56796 matches found
CPP-Ethereum JSON-RPC admin_nodeInfo improper authorization Vulnerability(CVE-2017-12113)
Summary An exploitable improper authorization vulnerability exists in adminnodeInfo API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...
D-Link DSL-6850U Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in D-Link DSL-6850U versions BZ1.00.01 – BZ1.00.09. D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities found are: Default Credentials Remote Command Execution Credit An...
WebKit: out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint(CVE-2017-13784)
There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. ASan log: ================================================================= ==30436==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000560c48 at pc...
Foscam IP Video Camera webService dyndns.com DDNS Client Code Execution Vulnerability(CVE-2017-2856)
Summary An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating...
wget HTTP integer overflow(CVE-2017-13089)
That’s an interesting vulnerability in GNU wget. According to the wget project, this was reported by Antti Levomäki, Christian Jalio, Joonas Pihlaja of Forcepoint as well as Juhani Eronen of the Finnish National Cyber Security Centre. The vulnerability is in src/http.c source code file and more...
FreeRDP Rdp Client License Read Challenge Packet Denial of Service Vulnerability(CVE-2017-2839)
Summary An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use ma...
xycms b_title parameter sql injection vulnerability
No description provided by source...
Google Nexus 9 Cypress SAR Firmware Injection via I2C(CVE-2017-0563)
Product Google Nexus 9 Vulnerable Version Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader 3.50.0.0143. Mitigation Install N4F27B or later bootloader version 3.50.0.0143. Technical Details The Nexus 9 device contains a sensor SoC manufactured by Cypress. The sensor is manag...
Joomla! Core XSS Vulnerability(CVE-2017-7985)
Joomla! is one of the world's most popular content management system CMS solutions. It enables users to build custom Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of November 2016,...
Heap Overflow Vulnerability in Citrix NetScaler Gateway (CVE-2017-7219)
After presenting my findings on the Swisscom router at the CybSecConference last year, I started looking for a new product to analyze. I quickly found that it’s possible to download virtual “demo” appliances of Citrix products, so I went on to download a Netscaler VPX, which at the time was at...
OS Command Injection Vulnerability in ASG and CAS (CVE-2016-9091)
The Advanced Secure Gateway ASG and Content Analysis System CAS management consoles provide a web UI for appliance administrators to manage and monitor the respective appliance. Each management console provides limited functionality to administrators and does not provide them with access to the...
Microsoft Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0154)
Original link: a Broken Browser Original author: Manuel Caballero Translation: Holic know Chong Yu 404 security lab Today we know from Internet Explorer since the birth there has been function. This feature allows the Web Developer instance of the external object, and therefore be the attacker to...
RoundCube Webmail mail <1.0.5 body stored XSS(CVE-2015-1433)
RoundCube Webmail is a foreign use of a wide an open source php e-mail system, the meaning is still quite large. roundcube webmail official website: , download the latest version. /program/lib/Roundcube/rcubewashtml.php this file is actually a rich text filter class class rcubewashtml it. roundcu...
Schneider Electric Magelis HMI Advanced Panel denial of service vulnerability (PanelShock)
IMPROPER IMPLEMENTATION OF HTTP GET REQUEST CVE-2016-8367 / SVE-82003201 The timeout value for closing an HTTP client's requests in the Web Gate service is too long and allows a malicious attacker to open multiple connections to the targeted web server and keep them open for as long as possible b...
phpwind V9.0 /windid/admin.php 验证码绕过漏洞
No description provided by source...
用友致远A6协同系统messageViewer.jsp三处SQL注入漏洞
No description provided by source...
多款Adobe产品整数溢出漏洞CVE-2014-0569
漏洞类型:整数溢出漏洞 影响组件介绍:Adobe Flash Player、Adobe AIR SDK和Adobe AIR SDK & Compiler都是美国奥多比(Adobe)公司的产品。Adobe Flash Player是一款多媒体播放器产品;Adobe AIR SDK和Adobe AIR SDK & Compiler都是适用于Adobe AIR(一个跨操作系统的运行时环境)的标准开发工具包。 漏洞分析: 原因: action script...
FE协作办公平台 /servlet/ChangeBGServlet 任意文件上传漏洞
漏洞文件:/servlet/ChangeBGServlet漏洞参数:skinName影响版本:FE5.5.2及以下版本代码片段: public void doGetHttpServletRequest request, HttpServletResponse response throws ServletException, IOException String savePath = getServletConfig.getServletContext.getRealPath""; String themeDir =...
网康VPN设备6.3.1越权访问
网康vpn设备虽然设置了授权访问,但是大部分页面可以越权绕过访问。1,https://xx.xx.xx.x/vpnweb/bulletin.php?para=admin/index.php绕过认证直接访问后台认证,使用burp抓包,得到url地址!网康vpn设备设计缺陷,可以远程直接重启。直接访问vpn设备的地址https://xxx.xx.xx.xx//admin/devicestatus.php点击重启,直接可以重启设备!影响的型号为6.3.1版本...
