56796 matches found
中兴集成多业务路由器-ZXR10 1800-2S 敏感信息泄露漏洞
介绍 ZXR10 1800-2S 路由器是中兴通讯推出的集路由、交换、无线、安全、 VPN 于一体的智能集成多业务路由器产品,凭借模块化、可扩展的系统架构,为用户构建智能、高效、可靠、灵活、易维的网络。 该路由器可广泛灵活的适用于大客户接入、 DCN、园区网、校园网、政企网的出口网关、企业的总部/分支接入、金融网点、移动办公室、行业网纵向网的汇聚/接入等网络。 CVE/CNVD/CNNVD & 厂商回应 CVE-2017-10930...
Microsoft Windows DNS服务器RPC接口远程栈溢出漏洞
Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows DNS服务器的RPC接口在处理畸形请求时存在栈溢出漏洞,远程攻击者可能利用此漏洞获取服务器的管理权限。 如果远程攻击者能够向有漏洞的系统发送特制的RPC报文的话,就可以触发这个溢出,导致以DNS服务的安全环境执行任意指令(默认为Local SYSTEM)。 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 临时解决方法:...
Dedecms v57 sp1 plus/download.php SQL注入漏洞
起因是全局变量$GLOBALS可以被任意修改,随便看了下,漏洞一堆,我只找了一处。 codeinclude/dedesql.class.php ifisset$GLOBALS'arrs1' $v1 = $v2 = ''; for$i=0;isset$arrs1$i;$i++ $v1 .= chr$arrs1$i; for$i=0;isset$arrs2$i;$i++ $v2 .= chr$arrs2$i; //解码ascii $GLOBALS$v1 .= $v2; //注意这里不是覆盖,是+ function SetQuery$sql $prefix="@"; $sql =...
Mihalism Multi Host 2.0.7 download.php Remote File Disclosure Vuln
No description provided by source. &nbs...
seacms 后台getshell
作为只是审计过几次CTF线下赛的代码审计小菜鸟,暑假决定正式开始练习一些CMS的代码审计,于是便挑了SeaCMS这样一款cms进行审计,由于缺乏经验于是选择首先审计后台方面的漏洞,说实话在SeaCMS的后台部分的防护确实较少,发现了许多后台的SQL注入。。。。。后来参考SeaCMS之前的一些漏洞,终于找到了这样一个后台插入if标签从而getshell的后台getshell漏洞点。 首先演示一下整个getshell的流程: 登录面板,进入添加电影的界面,在此界面添加电影,设置图片url为if:1$GLOBALS'G'.'ET'a;//end if;...
Samba "username map script" Command Execution
No description provided by source. $Id: usermapscript.rb 10040 2010-08-18 17:24:46Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Cryptsetup Initrd LUKS root Shell privilege escalation vulnerability
Description A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS Linux Unified Key Setup. The disclosure of this vulnerability was presented as part of our talk "Abusing LUKS to Hack the System" in the DeepSec 2016...
phpBB远程拒绝服务漏洞
Bugtraq ID:65481 phpBB是phpBB组开发的一套开源的使用PHP语言开发的Web论坛软件。该软件具有支持多国语言、支持多种数据库和自定义版面设计等特点。 phpBB中存在远程拒绝服务漏洞。攻击者可利用该漏洞造成受影响应用程序崩溃,拒绝服务合法用户。 0 phpBB phpBB 3.0.8 phpBB phpBB 3.0.7 phpBB phpBB 3.0.6 phpBB phpBB 3.0.5 phpBB phpBB 3.0.4 phpBB phpBB 3.0.3 phpBB phpBB 3.0.2 phpBB phpBB 3.0.1 phpBB phpBB 3.0...
Samsung SmartThings Hub hubCore port 39500 sync denial-of-service vulnerability(CVE-2018-3918)
Summary An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the "sync" operation, leading to arbitrary deleti...
JEECMS /download.jspx 任意文件下载漏洞
No description provided by source...
Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability(CVE-2018-3911)
Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controll...
Sony IPELA E Series Camera measurementBitrateExec command injection vulnerability(CVE-2018-3937)
Summary An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. Tested...
Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution
No description provided by source. Exploit Title: Jcow CMS 4.x:4.2 = , 5.x:5.2 = | Arbitrary Code Execution Google Dork: intext: Powered by Jcow Date: 2011-08-26 Author: Aung Khant http://yehg.net, YGN Ethical Hacker Group Software Link:...
Samsung SmartThings Hub video-core Camera Creation Code Execution Vulnerability(CVE-2018-3905)
Summary An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...
Samsung SmartThings Hub video-core credentials Code Execution Vulnerability(CVE-2018-3873 - CVE-2018-3878)
Summary Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can...
Discuz! 多数版本可被暴力破解,包括UCenter
简要描述: Discuz! 多数版本均可被暴力破解,包括UCcenter,我只测试了几个例子,有些深入的工作没有做。若是要写个全自动化的工具,还得多花点心思。 : 详细说明: 很简单的问题,Discuz取不到用户的真实IP,可以被X-Forwarded-For头和Client-IP头绕过,伪造欺骗源IP。导致攻击者可以无限次数发起登录请求。 以锤子手机的论坛为例: Discuz! X3。 找到ID为1的管理员用户是webmaster: http://bbs.smartisan.cn/home.php?mod=space&uid=1 锤子论坛没有验证码,胡乱输入错误5次,提示错误次数过多:...
Samsung SmartThings Hub video-core Database clips Code Execution Vulnerability(CVE-2018-3919)
Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on...
Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities(CVE-2018-3907 - CVE-2018-3909)
Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...
Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability(CVE-2018-3879)
Summary An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the...
Samsung SmartThings Hub video-core Camera Update Code Execution Vulnerabilities(CVE-2018-3903 - CVE-2018-3904)
Summary Multiple exploitable buffer overflow vulnerabilities exist in the camera "update" feature of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...
Samsung SmartThings Hub video-core database shard code execution vulnerabilities(CVE-2018-3912 - CVE-2018-3917)
Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer...
RCE with spring-security-oauth2 分析(CVE-2018-1260)
漏洞公告 环境搭建 利用github上已有的demo: git clone https://github.com/wanghongfei/spring-security-oauth2-example.git 确保导入的spring-security-oauth2为受影响版本,以这里为例为2.0.10 进入spring-security-oauth2-example,修改 cn/com/sina/alan/oauth/config/OAuthSecurityConfig.java的第67行: @Override public void...
云金地国土资源管理系统存在通用型任意文件读取漏洞
...
Adobe Acrobat Force-Installed Vulnerable Chrome Extension
On January 12th, an automatic Adobe Acrobat update force installed a new chrome extension with ID efaidnbmnnnibpcajpcglclefindmkaj. You can view it on the Chrome Webstore here: https://chrome.google.com/webstore/detail/adobe-acrobat/efaidnbmnnnibpcajpcglclefindmkaj/ I can see from the webstore...
Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability(CVE-2018-3863 - CVE-2018-3866)
Summary Multiple exploitable buffer overflow vulnerabilities exist in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...
Samsung SmartThings Hub video-core Database shard.videoHostURL Code Execution Vulnerability(CVE-2018-3906)
Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on th...
Scan, Verify and Patch in Minutes: TikiWiki 17.1 SQLi
TikiWiki is an open source software that offers a wiki-style based content management system. It has more than 1.25 million downloads and a large code base of around 1.7 million lines of code. In this blog post, we demonstrate step by step how we used our leading RIPS Code Analysis solution to...
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft...
MetInfo6.0 sql注入
...
Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
No description provided by source. !/usr/bin/env python import socket import string import getopt, sys knownports = 0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080 def sendrequesturl, apachetarget, apacheport, internaltarget, internalport, resource: get = "GET " + url + "@" +...
Claroline 1.8.9 claroline/redirector.php url Variable Arbitrary Site Redirect
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
PHP 4.4.3 - 4.4.6 phpinfo() Remote XSS Vulnerability
No description provided by source. //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || // // | |/ || '|/ |/ -| ' / -/ |||| /| || / //...
