56796 matches found
UseBB 1.0.7 install/upgrade-0-3.php PHP_SELF Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in...
Clipbucket 2.5 - Directory Traversal
No description provided by source. Author: loneferret of Offensive Security Product: ClipBucket Version: 2.5 and maybe older versions Vendor Site: http://clip-bucket.com/ Software Download: http://sourceforge.net/projects/clipbucket/ Software description: ClipBucket is an OpenSource Multimedia...
myPHPNuke 1.8.8 Links.php Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6892/info Reportedly, myPHPNuke 'links.php' does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code...
Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
No description provided by source. !-- Full Exploit Code: http://www.exploit-db.com/sploits/18531.zip PoC exploit for CVE-2011-2371 tested against Firefox 4.0.1 md5 of mozjs.dll: 5d7ffcc9deb5bb08417ceae51d2afed4 change constants to switch between w7/xp. see my blog if you want to know how this...
D-Link DSR Router Series - Remote Root Shell Exploit
No description provided by source. !/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N...
Adobe Flash Player Regular Expression Heap Overflow
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def...
Acoustica MP3 Audio Mixer 2.471 Extended M3U directives SEH
No description provided by source. Exploit Title: Acoustica MP3 Audio Mixer 2.471 Extended M3U directives SEH Date: September 8 2010 Author: Carlos Hollmann Software Link: http://www.acoustica.com/downloading.asp?p=1 Version: 2.471 Tested on: Windows xp sp3 running on VMware Fusion 3.1 and...
Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to...
UBBCentral 6.0 UBB.threads Printthread.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13253/info It is reported that UBB.threads is prone to an SQL injection vulnerability. The SQL injection vulnerability is reported to affect the 'printthread.php' script. UBB.threads 6.0 is reported prone to this issue. I...
Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20121017-2 ======================================================================= title: Multiple vulnerabilities in Oracle WebCenter Sites product: Oracle WebCenter Sites former FatWire Content Server vulnerable...
TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...
Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities
No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer International...
Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow PoC
No description provided by source. !/usr/bin/python Exploit Title: Oracle Outside In MDB File Parsing Stack Based Buffer Overflow PoC Date: 16th January 2014 PoC Author: Citadelo Vendor Homepage: http://www.oracle.com Software Link: http://www.oracle.com/us/technologies/embedded/025613.htm Versio...
FOSCAM IP-Cameras Improper Access Restrictions
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MayGion IP Cameras multiple vulnerabilities 1. Advisory Information Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL:...
Debian Linux 2.1 apcd Symlink Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/958/info A vulnerability exists in the apcd package, as shipped in Debian GNU/Linux 2.1. By sending the apcd process a SIGUSR1, a file will be created in /tmp called upsstat. This file contains information about the statu...
Grep < 2.11 Integer Overflow Crash PoC
No description provided by source. Grep 2.11 is vulnerable to int overflow exploitation. http://lists.gnu.org/archive/html/bug-grep/2012-03/msg00007.html Although it is patched in the recent Grep, This update has not been pushed to the Ubuntu repos, or the Redhat repos, leaving 99% of those OS'sa...
Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities 1. Advisory Information Title: Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities Advisory...
DMXReady PayPal Store Manager <= 1.1 Contents Change Vulnerability
No description provided by source. Title : DMXReady PayPal Store Manager = 1.1 Remote Contents Change Vulnerability Author : ajann from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 129.97 $ Dork : inurl:incpaypalstoremanager.asp DorkEx :...
dcam webcam server personal web server 8.2.5 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9273/info It has been reported that the Personal Web Server of DCAM WebCam Server may be prone to a directory traversal vulnerability that may allow a remote attacker to traverse outside the server root directory by using...
某通用校园管理系统权限不严格(默认密码)
简要描述: 可以通过系统内置低权限账号,获取高权限超级管理员密码 详细说明: 在官方演示站http://www.suyaxing.com:81/WS2004/default.asp 以官方公告的口令admin/admin登陆演示站 演示站用户看到Vodadmin 密码为星号,用星号密码查看器看到密码是11。(随后测试了20个站,都是内置这个账号) Vod管理员密码修改后貌似会和官方的Vod视频源冲突所以没有用户敢改。 接下来---------做实验,随机抽个站 实验站:http://www.fjzhyz.cn/ 系统内置低权限账号:Vodadmin 密码11...
Cisco IOS Software IK3v2模块拒绝服务漏洞
CVECAN ID: CVE-2014-2108 Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。 Cisco IOS 12.2、15.0-15.3、IOS XE 3.2-3.7、3.8-3.10版本存在安全漏洞,远程攻击者通过特制的IKEv2数据包,利用此漏洞可造成拒绝服务(内存耗尽)。 0 Cisco IOS 15.x Cisco IOS 12.2 Cisco已经为此发布了一个安全公告(cisco-sa-20140326-ikev2)以及相应补丁:...
