56796 matches found
FuseTalk Index.CFM SQL注入漏洞
FuseTalk是一款WEB应用程序。 FuseTalk不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Index.CFM'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 FuseTalk 2.0 目前没有解决方案提供: http://www.fusetalk.com/...
Quagga BGPD UPDATE消息远程拒绝服务漏洞
Quagga是一款基于TCP/IP路由软件套件。 Quagga's bgpd存在一个越界内存读取问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 攻击者发送一个特殊构建的,畸形的多协议可到达/不可到达NLRI属性的UPDATE消息,可触发Quagga's bgpd发生assert而放弃,导致拒绝服务攻击。 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu...
TaskDriver <= 1.2 Login Bypass/SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w TaskDriver = 1.2 Login Bypass/SQL Injection Exploit Discovered by: Silentz Payload: Login Bypass & Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code login.php: $sql = "SELECT FROM $userstable WHERE username =...
Katalog Plyt Audio (pl) <= 1.0 Remote SQL Injection Exploit
No description provided by source. ? / Author: Kacper Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Irc: irc.milw0rm.com:6667 devilteam Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM. Katalog Plyt Audio pl = 1.0 Remote SQL Injection Exploit script download:...
Sina UC 2006 Activex SendChatRoomOpt Exploit
新浪UC是中国非常流行的IM工具之一 http://www.51uc.com 漏洞的起因是Sina UC的多个ActiveX控件的参数缺乏必要的验证,攻击者构造恶意网页,可以远程完全控制安装了Sina UC 的用户的计算机, 多个控件存在栈溢出问题,包括但不限于: 1. clsid:77AE4780-75E0-4CB0-A162-D1BBE3D50384 C:\Program Files\sina\UC\ActiveX\BROWSER2UC.dll Sub SendChatRoomOpt ByVal astrVerion As String , ByVal astrUserID As...
PHPProfiles远程文件包含漏洞
PHPProfiles是一款基于PHP的WEB应用程序。 PHPProfiles不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于多个脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 phpProfiles phpProfiles 3.1.2b phpProfiles phpProfiles 2.1 http://sourceforge.net/project/showfiles.php?groupid=176310...
PHP-Fusion Maincore.PHP SQL注入漏洞
PHP-Fusion是一款基于PHP的内容管理程序。 PHP-Fusion不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Maincore.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 PHP-Fusion PHPFusion 6.1.4 PHP-Fusion PHP-Fusion 6.0.307 PHP-Fusion PHP-Fusion 6.0.204 PHP-Fusion PHP-Fusion 6.0.110 PHP-Fusion PHP-Fusion...
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit
No description provided by source. !/usr/bin/perl """"""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """...
Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
No description provided by source. !/usr/bin/perl Based on - apache-squ1rt.c exploit. Original credit goes to Chintan Trivedi on the FullDisclosure mailing list: http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html More info - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942...
DouPHP-多处物理路径泄露
...
Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability(CVE-2018-4996)
Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...
Pomelo Admin Console Web存在任意文件写入漏洞
...
Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability(CVE-2017-12087)
Summary An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this...
Wordpress SQLi — PoC
In order to understand the writing here, you need to read the previous explanation https://medium.com/websec/wordpress-sqli-bbb2afcc8e94. If you got it, then we can jump to the part and solve the question e.g. how to update / insert our sql payload into thumbnailid post meta. PoC start - Login to...
Apple Image I/O EXR Compression Remote Code Execution Vulnerability(CVE-2016-4630)
SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...
National Instruments LabVIEW RSRC Arbitrary Null Write Code Execution Vulnerability(CVE-2017-2779)
Summary An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW. A specially crafted VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this...
XNU kernel UaF due to lack of locking in set_dp_control_port (CVE-2016-7644)
setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostprivt hostpriv, ipcportt controlport if hostpriv == HOSTPRIVNULL return KERNINVALIDHOST; if IPVALIDdynamicpagercontrolport ipcportreleasesenddynamicpagercontrolport;...
macOS HelpViewer XSS leads to arbitrary file execution and arbitrary file read(CVE-2017-2361)
HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open /Applications/Safari.app/Contents/Resources/Safari.help or using "help:" scheme: help:openbook=com.apple.safari.help...
Jenkins remote code execution vulnerability (CVE-2017-2608)
No description provided by source...
Nagios Core < 4.2.4 - Root Privilege Escalation (CVE-2016-9566)
INTRODUCTION ------------------------- Nagios Core daemon in versions below 4.2.4 was found to perform unsafe operations when handling the log file. This could be exploited by malicious local attackers to escalate their privileges from 'nagios' system user, or from a user belonging to 'nagios'...
