56796 matches found
金蝶销管家逻辑缺陷重置任意用户密码(工作人员账户测试/秒改)
简要描述: 可绕过验证码直接修改用户密码。 详细说明: 0x1:先信息收集一些工作人员的账户用来测试,来证明漏洞的危害性。 13580111111 13752248075 13456231475 13456879564 15578945623 13456231245 13456231245 13648776985 13400002111 13625668852 15018517663 15915533696 13888888888 13456789123 18090700000 13165454756 13654213923 13654213923 13760368754...
Hikvision iVMS 4200 /index.php 本地文件包含漏洞
No description provided by source...
ShopEx某处SQL注入(可猜测敏感信息)
简要描述: ShopEx sql注入 详细说明: 分析一下代码: ctl.cart.php: function updateCart$objType='g', $key='' $key = strreplace'@', '-', $key; $nQuantity = $POST'cartNum'$objType$key; switch$objType case 'f': $oCart-member'memberlvid' =$GLOBALS'runtime''memberlv'; $oCart-member'point' = $this-member'point'; break; cas...
汇文Libsys图书管理系统全版本权限绕过+Getshell
简要描述: RT 详细说明: 由于一个很低级的代码错误,导致可以登录Libsys任意图书系统后台,并且由于代码未做过滤可直接getshell。 漏洞证明: 该图书管理系统的用户量很大,全国很大一部分院校都在使用此系统。经测试3.5-5.0版本都存在此漏洞,因为存在getshell 和脱裤的风险,因此危害比较大。 官网部分用户列表: 我这里以最新的5.0版简单的作下分析,: 先看看存在漏洞的文件:admin/login.php sessionstart ; if isset $REQUEST'username' $strUser = trim $REQUEST'username' ;...
Wordpress 3.9.2 /wp-includes/formatting.php 跨站脚本漏洞
No description provided by source...
Maccms V8 储存型xss(绕过360防护)
简要描述: rt 详细说明: 自带的360防护脚本对于xss过滤太弱, 留言处没有 对html代码进行实体转义,造成xss。 如,提交 "onerror="eval'\141\154\145\162\164\50\61\51'" 后台查看留言即可触发 加载远程js可偷cookie 漏洞证明:...
IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140630-0 ======================================================================= title: Multiple severe vulnerabilities product: IBM Algorithmics RICOS vulnerable...
MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (5)
No description provided by source. source: http://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot ../ directory traversal exploitation if extended UNICODE character representations are used in substitution for / and . Unauthenticated users may acces...
AutoLinks 2.1 Pro Al_initialize.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14686/info AutoLinks Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...
joomla component mp3 allopass 1.0 - Remote File Inclusion Vulnerability
No description provided by source. commp3allopass joomla component Remote File Include Vulnerability Component : commp3allopass Download file : http://www.joomlaratings.com Dicovered by : NoGe Contact : [email protected]...
BBS E-Market Professional bf_130 (1.3.0) - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11146/info BBS E-Market Professional is reported to be affected by a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system...
Multiple Wordpress Plugin timthumb.php Vulnerabilites
No description provided by source. Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumb.php librar...
Free Mp3 Player 1.0 - Local Denial of Service Vulnerability
No description provided by source. !/usr/bin/perl Exploit Title: Free Mp3 Player 1.0 Local Denial of Service Date: 19-12-2011 Author: JaMbA Download: http://www.softpedia.com/get/Multimedia/Audio/Audio-Players/Free-Mp3-Player.shtml Version: 1.0 Tested on: Windows 7 my $file= Crash.mp3; my $junk=...
Adobe Flash Player Object Type Confusion
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Oracle Sun GlassFish Enterprise Server - Stored XSS Vulnerability
No description provided by source. Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102 Patch12 build b31g-fcs...
TikiWiki <= 1.9.8 tiki-graph_formula.php Command Execution Exploit
No description provided by source. !/usr/bin/perl TikiWiki = 1.9.8 Remote Command Execution Exploit Description ----------- TikiWiki contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graphformula.php' script not properly sanitizing user inpu...
Publish-It 3.6d - Buffer Overflow Vulnerability
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. Advisory Information Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:...
Powered by iNetScripts: Shell Upload Vulnerability
No description provided by source. ==================================================== Powered by iNetScripts: Shell Upload Vulnerability ==================================================== Contact :Sec-q8 [email protected] Published: 2010-04-25 Home : http://Sec-Senter.com/vb ========= Exploi...
FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution
No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX http://www.freepbx.org/ Product:...
Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Webcam Corp Webcam Watchdog 4.0.1 sresult.exe Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10837/info Reportedly Webcam Corp Webcam Watchdog is affected by a remote cross-site scripting vulnerability in the sresult.exe binary. This issue is due to a failure of the application to properly sanitize user-supplied...
Cacti graph_view.php Remote Command Execution
No description provided by source. $Id: cactigraphimageexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...
Adobe Flash Player ActionScript Launch Command Execution Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow FreeBSD', 'Description' = %q This module...
CuteNews 0.88 comments.php Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. Under some circumstances, it is possible for remote attackers to influence the include path for several...
E-Mail Security Virtual Appliance (ESVA) Remote Execution
No description provided by source. Exploit Title: E-Mail Security Virtual Appliance ESVA Remote Execution. Date: 10 Aug 2012 Exploit Author: iJoo Vendor Homepage: http://www.esvacommunity.com/ Software Link: http://sourceforge.net/projects/esva-project/ Version: 2.0.6 ESVA E-Mail Security Virtual...