Apache Xalan-Java FEATURE_SECURE_PROCESSIN属性处理安全绕过漏洞
CVE ID:CVE-2014-0107 Apache Xalan-Java是一个使用Java和C++来实现XSLT库的项目。 Apache Xalan-Java处理部分输出属性时存在错误,允许攻击者利用漏洞绕过安全处理特性FEATURESECUREPROCESSING,可访问受限属性或加载任意受限类。 0 Apache Xalan-Java 2.7.0 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: https://issues.apache.org/jira/browse/XALANJ-2435...
Oracle VM VirtualBox 'crNetRecvWriteback()'函数内存破坏漏洞
BUGTRAQ ID: 66132 CVECAN ID: CVE-2014-0982 VirtualBox是一种x86的虚拟化产品。 Oracle VM VirtualBox在函数crNetRecvWriteback的实现上存在内存破坏漏洞,攻击者可利用该漏洞在主机操作系统内运行的管理程序上下文内执行任意代码。 0 Oracle VM VirtualBox 4.1 Oracle VM VirtualBox 4.0 Oracle VM VirtualBox 3.2 Oracle VM VirtualBox 3.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Microsoft Windows Security Account Manager Remote协议安全限制绕过漏洞
BUGTRAQ ID: 66012 CVECAN ID: CVE-2014-0317 Windows是一款由美国微软公司开发的窗口化操作系统。 Security Account Manager Remote SAMR协议没有正确验证用户锁定状态,在实现上存在安全功能绕过漏洞。 0 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 厂商补丁: Microsoft ---------...
Linux Kernel IPv6路由通告报文处理拒绝服务漏洞
CVE ID:CVE-2014-2309 Linux Kernel是一款开源的操作系统。 Linux Kernel在创建路由通告的路由时存在错误,允许攻击者利用漏洞提交恶意报文消耗大量内存资源,造成拒绝服务攻击。 要成功利用漏洞需要内核支持IPv6协议,并启用IPv6临时地址。 0 Linux Kernel 3.10.x Linux Kernel 3.12.x Linux Kernel 3.13.x 厂商补丁: Linux ----- 用户可参考厂商的GIT库以获得补丁修复此漏洞:...
MediaWiki 'theloadFromSession'函数信息泄露漏洞
BUGTRAQ ID:65883 CVE ID:CVE-2014-2243 MediaWiki是一款Wiki程序。 MediaWiki的includes/User.php脚本'theloadFromSession'函数存在安全漏洞。远程攻击者可通过实施暴力破解攻击利用该漏洞获取会话令牌的访问权限。 0 MediaWiki Mediawiki 2.0.18 MediaWiki Mediawiki = 1.19.11 MediaWiki Mediawiki 1.20.x MediaWiki Mediawiki 1.21.x1.21.6 MediaWiki Mediawiki...
Schneider Electric Telvent SAGE 3030 RTU远程拒绝服务漏洞
BUGTRAQ ID: 65262 CVECAN ID: CVE-2013-6143 Telvent SAGE 3030 RTU是工业数据通信设备。 Telvent SAGE 3030 RTU C3413-500-001D3P4、C3413-500-001F0PB处理某些输入时,DNP3服务存在错误,可导致崩溃,造成拒绝服务。 0 Schneider Electric Telvent SAGE 3030 RTU C3413-500-001F0PB Schneider Electric Telvent SAGE 3030 RTU C3413-500-001D3P4 厂商补丁:...
Discuz! X2.5 api.php 信息泄露漏洞
Discuz!是国内一套通用的社区论坛软件系统。 Discuz! X2.5 api.php文件中由于arraykeyexists中的第一个参数只能为整数或者字符串,当?mod=ks时,$mod类型为array,从而导致arraykeyexists产生错误信息。 0 Discuz! X2.5...
UChome 注入漏洞
简要描述: UChome 注入漏洞 详细说明: source/cpclbum.php elseif$GET'op' == 'editpic' $managealbum = checkperm'managealbum'; includeonceSROOT.'./source/functionbbcode.php'; if$albumid 0 $query = $SGLOBAL'db'-query"SELECT FROM ".tname'album'." WHERE albumid='$albumid'"; if!$album = $SGLOBAL'db'-fetcharray$query...
DotNetNuke /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 文件上传漏洞
No description provided by source...