Paviansystems product_detail.php parameters product_id SQL injection vulnerability
No description provided by source...
Jenkins 低权限用户 API 服务调用 可致远程命令执行
漏洞演示 将 Jenkins 跑起来后,在低权限用户下构造 XML 文档: hashCode open /Applications/Calculator.app false 0 0 0 start 1 发送 Payload 至接口 http://...:8080/jenkins/createItem?name=knownsec: 成功后服务端会运行 计算器 程序。 漏洞影响 影响版本: 1.650 (1.650版本已修复该问题) 从zoomeye.org上搜索设备指纹“Jenkins” 从搜索的结果来看,约存在20000个潜在受到影响的目标。 相关链接...
phpok v4.3.18 index.php 信息泄漏漏洞
No description provided by source...
PycURL远程代码执行漏洞
简要描述: 利用pycurl上传文件时,如果文件内容是unicode类型,那么会产生Use After Free漏洞 详细说明: 文件名: pycurl\src\easy.c 如果setopt给定的FORMBUFFERPTR的内容是Unicode,如 curl.setoptpycurl.HTTPPOST, 'field2', pycurl.FORMBUFFER, 'uploaded.file', pycurl.FORMBUFFERPTR, u'test', 那么会进入如下流程: 代码1571行会先把unicode转换成str,ostr和olen,分别是str的字符串指针和长度...
泛微e-office E-mobile/Data/downfile.php url参数 任意文件下载
漏洞信息: 泛微e-office是泛微公司面向中小型组织推出的OA产品,简单易用高效,部署快、投资少。提供免费试用体验。至今已为超过一万家客户提供方便高效的办公体验。 泛微e-office存在任意文件上传漏洞导致敏感信息泄漏。 漏洞分析: 漏洞存在于E-mobile/Data/downfile.php $fileurl = $REQUEST'url'; $sessionstr = $REQUEST'sessionkey'; $strexplode = explode ",", $sessionstr ; $sessionkey = $strexplode0; $curruserid =...
Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2
No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather...
Linux PolicyKit Race Condition Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE include Msf::Post::File include...
万户OA某页面通用性SQL注入(又影响N个政府网和医疗机构)
简要描述: 其实我一直琢磨,之前发的那个,为什么有一部分不能注入,后来找了找,发现不能注入的都是oracle数据库,很好奇。。。然后……就发现了这个通用注入。。例子中,涉及淮北市卫生局,内蒙古海勃湾区市政府、怀远县政府等多家政府单位和医疗机构。在注入时貌似有些限制,凌晨1:45了,就不继续测试了,该睡觉了。。 详细说明: 万户OA协同管理系统,存在POST注入 问题链接:defaultroot/mobile/index.jsp 该登陆框,username处没有做过滤,导致了POST注入 详细看图吧。。。 漏洞证明:...
frcms 重装系统
简要描述: 重装了 之后 可以轻松getshell。 详细说明: 在install/index.php中 header"Content-Type: text/html; charset=$lang"; foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k = $v $$k = runmagicquotes$v; function runmagicquotes&$svar if!getmagicquotesgpc if isarray$svar foreach$svar as $k = $v $svar$k...
Microsoft XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation
No description provided by source. Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-003 Publication Date: 2014.07.18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt 1. Vulnerability Details Affected Vendor: Microsof...
Windows Afd.sys - Privilege Escalation Exploit (MS11-080)
No description provided by source. MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli Spaghetti & Pwnsauce yuck! 0xbaadf00d Elwood@mac&cheese.com Thx to dookielifesaver2000ca, dijital1 and ronin for helping out! To my Master Shifu muts: So...
Namad (IMenAfzar) 2.0.0.0 - Remote File Disclosure Vulnerability
No description provided by source. Securitylab.ir Application Info: Name: Namad Version: 2.0.0.0 Website: http://imenafzar.com Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Remote File Download...
shop7z 注入漏洞2
简要描述: shop7z 注入漏洞2 详细说明: News.asp 漏洞证明: 测试 192.168.236.131/news.asp?lid=1' http://www.shop7z.com/Demo/news.asp?lid=1%27...
SAP Netweaver Message Server Multiple Vulnerabilities
No description provided by source. 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update:...
mygamingladder MGL Combo System <= 7.5 game.php SQL injection Exploit
No description provided by source. ----------------------------Information------------------------------------------------ +Name : mygamingladder MGL Combo System = 7.5 game.php SQL injection Exploit +Autor : Easy Laster +Date : 10.10.2010 +Script : mygamingladder MGL Combo System = 7.5 +Price :...
