56796 matches found
D-Link DSL-6850U Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in D-Link DSL-6850U versions BZ1.00.01 – BZ1.00.09. D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities found are: Default Credentials Remote Command Execution Credit An...
libxls xls_getfcell Code Execution Vulnerability(CVE-2017-2919)
Summary An exploitable stack based buffer overflow vulnerability exists in the xlsgetfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested Version...
WebKit: out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint(CVE-2017-13784)
There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. ASan log: ================================================================= ==30436==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000560c48 at pc...
wget HTTP integer overflow(CVE-2017-13089)
That’s an interesting vulnerability in GNU wget. According to the wget project, this was reported by Antti Levomäki, Christian Jalio, Joonas Pihlaja of Forcepoint as well as Juhani Eronen of the Finnish National Cyber Security Centre. The vulnerability is in src/http.c source code file and more...
FreeRDP Rdp Client License Read Challenge Packet Denial of Service Vulnerability(CVE-2017-2839)
Summary An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use ma...
Lexmark LibISYSpdf Image Rendering DCTStream::getBlock() Code Execution Vulnerability(CVE-2017-2822)
Summary An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack....
Google Nexus 9 Cypress SAR Firmware Injection via I2C(CVE-2017-0563)
Product Google Nexus 9 Vulnerable Version Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader 3.50.0.0143. Mitigation Install N4F27B or later bootloader version 3.50.0.0143. Technical Details The Nexus 9 device contains a sensor SoC manufactured by Cypress. The sensor is manag...
Heap Overflow Vulnerability in Citrix NetScaler Gateway (CVE-2017-7219)
After presenting my findings on the Swisscom router at the CybSecConference last year, I started looking for a new product to analyze. I quickly found that it’s possible to download virtual “demo” appliances of Citrix products, so I went on to download a Netscaler VPX, which at the time was at...
Zabbix Proxy Server SQL Database Write Vulnerability (CVE-2017-2825)
Official patch earlier to fix the vulnerabilities: the Zabbix code execution vulnerability DETAILS One of the Trapper requests made by the Zabbix proxy is the ìproxy configî request, which allows a proxy to request its own proxy configuration from the Zabbix Server or any other Zabbix Proxyís...
Microsoft Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0154)
Original link: a Broken Browser Original author: Manuel Caballero Translation: Holic know Chong Yu 404 security lab Today we know from Internet Explorer since the birth there has been function. This feature allows the Web Developer instance of the external object, and therefore be the attacker to...
Schneider Electric Magelis HMI Advanced Panel denial of service vulnerability (PanelShock)
IMPROPER IMPLEMENTATION OF HTTP GET REQUEST CVE-2016-8367 / SVE-82003201 The timeout value for closing an HTTP client's requests in the Web Gate service is too long and allows a malicious attacker to open multiple connections to the targeted web server and keep them open for as long as possible b...
天融信TopApp-AD /acc/network/redial_pppoe.php等多处命令执行漏洞
No description provided by source...
TaoCMS v2.5Beta4 Comment.php 存在储存型xss漏洞(可打后台)
No description provided by source...
用友GRP-U8 系统登陆处参数UserNameText 存在SQL注入
No description provided by source...
正方教务系统 jwggck.aspx 参数fbsj SQL注入漏洞
No description provided by source...
金蝶OA办公系统 /kingdee/custom/ 目录4处 SQL注入漏洞
No description provided by source...
74CMS 个人版V3.3(<=2013111)后台任意文件删除漏洞
No description provided by source...
jeecms前台在/member/o_upload_image.jspx存在文件上传漏洞
No description provided by source...
FE协作办公平台 /servlet/ChangeBGServlet 任意文件上传漏洞
漏洞文件:/servlet/ChangeBGServlet漏洞参数:skinName影响版本:FE5.5.2及以下版本代码片段: public void doGetHttpServletRequest request, HttpServletResponse response throws ServletException, IOException String savePath = getServletConfig.getServletContext.getRealPath""; String themeDir =...
致远软件某网站漏洞合集
简要描述: 致远软件某网站漏洞合集,能不能给20rank 详细说明: 致远软件自助服务网站 问题如下: SQL注入 问吧管理员弱口令 任意文件上传 漏洞证明: SQL注入证明------------开始 注入点为 http://support.seeyon.com/ask/base/QuestionHandler.ashx?callback=jsonp1428044230217&mode=list&title=ceshi 注入类型 获取数据库列表 SQL注入证明------------结束 问吧管理员弱口令证明------------开始 后台地址...
ESPCMS 6.2 /interface/order.php SQL注入漏洞
No description provided by source...