ActiveMQ Cron Jobs CVE-2013-1879 HTML注入漏洞
Bugtraq ID:61142 CVE ID:CVE-2013-1879 Apache ActiveMQ是一款开源消息总线,支持JMS1.1和J2EE 1.4规范的JMS Provider实现 Apache ActiveMQ处理cron作业时没有对用户提交的某些参数进行过滤,允许攻击者利用漏洞注入任意HTML和脚本代码,当恶意数据被查看时,可获取用户敏感信息或劫持用户会话 0 Apache ActiveMQ 5.8.0 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: https://issues.apache.org/jira/browse/AMQ-4397...
用友软件开发管理平台IIS写权限导致可获取服务器webshell
简要描述: 见说明 详细说明: http://ufsdp-borrow.ufsoft.com.cn/cmd.asp http://ufsdp-borrow.ufsoft.com.cn/1937cN.txt 漏洞证明:...
Apache ActiveMQ WEB控制台 远程拒绝服务或信息泄露漏洞(CVE-2013-3060)
CVE ID:CVE-2013-3060 Apache ActiveMQ是一款开源消息总线,支持JMS1.1和J2EE 1.4规范的JMS Provider实现。 Apache ActiveMQ WEB控制台无需验证,允许远程攻击者利用漏洞提交HTTP请求获得敏感信息或进行拒绝服务攻击。 0 Apache ActiveMQ 5.8.0之前版本 厂商解决方案 Apache ActiveMQ 5.8.0已经修复此漏洞,建议用户下载更新: https://activemq.apache.org/...
Ruby on Rails XML解析远程拒绝服务漏洞(CVE-2013-1856)
BUGTRAQ ID: 58554 CVECAN ID: CVE-2013-1856 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.0.0及之后版本在使用JRuby时,ActiveSupport XML解析器的JDOM后端内存在漏洞,攻击者可利用此漏洞造成拒绝服务或访问应用服务器上的文件。 0 Ruby on Rails 3.x Ruby on Rails 2.x 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁:...
Novell iPrint Client "op-client-interface-version"代码执行漏洞
CVECAN ID: CVE-2012-0411 Novell iPrint是打印解决方案。 Novell iPrint Client 5.82之前版本在处理"op-client-interface-version"参数时存在错误,可被利用执行任意代码。 0 Novell iPrint Client 5.x 厂商补丁: Novell ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载5.82: http://www.novell.com/support/kb/doc.php?id=7008708...
Linux Kernel 'madvise_remove()'函数本地拒绝服务漏洞
BUGTRAQ ID: 55151 CVE ID: CVE-2012-3511 Linux Kernel其基础为linux平台,linux为C语言编写的内核,基于此内核又衍生出了具体的Red hat linux 、open suse linux等具体的操作系统,一套基于Linux内核的完整操作系统叫作Linux操作系统,或是GNU/Linux。 Linux Kernel在 "madviseremove" 函数的实现上存在释放后重用漏洞,可被恶意本地用户利用造成引用已经释放的内存。 0 Linux kernel 3.4.x Linux kernel 3.2.x Linux kernel...
Microsoft Internet Explorer 8 Code Execution(CVE-2012-1875)
No description provided by source. CAL-2012-0026 Microsfot IE Same ID Property Remote Code Execution Vulnerability CVE ID: CVE-2012-1875 http://technet.microsoft.com/en-us/security/bulletin/ms12-037...
Apple QuickTime 7.7.2之前版本多个远程任意代码执行漏洞
BUGTRAQ ID: 53547 CVE ID: CVE-2012-0663,CVE-2012-0664,CVE-2012-0665,CVE-2012-0666,CVE-2012-0667,CVE-2012-0668,CVE-2012-0669,CVE-2012-0670,CVE-2012-0671,CVE-2012-0265 OS X Lion Server 内含一组应用软件,可将任意一台Mac 变成功能强大的服务器。Mac OS是一套运行于苹果的Macintosh系列电脑上的操作系统。 Windows 7、Vista、XP上的Apple QuickTime...
Linux kernel 2.6.x空指针引用拒绝服务漏洞
BUGTRAQ ID: 50755 CVE ID: CVE-2011-4110 Linux Kernel在处理用户定义的键类型上存在空指针引用拒绝服务漏洞,攻击者可利用此漏洞使受影响计算机崩溃。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
Apple QuickTime信息泄露漏洞
BUGTRAQ ID: 50130 CVE ID: CVE-2011-3220 QuickTime是由苹果电脑所开发的一种多媒体架构,能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式,以及交互式全景影像的数项类型。 Apple QuickTime在处理视频文件中的URL数据处理程序时存在未初始化内存访问问题,攻击者可利用此漏洞读取内存内容。 Apple QuickTime Player 7.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/...
MS Office 2010 RTF Header Stack Overflow Vulnerability Exploit
No description provided by source. Exploit Title: MS Office 2010 RTF Header Stack Overflow Vulnerability Exploit Date: 7/3/2011 Author: Snake Shahriyar.j at gmail Version: MS Office = 2010 Tested on: MS Office 2010 14.0.4734.1000 - Windows 7 CVE : CVE-2010-3333 This is the exploit I wrote for...