Novell iPrint Client Browser Plugin - call-back-url Stack Overflow
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ Title : Novell iPrint Client Browser Plugin call-back-url stack overflow Version : iPrint Client plugin v5.42 XP SP3 Analysis :...
MS Internet Explorer 5/6 Unauthorized Document Object Model Access Vulnerability
No description provided by source...
HP Data Protector 6.20 - Multiple Vulnerabilities
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protector Advisory ID:...
Pc4Uploader 9.0 - Remote Blind SQL Injection Vulnerability
No description provided by source. || || | || o,7 || . o7 || q||| ow, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait PEACE =Vuln: pc4arb - pc4 Uploader = 9.0 Blind SQL injection =INFO: http://pc4arb.com/product-13.html =BUY: http://pc4arb.com/deal-13.html =DORK: intext:Powered by...
Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3681/info The 'login' program is used in UNIX systems to authenticate users with a username and password. The utility is typically invoked at the console, by 'telnetd', 'rlogind', and if configured to do so, SSH. Versions...
Joomla Component NeoRecruit <= 1.4 (id) SQL Injection Vulnerability
No description provided by source. Title : Joomla Component NeoRecruit = 1.4 id Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.neojoomla.com/ $$ : 54,90 € Dork : inurl:index.php?option=comNeoRecruit DorkEx :...
Wordpress Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities
No description provided by source. waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind waraxe Date: 22. May 2013 Location: Estonia, Tartu Web:...
Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper
No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 Exploit Title: Mempodipper - Linux Local Root for =2.6.39, 32-bit and 64-bit Date: Jan 21, 2012 Author: zx2c4 Tested on: Gentoo,...
galleria Mambo Module <= 1.0b Remote File Include Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '63674' ssvid version = '1.0' author = '皮皮' vulDate = '2006-07-03' createDate = '2015-12-24...
PHPnuke 8.2 - Remote Upload File Exploit
Title : PHPnuke 8.2 Remote Upload File Exploit Author : Net.Edit0r Location : Iran Dork : "POWERED BY PHPNUKE.IR" Category : Remote Email : [email protected] [email protected] Special Thanks To :NetQurd For help in finding bugs Email :[email protected] InformatioN 1.Save code html format ...
zenphoto 0.9/1.0 index.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17779/info Zenphoto is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...
Luca Deri ntop 1.2 a7-9/1.3.1 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1576/info ntop is a network usage monitoring tool for unix systems. It can be invoked at the console or as a server daemon, presenting statistics information via http with the -w parameter. In this mode, it is vulnerable ...
MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MayGion IP Cameras multiple vulnerabilities 1. Advisory Information Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL:...
Fake Hit Generator <= 2.2 Shell Upload Vulnerability
No description provided by source. Exploit Title: Fake Hit Generator Shell Upload Vulnerability Date: 25.12.2009 Author: DigitALL Greetz: Zombie KroNickq HackSpy and All 1923turk.biz Members Version: 2.1 Dork: Upload unique IP List: and The Ultimate Fake Hit Generator - BOOST YOUR ALEXA RANK...
Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption
No description provided by source. TITLE: WEBKIT APPLE SAFARI 4.1.2/5.0.2 & GOOGLE CHROME 5.0.375.125 MEMORY CORRUPTION VULNERABILITY TESTED OS: WINDOWS XP SP3 SEVERITY: HIGH CVE-NUMBER: CVE-2010-1813 DISCOVERED DATE: 2010-06-29 FIXED DATE: GOOGLE CHROME 2010-07-26 & APPLE SAFARI 2010-09-08 FIXED...
Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability
No description provided by source. Source: http://www.securityfocus.com/bid/42269/info Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the comple...
Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28518/info Jax LinkLists is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of a...
Joomla Component com_gigcal (gigcal_gigs_id) 1.0 - SQL Injection
No description provided by source. Joomla Component comgigcalgigcalgigsid SQL-injection Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1. Vulnerability : SQL injection Google Dork : inurl:comgigcal -------------------------------------------------- !...
Wordpress Top Quark Architecture 2.10 - Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://topquark.com/ Software...
linux 3.4+ - Local Root (CONFIG_X86_X32=y)
No description provided by source. / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13 minutes to run because timeout-tvsec is decremented once...
Java Applet JAX-WS Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...
Linux Kernel 2.6.x - IPV6 Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15156/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from an infinite loop when binding IPv6 UDP ports. / Linux kernel IPv6 UDP port selection infinite loop local denial ...
Yealink VoIP Phone SIP-T38G - Remote Command Execution
No description provided by source. Title: Yealink VoIP Phone SIP-T38G Remote Command Execution Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5758 Description: Using cgiServer.exx we are ab...
Qemu virtio-net "virtio_net_handle_mac()"整数溢出漏洞
CVE ID:CVE-2014-0150 QEMU是一款面向完整PC系统的开源仿真器。 QEMU "virtionethandlemac"函数hw/net/virtio-net.c存在整数溢出错误,允许本地攻击者利用漏洞使系统崩溃,造成拒绝服务攻击。 0 Qemu 1.x Qemu 0.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://thread.gmane.org/gmane.comp.emulators.qemu/266713...