56796 matches found
ClipShare (uprofile.php UID) Remote SQL Injection Vulnerability
No description provided by source. video sharing www.clip-share.com Remote SQL Injection Exploit All Version AUTHOR :Krit webmaster of http://www.thaishadow.com HOME : http://www.thaishadow.com Download : http://www.clip-share.com/ DorKs :inurl:/uprofile.php?UID= or "Powered by clipshare" EXPLOIT...
PHP error_log()安全模式限制绕过漏洞
BUGTRAQ ID: 18645 CVECAN ID: CVE-2006-3011 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的errorlog函数中存在安全模式限制绕过漏洞: PHP5: - -2013-2050--- PHPAPI int phperrorlogint opterr, char message, char opt, char headers TSRMLSDC phpstream stream = NULL; switch opterr case 1: /send an email / if HAVESENDMAIL if...
Adult Script <= 1.6 Unauthorized Administrative Access Exploit
No description provided by source. ? obimplicitflushtrue; ? titleAdult Script Unauthorized Administrative Access Exploit/title style bodymargin:0px;font-style:normal;font-size:10px;color:FFFFFF;font-family:Verdana,Arial;background-color:3a3a3a;scrollbar-face-color: 303030;scrollbar-highlight-colo...
MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit
No description provided by source. / Copyright c 2007 devcode ^^ D E V C O D E ^^ Windows DNS DnssrvQuery Stack Overflow CVE-2007-1748 Description: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabili...
CuteNews Aj-fork Shows.Inc.PHP远程文件包含漏洞
CuteNews Aj-fork是一款基于PHP的WEB应用程序。 CuteNews Aj-fork不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞以WEB进程权限执行任意指令。 问题是'Shows.Inc.PHP'脚本对用户提交的WEB参数缺少过滤,指定远程服务器上的任意文件作为包含对象,可导致以进程权限执行任意指令。 Cutenews Aj-fork Cutenews Aj-fork beta http://sourceforge.net/projects/ajfork...
Apple AirPort Extreme驱动Beacon帧拒绝服务漏洞
Apple Airport Extreme driver是一款MacOS系统上的无线驱动程序。 Apple Airport Extreme driver不正确处理部分beacon帧,远程攻击者可以利用漏洞对系统进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Apple Airport Extreme Driver http://www.apple.com/...
Cisco Secure Desktop多个安全漏洞
Cisco Secure Desktop CSD可以通过加密降低远程用户注销或SSL VPN会话超时后Cookies、浏览器历史记录、临时文件和下载内容在系统上所遗留的风险。 CSD受以下漏洞的影响: 生成的浏览器导致信息泄漏 +-------------------------------------- 如果在创建了SSL VPN会话之后,所自动生成的用于显示主页的Internet浏览器使用了CSD所维护库文件之外目录来储存其会话信息的话,就会出现这个漏洞。这个漏洞还允许用户将在这个Internet浏览会话期间所下载的文件保存到CSD库文件之外,导致在SSL...
Quicksilver Forums <= 1.2.1 (set) Remote File Include Vulnerability
No description provided by source. WWW.SecurityWall.orG Quicksilver Forums v1.2.0+1.2.1 setincludepath Remote File Inclusion Vulnerabilities Author: mdx Class : Remote cont@ct: bilkopatathotmaildotcom v1.2.0+v1.2.1 Code: activeutil.php? requireonce $set'includepath' . '/lib/bbcode.php'; Exploit:...
Attack on Pseudo-random number generator (PRNG) used in 1000 Guess, an Ethereum lottery game. (CVE-2018–12454)
Abstract An Ethereum lottery game, 1000 Guess, has a vulnerability that it generates random numbers predictable by anyone. This game decides a winner by a random number when the number of players who bet on the contract reaches to the predetermined number. The contract generates the random number...
semcms php v2.7 sql注入
...
