56796 matches found
John Donoghue Knapster 0.9/1.3.8 File Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1186/info Various open source clones of the Napster software package have a vulnerability by which users may view files on a machine running a vulnerable Napster clone client. The file access is limited to files accessibl...
Spaceacre Multiple SQL Injection Vulnerability
No description provided by source. Spaceacre Multiple SQL Injection Vulnerability by Wiro Sablenk aka Gendenk vendor :http://www.spaceacre.com/ dork: Designed by Spaceacre poc: http://target/cat1.php?catID=SQL http://target/cat2.php?catID=SQL http://target/cat3.php?catID=SQL...
Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20121017-2 ======================================================================= title: Multiple vulnerabilities in Oracle WebCenter Sites product: Oracle WebCenter Sites former FatWire Content Server vulnerable...
Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
No description provided by source. !-- Full Exploit Code: http://www.exploit-db.com/sploits/18531.zip PoC exploit for CVE-2011-2371 tested against Firefox 4.0.1 md5 of mozjs.dll: 5d7ffcc9deb5bb08417ceae51d2afed4 change constants to switch between w7/xp. see my blog if you want to know how this...
Ruby <= 1.9.1 WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37710/info Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal...
Grep < 2.11 Integer Overflow Crash PoC
No description provided by source. Grep 2.11 is vulnerable to int overflow exploitation. http://lists.gnu.org/archive/html/bug-grep/2012-03/msg00007.html Although it is patched in the recent Grep, This update has not been pushed to the Ubuntu repos, or the Redhat repos, leaving 99% of those OS'sa...
Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1835/info Due to weak permission settings for the registry key that handles the Microsoft Installer Service MSIEXEC, it is possible for a local user on Windows NT to escalate their privilege level. The file extension...
QNAP Turbo NAS 3.6.1 Build 0302T Multiple Vulnerabilities
No description provided by source. Sense of Security - Security Advisory - SOS-12-006 Release Date. 13-Jun-2012 Last Update. - Vendor Notification Date. 12-Mar-2012 Product. QNAP Platform. Turbo NAS verified and possibly others Affected versions. Firmware Version: 3.6.1 Build 0302T and prior...
CMS Made Simple <= 1.6.2 - Local File Disclosure Vulnerability
No description provided by source. CMS Made Simple = 1.6.2 Class: LFI Reported: 29/07/2009 Public release: 10/08/2009 Remote: Yes DORK: This site is powered by CMS Made Simple version 1. Site: http://www.cmsmadesimple.org/ Download:...
Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities 1. Advisory Information Title: Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities Advisory...
Wordpress HTML5 AV Manager Plugin 0.2.7 - Arbitrary File Upload
No description provided by source. Description : Wordpress Plugins - HTML5 AV Manager for WordPress Shell Upload Vulnerability Version : 0.2.7 Link : http://wordpress.org/extend/plugins/html5avmanager/ Plugins : http://downloads.wordpress.org/plugin/html5avmanager.0.2.7.zip Date : 26-05-2012 Goog...
Coppermine Photo Gallery <= 1.4.20 (IMG) Privilege Escalation Exploit
No description provided by source. !/usr/bin/perl inphex - inphex0 at gmail dot com based on http://milw0rm.com/exploits/8114 - found by StAkeR In case this does not work check out posLine 80 and find another value for it use IO::Socket; use LWP::UserAgent; use LWP::Simple; use HTTP::Cookies; $1 ...
DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056)
No description provided by source. Introduction: The Microsoft DirectShow application programming interface API is a media-streaming architecture for Microsoft Windows. Using DirectShow, your applications can perform high-quality video and audio playback or capture. Overview: DirectShow in...
Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit
No description provided by source. / cve-2009-3002.c Linux Kernel 2.6.31-rc7 AFIRDA getsockname 29-Byte Stack Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3002 The Linux kernel before 2.6.31-rc7 does not...
Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'msf/core/post/common' require 'msf/core/post/windows/priv' require...
XMB <= 1.9.6 Final basename() Remote Command Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo XMB = 1.9.6 Final basename 'langfilenew' arbitrary local inclusion / remote commands xctn\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n; echo dork: \Powered by XMB\n\n; / works...
frontaccounting 1.12 build 31 - Remote File Inclusion Vulnerability
0x01漏洞简介 FrontAccounting 1.12 Build 31的config.php中存在PHP远程文件包含漏洞。远程攻击者可以借助pathtoroot参数中的一个URL,执行任意PHP代码。 0x02漏洞分析 漏洞代码位于config.php文件中,如下所示: includeonce$pathtoroot . "/configdb.php"; includeonce$pathtoroot . "/includes/lang/language.php"; 参数$pathtoroot没有进行正确的处理,导致了文件包含漏洞的产生。 0x03漏洞利用...
Linux Kernel - Sendpage Local Privilege Escalation
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...
Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/7116/info The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function RtlDosPathNameToNtPathNameU and may be exploited through other...
UBBCentral 6.0 UBB.threads Printthread.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13253/info It is reported that UBB.threads is prone to an SQL injection vulnerability. The SQL injection vulnerability is reported to affect the 'printthread.php' script. UBB.threads 6.0 is reported prone to this issue. I...
Debian Linux 2.1 apcd Symlink Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/958/info A vulnerability exists in the apcd package, as shipped in Debian GNU/Linux 2.1. By sending the apcd process a SIGUSR1, a file will be created in /tmp called upsstat. This file contains information about the statu...
Dejcom Market CMS (showbrand.aspx) SQL Injection
No description provided by source. Exploit Title: Dejcom Market Cms SQL injection Date: 01/12/2010 Author: Mormoroth Dork : Powered By Dejcom Market CMS Version: ALL Version Exploit: %27 or 1=select top 1 tablename from informationschema.tables where tablename not...
DMXReady Contact Us Manager <= 1.1 - Remote Contents Change Vuln
No description provided by source. Title : DMXReady Contact Us Manager = 1.1 Remote Contents Change Vulnerability Author : ajann from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 49.97 $ Dork : inurl:inccontactusmanager.asp DorkEx :...
Dexter (CasinoLoader) Panel - SQL Injection
No description provided by source. Exploit Title: Dexter CasinoLoader Panel SQLi Date: Feb, 13, 2014 Exploit Author: Brian Wallace @botnethunter Version: CasinoLoader Tested on: Windows 7, Ubuntu, Debian import pycurl import urllib import cStringIO import base64 import argparse import sys import...
Mozilla Firefox CSS - font-face Remote Code Execution Vulnerability
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moabu-15-mozilla-firefox-css-font-face-remote-code-execution-vulnerability/...
Android Zygote - Socket Vulnerability Fork bomb Attack
No description provided by source. BootReceiver.java / Android Application that performs the fork bomb attack http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3918 Further informations can be found at http://www.ai-lab.it/bugAndroid/bugAndroid.html @author Luca Verderame...
Discuz某默认插件存在本地文件包含漏洞(需后台配置权限可拿shell)
简要描述: 18号更新了程序 所以我们首当其冲的先来检测检测 详细说明: 看见木有有个微信登陆功能 漏洞也出现在这里 无截断 所以不鸡肋 接下来看代码 文件在source\plugin\wechat\wechat.class.php static public function redirect$type global $G; $hook = unserialize$G'setting''wechatredirect'; if !$hook || !inarray$hook'plugin', $G'setting''plugins''available' return;...
KesionCMS V9.5一处鸡肋的xss可打前台用户后台管理(两个猥琐的思路让鸡肋不再鸡肋)#2
简要描述: 呵呵 详细说明: 听说通用型有奖金,所以我就来了!! 还是上次的测试站点 首先如果你是站长这个xss利用更加不鸡肋了!! 申请友情链接 假入你是个站长,请按照他要求填写信息,由于我是测试所以就乱填了!! IE登陆后台看看 会在非常显眼的地方提示你有待审核的友情链接 假如我们审核通过了(ps:前几天我测试的时候插入代码alert/3/,当时我猥琐的想到应该是只过滤一次,前台在修改一下链接就OK了,然后我就继续测试,果真是只过滤一次) 假如链接通过了 这时我们在前台在修改下自己的友情链接 提交成功后返回前台弹窗(打前台会员!!) IE下后台查看友情链接 弹窗,证明可以盲打后台管理...
方维O2O城市生活服务平台后门任意文件上传漏洞(官网演示getshell)
简要描述: 用户好像不太多,但基本都有这个后门文件 详细说明: 后门文件路径 /esfile.php 官网介绍 http://www.fanwe.com/o2o 前台演示地址:http://o2o.fanwe.net/ 会员账号:fanwe 密码:fanwe http://o2o.fanwe.net/index.php?ctl=uccenter 分享处上传图片马 F12去掉尺寸,得到图片马地址 http://o2o.fanwe.net/public/comment/201404/17/10/1acafed8eeffa043489a4321b877e36690.jpg Getshell...
Linux kernel skb_segment函数释放后使用漏洞
CVE ID:CVE-2014-0131 Linux kernel是一款开源的操作系统。 Linux kernel skbsegment函数net/core/skbuff.c存在释放后使用漏洞,允许攻击者利用漏洞获取内核内存敏感信息。 0 Linux kernel 3.13.6 用户可参考厂商的GIT库以获得补丁修复此漏洞: https://github.com/torvalds/linux/commit/1fd819ecb90cc9b822cd84d3056ddba315d3340f...
