56796 matches found
Quagga BGPD UPDATE消息远程拒绝服务漏洞
Quagga是一款基于TCP/IP路由软件套件。 Quagga's bgpd存在一个越界内存读取问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 攻击者发送一个特殊构建的,畸形的多协议可到达/不可到达NLRI属性的UPDATE消息,可触发Quagga's bgpd发生assert而放弃,导致拒绝服务攻击。 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu...
TaskDriver <= 1.2 Login Bypass/SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w TaskDriver = 1.2 Login Bypass/SQL Injection Exploit Discovered by: Silentz Payload: Login Bypass & Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code login.php: $sql = "SELECT FROM $userstable WHERE username =...
Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability
No description provided by source. .-""""""""-. / Dj7xpl  ...
Sina UC 2006 Activex SendChatRoomOpt Exploit
新浪UC是中国非常流行的IM工具之一 http://www.51uc.com 漏洞的起因是Sina UC的多个ActiveX控件的参数缺乏必要的验证,攻击者构造恶意网页,可以远程完全控制安装了Sina UC 的用户的计算机, 多个控件存在栈溢出问题,包括但不限于: 1. clsid:77AE4780-75E0-4CB0-A162-D1BBE3D50384 C:\Program Files\sina\UC\ActiveX\BROWSER2UC.dll Sub SendChatRoomOpt ByVal astrVerion As String , ByVal astrUserID As...
PHPProfiles远程文件包含漏洞
PHPProfiles是一款基于PHP的WEB应用程序。 PHPProfiles不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于多个脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 phpProfiles phpProfiles 3.1.2b phpProfiles phpProfiles 2.1 http://sourceforge.net/project/showfiles.php?groupid=176310...
PHP-Fusion Maincore.PHP SQL注入漏洞
PHP-Fusion是一款基于PHP的内容管理程序。 PHP-Fusion不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Maincore.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 PHP-Fusion PHPFusion 6.1.4 PHP-Fusion PHP-Fusion 6.0.307 PHP-Fusion PHP-Fusion 6.0.204 PHP-Fusion PHP-Fusion 6.0.110 PHP-Fusion PHP-Fusion...
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit
No description provided by source. !/usr/bin/perl """"""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """...
Cisco RV34x系列 授权远程代码执行漏洞(CVE-2021-1413 CVE-2021-1414 CVE-2021-1415)
...
Windows TCP/IP 拒绝服务漏洞(CVE-2021-24086)
...
Insteon Hub MPFS Upload Firmware Update Vulnerability(CVE-2018-3832)
Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...
Wordpress SQLi — PoC
In order to understand the writing here, you need to read the previous explanation https://medium.com/websec/wordpress-sqli-bbb2afcc8e94. If you got it, then we can jump to the part and solve the question e.g. how to update / insert our sql payload into thumbnailid post meta. PoC start - Login to...
XNU kernel UaF due to lack of locking in set_dp_control_port (CVE-2016-7644)
setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostprivt hostpriv, ipcportt controlport if hostpriv == HOSTPRIVNULL return KERNINVALIDHOST; if IPVALIDdynamicpagercontrolport ipcportreleasesenddynamicpagercontrolport;...
LastPass: domain regex doesn't handle data and other pseudo-url schemes
I previously found a design flaw in lastpass that affected the 4.x branch of lastpass issue 884. They confirmed the vulnerability, but explained that most of their users use an older branch from addons.mozilla.org. I took a look at the addons.mozilla.org version 3.3.2 as of this writing, and...
Microsoft Edge allows remote attackers to bypass the Same Origin Policy(CVE-2017-0002)
Original link: UXSS on Microsoft Edge – Adventures in a Domainless World without domain big World Adventure Original author: Manuel Caballero Translation: Holic know Chong Yu 404 security lab Note: the associated file can be downloaded here in. Today, we discuss the design of problems, with these...
Nagios Core < 4.2.4 - Root Privilege Escalation (CVE-2016-9566)
INTRODUCTION ------------------------- Nagios Core daemon in versions below 4.2.4 was found to perform unsafe operations when handling the log file. This could be exploited by malicious local attackers to escalate their privileges from 'nagios' system user, or from a user belonging to 'nagios'...
OurPHP filebox.php服务器端请求伪造漏洞
No description provided by source...
PHPYUN任意文件上传导致GETSHELL
简要描述: 简单到你难以想象,只要网站还可以注册就可以GETSHELL,无视GPC,无视WAF。4.1beta版本,其他版本未测 详细说明: 1.在审计PHPYUN的时候一度对PHPYUN的WAF非常无语,但是在大家都痴迷于寻找SQL注入漏洞的时候,确实忽略了一个很简单的上传漏洞。首先定位到漏洞文件wap/member/model/index.class.php function photoaction if$POST'submit' pregmatch'/^data:\simage/\w+;base64,/', $POST'uimage', $result;...
