56796 matches found
RadNICS Gold v5 Multiple Remote Vulnerabilities
No description provided by source. -----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...
WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures
No description provided by source. WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures 1. Advisory Information Title: WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures Advisory ID: CORE-2009-0515 Advisory URL:...
Microsoft IE缓存内容跨域信息泄露漏洞(MS09-019)
BUGTRAQ ID: 35200 CVECAN ID: CVE-2009-1140 Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器。 Internet Explorer缓存数据的方式存在一个信息泄露漏洞,可错误地允许调用缓存内容,从而绕过Internet Explorer区域限制。 Internet Explorer提供了URL安全区域功能,根据可信任程度对网站和应用定义了不同的权限组。默认下,所有不在“本地Intranet”区中且没有明确在 “受限站点”或“可信站点”中所列出的站点都分配到了Internet区域中,默认的安全区设置为“中-高”。...
Linux Kernel克隆进程CLONE_PARENT本地拒绝服务漏洞
BUGTRAQ ID: 33906 CVECAN ID: CVE-2009-0028 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的clone系统调用允许调用程序在其子进程退出的时候说明所接收到的信号类型。如果结合CLONEPARENT利用的话,就会导致新的子进程与调用程序共享相同的父进程,这就允许向调用程序的父进程发送任意信号。 成功攻击要求特权的父进程将用户提供的应用程序启动为子进程,最可能的结果是杀死高权限的父进程。 Linux kernel 2.6.x 厂商补丁: Linux -----...
Nokia S60系列手机畸形短信/彩信远程拒绝服务漏洞
BUGTRAQ ID: 33074 Nokia S60系列是运行symbian平台的智能手机。 3GPP TS 23.040标准中规定了通过短信发送邮件的方法。邮件短信的最基本形式以MT-SMS或MO-SMS开始,之后为空格,最后为消息正文。短信消息的TP协议标识符必须设置为Internet Electronic Mail(值为50/0x32)。 但上述标准没有规定手机接收到短信后如何显示。在S60 2.6之前版本,Series60设备按原样显示消息;从S60...
Webmaster Marketplace (member.php u) SQL Injection Vulnerability
No description provided by source. Webmaster Marketplace member.php u Remote SQL Injection Vulnerability Author: Hussin X Home :IQ-SecuriTY www.IQ-TY.com | TrYaG www.TrYaG.cc Mail : [email protected] script : http://www.unscripts.com/MPS.html DorK : : exploit :...
PHP 5 'posix_access()'功安全模式绕过目录遍历漏洞
CVE-2008-2665 PHP is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data. Attackers can leverage this issue to bypass security restrictions enforced by 'safemode' to access data outside of the root webserver directory. Successful attacks may all...
Lighttpd URI重写/重定向信息泄露漏洞
BUGTRAQ ID: 31599 CVE ID:CVE-2008-4359 CNCVE ID:CNCVE-20084359 Lighttpd是一款开放源代码的WEB服务器程序。 Lighttpd存在设计问题,远程攻击者可以利用漏洞获得敏感信息。 lighttpd 1.4.19和1.5.0之前的其他版本,在匹配重定向和重写模式之前没有对URL进行解码,可导致攻击者使用编码URL绕过重写规则。如果这些规则用于隐藏部分URL可导致安全问题。 lighttpd lighttpd 1.4.19 lighttpd lighttpd 1.4.18 lighttpd lighttpd 1.4.17...
Active PHP Bookmarks 1.1.02 Remote SQL Injection Vulnerability
No description provided by source. || | | Bookmarks V 1.1.02 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | script :...
hMailServer IMAP命令拒绝服务漏洞
BUGTRAQ ID: 30663 CNCAN ID:CNCAN-2008081411 hMailServer是一款EMAIL服务程序。 hMailServer IMAP服务程序不正确处理IMAP命令,远程攻击者可以利用漏洞对服务器进行拒绝服务攻击。 发送大量IMAP命令: A01 CREATE AAAAA A02 CREATE AAAAAA A03 CREATE AAAAAAA ... A97 RENAME AAAAA BBBBB A98 RENAME AAAAAA BBBBBB A100 RENAME AAAAAAA BBBBBBB 可导致服务器消耗大量资源而造成拒绝服务攻击。...