Windows Kernel 64-bit pool memory disclosure via REG_RESOURCE_LIST registry values (CmResourceTypeDevicePrivate entries)(CVE-2018-0898)
We have discovered a Windows kernel memory disclosure vulnerability through the body of "AllocConfig" registry values of type REGRESOURCELIST, which can be found under HKLM\SYSTEM\CurrentControlSet\Enum\\Control\AllocConfig. The vulnerability affects 64-bit versions of Windows 7 to 10. The leak...
CODE EXECUTION (CVE-2018-5189) WALKTHROUGH ON JUNGO WINDRIVER 12.5.1
INTRODUCTION Windows kernel exploitation can be a daunting area to get into. There are tons of helpful tutorials out there and originally this post was going to add to that list. This is the story of how I found CVE-2018-5189 and a complete walkthrough of the exploit development cycle. The idea w...
CPP-Ethereum JSON-RPC admin_peers improper authorization Vulnerability(CVE-2017-12114)
Summary An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...
niushop任意文件删除漏洞
...
7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability(CVE-2016-2334)
DESCRIPTION An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution. TESTED VERSIONS 7-Zip 32 15.05 beta 7-Zip 64 9.20 PRODUCT URLS http://www.7-zip.org/ CVSSv3 SCORE 7.3 -...
Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter #2(CVE-2017-8548)
I think the fix for 1045 is incorrect. Here's the original PoC. 'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-320; function main var a = 1.1, 2.2; var b = new Uint32Array100; // force to optimize for var i = 0; i a0 = ; return 0; ; a0.toString; main; I just changed...
OnePlus OTA Downgrade Vulnerability(CVE-2017-5948)
Products OnePlus 3T OnePlus 3 OnePlus 2 OnePlus X OnePlus One Vulnerable Version All OnePlus OxygenOS & HydrogenOS OTAs Technical Details lenient updater-script in the OnePlus OTAs which does not check that the current version is lower than or equal to the given image’s see below the 4.0.0...
Broadcom: Stack buffer overflow when handling 802.11r (FT) authentication response (CVE-2017-6975)
Detailed analysis of reference : the https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi4.html the first part https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi11.html Part II Broadcom produces the Wi-Fi HardMAC SoCs which are used to...
WordPress Plugin Mail Masta 1.0 - SQL Injection
Vulnerability information Vulnerability title: WordPress Plugin Mail Masta 1.0 - SQL Injection Plugin home page: https://wpcore.com/plugin/mail-masta Vulnerability type: SQL injection CVE : CVE-2017-6095, CVE-2017-6096, CVE-2017-6097, CVE-2017-6098 Vulnerability analysis The first injection...
Mastery OA /general/mytable/intel_view/video_file.php arbitrary File Download vulnerability
No description provided by source...
wizBank®学习管理系统任意文件下载漏洞
wizBank学习管理系统文件下载功能没有对下载的文件名称和类型进行严格检查和过滤,恶意用户可通过构造特殊的路径下载指定的文件。 wizBank学习管理系统的\www\cw\skin1\jsp\download.jsp文件的源代码如下: code 区域 ,从代码可见,没有对下载的文件名称和类型进行严格检查和过滤,恶意用户可通过构造特殊的路径下载指定的文件。...
Discuz问卷调查专业版插件参数orderby存在SQL注入漏洞
No description provided by source...
Rockwell Automation /Allen-Bradley 1734-AENT 弱口令
No description provided by source...
MetInfo5.3 /include/interface/uidata.php信息泄露
MetInfo5.3中文件:/include/interface/uidata.php存在信息泄露问题。由于该模板后台存在找回管理员密码的功能 ,通过该页面可以获取后台设置的邮件密码。之后通过登录邮件系统即可重置密码。 requireonce '../common.inc.php'; requireonce ROOTPATH.'include/export.func.php'; // dump$M'config'; $data'config'=$M'config';//这个$M'config'是从数据库查出来的配置数据。 echo jsonencode$data; //直接给打印出了。。...