CMSTOP媒体云&政务版 verfiysite 参数identifier SQL注入漏洞
No description provided by source...
ruvar OA系统 SearchCondiction.aspx等3处 SQL注入漏洞
0x01漏洞简介 ruvar OA系统在以下3处存在SQL注入漏洞: 1WebUtility/SearchCondiction.aspx 2WebUtility/getfindcondiction.aspx 3include/getdict.aspx 0x02漏洞验证 NO.1:加单引号 ' 直接报错: NO.2:PageID 参数存在注入 NO.3:btid 参数存在注入 0x03修复方案 过滤,或者使用参数化的SQL语句。...
jcms /interface/user/out_userinfo.jsp 文件 xmlinfo 参数敏感信息泄漏漏洞
No description provided by source...
Android Stagefright Media Playback Engine 远程代码执行漏洞
No description provided by source. !/usr/bin/env python Joshua J. Drake @jduck of ZIMPERIUM zLabs Shout outs to our friends at Optiv formerly Accuvant Labs C Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 www.zimperium.com Exploit for RCE Vulnerability CVE-2015-1538 1 Integer...
BIND9 TKEY assert Dos
我们对 9.9.7-P1 和 9.9.7-P2 这两个版本进行了 diff,发现其主要 Patch 点位于 lib/dns/tkey.c文件中第 653 行 dnstkeyprocessquery 函数中: 在该函数中两次调用 dnsmessagefindname 函数来分别从 DNSSECTIONADDITIONAL 和 DNSSECTIONANSWER 中寻找 TEKY 记录,从代码中可以看到,第一次函数调用之前 na me 变量进行了初始化,被赋值为 NULL,而第二次调用前却未进行初始化。 dnsmessagefindname 函数原型位于 lib/dns/message.c...
PHPMyWind任意用户密码重置
简要描述: PHPMyWind任意用户密码重置 详细说明: 首先我们注册两个用户 第一个叫jkgh006 第二个叫test123 那么我们下来分析一下代码: member.php: else if$a == 'saveedit' //检测数据完整性 if$password!=$repassword or $email=='' header'location:?c=edit'; exit; //HTML转义变量 $answer = htmlspecialchars$answer; $cnname = htmlspecialchars$cnname; $enname =...
Linux PolicyKit Race Condition Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE include Msf::Post::File include...
Drupal Core <= 7.32 - SQL Injection (#2)
No description provided by source. !/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for educational purposes only and t...
frcms 重装系统
简要描述: 重装了 之后 可以轻松getshell。 详细说明: 在install/index.php中 header"Content-Type: text/html; charset=$lang"; foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k = $v $$k = runmagicquotes$v; function runmagicquotes&$svar if!getmagicquotesgpc if isarray$svar foreach$svar as $k = $v $svar$k...
Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability
No description provided by source. Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE : CVE-2011-2777 -- Safeguard...
Axis2 Authenticated Code Execution (via REST)
No description provided by source. $Id: axis2deployerrest.rb 11330 2010-12-14 17:26:44Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...
Windows Afd.sys - Privilege Escalation Exploit (MS11-080)
No description provided by source. MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli Spaghetti & Pwnsauce yuck! 0xbaadf00d Elwood@mac&cheese.com Thx to dookielifesaver2000ca, dijital1 and ronin for helping out! To my Master Shifu muts: So...
PHP-Nuke 8.0 'main/tracking/userLog.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35117/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
MIPS Little Endian Reverse Shell Shellcode (Linux)
No description provided by source. MIPS Little Endian Reverse Shell ASM File and Assembled Shellcode Written by Jacob Holcomb, Security Analyst @ Independent Security Evaluators Blog: http://infosec42.blogspot.com Company Website: http://securityevaluators.com .data .bss .text .globl start start:...
QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/29013/info QT-cute QuickTalk Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script...
Metinfo 3.0 - Multiple Vulnerabilities
No description provided by source. Exploit Title: metinfo3.0 Mullti Vulnerability Date : 10-11-2010 Author : anT!-Tr0J4n Version : 3.0 DorK : Powered by MetInfo 3.0 Home : www.Dev-PoinT.com : http://milw0rm.ws Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tcom Vendor� : http://www.metinfo.cn/...
Squirrelcart <= 2.2.0 (cart_content.php) Remote Inclusion Vulnerability
No description provided by source. Title : Squirrelcart = 2.2.0 Remote File Inclusion URL : http://www.ldev.com/ google Dork : inurl:/squirrelcart/ Author : OLiBekaS greetz : Skulmatic, weleh, brokencode, bigmaster and all papmahackerlink crew Exploit :...
Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
No description provided by source. $Id: adobecooltypesing.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...