致远软件某网站漏洞合集
简要描述: 致远软件某网站漏洞合集,能不能给20rank 详细说明: 致远软件自助服务网站 问题如下: SQL注入 问吧管理员弱口令 任意文件上传 漏洞证明: SQL注入证明------------开始 注入点为 http://support.seeyon.com/ask/base/QuestionHandler.ashx?callback=jsonp1428044230217&mode=list&title=ceshi 注入类型 获取数据库列表 SQL注入证明------------结束 问吧管理员弱口令证明------------开始 后台地址...
某在线培训系统通用SQL注入漏洞
简要描述: 捡漏不易 详细说明: 捡漏一处: 该系统主要针对网上学习的。数据库里面包含有很多老师、学生的个人信息。 漏洞类型:SQL注入 危害度:高危 漏洞位置:WebOrg/UserRegist.aspx 参数:USERNAME 厂商:上海天柏信息科技有限公司 厂商网站:http://www.timber2005.com/ 漏洞证明: 关键字:inurl:webOrg 可自由构造 部分案例: http://webcourse.vixue.net/WebOrg/UserRegist.aspx http://www.gxkjks.com/WebOrg/UserRegist.aspx...
ESPCMS 6.2 /interface/order.php SQL注入漏洞
No description provided by source...
Wordpress wpDataTables Plugin 1.5.3 /wpdatatables.php SQL注入漏洞
wpdatatables.php // AJAX-handlers addaction 'wpajaxgetwdtable', 'wdtgetajaxdata' ; addaction 'wpajaxnoprivgetwdtable', 'wdtgetajaxdata' ; / Handler which returns the AJAX response / function wdtgetajaxdata $id = $GET'tableid'; $tabledata = wdtgettablebyid $id ; $columndata = wdtgetcolumnsbytablei...
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3)
No description provided by source. / $Id: raptorprctl.c,v 1.1 2006/07/13 14:21:43 raptor Exp $ raptorprctl.c - Linux 2.6.x suiddumpable vulnerability Copyright c 2006 Marco Ivaldi [email protected] The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16...
Washington University wu-ftpd 2.5 .0 message Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/726/info There is a buffer overflow in wu-ftpd message file expansions which may be remotely exploitable. In situations where the message file can be written to in some way remotely by regular or anonymous users, this may...
HP Data Protector 6.20 EXEC_CMD Buffer Overflow Vulnerability
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ HP Data Protector EXECCMD Buffer Overflow Vulnerability 1. Advisory Information Title: HP Data Protector EXECCMD Buffer Overflow...
Webkit Normalize Bug - Android 2.2
No description provided by source. !-- CVE-2010-1759 webkit normalize bug Tested on Moto Droidx2 running 2.2. Droidx2 running 2.3 is vulnerable but exploit fails due to non-executable heap. Still working on a way around that : 2.1 - 2.3 emulator. The changes needed are documented in the code. The...
WonderWare SuiteLink 2.0 - Remote Denial of Service Exploit (meta)
No description provided by source. $Id: suitlink.rb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
PHP/FI 1.0/FI 2.0/FI 2.0 b10 mylog/mlog Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/713/info The PHP/FI package which was originally written by Rasmus Lerdorf is an is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features...
Spring Framework arbitrary code execution
No description provided by source. CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be...
Open&Compact FTP Server 1.2 (Gabriel's FTP Server) - Auth Bypass & Directory Traversal SAM Retrieval Exploit
No description provided by source. !/usr/bin/python Exploit Title: Open&Compact Ftp Server = 1.2 Auth bypass & directory traversal sam retrieval Date: Aug 7, 2013 By Wireghoul - http://www.justanotherhacker.com Based on Serge Gorbunov's auth bypass http://www.exploit-db.com/exploits/13932/ Softwa...
Manhali 1.8 - Local File Inclusion Vulnerability
No description provided by source. Exploit Title: Manhali v1.8 Local File Inclusion Vulnerability Date: 20/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.manhali.com/ Software Link:...
MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
php blue dragon cms 3.0.0 - Remote File Inclusion Vulnerability
No description provided by source. // Exploit Name: Php Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability //Script Homepage: http://phpbluedragon.pl/ // Autor: Kacper [email protected] // Autor Homepage: devilteam.eu | kacper.bblog.pl //Pozdrawiam wszystkich ludzi z DEVIL TEAM, Zaprasza...
Joomla Media Manager File Upload Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Konqueror 4.7.3 Memory Corruption
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20121010 Date: 10th October 2012 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: Konqueror 4.7.3...
Linux Kernel 'handle_rx()'函数拒绝服务漏洞
Bugtraq ID:66678 CVE ID:CVE-2014-0077 Linux Kernel是Linux操作系统的内核。 Linux kernel在handlerx函数处理较大数据包时存在拒绝服务漏洞,攻击者可利用此漏洞使受影响应用崩溃。 0 Linux kernel 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.kernel.org/...