Discuz 7.2 admincp.php 反射型 xss漏洞
漏洞描述:Discuz! 7.X系列一处问题引发大面积XSS,基本上全部页面和文件都能触发。Discuz! 7.2,7.1,7.0三个版本都受影响漏洞分析:这里拿Discuz! 7.2做分析比如Discuz! 7.2安装包里面的第二个文件就是ajax.php注意最后一行的showmessage函数,跟进include/global.func.php文件。...
Seagate BlackArmor NAS device static adminstrator Password Reset vulnerability
Seagate BlackArmor NAS 路由器可以在没有任何授权下复位管理员密码,并且可以在新手引导下重置为任意密码 可以直接访问 http://目标IP地址/d41d8cd98f00b204e9800998ecf8427e.php 这个文件,然后就可以重置管理员密码。...
用友致远A6协同系统 Session泄漏漏洞
该漏洞泄露了当前登录用户(所有登录的)的SessionID;利用泄露的SessionID即可登录该用户,包括管理员,进入后getshell毫无压力/yyoa/ext/https/getSessionList.jsp部分代码%@ page contentType="text/html;charset=GBK"% %@ page session= "false" % %@ page import="net.btdz.oa.ext.https."% % String reqType = request.getParameter"cmd"; String outXML = ""; boolean...
FHFS - FTP/HTTP File Server 2.1.2 远程命令执行
No description provided by source. !/usr/bin/python FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution Author: Naser Farhadi Date: 26 August 2015 Version: 2.1.2 Tested on: Windows 7 SP1 32 bit Link : http://sourceforge.net/projects/fhfs/ Description : FHFS is a FTP and HTTP Web Server...
一采通电子采购系统多处SQL注入漏洞#2
简要描述: 一采通电子采购系统多处SQL注入漏洞2 详细说明: google:inurl:companycglist.aspx?ComId= 1 漏洞存在于 /Products/CategoryMSelect.aspx,参数Name 例如 http://eps.umgg.com.cn/Products/CategoryMSelect.aspx?Name=树脂磨盘 2 漏洞存在于 /RAT/Product/HistoryPrice.aspx,参数kw 例如 http://eps.umgg.com.cn/RAT/Product/HistoryPrice.aspx?kw=1 3 漏洞存在于...
大汉版通系统SQL注入漏洞
简要描述: 大汉版通系统SQL注入漏洞 详细说明: 貌似,Prize 奖励方案改了 SO...又来一发,JCMS最新注入漏洞 该连接存在SQL注入 /jcms/m5e/module/voting/oprvotingmodal.jsp?iID=11&fnbillstatus=B sqlmap.py -u "http://www.wugang.gov.cn/jcms/m5e/module/voting/oprvotingmodal.jsp?iID=11&fnbillstatus=B" sqlmap.py -u...
CmsEasy 5.5 /lib/default/archive_act.php SQL注入漏洞
No description provided by source...
php云人才系统 小漏洞一步步getshell(后台)
简要描述: php云人才系统 小漏洞一步步getshell,这里包含了php与mysql交互时候的特性(也算一个漏洞),还有phpyun自身图片的验证机制问题,等等,步骤比较艰辛,本来想在这里搞一个csrf呢,找了半天没有找到,到时找到一大堆xss,这里就不利用xss了,且看分析 详细说明: 首先我们做一个小测试: 对于mysql存储来说,建站者都会给每一个字段设置长度,然后当我们插入进去的数据长度超过了设置的长度,那么mysql是不会报错,然而会自然截断存储,这个就给我们编写程序的人留下了隐患。 利用场景分析...
phpok 4.0.556 /data.php SQL注入漏洞
No description provided by source...
Invision IP.Board <= 3.3.4 unserialize() PHP Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability
No description provided by source. / Microsoft Windows DoS IcmpSendEcho2Ex interrupting Author: l3D Sites: http://nullbyte.org.il, http://forums.hacking.org.il IRC: irc://irc.nix.co.il/security Email: [email protected] Tested on Windows 7 Microsoft Windows operating system is prone to a local D...
