56796 matches found
cacti气象图插件任意文件上传漏洞
No description provided by source...
双杨OA /ispirit/go.php 文件 LOGIN_UID 参数SQL注入漏洞
No description provided by source...
金蝶OA办公系统 /kingdee/custom/ 目录4处 SQL注入漏洞
No description provided by source...
74CMS 个人版V3.3(<=2013111)后台任意文件删除漏洞
No description provided by source...
Emerson Liebert IntelliSlot Web Card 弱口令
参考链接: http://www.emersonnetworkpower.com/documentation/en-us/products/monitoring/documents/sl-52615.pdf...
SDCMS大量网站存在弱口令#Getshell方法
简要描述: RT 详细说明: SDCMS大量网站存在弱口令 默认后台 admin/login.asp 弱口令 admin admin、admin admin888、sdcms sdcms、admin 123456 随便找了个政府站 http://www.qhxjcy.gov.cn/admin/ sdcms sdcms 进后台选择--界面 接着 模板管理----管理模板 选择 sdcmsindex.asp 并插入asp一句话 访问http://www.qhxjcy.gov.cn/index.asp img...
discuz 7.2 网站路径泄露漏洞
No description provided by source...
kindeditor<=4.1.5文件上传漏洞
漏洞描述漏洞存在于kindeditor编辑器里,你能上传.txt和.html文件,支持php/asp/jsp/asp.net漏洞存在于小于等于kindeditor4.1.5编辑器中关键字: allinurl:/examples/uploadbutton.html allinurl:/php/uploadjson.php / .asp /...
FE协作办公平台 /servlet/ChangeBGServlet 任意文件上传漏洞
漏洞文件:/servlet/ChangeBGServlet漏洞参数:skinName影响版本:FE5.5.2及以下版本代码片段: public void doGetHttpServletRequest request, HttpServletResponse response throws ServletException, IOException String savePath = getServletConfig.getServletContext.getRealPath""; String themeDir =...
JEECMS一处通用越权第四弹(可删除订单取消订单)
简要描述: 111 详细说明: ID1和ID2各自去买一个自己喜欢的东西,就是没有TT,真可惜啊-。- 我们修改一下ID,然后把自己吓一跳吧,。。 我们这些做测试的简直可以上星光大道了,引用刘谦那句话,接下来就是见证奇迹的时候了 白帽子都是魔术师-。- test7取消订单,然后会增加一个删除按钮,然后删除抓包改ID,发包,删除成功 漏洞证明: ID1和ID2各自去买一个自己喜欢的东西,就是没有TT,真可惜啊-。- 我们修改一下ID,然后把自己吓一跳吧,。。 我们这些做测试的简直可以上星光大道了,引用刘谦那句话,接下来就是见证奇迹的时候了 白帽子都是魔术师-。-...
53kf大量Memcached未授权访问
简要描述: 53kf大量memcached 未授权访问,泄露敏感信息 详细说明: 100多个地址,大量未授权访问,泄露敏感信息 漏洞证明: passport.53kf.com vip.53kf.com blog.53kf.com cx.53kf.com s.53kf.com v6.53kf.com zz.53kf.com 1.53kf.com 8.53kf.com t7.53kf.com t6.53kf.com t3.53kf.com t2.53kf.com t5.53kf.com t4.53kf.com t9.53kf.com t8.53kf.com t1.53kf.com...
某学校综合管理平台另一处Getshell漏洞
简要描述: 某学校综合管理平台另一处Getshell漏洞 详细说明: 系统名称:学校综合管理平台 厂商:上海安脉计算机科技有限公司 关键字:版权所有:上海安脉计算机科技有限公司 系统架构:ASPX+MSSQL ASP+MSSQL 漏洞成因:编辑器不规范使用(弱口令+数据库可下载) 漏洞证明: 枚举部分案例: http://anmai.net:81/PrepManage/Editor/adminlogin.asp http://jwxx.am.jsedu.sh.cn/ANMAI/PrepManage/Editor/adminlogin.asp...
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20141106-0 ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080...
ecshop后台暴力破解验证码绕过
简要描述: ecshop后台暴力破解 详细说明: 登陆请求为 username=admin&password=admin888&captcha=1111&act=signin 请求的时候去掉cookie中的ECSCPID=参数 服务端就会不验证验证码直接验证账号的密码是否正确。 使用burp进行暴力破解测试。 漏洞证明:...
pageadmin ViewState缺陷导致sql注入
简要描述: 此处省略50万条网站信息 1、.............. 2、.............. .............. 50.、http://www.pageadmin.net 影响页面甚多,还望厂商以及各站长能逐一检查 听说咱们出新功能了 乌云新增刷乌云币功能 连接http://zone.wooyun.org/content/16138 特地来试试好不好使 另外所用到的工具同样在“测试代码”中提供下载地址 详细说明: 具体分析: 1、查找一个动态页面 例如: /e/aspx/dataselect.aspx 参数:...
