56796 matches found
DUclassmate 1.x account.asp MM-recordId Parameter Arbitrary Password Modification
No description provided by source. source: http://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's...
Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability
No description provided by source. Source: http://www.securityfocus.com/bid/42269/info Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the comple...
Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit
No description provided by source. Exploit Title: Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit Date: 14/11/2010 Author: Itzhak Avraham, mj Tested on: Droid 2.1 CVE : CVE-2010-1807 Better exploit better rate and more flexible for changes, also shorter shellcode than what you have...
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow FreeBSD', 'Description' = %q This module...
TestLink <= 1.8.5 'order_by_login_dir' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37839/info TestLink is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...
Microsoft Windows ndproxy.sys - Local Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 Msf::Exploit::Local Rank = AverageRanking include Msf::Post::File include...
linux 3.4+ - Local Root (CONFIG_X86_X32=y)
No description provided by source. / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13 minutes to run because timeout-tvsec is decremented once...
Publish-It 3.6d - Buffer Overflow Vulnerability
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. Advisory Information Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:...
FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution
No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX http://www.freepbx.org/ Product:...
WeBid 1.0.2 persistent XSS via SQL Injection
No description provided by source. Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: powered by WeBid Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP Info: Open source php/mysql full...
Java Statement.invoke() Trusted Method Chain Exploit
No description provided by source. $Id: javatrustedchain.rb 11345 2010-12-15 22:46:22Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...
IPSwitch IMail Server <= 8.1 - Local Password Decryption Utility
No description provided by source. / IpSwitch IMail Server = ver 8.1 User Password Decryption by Adik netmaniac hotmail KG IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords. It uses polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption sche...
PhotoStore view_photog.php photogid Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execu...
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities
No description provided by source. ----------- Author: ----------- xistence xistenceat0x90.nl ------------------------- Affected products: ------------------------- Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances ------------------------- Affected vendors: ------------------------- Arra...
Oracle Application Server Portal 10g - Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29119/info Oracle Application Server Portal is prone to a authentication-bypass vulnerability because the application fails to properly restrict access to certain resources. An attacker can exploit this vulnerability to...
Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28518/info Jax LinkLists is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of a...
Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC
No description provided by source. / Title: Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 4.1.3.4125 Standalone Summary: KONTAKT 4 PLAYER is the free sample...
Pc4Uploader 9.0 - Remote Blind SQL Injection Vulnerability
No description provided by source. || || | || o,7 || . o7 || q||| ow, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait PEACE =Vuln: pc4arb - pc4 Uploader = 9.0 Blind SQL injection =INFO: http://pc4arb.com/product-13.html =BUY: http://pc4arb.com/deal-13.html =DORK: intext:Powered by...
TestLink Test Management and Execution System - Multiple XSS and Injection Vulnerabilities
No description provided by source. Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System 1. Advisory Information Title: Multiple XSS and Injection Vulnerabilities in TestLink...
Active News Manager activeNews_categories.asp catID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploitin...
Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption
No description provided by source. TITLE: WEBKIT APPLE SAFARI 4.1.2/5.0.2 & GOOGLE CHROME 5.0.375.125 MEMORY CORRUPTION VULNERABILITY TESTED OS: WINDOWS XP SP3 SEVERITY: HIGH CVE-NUMBER: CVE-2010-1813 DISCOVERED DATE: 2010-06-29 FIXED DATE: GOOGLE CHROME 2010-07-26 & APPLE SAFARI 2010-09-08 FIXED...
Joomla Component (com_sef) RFI
No description provided by source. ========================================================== Joomla Component comsef RFI =========================================================== WWw.HaCkTeacH.oRg/cc +===================================================================================+ ?Joomla...
Luca Deri ntop 1.2 a7-9/1.3.1 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1576/info ntop is a network usage monitoring tool for unix systems. It can be invoked at the console or as a server daemon, presenting statistics information via http with the -w parameter. In this mode, it is vulnerable ...
逐浪cms两处文件上传漏洞(有服务器环境限制)
简要描述: 也是要结合iis6的解析漏洞,不知道这两处跟之前提交的会不会重复 详细说明: 由于官网不是iis6的环境 我本地进行测试 第一处 http://127.0.0.1/Plugins/ckfinder/ckfinder.html 在左边文件夹Files下新建字幕了1.asp 然后点击1.asp目录然后上传图片木马3.gif 然后右键查看文件 就可以看到文件地址了 文件地址 http://127.0.0.1/UploadFiles/files/1.asp/3.GIF 第二处 http://127.0.0.1/plugins/imageupload.aspx protected vo...
