要启用了IPv4 UDP服务才会受这个漏洞影响。如果要利用这个漏洞,攻击IPv6报文必须指向设备,通过路由器路由的报文不会触发这个漏洞。成功利用这个漏洞可能导致以下情况之一: 1. 如果接口上配置了RSVP服务则设备会崩溃。 2. 任何其他受影响的基于IPv4 UDP的服务会导致接口无法接收更多的通讯,仅有利用漏洞端口才会受影响。...
Oracle 10g R1 pitrig_drop PLSQL Injection (get users hash)
No description provided by source. // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGDROP / / SQL Injection Exploit / // / sploit get password Hashes / // / BY Sh2kerr Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: January 28, 2008 / / Written by: &...
PHP ZLink 'go.php' SQL注入漏洞
PHP ZLink是一款基于PHP的WEB应用程序。 PHP ZLink不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'go.php'脚本对用户提交的WEB参数处理缺少充分过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Zeak.net PHP ZLink 0.3 目前没有解决方案提供: http://www.zeak.net/ !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV3 print "\n \'/...
Joomla Component com_colorlab 1.0 Remote File Inclusion Vulnerability
No description provided by source. -------------------- Joomla comcolorlab Remote File Include -------------------- Found : xoron -------------------- Download: http://download.joomlaportal.ch/content/view/474/ -------------------- Wrong Code: include...
TotalCalendar <= 2.402 (view_event.php) Remote SQL Injection Vulns
No description provided by source. --==+================================================================================+==--br / --==+ TotalCalendar 2.402 SQL Injection Vulnerability +==--br /...
IncrediMail IMMenuShellExt ActiveX控件远程栈溢出漏洞
IncrediMail是一款极富个性的电子邮件客户端软件。 IncrediMail实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户机器。 IncrediMail所捆绑的IMMenuShellExt ActiveX控件(ImShExt.dll)中的DoWebMenuAction函数存在栈溢出漏洞。如果用户受骗打开了恶意的HTML文档(如HTML邮件消息或附件)的话,就可能触发这个溢出,导致执行任意指令,或导致浏览器崩溃。 IncrediMail Ltd IncrediMail 临时解决方法: 在Internet Explorer中为以下CLSID设置kill bit:...
Supasite 1.23b Multiple Remote File Inclusion Vulnerabilities
No description provided by source. Supasite v1.23b = Multiple Remote File Include Vulnerablitiy D.Script: http://belnet.dl.sourceforge.net/sourceforge/supasite/supasite1.23b.tar.gz Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc...
Xoops Module myAlbum-P <= 2.0 (cid) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Script Name: XOOPS Module myAlbum-P = 2.0 cid Remote BLIND SQL Injection Exploit Coded by : ajann Author : ajann Contact : : Dork : myAlbum-P 2.0 original Example S. : http://www.google.com.tr/search?q=+myAlbum-P+2.0+++original&hl=tr&start=0&sa=N...
Samba延迟CIFS文件打开拒绝服务漏洞
Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。 Samba的延迟文件打开机制的实现上存在漏洞,远程攻击者可能利用此漏洞对服务器执行拒绝服务攻击。 Samba的文件服务守护程序smbd支持延迟文件打开调用。在某些环境下重新命名文件时可能没有从延迟的打开队列删除请求,这样smbd就会陷入试图处理打开请求服务的死循环。如果已认证用户打开了多个CIFS会话的话,每个会话都会生成新的smbd进程,每个连接都会陷入死循环,这样就会导致在服务器上耗尽内存和CPU资源。 Samba 3.0.6 - 3.0.23d 厂商补丁:...
Linux-PAM pam_unix.so绕过认证漏洞
可插拔认证模块(PAM)是用于认证用户的机制,使用在多种Linux版本上。 Linux-PAM的modules/pamunix/support.c文件中unixverifypassword函数在验证用户口令时存在漏洞,远程攻击者可能利用此漏洞获取非授权访问。 如果口令文件中的哈希为“!!”或类似的话,用户就可以以任意口令登录。 Linux-PAM Linux-PAM 0.99.7.0 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Imageview <= 5 (Cookie/index.php) Remote Local Include Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+:...
Mambo com_registration_detailed <= 4.1 Remote File Include
No description provided by source. Mambo comregistrationdetailed = 4.1 Remote File Inclusion Download Source : http://mamboxchange.com/projects/regdetailed/ Dork = allinur:comextendedregistration Found By: k1tk4t - k1tk4td0th4ck4tgmaild0tcom Location: Indonesia file ; registrationdetailed.inc.php...
Mambo MGM Component <= 0.95r2 Remote Inclusion Vulnerability
No description provided by source. ---------------------------------------------------- Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities ---------------------------------------------------- Discovered By A-S-T TEAM WE ARE CrAsHoVeRrIdE & BLACK-CODE & MR-HCR...
New ownerAnyone Bug Allows For Anyone to ''Own'' Certain ERC20-Based Smart Contracts (CVE-2018-10705)
This morning, our vulnerability-scanning system at PeckShield identified a new vulnerability named ownerAnyone in certain ERC20-based smart contracts such as AURA, which is deployed by a decentralized banking and finance platform – AURORA. This bug, if successfully exploited, might introduce the...
Linksys WVBR0 25 Command Injection(CVE-2017-17411)
In this guest blog, Trend Micro DVLabs researcher Ricky Lawshae discusses the recently disclosed CVE-2017-17411. He discovered and reported this bug through the ZDI program. Earlier this year, I learned that AT&T was starting to move customers away from its U-Verse service in favor of its DirecTV...