DouPHP SQL注入一枚
简要描述: 注入 详细说明: 依然是getip的问题, guestbook.php:102行 if $rec == 'insert' / 跨站请求伪造CSRF的防御 / if $firewall-checktoken$POST'token' / html安全过滤器 / $POST = $firewall-doufilter$POST; $ip = $dou-getip; $addtime = time; $vcode = $check-iscaptcha$POST'vcode' ? strtoupper$POST'vcode' : ''; / 检查IP是否频繁留言 /...
vKios <= 2.0.0 (products.php cat) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ vKios = 2.0.0 products.php cat Remote SQL Injection Exploit Waktu : Feb 8 2008 10:00PM Software : vKios Versi : = 2.0.0 Vendor : http://www.vkios.com/...
Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow
Core Security - Corelabs Advisory http://corelabs.coresecurity.com Buffer overflow in Ubiquiti airCam RTSP service 1. Advisory Information Title: Buffer overflow in Ubiquiti airCam RTSP service Advisory ID: CORE-2013-0430 Advisory URL:...
Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to...
Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9351/info A problem has been identified in the handling of remote web requests by the Webcam Watchdog software. Because of this, it may be possible for a remote attacker to gain unauthorized access to a vulnerable system...
WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal
No description provided by source. Exploit Title: WANGKONGBAO CNS-1000 and 1100 Network Security Platform UTM Directory Traversal Date: 7/2/2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.wangkongbao.com/products.html Version: CNS-1000 and 1100 The issue is in the...
ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS, DEP and ASLR Bypass)
No description provided by source. Exploit Title: ASX to MP3 Converter v3.1.2.1 SEH Exploit Multiple OS, DEP and ASLR Bypass Date: July 13, 2010 Author: Node Software Link: http://www.mini-stream.net/downloads/ASXtoMP3Converter.exe Version: Mini-Stream Software ASX to MP3 Converter...
CiviCRM for Joomla 4.2.2 - Remote Code Injection
No description provided by source. Exploit Title: joomla component comcivicrm remode code injection exploit Google Dork:Index of /joomla/administrator/components/comcivicrm/civicrm/packages/OpenFlashChart Date: 20/04/2013 Exploit Author: iskorpitx Vendor Homepage: http://civicrm.org Software Link...
vsftpd FTP Server 2.0.5 - 'deny_file' Option Remote Denial of Service Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/29322/info The 'vsftpd' FTP server is prone to a remote denial-of-service vulnerability because it fails to free allocated memory. Successfully exploiting this issue allows remote attackers to crash the affected...
Fully Modded phpBB <= 2021.4.40 Multiple File Include Vulnerabilities
No description provided by source. Fully Modded phpBB 2 Remote File Include PHPBB Exploit 2 Source Code: http://phpbbfm.net/support/indexfm.php http://kent.dl.sourceforge.net/sourceforge/phpbbfm/FM2021-4-40.tar.gz Vulnerable Code: include'includes/common.php'; $phpbbrootpath = $foingrootpath...
Washington University wu-ftpd 2.5 .0 message Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/726/info There is a buffer overflow in wu-ftpd message file expansions which may be remotely exploitable. In situations where the message file can be written to in some way remotely by regular or anonymous users, this may...
coppermine photo gallery <= 1.4.22 Multiple Vulnerabilities
No description provided by source. Author: girex Site: http://girex.altervista.org/ CMS: Coppermine Photo Gallery = 1.4.22 Coppermine Foto Gallery suffers from different vulnerabilities. There is a Local File Inclusion and a Blind SQL Injection working with registerglobals = On and magicquotesgpc...
lotuscms 3.0.3 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22886 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinlotuscms.html Product: LotusCMS Vendor: Arboroia Network http://www.lotuscms.org/ Vulnerable Version: 3.0.3 and probably prior versions Vendor Notification: 01 March 2011 Vulnerabili...
Windows NT - User Mode to Ring 0 Escalation Vulnerability
No description provided by source. Microsoft Windows NT GP Trap Handler Allows Users to Switch Kernel Stack ------------------------------------------------------------------------- CVE-2010-0232 In order to support BIOS service routines in legacy 16bit applications, the Windows NT Kernel support...