Samsung SmartThings Hub hubCore ZigBee firmware update CRC16 check denial-of-service vulnerability(CVE-2018-3926)
Summary An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub. The hubCore process incorrectly handles malformed files existing in its "data" directory, leading to an infinite loop, which eventually causes...
Oracle Forms and Reports 11.1 - Remote Exploit
No description provided by source. !/usr/bin/env ruby Exploit Title: Oracle Reports 11.1 About: Automated exploit for CVE-2012-3153/CVE-2012-3152 Google Dork: inurl:/reports/rwservlet/ Date: 01/28/2014 Exploit Author: Mekanismen [email protected] Credits to: @misssudo for initial disclosure...
Rocket.Chat 3.12.1远程代码执行(CVE-2021-22911)
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...
TBK DVR Login Bypass(CVE-2018-9995)
En un articulo anterior presente una vuln que me permitía obtener las credenciales de cierto modelo de DVR. Tan simple como: $ curl "http://:/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin" Resulta que el hallazgo no corresponde a un vendor en particular como originalmente supuse. Me...
MetInfo6.1.0后台sql注入漏洞
...
Samsung SmartThings Hub hubCore Google Breakpad backtrace.io information disclosure vulnerability(CVE-2018-3927)
Summary An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to...
Samsung SmartThings Hub video-core credentials videoHostUrl Code Execution Vulnerability(CVE-2018-3872)
Summary An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...
Jetty WEB-INF 信息泄露漏洞(CVE-2021-34428)
...
Joomla! 3.7 Core SQL Injection (CVE-2017-8917)
Author: p0wd3r know Chong Yu 404 security lab Date: 2017-05-18 0x00 vulnerability overview Vulnerability description Joomla to 5 on 17 May released the new version 3. 7. 1, and https://www.joomla.org/announcements/release-news/5705-joomla-3-7-1-release.html this update fixes a high risk SQL...
eml企业通讯录管理系统经典版V5.4.5 sql注入漏洞
...
Auxblog 1.1.2 代码执行漏洞
...
Apache Groovy MethodClosure 远程代码执行漏洞(CVE-2015-3253)
问题大概出现在了 MethodClosure 类上, 该类定义以及方法如下图: 该类的描述为 Represents a method on an object using a closure which can be invoked at any time, 大概意思就是通过构建一个指定对象以及调用方法的Closure 的实例并且可以在任何时候进行调用。上图红色线标记的方法即为触发构建好的对象以及指定方法的函数,我们跟进看看该方法最终是怎么样执行的。 通过该方法的注释可以知道该方法的作用为调用指定对象的指定方法,所以 MethodClosure 类中构造方法中的两个参数的意思为 owne...
youke365 V1.0.7 SQL注入2
...
MetInfo 6.1.0 前台sql注入
...
Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
No description provided by source. US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites...
Sngine v2.5.3 通用型反射XSS漏洞
...
ShareCenter D-Link DNS-320 Remote reboot/shutdown/reset (DoS)
No description provided by source. !/usr/bin/perl Title: ShareCenter D-Link DNS-320 remote reboot/shutdown/reset DoS. Type: Hardware Remote: yes Author: rigan - imrigan sobachka gmail.com Tested on: Firmware : DNS320-v2.00b06 Security flaws: dskmgr.cgi allows execute reboot via POST request with...
正方协同办公系统/zfoa/gwxxbviewhtml.do任意文件下载漏洞
0x01 系统介绍 正方协同办公系统的设计目标是帮助各部门快速构建起一个安全、可靠、易用的文档一体化办公环境,实现公文处理的自动化,同时作为内部通讯和信息共享的平台。 系统的特点如下: (1)简单易用:实现快速部署,轻松办公 符合日常办公习惯的界面和操作,通过简单的使用培训,使用人员即可了解系统中的相关办公设置,并可应用系统进行办公。 (2)灵活的自定义功能,满足个性与变化的需求 组织机构、表单格式、工作流程、访问权限、打印格式、统计等全面提供自定义,能够很好的满足各单位现在和未来的办公自动化需求。 (3)多层次的安全设计,为办公自动化提供保障...