56796 matches found
用友致远A6协同系统 Session泄漏漏洞
该漏洞泄露了当前登录用户(所有登录的)的SessionID;利用泄露的SessionID即可登录该用户,包括管理员,进入后getshell毫无压力/yyoa/ext/https/getSessionList.jsp部分代码%@ page contentType="text/html;charset=GBK"% %@ page session= "false" % %@ page import="net.btdz.oa.ext.https."% % String reqType = request.getParameter"cmd"; String outXML = ""; boolean...
TurboMail 6.0.0 /nicknamelogin.jsp 登录绕过漏洞
No description provided by source...
74CMS 3.4 /plus/weixin.php 任意文件下载漏洞
No description provided by source...
某校园管理系统后台SQL注入(无需登录/SA权限)
简要描述: ... 详细说明: 百度dork:inurl:/ws2004/ 技术支持:南京苏亚星资讯科技开发有限公司 ---------------------------------------- 漏洞页面:ws2004/SysManage/LeaveWord/List.asp?AbPage=1&where=%20where%20Title%20like%20111 漏洞参数:where 均为sa权限 ---------------------------------------- 漏洞证明: 1 http://www.suyaxing.com:81/ws2004/...
Firefox toString console.time Privileged Javascript Injection
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/exploitation/jsobfu' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include...
HyperBook Guestbook 1.3 GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22754/info HyperBook Guestbook is prone to an information-disclosure vulnerability because the application fails to protect sensitive information. An attacker can exploit this issue to access sensitive information that ma...
WEBBDOMAIN Post Card <= 1.02 (catid) SQL Injection Vulnerability
No description provided by source. post Card catid Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc MaiL : [email protected] script : http://webbdomain.com/php/postcarden/index2.php script : http://webbdomain.com/php/postcardir/index2.php DorK :...
Mac OSX Server DirectoryService Buffer Overflow
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1. Advisory Information Title: Mac OSX Server DirectoryService buffer overflow Advisory ID: CORE-2013-0103 Advisory URL:...
Siemens SIMATIC WinCC Flexible (Runtime) Multiple Vulnerabilities
No description provided by source. Luigi Auriemma Application: Siemens SIMATIC WinCC flexible Runtime http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/Pages/Default.aspx Versions: 2008 SP2 + security patch 1 Platforms:...
GeekLog <= 1.4.0sr3 (_CONF[path]) Remote File Include Vulnerabilities
No description provided by source. --------------------------------------------------------------------------- GeekLog = 1.4.0 CONFpath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Google d0rk: powered by geeklog Discovered By...
TP-Link TL-WR740N Wireless Router - Denial of Service Exploit
No description provided by source. ?!/usr/local/bin/perl TP-Link TL-WR740N Wireless Router Remote Denial Of Service Exploit Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: - Firmware version: 3.16.4 Build 130205 Rel.63875n Released: 2/5/2013 -...
PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
No description provided by source. From: Maksymilian Arciemowicz cxib securityreason com Date: Fri, 10 Dec 2010 14:43:32 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow Author: Maksymilian Arciemowicz http://securityreason.com/...
MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities
No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2013-019: Multiple Vulnerabilities in MiCasaVerde VeraLite Published: 08/01/13 Version: 1.0 Vendor: MiCasaVerde http://www.micasaverde.com/ Product: VeraLite Version affected: 1.5.408 Product description: The MiCasaVerd...
IBM DB2 'kuddb2' Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38018/info IBM DB2 is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. IBM DB2 9.7 is vulnerable; other versions...
Linux Kernel < 2.6.36-rc1 CAN BCM - Privilege Escalation Exploit
No description provided by source. / i-CAN-haz-MODHARDEN.c Linux Kernel 2.6.36-rc1 CAN BCM Privilege Escalation Exploit Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in th...
Manage Engine Service Desk Plus 7.6 - woID SQL Injection
No description provided by source...
Pandora FMS <= 3.1 - SQL Injection
No description provided by source. + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applicatio...
Prozilla Hosting Index (directory.php cat_id) - SQL Injection Vulnerability
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV88$2008 ----------------------------------------------------------------------------------------- ECHOADV88$2008 Prozilla Hosting Index directory.php catid Blind Sql...
K-Meleon 1.5.3 - Remote Array Overrun
No description provided by source. From Full Disclosure: http://seclists.org/fulldisclosure/2009/Nov/222 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 K-Meleon 1.5.3 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.:...
Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/6535/info Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are smaller than the minimum frame size should have the unused portion of the...
vSphere Client任意文件下载漏洞
Bugtraq ID:66772 CVE ID:CVE-2014-1209 VMware vCenter是VMware vSphere套件中一个强大的主机和虚拟机集中管理组件。 VMware vSphere Client 4.0, 4.1, 5.0 Update 3之前版本, 5.1 Update 2之前版本没有正确验证Client文件的更新,这可使远程攻击者触发任意程序的下载和执行。 0 VMWare vSphere Client 5.x VMWare vSphere Client 4.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用:...
MantisBT 'mc_issue_attachment_get' SOAP API SQL注入漏洞
BUGTRAQ ID: 65445 CVE ID: CVE-2014-1608 MantisBT是基于Web的bug跟踪系统。 MantisBT 1.2.16之前版本,api/soap/mcfileapi.php内的mcifileget函数存在SQL注入漏洞,这可使远程攻击者通过mcissueattachmentget SOAP请求内的特制envelope标签,利用此漏洞执行任意SQL命令。 0 mantisbt mantisbt 1.2.16 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mantisbt.org/...
IBM Algo One Algo多个安全漏洞
CVE ID:CVE-2013-6299、CVE-2013-6300、CVE-2013-6301、CVE-2013-6302、CVE-2013-6303、CVE-2013-6318、CVE-2013-6319、CVE-2013-6320、CVE-2013-6331、CVE-2013-6333 IBM Algo One是一个风险管理软件解决方案。 IBM Algo One存在多个安全漏洞: 1,应用程序不正确校验用户权限,允许攻击者利用漏洞获取受限内容。 2,存在多个跨站脚本漏洞,允许攻击者构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。...
FCKeditor 2.4.3 /fckeditor/editor/filemanager/upload/asp/class_upload.asp 文件上传漏洞
...
Adobe Flash Player和AIR远程整数溢出漏洞(CVE-2012-5677)
BUGTRAQ ID: 56896 CVECAN ID: CVE-2012-5677 Adobe Flash Player是一个集成的多媒体播放器。AIR是针对网络与桌面应用的结合所开发出来的技术,可以不必经由浏览器而对网络上的云端程式做控制。 Adobe Flash Player和AIR在实现上存在整数溢出漏洞,攻击者可利用此漏洞在受影响应用内执行任意代码。 0 Adobe Flash Player 11.2.202.235 Adobe AIR = 3.2.0.2080 厂商补丁: Adobe ----- Adobe已经为此发布了一个安全公告(APSB12-27)以及相应补丁:...
Apple QuickTime 视频文件缓冲区溢出漏洞
CVE ID: CVE-2012-3756 QuickTime是由苹果电脑所开发的一种多媒体架构,能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式,以及交互式全景影像的数项类型。 QuickTime在处理特制PM4文件内的'rnet'框时存在缓冲区溢出漏洞,可导致应用意外终止或任意代码执行。 0 Apple Quicktime 7.x 厂商补丁: Apple ----- 请更新到QuickTime 7.7.3: APPLE-SA-2012-11-07-1:QuickTime 7.7.3 链接:http://www.apple.com/quicktime/download/...
PHP 'magic_quotes_gpc'安全绕过漏洞(CVE-2012-0831)
Bugtraq ID: 51954 CVE ID:CVE-2012-0831 Php存在一个安全漏洞允许远程禁用magicquotesgpc,这允许远程攻击者绕过防止SQL注入的限制 0 PHP 5.3.8 PHP 5.3.7 PHP 5.3.6 PHP 5.3.2 PHP 5.2.4 PHP 5.3.5 PHP 5.3.4 PHP 5.3.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: https://bugs.php.net/bug.php?id=61043...
PHP "zend_strndup()"多个空指针引用拒绝服务漏洞
BUGTRAQ ID: 51417 CVE ID: CVE-2011-4153 PHP是一种在电脑上运行的脚本语言,主要用途是在于处理动态网页,包含了命令行运行接口或者产生图形用户界面程序。 PHP在检验zendstrndup调用的返回值的实现上存在多个拒绝服务漏洞,攻击者可利用这些漏洞造成受影响应用崩溃,拒绝服务合法用户。 0 PHP 5.3.8 厂商补丁: PHP --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.php.net...
Mozilla Firefox/Thunderbird/SeaMonkey多个安全漏洞
BUGTRAQ ID: 49166 CVE ID: CVE-2011-0084,CVE-2011-2978,CVE-2011-2980,CVE-2011-2981,CVE-2011-2982,CVE-2011-2983,CVE-2011-2984,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2990,CVE-2011-2991,CVE-2011-2992,CVE-2011-2993...
Linux Kernel '/proc/[pid]/stat'本地信息泄露漏洞
Bugtraq ID: 47791 CVE ID:CVE-2011-0726 Linux是一款开放源代码的操作系统。 虽然mm-startstack受cross-uid查看保护,但是没有对startcode和endcode进行相应的保护,这个允许泄露PIE两进制程序的text.Location,攻击者可以利用这个信息绕过ASLR保护。 Linux kernel 2.6.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: https://lkml.org/lkml/2011/3/11/380...
