56796 matches found
PPA Gallery <= 1.0 (functions.inc.php) Remote File Include Exploit
No description provided by source. ?php / ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+...
Apache OFBiz 代码执行漏洞(CVE-2021-30128)
...
SQLi, XSS zero-days expose Belkin IoT devices, Android smartphones
LONDON, UK – Research director Scott Tenaglia and lead research engineer Joe Tanen detailed the vulnerabilities during their ‘Breaking BHAD: Abusing Belkin Home Automation devices’ talk at the Black Hat Europe conference in London last Friday. The zero-day flaws specifically relate to Belkin’s...
New proxyOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10376)
On 4/24/2018, 01:17:50 p.m. UTC, PeckShield again detected an unusual MESH token transaction shown in Figure 1. In this particular transaction, someone transferred a large amount of MESH token — 0x8fff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff 63 f’s to herself...
Moxa EDR-810 Web Server strcmp Multiple Denial of Service Vulnerabilities(CVE-2017-14435 - CVE-2017-14437)
Summary An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXALOG.ini, /MOXACFG.ini, o...
MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution
!/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import ropgadget ASTSTACKSIZE = 0x800000 default stack size per thread 8 MB...
Kaspersky Secure Mail Gateway Multiple Vulnerabilities
Advisory Information Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0010 Advisory URL: http://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities Date published: 2018-02-01 Date of last update: 2018-02-01 Vendors contacted:...
SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit
Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter...
Libarchive mtree parse_device Code Execution Vulnerability(CVE-2016-4301)
SUMMARY An exploitable stack based buffer overflow vulnerability exists in the mtree parsedevice functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this...
Microsoft Internet Explorer Remote Code Execution Vulnerability(CVE-2017-8618)
There is a type confusion issue related to how some arithmetic operations are performed in VBScript. To illustrate, see the following simplified code of VbsVarMod static unsigned char resultlookuptable1818 = ... void VbsVarModVAR v1, VAR v2 VAR arithv1 = v1-PvarGetArithVal; VAR arithv2 =...
WebKit: UXSS via CachedFrameBase::restore
This is similar to the case https://bugs.chromium.org/p/project-zero/issues/detail?id=1151. But this time, javascript handlers may be fired in FrameLoader::open. void FrameLoader::openCachedFrameBase& cachedFrame ... cleardocument, true, true, cachedFrame.isMainFrame; Click anywhere... function...
PHP PEAR 1.10.1 - arbitrary File Download Vulnerability (CVE-2017-5630)
Author: mapl0 Vulnerability details In the PEAR Base System The 1. 10. 1 version of the installer, can be in after the redirect does not verify file type and file name, and then allows the remote http server via a specially crafted request to overwrite the hacked server files, such as. htaccess i...
XYCMS广告设计中心网站系统 v3.0 view_detail.asp参数id SQL注入漏洞
0x01漏洞简介 XYCMS广告设计中心网站系统采用asp+access架构,其在/viewdetail.asp处对参数id过滤不严格,导致出现SQL注入漏洞。远程攻击者可以利用该漏洞执行SQL指令。 0x02漏洞详情 该系统默认存在一个管理员数据表adminuser,该表包含管理员名称字段admin和密码 md5加密字段password,远程攻击者可以结合union方式获取敏感信息,登陆后台,上传shell。 0x03修复方案 过滤。...
cmstop 远程代码执行漏洞(大众版)
No description provided by source...
易企CMS install/install.php 代码执行
看代码\install\install.php 作用就是安装该cms,然后把install.php改为install.php.bak。由于apache解析问题,改文件还是会解析成php,然后就可以暴力getshell。 数据库连接文件会写到\include\config.inc.php 由于是双引号可直接shell,无限制。...
docker 1.0.0 docker.socket world accessible
CVE-2014-3499 docker.socket world accessible 漏洞类型 设计错误 本地权限提升 漏洞分析 Docker 1.0.0使用全局可读可写的管理套接字,这种设计会允许本地用户利用写套接字,获得特殊的权限。 具体分析 docker.socket 在docker 1.0.0版本时,并没有限制读写socket的权限,导致本地用户任何socket读写都能够完成。 本地用户使用构造的恶意请求写入到socket中会导致root权限执行任意代码。 具体过程 在init/systemd中,...