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20141106-0 ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080...
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3)
No description provided by source. / $Id: raptorprctl.c,v 1.1 2006/07/13 14:21:43 raptor Exp $ raptorprctl.c - Linux 2.6.x suiddumpable vulnerability Copyright c 2006 Marco Ivaldi [email protected] The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16...
Washington University wu-ftpd 2.5 .0 message Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/726/info There is a buffer overflow in wu-ftpd message file expansions which may be remotely exploitable. In situations where the message file can be written to in some way remotely by regular or anonymous users, this may...
HP Data Protector 6.20 EXEC_CMD Buffer Overflow Vulnerability
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ HP Data Protector EXECCMD Buffer Overflow Vulnerability 1. Advisory Information Title: HP Data Protector EXECCMD Buffer Overflow...
Webkit Normalize Bug - Android 2.2
No description provided by source. !-- CVE-2010-1759 webkit normalize bug Tested on Moto Droidx2 running 2.2. Droidx2 running 2.3 is vulnerable but exploit fails due to non-executable heap. Still working on a way around that : 2.1 - 2.3 emulator. The changes needed are documented in the code. The...
TechSmith Snagit 10 (Build 788) DLL Hijacking Exploit (dwmapi.dll)
No description provided by source. / TechSmith Snagit 10 Build 788 Dll Hijacking Exploit By: Encrypt3d.M!nd Date: 25\8\2010 Download: http://www.techsmith.com/download/snagittrial.asp Details: Compile the following code and rename it to dwmapi.dl and place file with one of the affected types in t...
Spring Framework arbitrary code execution
No description provided by source. CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be...
Sophos Web Protection Appliance - Multiple Vulnerabilities
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-0809 Advisory URL:...
GNU libc/regcomp(3) Multiple Vulnerabilities
No description provided by source. source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.:...
DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056)
No description provided by source. Introduction: The Microsoft DirectShow application programming interface API is a media-streaming architecture for Microsoft Windows. Using DirectShow, your applications can perform high-quality video and audio playback or capture. Overview: DirectShow in...
IPSwitch IMail Server <= 8.1 - Local Password Decryption Utility
No description provided by source. / IpSwitch IMail Server = ver 8.1 User Password Decryption by Adik netmaniac hotmail KG IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords. It uses polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption sche...
MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
php blue dragon cms 3.0.0 - Remote File Inclusion Vulnerability
No description provided by source. // Exploit Name: Php Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability //Script Homepage: http://phpbluedragon.pl/ // Autor: Kacper [email protected] // Autor Homepage: devilteam.eu | kacper.bblog.pl //Pozdrawiam wszystkich ludzi z DEVIL TEAM, Zaprasza...
Manhali 1.8 - Local File Inclusion Vulnerability
No description provided by source. Exploit Title: Manhali v1.8 Local File Inclusion Vulnerability Date: 20/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.manhali.com/ Software Link:...
Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities
No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2014-001: Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Published: 01/03/2014 Version: 1.0 Vendor: Franklin Fueling Systems http://www.franklinfueling.com/ Product: TS-550 evo device Version affected:...
PHP/FI 1.0/FI 2.0/FI 2.0 b10 mylog/mlog Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/713/info The PHP/FI package which was originally written by Rasmus Lerdorf is an is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features...
Linux Kernel 2.4/2.6 - sock_sendpage() ring0 Root Exploit (Simple Version)
No description provided by source. / 0x82-CVE-2009-2692 Linux kernel 2.4/2.6 32bit socksendpage local ring0 root exploit simple ver Tested RedHat Linux 9.0, Fedora core 411, Whitebox 4, CentOS 4.x. -- Discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team. spender and venglin's...
Linux Kernel 'handle_rx()'函数拒绝服务漏洞
Bugtraq ID:66678 CVE ID:CVE-2014-0077 Linux Kernel是Linux操作系统的内核。 Linux kernel在handlerx函数处理较大数据包时存在拒绝服务漏洞,攻击者可利用此漏洞使受影响应用崩溃。 0 Linux kernel 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.kernel.org/...
大汉相关系统漏洞合集(完结篇)
简要描述: 太折腾了,没精力了,太累了,完结篇了,以后估计不看鸟。而且厂商给的rank……rank不是你的,都算乌云的……不用太吝啬这个东西。 简单提下内容: 基本所有系统都存在的一处越权; JCMS & xxgk 通用的一处任意文件下载; JCMS & xxgk 通用的两处暴力破解接口; 就这么当完结篇了!冲击我的1000rank,然后该稍微歇着了。 详细说明: 基本所有系统大部分版本都还存在的一个越权: % String mainip = Convert.getParameter request,"dbip"; String mainport = Convert.getParamet...
