56796 matches found
Wordpress Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities
No description provided by source. waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind waraxe Date: 22. May 2013 Location: Estonia, Tartu Web:...
Microsoft Windows ndproxy.sys - Local Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 Msf::Exploit::Local Rank = AverageRanking include Msf::Post::File include...
Java Applet JAX-WS Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...
Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability
No description provided by source. Source: http://www.securityfocus.com/bid/42269/info Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the comple...
MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MayGion IP Cameras multiple vulnerabilities 1. Advisory Information Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL:...
Adobe Flash Player 11.3 Font Parsing Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
AutoLinks 2.1 Pro Al_initialize.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14686/info AutoLinks Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...
HP Data Protector 6.20 - Multiple Vulnerabilities
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protector Advisory ID:...
Fake Hit Generator <= 2.2 Shell Upload Vulnerability
No description provided by source. Exploit Title: Fake Hit Generator Shell Upload Vulnerability Date: 25.12.2009 Author: DigitALL Greetz: Zombie KroNickq HackSpy and All 1923turk.biz Members Version: 2.1 Dork: Upload unique IP List: and The Ultimate Fake Hit Generator - BOOST YOUR ALEXA RANK...
MS11-080 AfdJoinLeaf Privilege Escalation
No description provided by source. MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli Spaghetti & Pwnsauce yuck! 0xbaadf00d Elwood@mac&cheese.com Thx to dookielifesaver2000ca, dijital1 and ronin for helping out! To my Master Shifu muts: "So...
OpenSSL - Remote DoS
No description provided by source. / hoagieopensslrecordofdeath.c OPENSSL REMOTE DENIAL-OF-SERVICE EXPLOIT - OpenSSL 0.9.8m short = 16 bit - OpenSSL 0.9.8f through 0.9.8m short != 16 bit CVE-2010-0740 Bug discovered by: Bodo Moeller and Adam Langley Google Philip Olausson [email protected]...
Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper
No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 Exploit Title: Mempodipper - Linux Local Root for =2.6.39, 32-bit and 64-bit Date: Jan 21, 2012 Author: zx2c4 Tested on: Gentoo,...
Joomla Mosets Tree <= 1.0 - Remote File Include Vulnerability
No description provided by source. !!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : Joomla Mosets Tree = 1.0 Remote File Include Vulnerability...
Adobe Flash Player Object Type Confusion
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption
No description provided by source. TITLE: WEBKIT APPLE SAFARI 4.1.2/5.0.2 & GOOGLE CHROME 5.0.375.125 MEMORY CORRUPTION VULNERABILITY TESTED OS: WINDOWS XP SP3 SEVERITY: HIGH CVE-NUMBER: CVE-2010-1813 DISCOVERED DATE: 2010-06-29 FIXED DATE: GOOGLE CHROME 2010-07-26 & APPLE SAFARI 2010-09-08 FIXED...
Java Applet Rhino Script Engine Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
MS WINS ECommEndDlg Input Validation Error
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MS WINS ECommEndDlg Input Validation Error 1. Advisory Information Title: MS WINS ECommEndDlg Input Validation Error Advisory ID: CORE-2011-0526 Advisory URL:...
linux 3.4+ - Local Root (CONFIG_X86_X32=y)
No description provided by source. / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13 minutes to run because timeout-tvsec is decremented once...
Yealink VoIP Phone SIP-T38G - Remote Command Execution
No description provided by source. Title: Yealink VoIP Phone SIP-T38G Remote Command Execution Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5758 Description: Using cgiServer.exx we are ab...
Xpient Cash Drawer Operation Vulnerability
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Xpient Cash Drawer Operation Vulnerability 1. Advisory Information Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:...
@lex Guestbook <= 4.0.2 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/php ?php // | | header @lex Guestbook = 4.0.2 Remote Command Execution Exploit | header ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor |...
Cacti graph_view.php Remote Command Execution
No description provided by source. $Id: cactigraphimageexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...
HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution
No description provided by source. Exploit Title: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Date: 2010.07.02 Author: S2 Crew Hungary Software Link: hp.com Version: 7.53 Tested on: Windows 2003 CVE: CVE-2010-1555 Code : !/usr/bin/python import struct import socket...
