MS Internet Explorer Object Data Remote Exploit (M03-032)

CVE-ID：CVE-2003-0701CNNVD-ID：CNNVD-200308-125漏洞影响范围：•Microsoft Internet Explorer 5.01 •Microsoft Internet Explorer 5.5 •Microsoft Internet Explorer 6.0 •Microsoft Internet Explorer 6.0 for Windows Server 2003 解决方案：官方已发布升级补丁，请立即升级到最新版本。 titleby malware M03-032 Exploit/title script language=vbs...

Askey RTF3505VW RCE漏洞（CVE-2020–28695）

...

泛微OA8 前台SQL注入漏洞

...

Heatmiser WiFi thermostat vulnerabilities

Update – if your heating is misbehaving you need to disable port forwarding to port 80 and port 8068. This should be simply following the reverse of whatever you did to set port forwarding up. Alternatively, you could disable WiFi entirely by putting invalid SSID and password in – I believe the...

Holey Beep: Linux 提权漏洞分析与利用(CVE-2018-0492)

Introduction Back in the old days, people were using the \a character to emit a horrible 'beep' sound from their speaker. It was a bit annoying, especially if you wanted more complicated stuff to do 8bits-like musics. That's why Johnathan Nightingale made the beep software. A very simple and shor...

Remote Stack Format String in 'nsd' binary from multiple OEM

Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full Disclosure: 0-Day PoC 1 $ curl...

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities

Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...

Coredy CX-E120 Repeater Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Coredy CX-E120 Repeater. The Coredy CX-E120 WiFi Range Extender is “a network device with multifunction, which can be using for increasing the distance of a WiFi network by boosting the existing WiFi signal an...

Circle with Disney Token Routing Vulnerability(CVE-2017-12085)

Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...

Adobe Flash Player Infinite Recursion Arbitrary Read Access Violation(CVE-2016-4132)

SUMMARY A potentially exploitable read access violation vulnerability exists in the a way Adobe Flash Player handles infinitely recursive calls. A specially crafted ActionScript code can cause a read access violation which can potentially be further abused. To trriger this vulnerability user...

Mac OS X 10.12 isolation mechanism bypass vulnerability

Vulnerability summary Mac OS X a vulnerability exists that could allow an attacker to bypass the Apple of the isolation mechanism, without any restrictions to execute arbitrary JavaScript code. Vulnerability submitter From WeAreSegment security researcher Filippo Cavallarin to Beyond Security SSD...

Kaspersky Internet Security KLIF Driver NtAdjustTokenPrivileges_HANDLER Denial of Service(CVE-2016-4305)

Summary A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user mo...

Aerospike Database Server Set Name Code Execution Vulnerability(CVE-2016-9054)

Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchlistbysetbinid resulting in remote code execution. An...

Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability(CVE-2016-8718)

Summary An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an...

PowerIso Parsing Code Execution Vulnerability(CVE-2017-2817)

Summary An stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability. Tested...

ProcessMaker Enterprise Core Multiple SQL Injection Vulnerabilities(CVE-2016-9048)

Summary Multiple exploitable SQL Injection vulnerabilities exists in ProcessMarker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,...

Windows Kernel stack memory disclosure in DeviceApi(CVE-2017-8474)

We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 10 through the PiDqIrpQueryGetResult, PiDqIrpQueryCreate, PiDqQueryCompletePendedIrp IOCTLs sent to the \Device\DeviceApi device. The analysis shown below was...

Drupal Core - Access Bypass vulnerability (CVE-2017-6919)

This is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met: The site has the RESTful Web Services rest module enabled. The site allows PATCH requests. An attacker can get or register a user account on the site. While we don't normall...

math.js remote code execution vulnerability

This article explains in short how we found, exploited and reported a remote code execution RCE vulnerability. It is meant to be a guide to finding vulnerabilities, as well as reporting them in a responsible manner. Step one: discovery While playing around with a wrapper of the math.js API...

WordPress Core before 4.7 Stored XSS

As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, we actually reported two to the WordPress team. As it turns out, it was...

Chrome the improper use of Flash message loop leads to the UXSS Vulnerability, CVE-2016-1631）

Author: Avfisher@network sharp knife 0x00 Preface This writing comes from a few days ago a buddy sent me a bug link to let the author help explain the vulnerability principle, in order to facilitate the partner understanding and left notes for future reference and then write this article. This...

Chrome Address Bar URL Spoofing on IOS

来源链接： http://xlab.tencent.com/cn/2016/10/11/CVE-2016-1707-Chrome-Address-Bar-URL-Spoofing-on-IOS/ （英文版）http://xisigr.com/x/cve-2016-1707/ 0x00 Vulnerability Overview Chrome浏览器地址栏欺骗漏洞CVE-2016-1707，这个漏洞笔者于2016年6月报告给Google，现在把漏洞细节分享给大家。URL Spoofing漏洞可以伪造一个合法的网站地址。攻击者可以利用这个漏洞对用户发起网络钓鱼攻击。 受影响版本：Chrome...