PHP 'ext/gd/gd.c'信息泄漏漏洞
CVE ID:CVE-2014-2020 PHP是一种HTML内嵌式的语言。 PHP 'ext/gd/gd.c'没有检查数据类型,允许远程攻击者使用字符串或数组数据累心过来代替数字数据类型来获取敏感信息,此漏洞不同于CVE-2013-7226。 0 PHP 5.5.x PHP 5.5.9已经修复该漏洞,建议用户下载更新: http://php.net...
(新)程氏舞曲CMS 三步GETSHELL(实例演示+源码详析)
简要描述: SQL绕过双重保险再注射+无需解MD5后台认证绕过(同时绕过了安装时写在config文件里的验证码)+后台GETSHELL 无论从技术难度还是危害讨论,均已到达最高RANK了吧 实例演示的站点为官方主页链接过去的 www.26yy.com GETSHELL由于对服务器文件有影响,只在本机127.0.0.1演示 详细源码分析,漏洞证明截图各见下文相应区域 详细说明: 第一步: 分析: 本CMS使用自定义CSRequest过滤所有GET和POST 比如: $id=CSRequest"id"; function CSRequest$pistrName...
songcms 3.16 /global.php SQL注入漏洞
No description provided by source...
Linux Kernel 'sctp_v6_xmit()'函数信息泄露漏洞(CVE-2013-4350)
BUGTRAQ ID: 62405 CVECAN ID: CVE-2013-4350 Linux Kernel是Linux操作系统的内核。 Linux kernel在sctpv6xmit中存在ipv6加密bug,攻击者可利用此漏洞泄露敏感信息。 0 Linux kernel 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
PHPSHE 1.1 /module/index/product.php SQL注入漏洞
PHPSHE商城系统集合了众多的功能,并提供了简易的操作、实用的功能,快速让用户建立独立个性化的网上商店,为用户提供了一个低成本、高效率的网上商城建设方案。 但在其 v1.1版本中,程序对参数过滤不严,存在sql注入漏洞 module/index/product.php ...82行 case 'list': $categoryid = intval$id; $info = $db-peselect'category', array'categoryid'=$categoryid; //搜索 $sqlwhere = " and productstate = 1";...
Apache Hadoop信息泄露漏洞
BUGTRAQ ID: 54358 CVE ID: CVE-2012-3376 Hadoop是Apache软件基金会所研发的开放源码并行运算编程工具和分散式档案系统。 Apache Hadoop 2.0.0-alpha在实现上存在信息泄露漏洞,成功利用后可允许攻击者获取敏感信息。 0 Apache Group Hadoop 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/...
Microsoft Windows本地键盘布局处理权限提升漏洞(CVE-2012-0181)(MS12-034)
BUGTRAQ ID: 53326 CVE ID: CVE-2012-0181 Microsoft Windows是流行的计算机操作系统。 Windows内核模式驱动程序管理键盘布局文件的方式中存在一个特权提升漏洞。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。攻击者随后可安装程序;查看、更改或删除数据;或者创建拥有完全管理权限的新帐户。 0 Microsoft Windows Windows XP Service Pack 3 0 Microsoft Windows Windows XP Professional x64 Ed Microsoft Windows Windows ...
OpenSSL "asn1_d2i_read_bio()" DER格式数据处理漏洞
BUGTRAQ ID: 53158 CVE ID: CVE-2012-2110 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 OpenSSL在处理DER格式数据时, "asn1d2ireadbio"函数中存在类型转换错误,可被利用造成堆缓冲区溢出,导致执行任意代码。成功利用的平台为64位系统。 0 OpenSSL 1.x OpenSSL 0.x 厂商补丁: OpenSSL Project --------------- OpenSSL Project已经为此发布了一个安全公告(secadv20120419)以及相应补丁:...
Microsoft Internet Explorer JScript9 远程代码执行漏洞(CVE-2012-0169)(MS12-023)
BUGTRAQ ID: 52902 CVE ID: CVE-2012-0169 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer在访问已经删除的对象时在实现上存在可以破坏内存的远程代码执行漏洞,攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x...
PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability
No description provided by source. ?php // Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian // Affected Versions: 5.3.3-5.3.6 echo "+ CVE-2011-1938"; echo "+ there we go...\n"; define'EVILSPACEADDR', "\xff\xff\xee\xb3"; define'EVILSPACESIZE', 102410248; $SHELLCODE =...