Microsoft Windows Security Account Manager Remote协议安全限制绕过漏洞
BUGTRAQ ID: 66012 CVECAN ID: CVE-2014-0317 Windows是一款由美国微软公司开发的窗口化操作系统。 Security Account Manager Remote SAMR协议没有正确验证用户锁定状态,在实现上存在安全功能绕过漏洞。 0 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 厂商补丁: Microsoft ---------...
MediaWiki 'theloadFromSession'函数信息泄露漏洞
BUGTRAQ ID:65883 CVE ID:CVE-2014-2243 MediaWiki是一款Wiki程序。 MediaWiki的includes/User.php脚本'theloadFromSession'函数存在安全漏洞。远程攻击者可通过实施暴力破解攻击利用该漏洞获取会话令牌的访问权限。 0 MediaWiki Mediawiki 2.0.18 MediaWiki Mediawiki = 1.19.11 MediaWiki Mediawiki 1.20.x MediaWiki Mediawiki 1.21.x1.21.6 MediaWiki Mediawiki...
IBM Rational Focal Point未明多个安全漏洞
CVE ID:CVE-2014-0839、CVE-2014-0840、CVE-2014-0842、CVE-2014-0843、CVE-2014-0853 IBM Rational Focal Point是IBM Rational基于Web的产品管理系统,内置了面向客户和市场的产品管理流程,提供产品管理过程中的工作流自动化、信息相关性分析、信息统计分析以及信息的优先级分析功能。 IBM Rational Focal Point存在多个安全漏洞: 1,不正确过滤部分用户输入,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。...
Microsoft Internet Explorer远程权限提升漏洞(CVE-2014-0268)(MS14-010)
BUGTRAQ ID: 65392 CVECAN ID: CVE-2014-0268 Internet Explorer是微软公司推出的一款网页浏览器。 Internet Explorer在验证本地文件安装时及安全创建注册表项时,存在权限提升漏洞。 0 Microsoft Internet Explorer 6-11 临时解决方法: 设置互联网和内联网安全区域设置为“高” 配置IE在运行活动脚本之前提示或直接禁用。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS14-010)以及相应补丁: MS14-010:Cumulative...
Schneider Electric Telvent SAGE 3030 RTU远程拒绝服务漏洞
BUGTRAQ ID: 65262 CVECAN ID: CVE-2013-6143 Telvent SAGE 3030 RTU是工业数据通信设备。 Telvent SAGE 3030 RTU C3413-500-001D3P4、C3413-500-001F0PB处理某些输入时,DNP3服务存在错误,可导致崩溃,造成拒绝服务。 0 Schneider Electric Telvent SAGE 3030 RTU C3413-500-001F0PB Schneider Electric Telvent SAGE 3030 RTU C3413-500-001D3P4 厂商补丁:...
部分万户EIP v3.0 未授权访问导致任意上传和路径泄露
简要描述: 万户EIP v3.0 任意上传和路径泄露 详细说明: 今天在对时代传媒集团渗透的过程中发现的这个问题,并通过google发现是通用型的 时代传媒http://www.chinatmg.com 首先是用工具跑出了源码http://www.chinatmg.com/chinatmg.rar 艹,居然近400mb,面对渣渣的网速我想还是算了,把资源留给迅雷云播同志,管理员显然安全意识不足,不如找找有没有其他的收获 然后首先发现几个目录的遍历: http://www.chinatmg.com/whirsystem/module/...
laoy8 2.5 /Editor/asp/config.asp 代码执行漏洞
No description provided by source...
Microsoft Windows Service Control Manager 本地权限提升漏洞(CVE-2013-3862)(MS13-077)
BUGTRAQ ID: 62182 CVECAN ID: CVE-2013-3862 Windows是一款由美国微软公司开发的窗口化操作系统 Windows 服务控制管理器 SCM 处理内存中对象的方式中存在一个特权提升漏洞。此漏洞源于处理注册表内的服务描述时,服务控制管理器 services.exe 存在重复释放错误。成功利用此漏洞的攻击者可执行任意代码,并可完全控制受影响的系统 0 Microsoft Windows Server 2008 Microsoft Windows 7 厂商补丁: Microsoft ---------...
Django is_safe_url() 跨站脚本 和 URLField 脚本插入漏洞
CVECAN ID: CVE-2013-4249 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.4、1.5没有正确过滤django.contrib.admin的URLField字段、django.utils.http.issafeurl函数utils/http.py 的URL重定向相关输入没有被正确过滤,可被利用插入任意HTML和脚本代码,导致这些恶意代码被查看时,会在受影响站点上下文的浏览器会话中执行。 0 Django 1.4.x 厂商补丁: Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Apache OpenOffice 文档内存破坏漏洞(CVE-2013-2189)
BUGTRAQ ID: 61465 CVECAN ID: CVE-2013-2189 Apache OpenOffice是开源办公软件套装。 OpenOffice 3.4.0、3.4.1处理畸形DOC文件内的PLCF数据会造成内存破坏,导致拒绝服务。 0 OpenOffice 3.4.0 - 3.4.1 厂商补丁: OpenOffice ---------- OpenOffice已经为此发布了一个安全公告(CVE-2013-2189)以及相应补丁: CVE-2013-2189:CVE-2013-2189...