ApPHP MicroBlog 1.0.1 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/python import random import hashlib import urllib from base64 import b64encode as b64 import sys import re Exploit Title: Python exploit for ApPHP MicroBlog 1.0.1 Free Version - RCE Exploit Author: LOTFREE Version: ApPHP MicroBlog 1.0.1 Free Version...
QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/29013/info QT-cute QuickTalk Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script...
Pandora FMS <= 3.1 - Blind SQL Injection
No description provided by source. + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applicatio...
Linux Kernel /dev/ptmx Key Stroke Timing Local Disclosure
No description provided by source. !/bin/bash ptmx-su-pwdlen.sh -- This PoC determine the password length of a local user who runs su -. Done thanks to the ptmx keystroke timing attack CVE-2013-0160. See http://vladz.devzero.fr/013ptmx-timing.php for more information. Tested on Debian 6.0.5 kerne...
Parallels H-Sphere 3.0/3.1 'login.php' Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/31256/info H-Sphere is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...
Metinfo 3.0 - Multiple Vulnerabilities
No description provided by source. Exploit Title: metinfo3.0 Mullti Vulnerability Date : 10-11-2010 Author : anT!-Tr0J4n Version : 3.0 DorK : Powered by MetInfo 3.0 Home : www.Dev-PoinT.com : http://milw0rm.ws Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tcom Vendor� : http://www.metinfo.cn/...
Microsoft Office 2000/2002 Property Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18911/info Microsoft Office is prone to a code-execution vulnerability. This is due to a failure to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execu...
glibc LD_AUDIT arbitrary DSO load Privilege Escalation
No description provided by source. !/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file descriptor and using...
ImageVue 2.0 - Remote Admin Login Exploit
No description provided by source. Author: Sora Software Link: http://www.imagevuex.com/ Version: 2.0 Tested on: Windows and Linux --------------------------------- / ImageVue 2.0 Remote Admin Login Exploit Created by Sora Contact: vhr95zw at hotmail.com / + Google Dork: inurl:/admin/ ImageVue +...
Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability
No description provided by source. Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE : CVE-2011-2777 -- Safeguard...
Squirrelcart <= 2.2.0 (cart_content.php) Remote Inclusion Vulnerability
No description provided by source. Title : Squirrelcart = 2.2.0 Remote File Inclusion URL : http://www.ldev.com/ google Dork : inurl:/squirrelcart/ Author : OLiBekaS greetz : Skulmatic, weleh, brokencode, bigmaster and all papmahackerlink crew Exploit :...
LibreOffice OpenSSL TLS心跳信息泄漏漏洞
CVE ID:CVE-2014-0160 LibreOffice是一套可与其他主要办公室软体相容的套件,可在各种平台上执行。 LibreOffice所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 LibreOffice 4.x LibreOffice 4.2.3版本已修复该漏洞,建议用户下载使用: http://www.libreoffice.org/...
Maccms V8 注入两枚
简要描述: 过滤不严。无需单引号。同一文件。 详细说明: 在inc/user/alipay/alipayapi.php中 $outtradeno = $POST'WIDouttradeno';//可控 //商户网站订单系统中唯一订单号,必填 //订单名称 $subject = $POST'WIDsubject'; //必填 //付款金额 $price = $POST'WIDprice'; //必填 //商品数量 $quantity = "1"; //必填,建议默认为1,不改变值,把一次交易看成是一次下订单而非购买一件商品 //物流费用 $logisticsfee = "0.00";...
FreeType 'src/cff/cf2ft.c'远程拒绝服务漏洞
BUGTRAQ ID: 66292 CVE ID:CVE-2014-2241 FreeType是一个流行的字体函数库。 FreeType 'src/cff/cf2ft.c'中的cf2initLocalRegionBuffer, cf2initGlobalRegionBuffer函数存在一个断言失败错误,允许攻击者利用漏洞构建恶意字体,诱使应用解析,可使应用程序崩溃。 0 FreeType 2.5.3 厂商补丁: FreeType ----- 用户可参考厂商的GIT库以获得补丁修复此漏洞:...
程氏舞曲CMS最新版某处SQL注射漏洞(官方演示站)
简要描述: 今天刚看到这个网站,于是就射了一吧! 详细说明: 在歌曲搜索的地方,敲了一个单引号,于是就出现了如下的错误,其中单引号要转码为%27 http://demo.chshcms.com/index.php/dance/so/key/%27 然后构造了一下http://demo.chshcms.com/index.php/dance/so/key/wooyun' or '%'=' 转码后为http://demo.chshcms.com/index.php/dance/so/key/wooyun%27%20or%20%27%25%27%3D%27 所有的歌曲都查询出来了!...