VLC媒体播放器浏览器插件任意文件覆盖漏洞
BUGTRAQ ID: 28712 CVECAN ID: CVE-2007-6683 VLC Media Player是一款免费的媒体播放器。 VLC Media Player在处理畸形格式的播放列表时存在漏洞,远程攻击者可能利用此漏洞覆盖任意文件。 如果播放列表的文件名中包含有特制:demuxdump-file选项的话,或MP3文件中包含有EXTVLCOPT语句的话,则在打开上述文件时VLC播放器的浏览器插件就可能注入参数,导致覆盖任意文件。 VideoLAN VLC Media Player 0.8.6d 厂商补丁: Debian ------...
SAPlpd多个远程溢出及拒绝服务漏洞
BUGTRAQ ID: 27613 CVECAN ID: CVE-2008-0620,CVE-2008-0621 SAPlpd是SAP GUI软件包中所捆绑的Windows平台行市打印机守护程序。 SAPLPD服务程序在处理LPD命令时存在多个缓冲区溢出漏洞,远程攻击者可能利用这些漏洞控制服务器或导致服务不可用。 如果向0x01、0x02、0x03、0x04、0x05、0x31、0x32、0x33、0x34和0x35 LPD命令传送了超长参数的话,就可以触发这些溢出,导致执行任意指令;如果向0x53 LPD命令传送了畸形参数,还可能导致服务器终止。 SAP SAPlpd = 6.28 S...
DeluxeBB CP.PHP安全绕过漏洞
DeluxeBB是一款基于PHP的WEB应用程序。 DeluxeBB不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞更改管理员信息。 问题是由于'cp.php'脚本对用户提交的WEB参数缺少过滤,当更新自身的档案时,DeluxeBB执行如下有问题代码: $db-unbufferedquery"UPDATE ".$prefix."users SET email='$xemail', msn='$xmsn', icq='$xicq', ... WHERE username='$membercookie'"; 因此可更改cookie "membercookie",如更改远程用户的EMAI...
Mono System.Web StaticFileHandler.cs源码泄露漏洞
BUGTRAQ ID: 26166 CVECAN ID: CVE-2007-5473 Mono是基于.NET框架的开源开发平台,允许开发人员构建Linux和跨平台的应用。 运行在Windows平台上的Mono中StaticFileHandler.cs文件没有正确地处理某些用户请求,可能导致源码泄露。 如果请求中所使用的文件名以空格或句号结束的话,Win32子系统就无法正确地处理这样的文件名,会忽略拖尾字符,允许调用的应用程序打开磁盘上的文件,即使该文件的名称不包含有请求中所使用的拖尾字符。发送上述请求就会导致XSP返回所请求页面的源码。 Mono 1.x...
PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
No description provided by source. Affected Products: = PHP 5.2.3 = PHP 4.4.7 Authors: Mattias Bengtsson [email protected] Philip Olausson [email protected] Reported: 2007-06-05 Released: 2007-08-30 CVE: CVE-2007-3997 Issue: A vulnerability exists in PHP's MySQL and MySQLi extenstions which can be use...
SHTTPD文件名解析错误信息泄露漏洞
BUGTRAQ ID: 24618 CVECAN ID: CVE-2007-3407 SHTTPD是一款轻量级的简单易用的web服务器。 SHTTPD处理HTTP请求时存在漏洞,远程攻击者可能利用此漏洞获取脚本源码。 SHTTPD没有正确地处理HTTP请求,如果用户在所提交的URI后附加了“%20”字符的话,就可能导致泄露某些脚本的源码。 Sergey Lyubka SHTTPD 1.38 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://shttpd.sourceforge.net/...
FuseTalk Index.CFM SQL注入漏洞
FuseTalk是一款WEB应用程序。 FuseTalk不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Index.CFM'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 FuseTalk 2.0 目前没有解决方案提供: http://www.fusetalk.com/...
Quagga BGPD UPDATE消息远程拒绝服务漏洞
Quagga是一款基于TCP/IP路由软件套件。 Quagga's bgpd存在一个越界内存读取问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 攻击者发送一个特殊构建的,畸形的多协议可到达/不可到达NLRI属性的UPDATE消息,可触发Quagga's bgpd发生assert而放弃,导致拒绝服务攻击。 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu...