Oracle 9i Multiple Unspecified Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/10871/info Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities. The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others. There have also been...
HyperBook Guestbook 1.3 GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22754/info HyperBook Guestbook is prone to an information-disclosure vulnerability because the application fails to protect sensitive information. An attacker can exploit this issue to access sensitive information that ma...
IBM Websphere Application Server 2.0./3.0/3.0.2 .1 Showcode Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1500/info Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory. This is possib...
RoundCube 0.3.1 XRF/SQL injection
No description provided by source. Exploit Title: RoundCube 0.3.1 SQL injection Date: 10/10/2011 Author: Smith Falcon Software Link: http://roundcube.net/download Version: 0.3.1 Tested on: Linux timezone= is vulnerable to SQL Union Injection. POST data in http://site.com/roundcube/index.php...
ttCMS <= 4 - (ez_sql.php lib_path) Remote File Inclusion Vulnerability
No description provided by source. DEVIL TEAM - HACKING POLISH TEAM Author: Kacper a.k.a Rahim Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Irc: irc.milw0rm.com:6667 devilteam -------------------------------------------- Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM...
Contra Haber Sistemi 1.0 Haber.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21626/info Contra Haber Sistemi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Adobe Flash Player Integer Underflow Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def...
Enthrallweb eClassifieds dircat.asp cid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21192/info eClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
Linux Kernel 3.3-3.8 - SOCK_DIAG Local Root Exploit
影响范围:Linux Kernel 3.3-3.8CVE-ID:CVE-2013-1763Linux内核处理netlink协议时,存在一处内存越界访问,成功利用可执行任意代码,进行本地提权。漏洞代码如下:static int sockdiagrcvmsgstruct skbuff skb, struct nlmsghdr nlh int err; struct sockdiagreq req = NLMSGDATAnlh; struct sockdiaghandler hndl; if nlmsglennlh sizeofreq return -EINVAL; hndl =...
PHP-Nuke 7.x Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include...
ACE Stream Media 2.1 - (acestream://) Format String Exploit PoC
No description provided by source. ? ACE Stream Media 2.1 acestream:// Format String Exploit PoC Vendor: ACE Stream Product web page: http://www.acestream.org Affected version: Ace Player HD 2.1.9 VLC 2.0.5 Summary: Ace Stream is an innovative multimedia platform of a new generation, which includ...
ATutor 1.6.4 - Multiple Cross Site Scripting
No description provided by source. Topic : ATutor 1.6.4 Bugs Type : Cross Site Scripting all of them Credit : ItSecTeam Remote : Yes Status : Bug mail : [email protected] Dork : ATutor 1.6.4 Special Tnx : am!rkh@n, Amin ShokohiPejvak, C0M0D0, 0xd41684c654, r3dmove And All It Security Team Members...
KnowledgeBuilder 2.0/2.1/3.0 - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9292/info KnowledgeBuilder is prone to a remote file include vulnerability. An attacker could exploit this to cause hostile PHP scripts to be included and executed from a remote server. This would occur in the security...
Oracle Database Remote Listener Memory Corruption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37728/info Oracle Database is prone to a remote memory-corruption vulnerability in Listener. The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker does not require privileges to exploit this...
HP LaserJet Directory Traversal in PJL Interface
漏洞分析 密码爆破 惠普官方已经在2010年11月的安全通告上发布了漏洞解决办法,用户可以通过禁用 PJL 的文件系统访问权限或重新设置 PJL 密码来解决此问题。但 PJL 的安全密码是范围1-65535的数字,密码认证次数和频率并没有限制,远程攻击者可以通过爆破可以将 PJL 的密码安全保护禁用,进而可绕过密码验证通过 PJL 对打印机内置的文件系统进行读写。文件系统包含后台处理打印作业、收到的传真、日志文件和配置文件。 使用以下 Python3 程序对系统进行漏洞检测: 如果打印出“PoC OK!”,说明系统存在漏洞。PoC...