Linux Kernel < 2.6.16.18 - (Netfilter NAT SNMP Module) Remote DoS Exploit
No description provided by source. / ecl-nf-snmpwn.c - 30/05/06 Alex Behar [email protected] Yuri Gushin [email protected] A patch review we did on the 2.6.16.17-18 Linux kernel source tree revealed a restructuring of code in the snmpparsemangle and the snmptrapdecode functions. After further...
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow FreeBSD', 'Description' = %q This module...
PHPnuke 8.2 - Remote Upload File Exploit
Title : PHPnuke 8.2 Remote Upload File Exploit Author : Net.Edit0r Location : Iran Dork : "POWERED BY PHPNUKE.IR" Category : Remote Email : [email protected] [email protected] Special Thanks To :NetQurd For help in finding bugs Email :[email protected] InformatioN 1.Save code html format ...
Zikula CMS 1.3.5 - Multiple Vulnerabilities
No description provided by source. Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID:...
MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1)
No description provided by source. source: http://www.securityfocus.com/bid/5556/info Microsoft Windows operating systems use the Server Message Block SMB protocol to support services such as file and printer sharing. A buffer overflow vulnerability has been reporting in the handling of some...
Mcms 无视全局转义SQL注入一枚
简要描述: 过滤不严。 详细说明: 虽然有全局转义 但是在plugins/gov.order/order.php中 function msaveorder global $dbm; //判断登陆 if!isset$SESSION'uid' || !isset$SESSION'uname' die'"code":"100","msg":"你还没有登陆,请登入后再购买"'; $infoid = $POST'infoid'; $infotitle = urldecode$POST'infotitle'; $price = isset$POST'price'?$POST'price':0;...
PHP "gdImageCreateFromXpm()"空指针间接引用漏洞
CVE ID: CVE-2014-2497 PHP是一种HTML内嵌式的语言。 PHP 5.4.26、5.5.10版本在 "gdImageCreateFromXpm" 函数 ext/gd/libgd/gdxpm.c的实现上存在空指针间接引用错误,攻击者通过特制的XPM文件,利用此漏洞可造成崩溃。 0 PHP PHP 5.5.10 PHP PHP 5.4.26 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.php.net/downloads.php https://bugs.php.net/bug.php?id=669...
大汉相关系统漏洞合集(完结篇)
简要描述: 太折腾了,没精力了,太累了,完结篇了,以后估计不看鸟。而且厂商给的rank……rank不是你的,都算乌云的……不用太吝啬这个东西。 简单提下内容: 基本所有系统都存在的一处越权; JCMS & xxgk 通用的一处任意文件下载; JCMS & xxgk 通用的两处暴力破解接口; 就这么当完结篇了!冲击我的1000rank,然后该稍微歇着了。 详细说明: 基本所有系统大部分版本都还存在的一个越权: % String mainip = Convert.getParameter request,"dbip"; String mainport = Convert.getParamet...
PHP 'ext/soap/php_xml.c'不完整修复多个任意文件泄露漏洞
BUGTRAQ ID: 62373 CVECAN ID: CVE-2013-1824 PHP是一种HTML内嵌式的语言。 PHP 5.3.22、5.4.13之前版本存在多个任意文件泄露漏洞,经过身份验证的攻击者可利用这些漏洞查看受影响应用内的任意文件。 0 PHP 5.4.1 PHP 5.3.13 PHP 5.3.12 PHP 5.3.11 PHP 5.3.10 PHP 5.3.1 PHP 5.3 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net/downloads.php...
