56796 matches found
Google Nexus 9 Cypress SAR Firmware Injection via I2C(CVE-2017-0563)
Product Google Nexus 9 Vulnerable Version Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader 3.50.0.0143. Mitigation Install N4F27B or later bootloader version 3.50.0.0143. Technical Details The Nexus 9 device contains a sensor SoC manufactured by Cypress. The sensor is manag...
Mozilla Firefox table use-after-free(CVE-2017-5404)
Mozilla bug tracker link: https://bugzilla.mozilla.org/showbug.cgi?id=1340138 There is a use-after-free security vulnerability in Firefox. The vulnerability was confirmed on the nightly ASan build. PoC and ASan log can be found below. Notes for reproducing: - PoC uses domFuzzLite3 extension...
Schneider Electric Magelis HMI Advanced Panel denial of service vulnerability (PanelShock)
IMPROPER IMPLEMENTATION OF HTTP GET REQUEST CVE-2016-8367 / SVE-82003201 The timeout value for closing an HTTP client's requests in the Web Gate service is too long and allows a malicious attacker to open multiple connections to the targeted web server and keep them open for as long as possible b...
Phpwind GET型CSRF任意代码执行 漏洞
来源链接:http://www.wooyun.org/bugs/wooyun-2016-01758150-tsina-1-93389-397232819ff9a47a7b7e80a40613cfe1 这个洞其实很有意思,最可惜的地方就是其触发位置在后台,否则它将是一个绝无仅有的好洞。 0x01 后台反序列化位置 首先纵览整个phpwindv9,反序列化的位置很多,但基本都是从数据库里取出的,很难完全控制序列化字符串。 最后,找到三处: 可恶的是,三处都在后台的Task模块下。Task模块是『任务中心』功能,只有能进入后台的用户才可以访问: 随便打开一个,...
用友GRP-U8 系统登陆处参数UserNameText 存在SQL注入
No description provided by source...
用友致远A6协同系统messageViewer.jsp三处SQL注入漏洞
No description provided by source...
多款Adobe产品整数溢出漏洞CVE-2014-0569
漏洞类型:整数溢出漏洞 影响组件介绍:Adobe Flash Player、Adobe AIR SDK和Adobe AIR SDK & Compiler都是美国奥多比(Adobe)公司的产品。Adobe Flash Player是一款多媒体播放器产品;Adobe AIR SDK和Adobe AIR SDK & Compiler都是适用于Adobe AIR(一个跨操作系统的运行时环境)的标准开发工具包。 漏洞分析: 原因: action script...
致远软件某网站漏洞合集
简要描述: 致远软件某网站漏洞合集,能不能给20rank 详细说明: 致远软件自助服务网站 问题如下: SQL注入 问吧管理员弱口令 任意文件上传 漏洞证明: SQL注入证明------------开始 注入点为 http://support.seeyon.com/ask/base/QuestionHandler.ashx?callback=jsonp1428044230217&mode=list&title=ceshi 注入类型 获取数据库列表 SQL注入证明------------结束 问吧管理员弱口令证明------------开始 后台地址...
KingCms最新版目录遍历及任意文件读取漏洞(无需截断)
简要描述: KingCms最新版目录遍历及任意文件读取漏洞(无需截断) 详细说明: 朋友的公司想购买kingcms的授权,让我帮忙看下。发现kingcms很长一段时间没更新了,憋了一段时间放出了最新版的k92014-12-13更新,官网下下来学习一下。 在wooyun上看到了几个漏洞,如: WooYun: kingcms最新版sql注入漏洞 问题出在这里:/api/conn.php 先首需要说明的是,这里的目录遍历与文件读取并不是因为服务器配置不当等引起的,而是该cms的某些函数没过过滤+使用不当引起的。 0x00:先来看看如何目录遍历的。 无关代码 $get=$GET;...
Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2
No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather...
亿邮邮件系统SQL导致批量GetShell(无需登录)
简要描述: 亿邮邮件系统SQL导致批量GetShell(至少几百个单位) 详细说明: 漏洞文件:\php\bill\printaddfeelog.php 执行任意SQL命令,且不受GPC影响。 默认MYSQL都是有权限导出文件权限的,可以导出一句话后门。 query$sql; ? 利用代码: POST /php/bill/printaddfeelog.php HTTP/1.1 Content-Length: 140 Host: mail.sihs.edu.cn User-Agent: Mozilla/5.0 Windows; U; Windows NT 6.2; zh-CN;...
Daum Game 1.1.0.5 - ActiveX (IconCreate Method) Stack Buffer Overflow
No description provided by source. !-- Trustwave SpiderLabs Security Advisory TWSL2014-002: Buffer Overflow Vulnerability in DaumGame ActiveX Published: 01/07/2014 Version: 1.1 Vendor: Daum daum.net Product: Daum Game ActiveX Version affected: 1.1.0.5, 1.1.0.4 Product description: DaumGame Active...