泛微e-office E-mobile/Data/downfile.php url参数 任意文件下载
漏洞信息: 泛微e-office是泛微公司面向中小型组织推出的OA产品,简单易用高效,部署快、投资少。提供免费试用体验。至今已为超过一万家客户提供方便高效的办公体验。 泛微e-office存在任意文件上传漏洞导致敏感信息泄漏。 漏洞分析: 漏洞存在于E-mobile/Data/downfile.php $fileurl = $REQUEST'url'; $sessionstr = $REQUEST'sessionkey'; $strexplode = explode ",", $sessionstr ; $sessionkey = $strexplode0; $curruserid =...
泛微Eoffice数据库配置文件 mysql_config.ini 下载漏洞
No description provided by source...
大汉网站群访问统计系统 /vc/vc/style/opr_copycode.jsp SQL注入
No description provided by source...
Windows 权限提升漏洞 CVE-2015-6132
No description provided by source...
育软电子政务平台SQL注入漏洞
No description provided by source...
北京希尔自动化OA管理系统/数据库系统 /bnuoa/info/infoShowAction.do 任意文件下载漏洞
No description provided by source...
phpcms v9用户登录处存在sql注入漏洞
password字段如果存在特殊字符,在传入到程序时仍然会被转义,而且在phpsso的login中使用的是username做数据库查询,而不是password。针对第一个问题我们可以使用二次url编码的方法来搞定,在解码之后程序还是用了parsestr对字符串进行了拆解,而这个函数还附带了解url编码的功能。所以,我们只需要在传password内容时传递%2527就可以让单引号出现在phpsso的变量中了。第二个问题也用到parsestr的功能,parsestr在解析“username=123&password=456”这样的字符串,会把它解析为:Array username=123,...
用友内部论坛数据备份信息泄露一万多员工已经内部交流信息泄露
简要描述: 看到这有个正在维护的系统,写着"系统正在升级中...将于2011年10月27日正常访问,敬请谅解!" 于是果断扫了目录,果然有数据备份、 涉及一万多的内部人员数据、大量的用友邮箱、还有部分的内部交流信息、 能再上首页吗? 详细说明: 涉及的IP:http://219.141.185.30/wk.htm 备份数据下载地址:http://219.141.185.30/webroot.rar 果断的解压、 数据挺多的,看了下下面这两个比较有意思、 搜了下,涉及用友邮箱一共1500多、 账户总数是一万七千多、 下面这个比较有意思、...
某网店系统存在越权漏洞(任意用户信息修改)
简要描述: 某网店系统存在越权漏洞任意用户信息修改 详细说明: 账号 A id=375 账号 B id=376 越权修改账号a的信息 成功修改 demo演示站点呢 一样可以修改收货地址 账号A id=362 账号B id=363 img src="https://images.seebug.org/upload/201504/07000058fd624e353d682fc05a6b2efead0a6338.jpg" alt="2.jpg" width="600" onerror=...
大汉网络JCMS任意文件下载
简要描述: 大汉网络文件遍历 详细说明: 漏洞Url: /jcms/m5e/module/voting/down.jsp?filename=a.txt&pathfile=/etc/passwd 下载文件: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin...
Drupal Core <= 7.32 - SQL Injection (PHP)
No description provided by source. ?php ----------------------------------------------------------------------------- Exploit Title: Drupal core 7.x - SQL Injection Date: Oct 16 2014 Exploit Author: Dustin Dörr Software Link: http://www.drupal.com/ Version: Drupal core 7.x versions prior to 7.32...
frcms 重装系统
简要描述: 重装了 之后 可以轻松getshell。 详细说明: 在install/index.php中 header"Content-Type: text/html; charset=$lang"; foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k = $v $$k = runmagicquotes$v; function runmagicquotes&$svar if!getmagicquotesgpc if isarray$svar foreach$svar as $k = $v $svar$k...
Microsoft XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation
No description provided by source. """ Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-002 Publication Date: 2014-07-18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt 1. Vulnerability Details Affected Vendor:...
Kayako eSupport <= 2.3.1 (subd) Remote File Inclusion Vulnerability
No description provided by source. Script: Kayako eSupport = 2.3.1 Vendor: Kayako www.kayako.com Discovered: beford xbefordx gmail com Comments: It seems like the vendor silently fixed the issue in the current version more like since v2.3.5 withouth warning users of previous versions, noobs...
Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
No description provided by source. $Id: adobecooltypesing.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...
Coppermine Photo Gallery <= 1.4.22 Remote Exploit
No description provided by source. !/usr/bin/perl Coppermine Photo Gallery = 1.4.22 Remote Exploit Need registerglobals = on and magicquotesgpc = off Based on vulnerabilities discussed at http://www.milw0rm.org/exploits/8713 Coded by girex use LWP::UserAgent; ifnot defined $ARGV0 banner; print -...
TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...
GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability
No description provided by source. from: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes...
OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20246/info OpenSSL is prone to a denial-of-service vulnerability. A malicious server could cause a vulnerable client application to crash, effectively denying service. !/usr/bin/perl Copyrightc Beyond Security Written by...
Ultimate eShop Error Based SQL Injection Vulnerability
No description provided by source. Exploit Title: Ultimate eShop Error Based SQL Injection Vulnerability Google Dork: inurl:index.cgi?aktion=shopview Date: 19/04/2011 Author: Romka Software Link: http://www.ultimate-eshop.de/ Tested on: Windows XP SP3 Exploit:...
PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability
No description provided by source. ?php // Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian // Affected Versions: 5.3.3-5.3.6 echo + CVE-2011-1938; echo + there we go...\n; define'EVILSPACEADDR', \xff\xff\xee\xb3; define'EVILSPACESIZE', 102410248; $SHELLCODE =...
Final Draft 8 Multiple Stack Buffer Overflows
No description provided by source. Name : Final Draft 8 Multiple Stack Buffer Overflows Vendor Website : http://www.finaldraft.com/index.php Date Released : 29/11/2011 Affected Software : Final Draft 8.02 Researcher : Nick Freeman [email protected] Description...
Croogo 1.2.1 - Multiple CSRF Vulnerabilities
No description provided by source. ----------------------------------------------------------------------------------------------- Title: Croogo 1.2.1 Multiple CSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmaildotcom Date: 07. February 2010...
siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities
No description provided by source. Sources: http://aluigi.org/adv/factorylink1-adv.txt http://aluigi.org/adv/factorylink2-adv.txt http://aluigi.org/adv/factorylink3-adv.txt http://aluigi.org/adv/factorylink4-adv.txt http://aluigi.org/adv/factorylink5-adv.txt...
Joomla Component joomlaradio 5.0 - Remote File Inclusion Vulnerability
No description provided by source. Joomla Radio v5 Component RFI Bug in : administrator/components/comjoomlaradiov5/admin.joomlaradiov5.php Variable : $mosConfiglivesite Download : http://www.joomlaos.de/option,comremository/Itemid,41/func,fileinfo/id,2661.html Dork: inurl:comjoomlaradiov5 Exampl...
DFD Cart 1.1 - Multiple Remote File Inclusion Vulnerabilities
No description provided by source. DFD Cart 1.1 Multiple Remote File Inclusion Vulnerabilities Vulnerability Type: Remote File Inclusion Vulnerable file: /dfdcart/app.lib/product.control/core.php/product.control.config.php Exploit URL:...
Mambo/Joomla Com_comprofiler 1.0 Plugin.class.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19725/info The Mambo and Joomla comcomprofiler component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary...
D-Link IP Cameras Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL:...
PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability
No description provided by source. PHP - gd library - imageRotatefunction Information Leak Vulnerability Discovered by: Hamid Ebadi, Further research and exploit: Mohammad R. Roohian CSIRT Team Members Amirkabir University APA Laboratory Introduction PHP is a popular web programming language whic...
AWStats (6.0-6.2) configdir Remote Command Execution Exploit (c code)
No description provided by source. / AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the user input for the...
Py-Membres 3.1 Index.PHP Unauthorized Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5849/info A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations. Reportedly, Py-Membres does not fully check some URI parameters...
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
No description provided by source. Source: http://securityreason.com/securityalert/8146 libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CER...
phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PhpBB = v2.0.20 \Admin/Restore Database/defaultlang remote commands execution\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo - you need an admin sid, works regardless of...
Oracle Document Capture 10.1.3.5 Insecure Method / Buffer Overflow
No description provided by source. Source: http://packetstormsecurity.org/files/view/97871/DSECRG-11-006.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-006 internal DSECRG-09-066 Application: Oracle Document Capture Versions Affected:...