MIT Kerberos GSS-API校验和空指针引用拒绝服务漏洞
BUGTRAQ ID: 40235 CVE ID: CVE-2010-1321 Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。 MIT Kerberos的GSS-API库中存在空指针引用错误,通过认证的远程攻击者可以通过发送缺少校验和字段的特制GSS-API令牌来利用这个漏洞,导致使用GSS-API认证机制的服务器应用崩溃。 MIT Kerberos 5 1.8 MIT Kerberos 5 1.7 MIT Kerberos 5 1.6 厂商补丁: MIT ---...
Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability
No description provided by source. CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be...
Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities
No description provided by source. Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities CVE: CVE-2009-3960 Adobe PSIRT: APSB10-05 - http://www.adobe.com/support/security/bulletins/apsb10-05.html Link:...
PHP posix_mkfifo()函数绕过open_basedir安全限制漏洞
BUGTRAQ ID: 36554 CVECAN ID: CVE-2009-3558 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的posixmkfifo函数中的错误可能允许绕过openbasedir限制。以下是ext/posix/posix.c文件中的有漏洞代码段: PHPFUNCTIONposixmkfifo char path; int pathlen; long mode; int result; if zendparseparametersZENDNUMARGS TSRMLSCC, "sl", &path, &pathlen, &mod...
WebSphere 6.1 跨站脚本漏洞
漏洞信息: WebSphere 是 IBM 的软件平台。它包含了编写、运行和监视全天候的工业强度的随需应变 Web 应用程序和跨平台、跨产品解决方案所需要的整个中间件基础设施,如服务器、服务和工具。WebSphere 提供了可靠、灵活和健壮的软件。 IBM WebSphere Application Server WAS的UDDI用户控制台的uddigui/navigateTree.do中存在多个跨站脚本攻击漏洞。 远程攻击者可以借助1 keyField, 2 nameField, 3 valueField, 和 4 frameReturn参数,注入任意web脚本或HTML。 漏洞影响:...
libxml XML实体名堆缓冲区溢出漏洞
BUGTRAQ ID: 31126 CVE ID:CVE-2008-3529 CNCVE ID:CNCVE-20083529 libxml软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml处理畸形XML内容时存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 当libxml2处理超长XML实体名时存在基于堆的缓冲区溢出,如果应用程序链接libxml2处理不可信的畸形XML内容,可导致应用程序崩溃或任意代码执行。 XMLSoft Libxml2 2.6.31 XMLSoft Libxml2 2.6.30 XMLSoft Libxm...
PHP 5 'chdir()'和'ftok()' 'safe_mode'安全绕过漏洞
BUGTRAQ ID: 29796 CVE ID:CVE-2008-2666 CNCVE ID:CNCVE-20082666 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'chdir'和'ftok'函数存在'safemode绕过问题,远程攻击者可以利用漏洞在未授权位置检测文件是否存在等敏感信息。 问题代码如下: - --- PHPFUNCTIONchdir char str; int ret, strlen; if zendparseparametersZENDNUMARGS TSRMLSCC, "s", &str, &strlen == FAILURE RETURNFALS...
cPanel跨站请求伪造漏洞
CVECAN ID: CVE-2008-2043 cPanel是基于web的工具,用于自动化控制网站和服务器。 cPanel没有验证用户通过HTTP请求所执行的某些操作,这允许远程攻击者通过跨站请求伪造(XSRF)攻击执行仅有管理员才可以执行的操作,包括创建新的数据库、添加新用户等。 cPanel 11.18.3 build ID 21703 临时解决方法: 启用Referrer检查: 1 导航至Server configuration 2 找到Tweak Settings 3 在WebHost Manager中找到Security 4 选择复选框并保存页面 厂商补丁: cPanel...
Joomla Component MCQuiz 0.9 Final (tid) SQL Injection Vulnerability
No description provided by source. joomla SQL Injectioncommcquiz AUTHOR : S@BUN HOME : http://www.hackturkiye.com http://www.milw0rm.com/author/1334 MA陌L : [email protected] DORK 1 : allinurl: commcquiz "tid" DORK 2 : allinurl: commcquiz ATTACKER CAN SEE PASSWORD AND USERNAME UNDE...
ClipShare (uprofile.php UID) Remote SQL Injection Vulnerability
No description provided by source. video sharing www.clip-share.com Remote SQL Injection Exploit All Version AUTHOR :Krit webmaster of http://www.thaishadow.com HOME : http://www.thaishadow.com Download : http://www.clip-share.com/ DorKs :inurl:/uprofile.php?UID= or "Powered by clipshare" EXPLOIT...