Ikraus Anti Virus Remote Code Execution(CVE-2017-15643)
Vulnerability summary The following advisory describes an remote code execution found in Ikraus Anti Virus version 2.16.7. KARUS anti.virus “secures your personal data and PC from all kinds of malware. Additionally, the Anti-SPAM module protects you from SPAM and malware from e-mails. Prevent...
Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-11784)
One kernel memory disclosure in the exception handling code has already been discovered and reported as issue 1177 . It was fixed in the June Patch Tuesday as CVE-2017-8482. However, it seems there is another bug in this code area, this time a pool as opposed to stack memory leak. We've had some...
Discuz! X Front arbitrary file deletion vulnerability
Author: The know Chong Yu 404 laboratory 0x01 description Discuz! X community software, is a PHP and MySQL like other variety of database build performance, comprehensive, security and stability of the Community Forum platform. 2017 9 May 29, Discuz! Fix a security issue has been used to strength...
Tablib Yaml Load Code Execution Vulnerability(CVE-2017-2810)
Summary An exploitable vulnerability exists in the Databook loading functionality of Tablib. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability. Tested Versions Tablib v0.11.4...
OpenVPN Access Server : CRLF injection with Session fixation(CVE-2017-5868)
Description OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, a...
ntfs-3g - Unsanitized modprobe mention the right Vulnerability( CVE-2017-0358)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 ntfs-3g is installed by default e.g. on Ubuntu and comes with a setuid root program /bin/ntfs-3g. When this program is invoked on a system whose kernel does not support FUSE filesystems detected by getfusefstype, ntfs-3g...
天融信TopADS ads_bwlist_download.php任意文件读取及删除漏洞
No description provided by source...
泛微OA HrmCareerApplyPerView.jsp SQL注入漏洞
No description provided by source...
IBM Security AppScan Standard <= 9.0.2 - OLE Automation Array Remote Code Execution
IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June 2015 Version: = 9.0.2 Tested on: Windows 7 Exploit Based on MS14-064 CVE-2014-6332 http://www.exploit-db.com/exploits/35229/ if...
YonYou NC-MA /invoker/JMXInvokerServlet 代码执行漏洞
No description provided by source...
PHPEMS注入一处(Demo测试成功)
简要描述: 过滤不严导致的注入 详细说明: 看文件 /app/exam/app.php 272-286行 public function lesson $action = $this-ev-url3; $page = $this-ev-get'page'; switch$action case 'ajax': switch$this-ev-url4 case 'questions': $number = $this-ev-get'number'; if!$number$number = 1; $questid = $this-ev-getCookie'questype'; $knowsi...
AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution
No description provided by source. source: http://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used i...
phpliteadmin <= 1.9.3 - Remote PHP Code Injection Vulnerability
No description provided by source. Exploit Title: phpliteadmin = 1.9.3 Remote PHP Code Injection Vulnerability Google Dork: inurl:phpliteadmin.php Default PW: admin Date: 01/10/2013 Exploit Author: L@usch - http://la.usch.io - http://la.usch.io/files/exploits/phpliteadmin-1.9.3.txt Vendor Homepag...
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27706/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to access potentially sensitive data that may aid i...
Apple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1)
BUGTRAQ ID: 65777 CVECAN ID: CVE-2014-1254,CVE-2014-1262,CVE-2014-1255,CVE-2014-1256,CVE-2014-1257,CVE-2014-1258,CVE-2014-1261,CVE-2014-1263,CVE-2014-1265,CVE-2014-1259,CVE-2014-1264,CVE-2014-1260,CVE-2014-1246,CVE-2014-1247,CVE-2014-1248,CVE-2014-1249,CVE-2014-1250,CVE-2014-1245 OS X(前称Mac OS...
XDcms Sql Injection 55-63
简要描述: Sql Injection 详细说明: 注入在XDCMS企业管理系统后台的菜单管理处,\system\modules\xdcms\menu.php文件: 用户在添加或者管理菜单时会调用addsave和editsave函数,9个注入点就出现在这两个函数里 addsave函数: public function addsave $title=$POST'title';//注入点1 $sort=intval$POST'sort'; $isshow=$POST'isshow';//注入点2 $groupid=$POST'groupid';//注入点3...
Adobe ColdFusion Directory Traversal Vulnerability
No description provided by source. Working GET request courtesy of carnal0wnage: http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en LLsecurity added another admin page filename: "/CFIDE/administrator/enter.cfm" !/usr/bin/pytho...
Jax Guestbook 3.50 Admin Login Exploit
No description provided by source. Exploit Title: Jax Guestbook 3.50 Admin Login Exploit Date: December 23rd, 2009 Author: Sora Software Link: http://script.wareseeker.com/ASP-NET/jax-guestbook-3.50.zip/32956d53cf Version: 3.50 Tested on: Windows and Linux...
MDPro Module My_eGallery (pid) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl read; MDPro Module MyeGallery Remote SQL Injection Exploit by s3rg3770 && yeat - stakerathotmaildotit dork: inurl:module=MyeGallery pid note: works regardless of php.ini settings. read use IO::Socket; my $host,$path,$id = @ARGV; if @ARGV != 3 prin...
HP OpenView NNM 7.5.1 OVAS.exe SEH PRE AUTH Overflow Exploit
No description provided by source. !/usr/bin/python HP OpenView NNM 7.5.1 OVAS.EXE Pre Authentication SEH Overflow Tested on Windows 2003 Server SP1. Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/hp-nnm-ov.py.txt shameless plug...
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.13版本修复多个安全漏洞
BUGTRAQ ID: 28448 CVECAN ID: CVE-2008-1241,CVE-2008-1240,CVE-2007-4879,CVE-2008-1238,CVE-2008-1236,CVE-2008-1237,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235 Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。...
Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit
No description provided by source. lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry CVE-2008-1218 Exploit...