MongoDB权限提升漏洞(CVE-2013-4650)
CVE ID: CVE-2013-4650 MongoDB是一个高性能,开源,无模式的文档型数据库,是当前NoSql数据库中比较热门的一种 MongoDB处理权限检查存在一个安全漏洞,允许借助任意数据库中的system用户名来获得内部系统权限 0 MongoDB 2.4.0-2.4.4 MongoDB 2.5.0 厂商解决方案 MongoDB 2.4.5或2.5.1已经修复此漏洞,建议用户下载更新: http://www.mongodb.org...
DotNetNuke /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 文件上传漏洞
No description provided by source...
Apache XML Security签名伪造漏洞
CVE ID:CVE-2013-2172 Apache XML Security是一个XML安全标准下的数字签名实现 XML签名包含一个"CanonicalizationMethod"参数用于指定应用于签名的SignedInfo部分所需的规范化算法canonicalization algorithm。而实际是XML签名的Apache Santuario XML Security for Java实现允许把任意算法指定给此参数,可被利用对XML签名进行伪造攻击 0 Apache XML Security Java 1.5.x Apache XML Security Java 1.4.x...
WPS Office 'Wpsio.dll'栈缓冲区溢出漏洞
BUGTRAQ ID: 59529 CVECAN ID: CVE-2012-4886 WPS Office 是金山软件公司的一套办公软件。 WPS Office 2012 及其他版本中,Wpsio.dll模块存在栈缓冲区溢出漏洞,该漏洞源于文件内的某BSTR类型的字符串被复制到栈缓冲区时没有检查长度。攻击者可利用此漏洞造成受影响软件崩溃,可能执行任意代码。 0 Kingsoft Corp WPS Office 厂商补丁: Kingsoft Corp ------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: www.wps....
Microsoft Internet Explorer 不明细节远程代码执行漏洞(CVE-2013-2551)
No description provided by source...
IBM InfoSphere Information Server Suite权限提升漏洞
CVE ID: CVE-2012-0701 IBM InfoSphere Information Server是一款数据集成软件平台,可以帮助企业从分散在系统中的复杂的异类信息中获得更多价值。 由于依赖客户端控制,允许攻击者利用漏洞在IBM Information Server数据存储管理客户端DataStage Administrator client系统上提升权限。 0 IBM InfoSphere Information Server 8.1 IBM InfoSphere Information Server 8.5 IBM InfoSphere Information Serve...
WordPress插件W3 Total 缓存数据信息泄露漏洞
No description provided by source. !/bin/bash C Copyright 2012 Jason A. Donenfeld [email protected]. All Rights Reserved. |---------------| | W3 Total Fail | | by zx2c4 | |---------------| For more info, see built-in help text. Most up to date version is available at:...
Wireshark iSCSI解析器无限循环漏洞
CVECAN ID: CVE-2012-6060 Wireshark(前称Ethereal)是一款非常流行的开源网络流量分析软件。 Wireshark 1.6.0-1.6.11、1.8.0-1.8.3在iSCSI解析器的实现上存在安全漏洞,通过诱使受害者读取恶意报文,导致消耗大量CPU资源,iSCSI解析器进入无限循环。 0 Wireshark 1.x 厂商补丁: Wireshark --------- Wireshark已经为此发布了一个安全公告(wnpa-sec-2012-36)以及相应补丁: wnpa-sec-2012-36:Wireshark iSCSI dissector...
Apache Axis2 XML signature-wrapping安全漏洞
Apache Axis2是Apache web services/SOAP/WDSL引擎,它是Apache SOAP项目的延续。 Apache Axis2受XML Signature Wrapping XSW攻击影响,允许攻击者利用漏洞绕过对签名请求的验证,对应用进行进一步攻击。 0 Apache Axis2 厂商解决方案 目前没有详细解决方案提供: http://ws.apache.org/axis/...
Linux Kernel 'madvise_remove()'函数本地拒绝服务漏洞
BUGTRAQ ID: 55151 CVE ID: CVE-2012-3511 Linux Kernel其基础为linux平台,linux为C语言编写的内核,基于此内核又衍生出了具体的Red hat linux 、open suse linux等具体的操作系统,一套基于Linux内核的完整操作系统叫作Linux操作系统,或是GNU/Linux。 Linux Kernel在 "madviseremove" 函数的实现上存在释放后重用漏洞,可被恶意本地用户利用造成引用已经释放的内存。 0 Linux kernel 3.4.x Linux kernel 3.2.x Linux kernel...