Siemens SIMATIC S7-1200多个漏洞
CVE ID: CVE-2014-2249,CVE-2014-2250,CVE-2014-2252,CVE-2014-2254,CVE-2014-2256,CVE-2014-2258 SIMATIC S7-1200是可编程控制器,可实现简单却高度精确的自动化任务。 Siemens SIMATIC S7-1200 4.0.0之前版本在实现上存在多个漏洞,可被恶意利用执行跨站请求伪造、劫持用户会话、造成拒绝服务。 1、向TCP端口443发送特制的数据包造成的错误可造成设备进入defect模式。 2、随机生成器内弱熵相关错误,可导致劫持另外用户的会话。...
Huawei E355信息泄漏和跨站请求伪造漏洞
Bugtraq ID:66017 CVE ID:CVE-2013-6031 Huawei E355是一款家用SOHO路由器设备。 Huawei E355存在信息泄漏和跨站请求伪造漏洞,通过直接访问/api脚本,攻击者可利用漏洞获取敏感信息。此外构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 0 Huawei E355 目前没有详细解决方案提供: http://www.huawei.com/ This module requires Metasploit: http//metasploit.com/download Current source:...
phpweb /down/class/index.php SQL注入漏洞
No description provided by source...
Apache HBase RPC身份验证中间人安全措施绕过漏洞(CVE-2013-2193)
BUGTRAQ ID: 61981 CVECAN ID: CVE-2013-2193 HBase是一个分布式、版本化、构建在Apache Hadoop和Apache ZooKeeper上的列数据库 HBase 0.92.x、0.94.x版本在实现上存在安全绕过漏洞,从客户端到Region服务器的RPC流量可能会被具有任务运行权限的恶意用户及集群容器截获。Apache HBase RPC协议用来提供客户端和服务器之间的双向身份验证。但是恶意服务器或网络攻击者可以单方面禁用这些身份验证检查。这可导致绕过RPC流量保护机制。如果通过RPC传递身份验证凭证,也可导致权限提升 0 Apache...
Linux Kernel空指针引用本地拒绝服务漏洞(CVE-2013-5634)
BUGTRAQ ID: 61995 CVECAN ID: CVE-2013-5634 Linux Kernel是Linux操作系统的内核。 适用于ARM平台、支持CONFIGKVM的Linux kernel在KVM设备上执行ioctlKVMGETREGLIST调用时没有首先正确初始化vCPU,存在空指针引用漏洞,本地攻击者可利用此漏洞造成内核崩溃。 0 Linux kernel 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
DedeCMS 5.7 include/dedesql.class.php SQL注入漏洞
include/dedesql.class.php文件代码第589行601行,通过外部获取的arrs1变量和arrs2变量,然后把arrs1和arrs2拼接,分别作为全局变量的一个key和value,攻击者利用这个漏洞可以覆盖任意变量,最终导致SQL注入漏洞产生。 DedeCMS 5.7...
Linux Kernel "iscsi_add_notunderstood_response()"缓冲区溢出漏洞
CVE ID: CVE-2013-2850 Linux Kernel是一款开源的操作系统。 Linux iSCSI子系统存在一个基于堆的缓冲区溢出,允许远程攻击者利用漏洞发送特制请求获得内核执行控制。 在处理超大key时"iscsiaddnotunderstoodresponse"函数drivers/target/iscsi/iscsitargetparameters.c存在一个边界错误,允许攻击者发送超过64字节的KEY触发漏洞,可以以应用程序上下文执行任意代码。 要成功利用漏洞需要配置了iSCSI target并监听网络。 0 Linux Kernel 3.0.x Linux...
Apache ActiveMQ web demos多个跨站脚本漏洞(CVE-2012-6092)
CVE ID:CVE-2012-6092 Apache ActiveMQ是一款开源消息总线,支持JMS1.1和J2EE 1.4规范的JMS Provider实现。 Apache ActiveMQ web demos存在多个跨站脚本漏洞,允许远程攻击者通过PortfolioPublishServlet.java的refresh参数也即/demo/portfolioPublish或Market Data...