Linux Kernel空指针引用本地拒绝服务漏洞(CVE-2013-5634)
BUGTRAQ ID: 61995 CVECAN ID: CVE-2013-5634 Linux Kernel是Linux操作系统的内核。 适用于ARM平台、支持CONFIGKVM的Linux kernel在KVM设备上执行ioctlKVMGETREGLIST调用时没有首先正确初始化vCPU,存在空指针引用漏洞,本地攻击者可利用此漏洞造成内核崩溃。 0 Linux kernel 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
DedeCMS 5.7 include/dedesql.class.php SQL注入漏洞
include/dedesql.class.php文件代码第589行601行,通过外部获取的arrs1变量和arrs2变量,然后把arrs1和arrs2拼接,分别作为全局变量的一个key和value,攻击者利用这个漏洞可以覆盖任意变量,最终导致SQL注入漏洞产生。 DedeCMS 5.7...
Apache ActiveMQ web demos多个跨站脚本漏洞(CVE-2012-6092)
CVE ID:CVE-2012-6092 Apache ActiveMQ是一款开源消息总线,支持JMS1.1和J2EE 1.4规范的JMS Provider实现。 Apache ActiveMQ web demos存在多个跨站脚本漏洞,允许远程攻击者通过PortfolioPublishServlet.java的refresh参数也即/demo/portfolioPublish或Market Data...
DedeCMS 5.7 /include/shopcar.class.php 后门
No description provided by source...
RubyGems 'ruby_parser' 不安全临时文件创建漏洞(CVE-2013-0162)
Bugtraq ID:58110 CVE ID: CVE-2013-0162 RubyGems简称 gems是一个用于对Rails组件进行打包的Ruby打包系统。 rubyparser ruby gem没有以安全的方式创建临时文件,/usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb的diffpp函数创建的/tmp/a.pid和/tmp/b.pid临时文件可被猜测,通过符号链接攻击可覆盖系统文件或更改目标系统文件内容,造成拒绝服务或可提升权限。 0 RubyGems 厂商解决方案...
Nagios 3.x Remote Command Execution(CVE-2012-6096)
No description provided by source. !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution =========================================================== Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more specifically...
Apache Tomcat重复请求处理安全漏洞(CVE-2007-6286)
BUGTRAQ ID: 49470 CVE ID: CVE-2007-6286 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat 5.5.11-5.5.25、6.0.0-6.0.15在使用了本地APR连接器后,没有正确处理到SSL端口的空请求,可允许远程攻击者触发处理最近一个服务器请求副本。 0 Apache Group Tomcat 6.x Apache Group Tomcat 5.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
OpenLDAP LDAP搜索请求远程拒绝服务漏洞
BUGTRAQ ID: 52404 CVECAN ID: CVE-2012-1164 OpenLDAP是一款开放源代码的轻量级目录访问协议(LDAP)实现。 OpenLDAP在实现上存在远程拒绝服务漏洞,攻击者可利用此漏洞使受影响slapd服务器崩溃,造成拒绝服务。 0 OpenLDAP 2.4.30 厂商补丁: OpenLDAP -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.openldap.org/software/release/changes.html...
PHP 5.3.x目录遍历漏洞
BUGTRAQ ID: 53403 CVE ID: CVE-2012-1172 PHP是一种HTML内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。 PHP在实现上存在目录遍历漏洞,远程攻击者可利用带有目录遍历序列的特制请求检索、破坏或上传任意位置上的任意文件。 0 PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...
Adobe Flash Player对象类型混淆远程代码执行漏洞(CVE-2012-0779)
BUGTRAQ ID: 53395 CVE ID: CVE-2012-0779 Adobe Flash Player是一个集成的多媒体播放器。 Adobe Flash Player在实现上存在对象混淆漏洞,通过诱使用户打开电子邮件中的恶意文件,攻击者可利用此漏洞使应用崩溃,执行任意代码,控制受影响系统。 0 Adobe Flash Player 11.x Adobe Flash Player 10.x 厂商补丁: Adobe ----- Adobe已经为此发布了一个安全公告(apsb12-09)以及相应补丁: apsb12-09:Security update available for...
shopEX商城后台,模板过滤不严,可成功上传木马
简要描述: shopx系列产品,可能是编程习惯问题,对上传的模板包,过滤不严,导致上传攻击文件,如果权限设置比较严,可能会失效,但是危害还是非常大的。形成这个漏洞的原因,可能是程序员的编程习惯造成的。本来想握在手里的,但是发现新的缺陷,会有更大的乐趣,就把这个缺陷扔给官方吧,希望后续修复,如果PR给的高,后续把其他2个安全缺陷也扔出来! 详细说明:...