TaskDriver <= 1.2 Login Bypass/SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w TaskDriver = 1.2 Login Bypass/SQL Injection Exploit Discovered by: Silentz Payload: Login Bypass & Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code login.php: $sql = "SELECT FROM $userstable WHERE username =...
Katalog Plyt Audio (pl) <= 1.0 Remote SQL Injection Exploit
No description provided by source. ? / Author: Kacper Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Irc: irc.milw0rm.com:6667 devilteam Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM. Katalog Plyt Audio pl = 1.0 Remote SQL Injection Exploit script download:...
3Com TFTP超长传输模式字段远程缓冲区溢出漏洞
3CTftpSvc是一款Windows 9x/NT/XP平台下的TFTP服务器,实现TFTPv2协议。 3CTftpSvc在处理超长畸形的请求时存在漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 3CTftpSvc TFTP服务器在处理传送给GET或PUT命令的超长传输模式(大于470字节)时存在缓冲区溢出。如果攻击者向服务器发送了特制报文请求的话就会触发这个漏洞,导致拒绝服务或执行任意指令。 3Com 3CTftpSvc TFTP Server 2.0.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit
No description provided by source. !/usr/bin/perl """"""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """...
Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
No description provided by source. !/usr/bin/perl Based on - apache-squ1rt.c exploit. Original credit goes to Chintan Trivedi on the FullDisclosure mailing list: http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html More info - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942...
bsdi/x86 execve /bin/sh 46 bytes
No description provided by source. / BSDi execve of /bin/sh by v9 [email protected] / static char exec= "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c" / 14 characters. / "\x89\x76\x08\x50\x8d\x5e\x08\x53\x56\x56\xb0\x3b\x9a\xff" / 14 characters. /...
Synology Audio Station 远程代码执行漏洞
...
Windows TCP/IP 拒绝服务漏洞(CVE-2021-24086)
...
libxls read_MSAT Code Execution Vulnerability(CVE-2017-2897)
Summary An exploitable out-of-bounds write vulnerability exists in the readMSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...
Wordpress SQLi — PoC
In order to understand the writing here, you need to read the previous explanation https://medium.com/websec/wordpress-sqli-bbb2afcc8e94. If you got it, then we can jump to the part and solve the question e.g. how to update / insert our sql payload into thumbnailid post meta. PoC start - Login to...
National Instruments LabVIEW RSRC Arbitrary Null Write Code Execution Vulnerability(CVE-2017-2779)
Summary An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW. A specially crafted VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this...
XNU kernel UaF due to lack of locking in set_dp_control_port (CVE-2016-7644)
setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostprivt hostpriv, ipcportt controlport if hostpriv == HOSTPRIVNULL return KERNINVALIDHOST; if IPVALIDdynamicpagercontrolport ipcportreleasesenddynamicpagercontrolport;...
AMF3 Java implementations Improper Control of Dynamically-Managed Code Resources
Details reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this...
LastPass: domain regex doesn't handle data and other pseudo-url schemes
I previously found a design flaw in lastpass that affected the 4.x branch of lastpass issue 884. They confirmed the vulnerability, but explained that most of their users use an older branch from addons.mozilla.org. I took a look at the addons.mozilla.org version 3.3.2 as of this writing, and...
Microsoft Edge allows remote attackers to bypass the Same Origin Policy(CVE-2017-0002)
Original link: UXSS on Microsoft Edge – Adventures in a Domainless World without domain big World Adventure Original author: Manuel Caballero Translation: Holic know Chong Yu 404 security lab Note: the associated file can be downloaded here in. Today, we discuss the design of problems, with these...
万户OA xfire xml实体注入漏洞
xfire xml实体注入 webservice使用了xfire框架,存在xxe漏洞 jmx-console 存在默认口令: admin/ezoffice,网上搜一下基本没改。...
Jenkins 低权限用户 API 服务调用 可致远程命令执行
漏洞演示 将 Jenkins 跑起来后,在低权限用户下构造 XML 文档: hashCode open /Applications/Calculator.app false 0 0 0 start 1 发送 Payload 至接口 http://...:8080/jenkins/createItem?name=knownsec: 成功后服务端会运行 计算器 程序。 漏洞影响 影响版本: 1.650 (1.650版本已修复该问题) 从zoomeye.org上搜索设备指纹“Jenkins” 从搜索的结果来看,约存在20000个潜在受到影响的目标。 相关链接...
Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2
No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather...
万户OA某页面通用性SQL注入(又影响N个政府网和医疗机构)
简要描述: 其实我一直琢磨,之前发的那个,为什么有一部分不能注入,后来找了找,发现不能注入的都是oracle数据库,很好奇。。。然后……就发现了这个通用注入。。例子中,涉及淮北市卫生局,内蒙古海勃湾区市政府、怀远县政府等多家政府单位和医疗机构。在注入时貌似有些限制,凌晨1:45了,就不继续测试了,该睡觉了。。 详细说明: 万户OA协同管理系统,存在POST注入 问题链接:defaultroot/mobile/index.jsp 该登陆框,username处没有做过滤,导致了POST注入 详细看图吧。。。 漏洞证明:...
Microsoft XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation
No description provided by source. Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-003 Publication Date: 2014.07.18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt 1. Vulnerability Details Affected Vendor: Microsof...
Destoon前台getshell(CSRF任意代码执行)
简要描述: 测试版本 DESTOON B2B Version 5.0 Release 20140625 UTF-8 ZH-CN 详细说明: 0.问题文件 admin/tag.inc.php 95行 eval$tagcode; 未对用户提交的执行代码tagcode做安全限制 1.前台注册会员 2.进入会员中心,发布一条求购信息 信息标题:随意 行业分类:随意 产品图片:通过审查元素,修改 postthumb 的value为...
Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability
No description provided by source. Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE : CVE-2011-2777 -- Safeguard...
ApPHP MicroBlog 1.0.1 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/python import random import hashlib import urllib from base64 import b64encode as b64 import sys import re Exploit Title: Python exploit for ApPHP MicroBlog 1.0.1 Free Version - RCE Exploit Author: LOTFREE Version: ApPHP MicroBlog 1.0.1 Free Version...
MIPS Little Endian Reverse Shell Shellcode (Linux)
No description provided by source. MIPS Little Endian Reverse Shell ASM File and Assembled Shellcode Written by Jacob Holcomb, Security Analyst @ Independent Security Evaluators Blog: http://infosec42.blogspot.com Company Website: http://securityevaluators.com .data .bss .text .globl start start:...
SAP Netweaver Message Server Multiple Vulnerabilities
No description provided by source. 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update:...
PHP-Nuke 8.0 'main/tracking/userLog.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35117/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Linux Kernel /dev/ptmx Key Stroke Timing Local Disclosure
No description provided by source. !/bin/bash ptmx-su-pwdlen.sh -- This PoC determine the password length of a local user who runs su -. Done thanks to the ptmx keystroke timing attack CVE-2013-0160. See http://vladz.devzero.fr/013ptmx-timing.php for more information. Tested on Debian 6.0.5 kerne...
KingView 6.5.3 SCADA HMI Heap Overflow PoC
No description provided by source. Exploit Title: KingView 6.53 SCADA HMI Heap Overflow PoC Date: 9/28/2010 Author: Dillon Beresford Software Link: http://download.kingview.com/software/kingview%20English%20Version/kingview6.53EN.rar Version: 6.53 English Tested on: Windows XP SP1 works on SP2 an...
QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/29013/info QT-cute QuickTalk Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script...
ImageVue 2.0 - Remote Admin Login Exploit
No description provided by source. Author: Sora Software Link: http://www.imagevuex.com/ Version: 2.0 Tested on: Windows and Linux --------------------------------- / ImageVue 2.0 Remote Admin Login Exploit Created by Sora Contact: vhr95zw at hotmail.com / + Google Dork: inurl:/admin/ ImageVue +...
Squirrelcart <= 2.2.0 (cart_content.php) Remote Inclusion Vulnerability
No description provided by source. Title : Squirrelcart = 2.2.0 Remote File Inclusion URL : http://www.ldev.com/ google Dork : inurl:/squirrelcart/ Author : OLiBekaS greetz : Skulmatic, weleh, brokencode, bigmaster and all papmahackerlink crew Exploit :...
GL-SH Deaf Forum 6.5.5 Cross-Site Scripting Vulnerability and Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29849/info GL-SH Deaf Forum is prone to a cross-site scripting vulnerability and an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site...