科讯 6.x~8.x getshell 0day
简要描述: 未对提交参数判断,导致可以写任意文件到服务器上... 详细说明: Wap/Plus/PhotoVote.asp 14 - 23 Dim KS:Set KS=New PublicCls Dim ID:ID = ReplaceKS.S"ID"," ","" Dim ChannelID:ChannelID=KS.G"ChannelID" If ChannelID="" Then ChannelID=2 If KS.G"LocalFileName""" And KS.G"RemoteFileUrl""" Then If...
Z-blog程序存在反射性XSS漏洞,影响1.8版本~
简要描述: 貌似听朋友说,剑心蝈蝈看到小厂商的XSS是审核不过的,所以我尴尬了,今天研究博客的时候无意发现了Z-blog博客存在的一个小XSS,在引用地址这里,试了试可以! 详细说明: 官方试了一下,可以弹, http://download.rainbowsoft.org/cmd.asp?act=gettburl&id=104%22%3E%3Cimg%20src=1%20onerror=alert1;%3E 然后GG一下 inurl:cmd.asp?act=gettburl&id= 先拿俩试试吧...
Linux Kernel XFS Filesystem 'fs/xfs/xfs_acl.c'整数溢出漏洞
Bugtraq ID: 51380 CVE ID:CVE-2012-0038 Linux是一款开源的操作系统。 Linux内核XFS文件系统存在整数溢出,攻击者可以利用漏洞使系统崩溃。 "xfsaclfromdisk"函数fs/xfs/xfsacl.c存在整数溢出,可被利用破坏内核内存。 要成功利用漏洞需要物理访问能自动安装插入媒体设备的系统或诱使用户安装恶意文件系统如通过USB设备。 0 Linux Kernel 2.6.x http://kqueue.org/blog/2012/01/10/cve-2012-0038-xfs-acl-count-integer-overflow/...
Google Chrome缓存对象历史枚举漏洞
Google Chrome是一个由Google公司开发的开放原码Open source网页浏览器。 Google Chrome处理缓存对象时在实现上存在安全漏洞,远程攻击者可利用此漏洞枚举已浏览的站点,获取敏感信息。 Google Chrome 15.x 厂商补丁: Google ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.google.com...
Android 'vold'释放后使用本地特权提升漏洞
Bugtraq ID: 50598 CVE ID:CVE-2011-4123 Open Handset Alliance Android是一款超过30家科技与移动电话公司所组成的团体开发的免费的移动电话平台。 在Android平台上"log"组的本地用户向vold "volume daemon"发送畸形消息,可触发基于栈的缓冲区溢出。通过释放任意堆对象触发释放后使用错误,可在所有Froyo 2.2.x和Gingerbread 2.4.x设备上提升特权。不过看起来在Honeycomb 3.x中已经得到修补。 Open Handset Alliance Android 2.3.5 Open...
Apache HTTP Server 1.3&2.x ByteRange过滤器拒绝服务漏洞
No description provided by source...
Microsoft Visio CVE-2011-1979远程代码执行漏洞
Bugtraq ID: 49021 CVE ID:CVE-2011-1979 Microsoft Visio是一款微软开发的流程图软件。 在解析特制的Visio文件时,Microsoft Visio校验内存中对象存在一个远程代码执行漏洞,攻击者构建恶意文件,诱使用户解析,可以应用程序上下文执行任意代码 Microsoft Visio 2007 SP2 Microsoft Visio 2007 SP1 Microsoft Visio 2007 0 Microsoft Visio 2003 Standard Microsoft Visio 2003 Professional Microsof...
discuz! X1.5 Get Shell 0day
简要描述: 可以自由写入一句话木马 详细说明: 以下为漏洞的EXP ?php printr' +---------------------------------------------------------------------------+ Discuz! X1-1.5 notifycredit.php Blind SQL injection exploit by toby57 2010.11.05 mail: admin at bkey org team: http://www.bkey.org 说明:alibaba把后续getshell代码添加了下去...
discuz x1.5 discuz 7.2 后台getshell 0day通杀版
简要描述: xml过滤不严导致漏洞产生 详细说明: 方法为: 后台:插件--添加插件--请选择导入方式:上传本帖附件中的XML文件 并同时勾选上 允许导入不同版本 Discuz! 的插件易产生错误!! 然后确认 不懂的可以看演示动画。。 shell地址就为:data/plugindata/shell.lang.php discuz x1.5 shell地址就为:data/plugin/data/shell.lang.php discuz 7.2 漏洞证明:...