HP Data Protector 6.20 EXEC_CMD Buffer Overflow Vulnerability
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ HP Data Protector EXECCMD Buffer Overflow Vulnerability 1. Advisory Information Title: HP Data Protector EXECCMD Buffer Overflow...
Fake Identd 0.9/1.x Client Query Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5351/info Fake Identd is an open source Ident server designed to return the same information to all incoming requests. It is implemented by Tomi Ollila, and available for Linux and a number of other Unix based operating...
Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition (x64) Local Privilege Escalation
No description provided by source. / CVE-2014-0196: Linux kernel = v3.15-rc4: raw mode PTY local echo race condition Slightly-less-than-POC privilege escalation exploit For kernels = v3.14-rc1 Matthew Daley [email protected] Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread $ ./a.out + Resolving...
TIBCO Spotfire多个产品远程代码执行漏洞
CVE ID:CVE-2014-2544 TIBCO Spotfire是业务数据智能分析软件。 TIBCO Spotfire Server 3.3.3及更早版本、4.5.0、5.0.0、5.0.1、5.5.0、6.0.0、6.0.1、TIBCO Spotfire Professional, Web Player、Automation Services、Deployment Kit 4.0.3及之前版本、4.5.0、4.5.1、5.0.0、5.0.1、5.5.0、6.0.0在实现上存在安全漏洞,可使远程攻击者利用此漏洞执行任意代码。 0 TIBCO Spotfire...
Apache Xalan-Java FEATURE_SECURE_PROCESSIN属性处理安全绕过漏洞
CVE ID:CVE-2014-0107 Apache Xalan-Java是一个使用Java和C++来实现XSLT库的项目。 Apache Xalan-Java处理部分输出属性时存在错误,允许攻击者利用漏洞绕过安全处理特性FEATURESECUREPROCESSING,可访问受限属性或加载任意受限类。 0 Apache Xalan-Java 2.7.0 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: https://issues.apache.org/jira/browse/XALANJ-2435...
Belkin Wemo Home Automation 'peerAddresses' API XML外部实体注入漏洞
BUGTRAQ ID: 65623 CVECAN ID: CVE-2013-6948 Belkin Wemo Home Automation devices 是家电远程控制系列产品。 Belkin Wemo Home Automation API服务器存在XML注入漏洞,通过XML注入可攻击peerAddresses API,从而泄露系统文件的内容。 0 Belkin Wemo Home Automation 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
vTiger CRM SOAP AddEmailAttachment任意文件上传漏洞
BUGTRAQ ID:61558 CVE ID:CVE-2013-3214 vtiger CRM是一套基于Web以销售能力自动化SFA为主的客户关系管理系统CRM 。 vtiger CRM /soap/vtigerolservice.php所定义的AddEmailAttachment SOAP方法不正确过滤通过"filedata"和"filename"参数提交的输入,允许攻击者利用漏洞写/覆盖任意文件,并以WEB权限执行。 0 vtiger vtiger CRM 5.0.0 - 5.4.0 厂商补丁: vtiger ----- 用户可参考如下厂商提供的安全补丁以修复此漏洞:...
TRS身份认证系统任意文件读取漏洞+信息泄露
简要描述: @Finger 说让我提交成通用漏洞·····我就提交了 虽然可能该漏洞不能直接对系统造成危害,但是如果已经获取到内网某台服务器的shell,通过该漏洞读取数据库配置文件,然后连到数据库查看trs或其他用户的密码,危害甚大。 详细说明: trs ids 系统存在任意文件读取和信息泄露漏洞 具体文件路径在admin/debug/目录下,读取文件为fv.jsp,信息泄露为env.jsp等 google http://203.208.46.145/newwindow=1&q=intitle:trs身份&start=60...
Linux Kernel 'sctp_v6_xmit()'函数信息泄露漏洞(CVE-2013-4350)
BUGTRAQ ID: 62405 CVECAN ID: CVE-2013-4350 Linux Kernel是Linux操作系统的内核。 Linux kernel在sctpv6xmit中存在ipv6加密bug,攻击者可利用此漏洞泄露敏感信息。 0 Linux kernel 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
JBoss Enterprise Application Platform安全绕过漏洞
CVE ID:CVE-2012-4550 JBOSS是一个基于J2EE的开放源代码的应用服务器。 当使用基于角色的授权用于Enterprise Java Beans EJB访问时,必须使用JACC权限来判断访问;但是存在一个安全漏洞没有调用配置的授权模块JACC, XACML等,使得JACC权限没有用来判断EJB访问,允许远程攻击者获得对EJB的未授权访问。 0 JBoss Enterprise Application Platform 即JBoss EAP或JBEAP 6.0.1之前版本 厂商解决方案 JBoss Enterprise Application Platform...