Adult Script <= 1.6 Unauthorized Administrative Access Exploit
No description provided by source. ? obimplicitflushtrue; ? titleAdult Script Unauthorized Administrative Access Exploit/title style bodymargin:0px;font-style:normal;font-size:10px;color:FFFFFF;font-family:Verdana,Arial;background-color:3a3a3a;scrollbar-face-color: 303030;scrollbar-highlight-colo...
MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit
No description provided by source. / Copyright c 2007 devcode ^^ D E V C O D E ^^ Windows DNS DnssrvQuery Stack Overflow CVE-2007-1748 Description: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabili...
Samba服务器VFS插件afsacl.so远程格式串处理漏洞
Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。 Samba的VFS插件afsacl.so库在处理文件名时存在格式串漏洞,攻击者可能利用此漏洞诱使用户处理恶意的VFS分区控制服务器。 Samba在调用snprintf时将磁盘上所储存的文件名用作了格式串,如果用户能够写入的共享使用Samba的afsacl.so库对AFS文件系统上的文件设置Windows NT访问控制列表的话,就可能通过文件名中的格式串标识符导致执行任意代码。 这个漏洞仅影响与CIFS共享了AFS文件系统并在smb.conf中明确要求加载afsacl.s...
Cisco Secure Desktop多个安全漏洞
Cisco Secure Desktop CSD可以通过加密降低远程用户注销或SSL VPN会话超时后Cookies、浏览器历史记录、临时文件和下载内容在系统上所遗留的风险。 CSD受以下漏洞的影响: 生成的浏览器导致信息泄漏 +-------------------------------------- 如果在创建了SSL VPN会话之后,所自动生成的用于显示主页的Internet浏览器使用了CSD所维护库文件之外目录来储存其会话信息的话,就会出现这个漏洞。这个漏洞还允许用户将在这个Internet浏览会话期间所下载的文件保存到CSD库文件之外,导致在SSL...
MS Windows COM Structured Storage Local Exploit (MS05-012)
No description provided by source. // by Cesar Cerrudo - Argeniss - www.argeniss.com // MS05-012 - COM Structured Storage Vulnerability - CAN-2005-0047 Exploit // // More exploits at www.argeniss.com/products.html // // Works on Win2k sp4, WinXP sp2, Win2k3 sp0 // Close all runing programs to avo...
Quicksilver Forums <= 1.2.1 (set) Remote File Include Vulnerability
No description provided by source. WWW.SecurityWall.orG Quicksilver Forums v1.2.0+1.2.1 setincludepath Remote File Inclusion Vulnerabilities Author: mdx Class : Remote cont@ct: bilkopatathotmaildotcom v1.2.0+v1.2.1 Code: activeutil.php? requireonce $set'includepath' . '/lib/bbcode.php'; Exploit:...
RsGallery2 <= 1.11.2 (rsgallery.html.php) File Include Vulnerability
No description provided by source. RsGallery2 for Joomla --------------------------------------------------------------------------- Discovered: marriottvn Remote : Yes Level : High --------------------------------------------------------------------------- Affected software description :...
Auction <= 1.3m (phpbb_root_path) Remote File Include Exploit
No description provided by source. !/usr/bin/perl phpBB auction mod - Remote File Inclusion Vuln Bug discovered by VietMafia code copier: webDEViL w3bd3vilatgmail.com code same as Fast Click = 2.3.8 Remote File Inclusion exploit dork: intext:"phpbb - auction" inurl:"auction" usage: perl wb1.pl...
Dedecms V5.7后台的两处getshell(CVE-2018-9175)
第一个是常见的思路,把语句写入inc文件,然后在其他的include语句中,包含了恶意代码进而getshell。 漏洞代码在:/dede/sysverifies.php 代码如下: else if $action == 'getfiles' if!isset$refiles ShowMsg"你没进行任何操作!","sysverifies.php"; exit; $cacheFiles = DEDEDATA.'/modifytmp.inc'; $fp = fopen$cacheFiles, 'w'; fwrite$fp, ''; fclose$fp; $dirinfos = ''; if$...
Windows Kernel 64-bit pool memory disclosure via REG_RESOURCE_LIST registry values (CmResourceTypeDevicePrivate entries)(CVE-2018-0898)
We have discovered a Windows kernel memory disclosure vulnerability through the body of "AllocConfig" registry values of type REGRESOURCELIST, which can be found under HKLM\SYSTEM\CurrentControlSet\Enum\\Control\AllocConfig. The vulnerability affects 64-bit versions of Windows 7 to 10. The leak...