Linux Kernel 'hfs_mac2asc()'本地特权提升漏洞
BUGTRAQ ID: 50750 CVE ID: CVE-2011-4330 Linux是一款开放源代码的操作系统。 hfsmac2asc函数没有对作为参数传递的缓冲区大小进行正确边界检查,在畸形文件系统上src大小可超过HFSMAXNAMELEN。HFSMAXNAMELEN为31而src大小可设置为255无符号字符。 用户可控数据传递给调用hfsmac2asc的hfsreaddir函数可触发基于内核栈的溢出。 Linux内核的"hfsmac2asc"函数在实现上缓冲区溢出漏洞,本地攻击者可利用此漏洞以内核权限执行任意代码,造成完全控制受影响计算机。 Linux kernel 2.6....
Linux Kernel可信数据报套接字(RDS)协议本地整数溢出漏洞
BUGTRAQ ID: 44549 CVE ID: CVE-2010-3865 Linux Kernel是linux 内核,其基础为linux平台,linux为C语言编写的内核,基于此内核又衍生出了具体的Red hat linux 、open suse linux等具体的操作系统,一套基于Linux内核的完整操作系统叫作Linux操作系统,或是GNU/Linux。 Linux Kernel在RDS协议的实现上存在安全漏洞,本地攻击者可利用此漏洞以提升的权限执行任意代码,使受影响内核崩溃。Red Hat Enterprise Linux 3, 4和Red Hat Enterprise...
X.Org X11本地权限提升和内存泄露漏洞
BUGTRAQ ID: 50002 CVE ID: CVE-2011-4818,CVE-2011-4819 X.Org是X.Org Foundation对X窗口系统的开源实现。 X.Org X11在实现上存在本地权限提升和内存泄露漏洞,远程攻击者可利用这些漏洞以提升的权限执行任意代码,使受影响计算机崩溃或获取敏感信息。 多个GLX X呼叫缺少正确的输入过滤。可访问GLX呼叫的攻击者使X服务器崩溃或在其中执行任意代码 RedHat Enterprise Linux X.org X11R6 6.x X.org X11R6 5.1 X.org X11R6 4.0 X.org X11R7 7.x...
Apache HTTP Server 1.3&2.x ByteRange过滤器拒绝服务漏洞
No description provided by source...
discuz! X1.5 Get Shell 0day
简要描述: 可以自由写入一句话木马 详细说明: 以下为漏洞的EXP ?php printr' +---------------------------------------------------------------------------+ Discuz! X1-1.5 notifycredit.php Blind SQL injection exploit by toby57 2010.11.05 mail: admin at bkey org team: http://www.bkey.org 说明:alibaba把后续getshell代码添加了下去...
Linux内核'IP GRE'模块空指针引用远程拒绝服务漏洞
Bugtraq ID: 47852 CVE ID:CVE-2011-1767 Linux是一款开放源代码的操作系统。 net/ipv4/ipgre.c中IP GRE模块初始化函数包含如下代码: 01 / 02 And now the modules code and kernel interface. 03 / 04 05 static int init ipgreinitvoid 06 07 int err; 08 09 printkKERNINFO "GRE over IPv4 tunneling driver\n"; 10 11 if...
Red Hat Enterprise Linux logrotate任意执行命令及信息泄露漏洞
CVE ID: CVE-2011-1155,CVE-2011-1154,CVE-2011-1098 logrotate程序可简化多个日志文件的管理,允许日志文件的自动循环、压缩、删除和 邮寄。 logrotate处理shred指令时存在shell命令注入漏洞,特制日志文件可造成logrotate 以运行logrotate默认root的用户权限执行任意命令。注意:默认没有启用shred指令。 logrotate在创建新日志文件时应用权限的方式中存在竞争条件漏洞,在一些特定配置 中,本地攻击者可利用此漏洞在logrotate应用最终权限之前打开新的日志文件,可导 致泄露敏感信息。...