Cisco TelePresence Multiple Vulnerabilities - SOS-11-010
No description provided by source. Sense of Security - Security Advisory - SOS-11-010 Release Date. 19-Sep-2011 Last Update. - Vendor Notification Date. 21-Feb-2011 Product. Cisco TelePresence Series Platform. Cisco Affected versions. C = TC4.1.2, MXP = F9.1 Severity Rating. Low - Medium Impact...
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3)
No description provided by source. / $Id: raptorprctl.c,v 1.1 2006/07/13 14:21:43 raptor Exp $ raptorprctl.c - Linux 2.6.x suiddumpable vulnerability Copyright c 2006 Marco Ivaldi [email protected] The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16...
Manhali 1.8 - Local File Inclusion Vulnerability
No description provided by source. Exploit Title: Manhali v1.8 Local File Inclusion Vulnerability Date: 20/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.manhali.com/ Software Link:...
Konqueror 4.7.3 Memory Corruption
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20121010 Date: 10th October 2012 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: Konqueror 4.7.3...
GNU libc/regcomp(3) Multiple Vulnerabilities
No description provided by source. source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.:...
MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
php blue dragon cms 3.0.0 - Remote File Inclusion Vulnerability
No description provided by source. // Exploit Name: Php Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability //Script Homepage: http://phpbluedragon.pl/ // Autor: Kacper [email protected] // Autor Homepage: devilteam.eu | kacper.bblog.pl //Pozdrawiam wszystkich ludzi z DEVIL TEAM, Zaprasza...
Open&Compact FTP Server 1.2 (Gabriel's FTP Server) - Auth Bypass & Directory Traversal SAM Retrieval Exploit
No description provided by source. !/usr/bin/python Exploit Title: Open&Compact Ftp Server = 1.2 Auth bypass & directory traversal sam retrieval Date: Aug 7, 2013 By Wireghoul - http://www.justanotherhacker.com Based on Serge Gorbunov's auth bypass http://www.exploit-db.com/exploits/13932/ Softwa...
Litespeed Technologies Web Server Remote Poison null byte Exploit
No description provided by source. Litespeed Technologies Web Server Remote Poison null byte Zero-Day discovered and exploited by Kingcope in June 2010 google gives me over 9million hits Example exploit session: %nc 192.168.2.19 80 HEAD / HTTP/1.0 HTTP/1.0 200 OK Date: Sun, 13 Jun 2010 00:10:38 G...
TechSmith Snagit 10 (Build 788) DLL Hijacking Exploit (dwmapi.dll)
No description provided by source. / TechSmith Snagit 10 Build 788 Dll Hijacking Exploit By: Encrypt3d.M!nd Date: 25\8\2010 Download: http://www.techsmith.com/download/snagittrial.asp Details: Compile the following code and rename it to dwmapi.dl and place file with one of the affected types in t...
Webkit Normalize Bug - Android 2.2
No description provided by source. !-- CVE-2010-1759 webkit normalize bug Tested on Moto Droidx2 running 2.2. Droidx2 running 2.3 is vulnerable but exploit fails due to non-executable heap. Still working on a way around that : 2.1 - 2.3 emulator. The changes needed are documented in the code. The...
Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities
No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2014-001: Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Published: 01/03/2014 Version: 1.0 Vendor: Franklin Fueling Systems http://www.franklinfueling.com/ Product: TS-550 evo device Version affected:...
WonderWare SuiteLink 2.0 - Remote Denial of Service Exploit (meta)
No description provided by source. $Id: suitlink.rb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
pGB 2.12 kommentar.php SQL Injection Vulnerability
No description provided by source. Exploit Title: pGB 2.12 SQL Injection Vulnerability Date: 18/01/2012 - 03.52 Author: 3spi0n Software Website: http://www.powie.de/ Tested On: BackTrack 5 - Win7 Ultimate Platform: Php $ Vulnerable File: kommentar.php $ Demo Sites:...
MS Excel Malformed FEATHEADER Record Exploit (MS09-067)
No description provided by source. MS Excel Malformed FEATHEADER Record Exploit CVE-2009-3129, MS09-067, OSVDB-59860 Vulnerble application MS office 2003/2007 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Sean Larsson - Original Discovery !/usr/bin/python import sys import zlib Allwin WinExec...
Spring Framework arbitrary code execution
No description provided by source. CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be...