科创CMS /web/doc_hit.jsp等3处 SQL注入漏洞

No description provided by source...

万户 ezEIP 4.0系统 hit.aspx 参数 f POST注入

No description provided by source...

泛微 E-mobile flowsorce_page.php 注入漏洞

No description provided by source...

Microsoft Windows Win32k 特权提升漏洞( MS15-010)

来源链接：http://www.freebuf.com/vuls/90501.html FreeBuf黑客与极客（FreeBuf.COM） 原文地址：http://hdwsec.fr/blog/CVE-2015-0057.html，编译/FB小编鸢尾 概述 这是一个use-after-free内核漏洞，它能获取一个专属的write primitive操作，之后侵染临近的一个对象。这个yields语句可以在内核空间或者用户空间随意写入。...

PHP168 homepage.php/admin/member-profile 敏感信息泄露

No description provided by source...

Thinksns cms v4存在越权漏洞

No description provided by source...

正方教务管理系统 /service.asmx SOAP无条件注入

No description provided by source...

Bacula-Web 5.2.10 (joblogs.php, jobid param) - SQL Injection

谷歌搜索：joblogs.php?jobid= 案例：http://cep.treslagoas.ms.gov.br/backup/joblogs.php?jobid=23154 D:\sqlmappython sqlmap.py -u http://cep.treslagoas.ms.gov.br/backup/joblogs.php ?jobid=23154 --dbs | | 1.0-dev-nongit-20150806 | -| . | | | .'| . | || |||||,| | || || http://sqlmap.org ! legal disclaimer:...

Ultra Electronics 7.2.0.19 and 7.4.0.7 - Multiple Vulnerabilities

No description provided by source. Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...

ColdFusion Server 2.0/3.x/4.x Administrator Login Password DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string...

Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Active News Manager activeNews_categories.asp catID Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploitin...

Webcam Corp Webcam Watchdog 4.0.1 sresult.exe Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10837/info Reportedly Webcam Corp Webcam Watchdog is affected by a remote cross-site scripting vulnerability in the sresult.exe binary. This issue is due to a failure of the application to properly sanitize user-supplied...

QuickZip 4.x (.zip) 0day Local Universal Buffer Overflow PoC Exploit

No description provided by source. !/usr/bin/python Exploit Title : QuickZip 4.x .zip 0day Local Universal Buffer Overflow PoC Exploit Date : 9/3/2010 Author : corelanc0d3r & mrme Bug found by : corelanc0d3r http://corelan.be:8800/ Software Link : http://www.quickzip.org/downloads.html Version :...

DUclassmate 1.x account.asp MM-recordId Parameter Arbitrary Password Modification

No description provided by source. source: http://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's...

Joomla Component (com_sef) RFI

No description provided by source. ========================================================== Joomla Component comsef RFI =========================================================== WWw.HaCkTeacH.oRg/cc +===================================================================================+ ?Joomla...

TestLink <= 1.8.5 'order_by_login_dir' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37839/info TestLink is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Oracle Application Server Portal 10g - Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29119/info Oracle Application Server Portal is prone to a authentication-bypass vulnerability because the application fails to properly restrict access to certain resources. An attacker can exploit this vulnerability to...

Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC

No description provided by source. / Title: Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 4.1.3.4125 Standalone Summary: KONTAKT 4 PLAYER is the free sample...

IPSwitch IMail Server <= 8.1 - Local Password Decryption Utility

No description provided by source. / IpSwitch IMail Server = ver 8.1 User Password Decryption by Adik netmaniac hotmail KG IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords. It uses polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption sche...

Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28518/info Jax LinkLists is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

Linux Kernel 2.6.x - IPV6 Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15156/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from an infinite loop when binding IPv6 UDP ports. / Linux kernel IPv6 UDP port selection infinite loop local denial ...

IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug

No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...

FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution

No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX http://www.freepbx.org/ Product:...

Publish-It 3.6d - Buffer Overflow Vulnerability

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. Advisory Information Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:...

E-Mail Security Virtual Appliance (ESVA) Remote Execution

No description provided by source. Exploit Title: E-Mail Security Virtual Appliance ESVA Remote Execution. Date: 10 Aug 2012 Exploit Author: iJoo Vendor Homepage: http://www.esvacommunity.com/ Software Link: http://sourceforge.net/projects/esva-project/ Version: 2.0.6 ESVA E-Mail Security Virtual...

Powered by iNetScripts: Shell Upload Vulnerability

No description provided by source. ==================================================== Powered by iNetScripts: Shell Upload Vulnerability ==================================================== Contact :Sec-q8 [email protected] Published: 2010-04-25 Home : http://Sec-Senter.com/vb ========= Exploi...