Linux Kernel "execve()"内存扩展"OOM-killer"本地拒绝服务漏洞
BUGTRAQ ID: 45004 CVE ID: CVE-2010-4243 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的"OOM-killer"功能在实现上存在安全漏洞,本地攻击者可利用此漏洞终止不相关的进程,造成拒绝服务。 漏洞源于oomkill函数看不到没有附加到任何线程的已分配内存。 Linux kernel 2.6.24.3 - 2.6.37 RedHat Enterprise Linux Desktop v.5 client 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载...
Linux Kernel < 2.6.37-rc2 ACPI custom_method Privilege Escalation
No description provided by source. / american-sign-language.c Linux Kernel 2.6.37-rc2 ACPI custommethod Privilege Escalation Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4347 This custommethod file allows to inject...
Mozilla Firefox Modal调用跨域信息泄露漏洞
BUGTRAQ ID: 44252 CVECAN ID: CVE-2010-3178 Firefox是一款非常流行的开源WEB浏览器。 如果网页打开了新的窗口并使用javascript: URL执行modal调用,如alert,且之后将网页导航到了不同的域,则modal调用返回到窗口的打开程序就可以访问所导航到窗口中的对象。这违反了同源策略,允许用户窃取其他网站的敏感信息。 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x Mozilla Thunderbird 3.1.x Mozilla Thunderbird 3.0.x Mozilla...
Microsoft IE HtmlDlgHelper类内存破坏漏洞(MS10-071)
BUGTRAQ ID: 43706 CVE ID: CVE-2010-3329 Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器。 Windows在实例化Office文档(如.XLS、.DOC)中HtmlDlgHelper类对象(CLASSID: 3050f4e1-98b5-11cf-bb82-00aa00bdce0b)的方式存在内存破坏漏洞。有漏洞的模块是Internet Explorer中的mshtmled.dll,当调用CHtmlDlgHelper类的析构程序之后访问未初始化内存时就会在mshtmled.dll...
Firefox JavaScript引擎Math.Random()跨域信息泄露漏洞
BUGTRAQ ID: 33276 CVE ID: CVE-2009-1696,CVE-2008-5913 Firefox是非常流行的开源WEB浏览器。 Firefox的JavaScript实现的Math.random函数中存在安全漏洞,攻击者可以对该函数的种子值进行逆向。由于对于每个浏览的会话伪随机数生成器仅提供了一次种子,因此可以将这个种子值用作唯一的令牌跨不同的网站识别和追踪用户。 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x Mozilla SeaMonkey 2.0.5 厂商补丁: Debian ------...
OpenSSL EVP_PKEY_verify_recover()无效返回值绕过密钥验证漏洞
BUGTRAQ ID: 40503 CVE ID: CVE-2010-1633 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 当验证恢复进程失败的情况下所返回的是未初始化的缓冲区而不是出错代码,使用EVPPKEYverifyrecover函数的应用可以利用这个情况绕过密钥验证获得非授权访问。 OpenSSL 1.0.0 厂商补丁: OpenSSL Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Linux kernel 2.6.x nfs_wait_on_request函数本地拒绝漏洞
CVE ID: CVE-2010-1087 Linux Kernel是开放源码操作系统Linux所使用的内核 Linux Kernel的fs/nfs/pagelist.c文件中的nfswaitonrequest函数中存在拒绝服务漏洞。VM/VFS不允许mapping-aops-invalidatepage失败,但如果出现了fatal signal的话nfswbpagecancel可能会失败。由于NFS代码假设只要回写仍活动页面就会保持映射,因此可能出现拒绝服务的情况 Linux kernel 2.6.x 厂商补丁: Linux -----...
Linux kernel 2.6.x USB接口本地信息泄露漏洞
BUGTRAQ ID: 39042 CVE ID: CVE-2010-1083 Linux Kernel是开放源码操作系统Linux所使用的内核。 在出现设备通讯失败的时候(如USB超时)Linux Kernel的drivers/usb/core/devio.c文件中的processcompl和processcomplcompat函数将transfer缓冲区未经修改的返回给了用户空间进程,其中可能包含有最近释放的内核数据。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Adobe PDF LibTiff Integer Overflow Code Execution
No description provided by source. doc=''' CVE-2010-0188.py Title: Adobe PDF LibTiff Integer Overflow Code Execution. Product: Adobe Acrobat Reader Version: =8.3.0, =9.3.0 CVE: 2010-0188 Author: villy villys777 at gmail.com Site: http://bugix-security.blogspot.com/ Tested : succesfully tested on...