Microsoft IE布局释放后重用远程代码执行漏洞(MS12-063)
BUGTRAQ ID: 55646 CVE ID: CVE-2012-2548 Microsoft Internet Explorer是微软公司推出的一款网页浏览器,使用相当广泛。 Microsoft Internet Explorer 9存在释放后重用漏洞,通过可触发访问已删除对象的特制网站,远程攻击者可利用此漏洞执行任意代码。 0 Microsoft Internet Explorer 9.x 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(ms12-063)以及相应补丁: ms12-063:Microsoft Security...
Microsoft Internet Explorer JScript9 远程代码执行漏洞(CVE-2012-0169)(MS12-023)
BUGTRAQ ID: 52902 CVE ID: CVE-2012-0169 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer在访问已经删除的对象时在实现上存在可以破坏内存的远程代码执行漏洞,攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x...
RealVNC 4.1 Authentication Bypass
No description provided by source. $Id: realvnc41bypass.rb 13641 2011-08-26 04:40:21Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...
IBM WebSphere Application Server 7.0.0.13 CSRF Vulnerability
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ IBM WebSphere Application Server Cross-Site Request Forgery 1. Advisory Information Title: IBM WebSphere Application Server Cross-Site...
Discuz! NT 3.1.0 后台拿webshell
简要描述: 通过后台写入执行代码,直接拿到webshell,从而掌握服务器权限。 详细说明: 1、访问http://127.0.0.1/admin/global/globaltemplatesedit.aspx?path=../tools/&filename=rss.aspx&templateid=1&templatename=Default,写入aspx木马。 2、写入aspx木马后,访问http://127.0.0.1/tools/rss.aspx就可以了。 漏洞证明:...
Microsoft Excel堆缓冲区溢出漏洞(MS11-021)
BUGTRAQ ID: 47235 CVE ID: CVE-2011-0098 Microsoft Excel是由Microsoft为Windows和Apple Macintosh操作系统的电脑而编写和运行的一款试算表软件。 Microsoft Excel在实现上存在堆缓冲区溢出漏洞,远程攻击者可利用此漏洞以当前用户权限执行任意代码,造成拒绝服务。 Microsoft Office Excel处理特制Excel文件的方式中存在一个远程执行代码漏洞。成功利用此漏洞的攻击者便可完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户 Microsof...
rsync客户端增量文件列表远程内存破坏漏洞
Bugtraq ID: 47064 rsync是一款文件同步管理软件。 当增量递归启用,--delete启用,关闭--owner时,generator进程接收端存在一个内存破坏漏洞。在这些条件下,一些Generatordeep删除函数会临时增加fileextracnt,此全局变量用于管理filestructs内存中的格式,并在完成后恢复原始值。增量的目录只影响用于执行删除的临时文件列表,但它也能影响调用这些函数过程中接收到的增量文件列表块,不过可能以错误的格式创建。当恢复原始fileextracnt时,存储在每个可应用OPTEXTRA字段中的值会出现在rsync.h中列出的下一个值中。...
Apache Tomcat "@ServletSecurity" 注释安全限制绕过漏洞
CVE ID: CVE-2011-1088 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在实现上存在"@ServletSecurity" 注释安全限制绕过漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 由于应用程序在加载小服务程序时未能正确执行"@ServletSecurity" 注释,可通过绕过注释指定的安全限制并泄露某些信息。 Apache Group Tomcat 7.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Linux Kernel <= 2.6.37 Local Privilege Escalation
No description provided by source. / Linux Kernel = 2.6.37 local privilege escalation by Dan Rosenberg @djrbliss on twitter Usage: gcc full-nelson.c -o full-nelson ./full-nelson This exploit leverages three vulnerabilities to get root, all of which were discovered by Nelson Elhage: CVE-2010-4258...
Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit
No description provided by source. Exploit Title: Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit Date: 14/11/2010 Author: Itzhak Avraham, mj Tested on: Droid 2.1 CVE : CVE-2010-1807 Better exploit better rate and more flexible for changes, also shorter shellcode than what you have...
ShopEx的漏洞.
简要描述: 你懂的 详细说明: 看漏洞证明 漏洞证明: url/shopadmin/index.php?ctl=sfile&act=getDB&p0=../../config/config.php 你懂的...