KVM "complete_emulated_mmio()"内存破坏漏洞
CVE ID:CVE-2014-0049 Linux Kernel是一款开源的操作系统。 由于处理重复模拟推送时"completeemulatedmmio"方法中的错误,可导致内存破坏。 0 KVM Kernel-based Virtual Machine 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b...
songcms 3.16 /global.php SQL注入漏洞
No description provided by source...
Linux Kernel 'sctp_v6_xmit()'函数信息泄露漏洞(CVE-2013-4350)
BUGTRAQ ID: 62405 CVECAN ID: CVE-2013-4350 Linux Kernel是Linux操作系统的内核。 Linux kernel在sctpv6xmit中存在ipv6加密bug,攻击者可利用此漏洞泄露敏感信息。 0 Linux kernel 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
WordPress 3.5.1 crypt_private()远程拒绝服务漏洞(CVE-2013-2173)
No description provided by source...
Ecshop 2.7.3 user.php Sql注入
No description provided by source...
phpMyAdmin 3.5.x HTML注入漏洞
Bugtraq ID:55925 CVE ID:CVE-2012-5339 phpMyAdmin是一款基于PHP的MySQL管理程序。 phpMyAdmin Trigger, Procedure和Event页面不正确转义HTML输出,使用特殊名创建/修改trigger, event或procedure时,可触发跨站脚本攻击,可获得敏感信息或劫持用户会话。 0 phpMyAdmin 3.5.x 厂商解决方案 phpMyAdmin 3.5.3已经修复此漏洞,建议用户下载使用: http://www.phpmyadmin.net/...
Apache Hadoop信息泄露漏洞
BUGTRAQ ID: 54358 CVE ID: CVE-2012-3376 Hadoop是Apache软件基金会所研发的开放源码并行运算编程工具和分散式档案系统。 Apache Hadoop 2.0.0-alpha在实现上存在信息泄露漏洞,成功利用后可允许攻击者获取敏感信息。 0 Apache Group Hadoop 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/...
Microsoft Windows TrueType字体引擎远程代码执行漏洞(CVE-2012-0159)(MS12-034)
BUGTRAQ ID: 53335 CVE ID: CVE-2012-0159 Microsoft Windows是流行的计算机操作系统。 受影响的组件处理特制 TrueType 字体文件的方式中存在一个远程执行代码漏洞。如果用户打开特制的 TrueType 字体文件,该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 0 Microsoft Windows XP Professional x64 Edition SP Microsoft Windows Windows XP...
Microsoft Windows本地键盘布局处理权限提升漏洞(CVE-2012-0181)(MS12-034)
BUGTRAQ ID: 53326 CVE ID: CVE-2012-0181 Microsoft Windows是流行的计算机操作系统。 Windows内核模式驱动程序管理键盘布局文件的方式中存在一个特权提升漏洞。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。攻击者随后可安装程序;查看、更改或删除数据;或者创建拥有完全管理权限的新帐户。 0 Microsoft Windows Windows XP Service Pack 3 0 Microsoft Windows Windows XP Professional x64 Ed Microsoft Windows Windows ...
MySQL 5.5.20不明细节远程代码执行漏洞
BUGTRAQ ID: 52154 MySQL是一个小型关系型数据库管理系统,开发者为瑞典MySQLAB公司,在2008年1月16号被Sun公司收购。 MySQL在实现上存在远程代码执行漏洞,攻击者可利用此漏洞执行任意代码。 0 Oracle MySQL 5.5.20 厂商补丁: Oracle ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.oracle.com/technetwork/topics/security/...
PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability
No description provided by source. ?php // Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian // Affected Versions: 5.3.3-5.3.6 echo "+ CVE-2011-1938"; echo "+ there we go...\n"; define'EVILSPACEADDR', "\xff\xff\xee\xb3"; define'EVILSPACESIZE', 102410248; $SHELLCODE =...
PHP "substr_replace()"释放后重用远程内存破坏漏洞
BUGTRAQ ID: 46843 CVE ID: CVE-2011-1148 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的"substrreplace"函数在实现上存在释放后重用远程内存破坏漏洞,远程攻击者可利用此漏洞在网络服务器中执行任意代码,造成拒绝服务。 此漏洞源于在将同一个变量多次发送到"substrreplace"函数时,PHP会使该函数中的三个变量使用同一个指针,所以当函数中的类型转换更改了该指针,该指针也会使其他变量无效。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁: PHP ---...
Microsoft Office HtmlDlgHelper Class Memory Corruption
No description provided by source. Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com Microsoft Office HtmlDlgHelper class memory corruption 1. Advisory Information Title: Microsoft Office HtmlDlgHelper class memory corruption Advisory Id: CORE-2010-0517 Advisory URL:...