Mozilla Firefox document.write()方式堆溢出漏洞
BUGTRAQ ID: 44425 CVE ID: CVE-2010-3765 Firefox是一款非常流行的开源WEB浏览器。 在启用了JavaScript的情况下,Firefox的document.write方式处理结合DOM注入可能触发堆溢出。攻击者可以通过 nsCSSFrameConstructor::ContentAppended、appendChild等方式触发这个漏洞,导致完全入侵用户系统。 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x Mozilla Thunderbird 3.1.x Mozilla Thunderbird...
Microsoft Excel EntExU2记录内存破坏漏洞(MS10-017)
BUGTRAQ ID: 38547 CVE ID: CVE-2010-0257 Excel是微软Office套件中的电子表格工具。 Excel处理特制Excel文件中畸形EntExU2记录的方式存在内存破坏漏洞。攻击者可以通过诱骗用户打开特制的XLS文件来利用这个漏洞,成功利用此漏洞可以导致完全控制受影响的系统。 Microsoft Excel 2002 SP3 临时解决方法: 不要打开从不可信任来源接收到货从可信任来源意外接收到的Excel文件。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS10-017)以及相应补丁:...
Kolang (proc_open PHP safe mode bypass 4.3.10 - 5.3.0)
No description provided by source. ?php / Kolang PHP Safe mode bypass IHSteam priv8 for lazy penetration testers php 4.3.10 - 5.3.0 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4018 12/19/2009 http://www.milw0rm.com/exploits/7393 12/09/2008 1- Kolang can be used directly in file...
Microsoft Windows ADFS服务单次登录功能认证欺骗漏洞(MS09-070)
BUGTRAQ ID: 37215 CVE ID: CVE-2009-2508 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的ADFS服务没有充分地验证会话管理,如果攻击者能够访问目标用户近期所使用的用于访问提供单次登录站点的工作站和Web浏览器,就可能允许攻击者扮演为通过认证的用户。 攻击者必须可以访问终端上之前用户所使用的认证令牌才可以利用这个漏洞。在启用了HTTPS服务器的情况下,认证令牌在传输中是受保护的,攻击者必须能够访问受害者的计算机(如自助终端机)才可以利用这个漏洞。在自助终端机上,用户可能登录到ADFS SSO...
WebKit Preflight请求同源策略绕过漏洞
Bugraq ID: 36997 CVE ID:CVE-2009-2816 WebKit是一款开放源代码的web浏览器引擎。 WebKit存在同源策略绕过问题,远程攻击者可以利用漏洞访问其他域中的资源。 WebKit的跨源资源共享实现存在安全问题,在允许某源的页面访问其他源中的资源前,WebKit会发送preflight请求给后者的服务器以访问资源。在preflight请求中WebKit包含由请求页面指定的定制HTTP头字段,这可导致跨站请求伪造攻击。 WebKit Open Source Project WebKit 0 Apple Safari For Windows 3.2.1...
UiPlayer UiCheck组件栈溢出漏洞
CVE ID: CVE-2009-2970 UiPlayer网络视频播放软件是联合网视(UITV)公司的视频播放软件。 UiPlayer的安装目录下的UiCheck.dll是一个ActiveX控件,该控件允许在IE中加载。UiCheck.dll提供了一个接口函数 GetUiDllVersion,该函数会把接收到的文件名参数拷贝到一个固定大小的缓冲区,如果文件名超长,就会导致栈溢出。 因为和百度等公司的合作,很多视频播放软件中也集成了UiPlayer,例如百度下吧等。 UiTV UiPlayer UiCheck.dll 1.0.0.6 Baidu BaiduV 临时解决方法:...
VMware Player和Workstation 'vmware-authd'远程拒绝服务漏洞
Bugraq ID: 36630 VMware Player是一款可以让PC用户在Windows或Linux PC上很容易的运行虚拟机的免费软件。VMWare Workstation是一款流行的虚拟机应用程序。 当处理登录请求时VMware授权服务存在错误,通过提交包含 '\xFF'字符的"USER"或"PASS"字符串给监听在TCP 912端口的"vmware-authd"进程,可导致服务停止响应。 根据报告,确认VMware Workstation 6.5.3 build 185404和VMware Player 2.5.3 build 185404中的vmware-authd.ex...
e107 eCaptcha plugin 2.1 xss
No description provided by source. Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in eCaptcha plugin for E107. I found this hole in July 2008 and disclosed it at 25.09.2008. XSS: POST query at page http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0...