Linux Kernel 'handle_rx()'函数拒绝服务漏洞
Bugtraq ID:66678 CVE ID:CVE-2014-0077 Linux Kernel是Linux操作系统的内核。 Linux kernel在handlerx函数处理较大数据包时存在拒绝服务漏洞,攻击者可利用此漏洞使受影响应用崩溃。 0 Linux kernel 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.kernel.org/...
KVM "complete_emulated_mmio()"内存破坏漏洞
CVE ID:CVE-2014-0049 Linux Kernel是一款开源的操作系统。 由于处理重复模拟推送时"completeemulatedmmio"方法中的错误,可导致内存破坏。 0 KVM Kernel-based Virtual Machine 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b...
SQL Server 弱口令 PoC
SQL Server在配置过程中往往被设置成弱密码,导致被黑客猜解到,造成若密码漏洞。 SQL Server...
ECSHOP后台getshell漏洞
简要描述: ECSHOP 后台getshell 详细说明: admin/editlanguages.php elseif $REQUEST'act' == 'edit' / 语言项的路径 / $langfile = isset$POST'filepath' ? trim$POST'filepath' : ''; / 替换前的语言项 / $srcitems = !empty$POST'item' ? stripslashesdeep$POST'item' : ''; / 修改过后的语言项 / $dstitems = array; $POST'itemid' =...
songcms 3.16 /global.php SQL注入漏洞
No description provided by source...
Apache Tomcat 信息泄露漏洞(CVE-2013-2071)
BUGTRAQ ID: 59798 CVECAN ID: CVE-2013-2071 Apache Tomcat是一个流行的开源JSP应用服务器程序。 Tomcat 7.0.0 - 7.0.39内,AsyncListener的onComplete在执行某些情况下的请求管理时存在运行时异常,org.apache.catalina.connector.Request会因此不再循环。远程攻击者可利用此漏洞获取敏感信息。 0 Apache Group Tomcat 7.0.0 - 7.0.39 厂商补丁: Apache Group ------------...
Microsoft Windows ASLR安全绕过漏洞(CVE-2013-2556)
BUGTRAQ ID: 58566 CVECAN ID: CVE-2013-2556 Microsoft Windows是微软公司推出的一系列操作系统。 Microsoft Windows 7内存在不明细节漏洞,可允许攻击者绕过ASLR保护机制。 0 Microsoft Windows 7 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/windows/ie/default.asp...
Linux Kernel 本地权限提升漏洞(CVE-2013-1767)
BUGTRAQ ID: 58177 CVECAN ID: CVE-2013-1767 Linux Kernel是Linux操作系统的内核。 支持tmpfs的Linux kernel在重新加载tmpfs时存在释放后重用漏洞,首次加载是通过mpol=M选项,但再次加载此缺失此选项,授权本地用户可利用此漏洞使系统崩溃,或者提升权限。 0 Linux kernel 3.3.x Linux kernel 2.6.36 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
Apache Hadoop信息泄露漏洞
BUGTRAQ ID: 54358 CVE ID: CVE-2012-3376 Hadoop是Apache软件基金会所研发的开放源码并行运算编程工具和分散式档案系统。 Apache Hadoop 2.0.0-alpha在实现上存在信息泄露漏洞,成功利用后可允许攻击者获取敏感信息。 0 Apache Group Hadoop 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/...
Adobe Flash Player ActionScript Launch Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Linux kernel 2.6.x KVM create_pit_timer()函数本地拒绝服务漏洞
BUGTRAQ ID: 51172 CVE ID: CVE-2011-4622 Linux是自由电脑操作系统内核。 Linux Kernel在createpittimer的实现上存在本地拒绝服务漏洞,KVM 83的arch/x86/kvm/i8254.c中的createpittimer函数在irqchip不可用时没有正确处理PIT IRQ,本地攻击者可利用定时器通过此漏洞造成内核崩溃,拒绝服务合法用户。 0 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.or...
Apple OS X Sandbox Predefined Profiles Bypass
No description provided by source. Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL: http://www.coresecurity.com/content/apple-osx-sandbox-bypass Date published: 2011-11-10 Date of...
Apache Tomcat sendfile请求安全限制绕过和拒绝服务漏洞
CVE ID: CVE-2011-2526 Tomcat是由Apache软件基金会下属的Jakarta项目开发的一个Servlet容器,按照Sun Microsystems提供的技术规范,实现了对Servlet和JavaServer Page(JSP)的支持,并提供了作为Web服务器的一些特有功能。 Apache Tomcat在sendfile请求的处理上存在安全限制绕过和拒绝服务漏洞,本地攻击者可利用此漏洞绕过安全限制或造成拒绝服务。 1)当Apache Tomcat运行在安全管理器下时没有正确验证sendfile请求的属性,可被恶意Web应用程序利用绕过目标限制并泄露本地文件。...
PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability
No description provided by source. ?php // Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian // Affected Versions: 5.3.3-5.3.6 echo "+ CVE-2011-1938"; echo "+ there we go...\n"; define'EVILSPACEADDR', "\xff\xff\xee\xb3"; define'EVILSPACESIZE', 102410248; $SHELLCODE =...
PHP "substr_replace()"释放后重用远程内存破坏漏洞
BUGTRAQ ID: 46843 CVE ID: CVE-2011-1148 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的"substrreplace"函数在实现上存在释放后重用远程内存破坏漏洞,远程攻击者可利用此漏洞在网络服务器中执行任意代码,造成拒绝服务。 此漏洞源于在将同一个变量多次发送到"substrreplace"函数时,PHP会使该函数中的三个变量使用同一个指针,所以当函数中的类型转换更改了该指针,该指针也会使其他变量无效。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁: PHP ---...
Microsoft Word RTF解析引擎堆溢出漏洞(MS10-056)
BUGTRAQ ID: 42133 CVE ID: CVE-2010-1902 Word是微软Office套件中的文字处理工具。 在处理RTF文档中的某些绘图对象控制字时,Word未经长度检查便将属性值拷贝到了堆缓冲区上,触发堆溢出。成功利用此漏洞的攻击者可以获得与本地用户相同的权限。 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Word 2007 SP2 Microsoft Word 2003 SP3 Microsoft Word 2002 SP3 临时解决方法: 以纯文本格式阅读电子邮件。...
Mozilla Firefox浏览器强制URL拖放操作权限提升漏洞
CVECAN ID: CVE-2010-0178 Firefox是一款流行的开源WEB浏览器。 浏览器Applet可能错误的将单个鼠标点击动作解释为拖放操作,这可能导致在用户浏览器中非预期的加载资源。攻击者可以连续两次利用这种行为,第一次在用户浏览器中加载特权的chrome: URL,之后在同一文档之上加载恶意的javascript: URL,导致以chrome权限执行任意脚本。 Mozilla Firefox 3.6 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0.4 补丁安装方法: 1. 手工安装补丁...
Firefox nsTreeSelection实现释放后使用漏洞
CVE ID: CVE-2010-0175 Firefox是一款流行的开源WEB浏览器。 Firefox处理nsTreeSelection元素的特殊事件时存在释放后使用漏洞。在执行select事件时,Firefox未经检查元素之前是否已被释放便进行了访问,这可能导致执行任意代码。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla Thunderbird 3.0.4 Mozilla SeaMonkey 2.0.4 临时解决方法: 禁用JavaScript。 厂商补丁: Debian ------...
Mozilla Firefox 3.6 window.location对象非授权数据访问漏洞
CVE ID: CVE-2010-0170 Firefox是一款流行的开源WEB浏览器。 由于开发了新的机制来强制窗口与帧之间的同源策略,Firefox 3.6的浏览器引擎将window.location对象更改为正常的可覆盖JavaScript对象。但一些插件也使用这个对象判断页面来源以实施访问限制,因此恶意网页可以通过覆盖这个对象欺骗插件允许到其他站点或本地文件系统上数据的访问。 Mozilla Firefox 3.6 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/...
Samba CAP_DAC_OVERRIDE文件权限绕过安全限制漏洞
BUGTRAQ ID: 38606 CVE ID: CVE-2010-0728 Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。 如果启用了libcap支持,则所有的smbd进程都继承了CAPDACOVERRIDE功能标记,这允许通过认证的远程用户通过标准的文件系统操作绕过预期的文件权限限制读写访问文件。 Samba Samba 3.5.0 Samba Samba 3.4.6 Samba Samba 3.3.11 厂商补丁: Samba ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞
BUGTRAQ ID: 36465 CVE ID: CVE-2009-4631,CVE-2009-4632,CVE-2009-4633,CVE-2009-4634,CVE-2009-4635,CVE-2009-4636,CVE-2009-4637,CVE-2009-4638,CVE-2009-4639,CVE-2009-4640 FFmpeg是一套对音频和视频进行解码录制转换的完整方案。 ffmpeg解析各种媒体文件时存在多个空指针引用、内存越界或死循环等漏洞,可能导致拒绝服务或执行任意代码。 1 解析AVI、.ogv和.wmv文件时的空指针引用和0除数错误可能导致崩溃。 2...
"Sunbird 0.9 Array Overrun (code execution) 0day"
No description provided by source. full disclosure: http://seclists.org/fulldisclosure/2009/Dec/253 Sunbird 0.9 Array Overrun code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - Dis.: 07.05.2009 - Pub.: 11.12.2009 CVE: CVE-2009-0689 CWE: CWE-199 Risk: High...