PHPGroupWare 0.9.14 Tables_Update.Inc.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12074/info phpGroupWare is prone to a remote file include vulnerability, potentially allowing the execution of malicious PHP code. This would occur in the context of the affected web server. The tablesupdate.inc.php scrip...
glibc LD_AUDIT arbitrary DSO load Privilege Escalation
No description provided by source. !/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file descriptor and using...
CKEditor 4.0.1 - Multiple Vulnerabilities
No description provided by source. =========================================== Vulnerable Software: ckeditor 4.0.1 standard Download: http://download.cksource.com/CKEditor/CKEditor/CKEditor%204.0.1/ckeditor4.0.1standard.zip Vulns: Full Path Disclosure && XSS...
Adobe Reader U3D Memory Corruption Vulnerability
Adobe Reader U3D Memory Corruption Vulnerability 影响范围 软件版本:+0x9fb 000009fceax,0 ds:0023:c0c0cabc=jQuery214099071709053814121452575796030 不加hpa 的crash info eax=52520026 ebx=1e282ea8 ecx=00000024 edx=00000000 esi=00000000 edi=00000000 eip=1a73f2e3 esp=0012f4fc ebp=0012f548 iopl=0 nv up ei ng nz na ...
Microsoft Office 2000/2002 Property Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18911/info Microsoft Office is prone to a code-execution vulnerability. This is due to a failure to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execu...
DMXReady Member Directory Manager <= 1.1 - SQL Injection Vulnerability
No description provided by source. Title : DMXReady Member Directory Manager = 1.1 SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.dmxready.com $$ : 99.97 $ Dork : inurl:incmemberdirectorymanager.asp DorkEx :...
Naxtor Shopping Cart 1.0 Shop_Display_Products.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14456/info Naxtor Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitati...
GL-SH Deaf Forum 6.5.5 Cross-Site Scripting Vulnerability and Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29849/info GL-SH Deaf Forum is prone to a cross-site scripting vulnerability and an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site...
AllMyGuests <= 0.4.1 (AMG_id) Remote SQL Injection Vulnerability
No description provided by source. Found by : -=Player=- Contacts : 282-246-419 ICQ Greatz to: LidlosesAuge, Suicide, enco, Free-Hack Script : AllMyGuests Site : http://www.php-resource.net/ Dork : powered by AllMyGuests Valnu : index.php Parameter: AMGid Injection:...
Pandora FMS <= 3.1 - Blind SQL Injection
No description provided by source. + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applicatio...
Open Web Analytics 'owa_email_address'参数SQL注入漏洞
BUGTRAQ ID: 64774 CVECAN ID: CVE-2014-1206 Open Web Analytics是一个开源的网站流量统计系统。 Open Web Analytics 1.5.4及更早版本没有正确过滤index.php的"owaemailaddress"参数("owado"设置为"base.passwordResetForm","owaaction"设置为"base.passwordResetRequest"),在实现上存在安全漏洞,可导致注入任意SQL代码。 0 Open Web Analytics Open Web Analytics = 1.5.4 Open...
Mozilla Firefox/SeaMonkey/Thunderbird CRMF请求生成跨站脚本漏洞
BUGTRAQ ID:61641 CVE ID:CVE-2013-1710 Mozilla Firefox/SeaMonkey/Thunderbird是Mozilla所发布的WEB浏览器/新闻组客户端/邮件客户端。 Mozilla Firefox/SeaMonkey/Thunderbird crypto.generateCRMFRequest函数存在安全漏洞,允许远程攻击者在某些情况下生成证书请求消息格式Certificate Request Message Format请求来执行任意Javascript代码或进行跨站脚本攻击。 0 Mozilla Firefox 23.0 mozill...
易思(ESPCMS)论坛某版主密码泄露(可将升级补丁替换为一句话木马)
简要描述: ^^ 详细说明: huangqyun 密码: hxy2003 数据:Fromanon7k7k4.txtDatas Content: [email protected] hxy2003 Fromanon7k7k4.txtDatas Content: huangqyun hxy2003 Fromtianya20.txtDatas Content: huangqyun hxy2003 [email protected] 漏洞证明: 1:可以编辑加精帖子 2:里面大多升级补丁都是他发的...
泛微E-office OA管理系统# 验证其通用性:SQL注入、任意文件下载、文件上传等漏洞
简要描述: 验证篇来啦 详细说明: 之前发布的两个漏洞 Coody --- WooYun: 泛微E-office OA管理系统存在任意文件下载及文件上传导致任意代码执行(已getshell) applychen ---- WooYun: 泛微E-office OA管理系统存在SQL注射漏洞可查库 cncert国家互联网应急中心 的回应是:对于通用性还需要进一步确认 今天这篇文章证明一下其通用性(存在SQL注入、任意文件下载、文件上传导致任意代码执行)。 这里需要说明一下: 找到的该案例是通过百度搜索 【泛微oa系统】搜索出来的 地址是...
Secworld waf /admin/ids/waf_update.php 命令执行漏洞
No description provided by source...