56796 matches found
CuteNews 0.88 comments.php Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. Under some circumstances, it is possible for remote attackers to influence the include path for several...
ProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit
No description provided by source. / ProFTPd 1.2.7 - 1.2.9rc2 remote r00t exploit -------------------------------------------- By Haggis This exploit builds on the work of bkbll to create a working, brute-force remote exploit for the \n procesing bug in ProFTPd. Tested on SuSE 8.0, 8.1 and RedHat...
TikiWiki <= 1.9.8 tiki-graph_formula.php Command Execution Exploit
No description provided by source. !/usr/bin/perl TikiWiki = 1.9.8 Remote Command Execution Exploit Description ----------- TikiWiki contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graphformula.php' script not properly sanitizing user inpu...
E-Mail Security Virtual Appliance (ESVA) Remote Execution
No description provided by source. Exploit Title: E-Mail Security Virtual Appliance ESVA Remote Execution. Date: 10 Aug 2012 Exploit Author: iJoo Vendor Homepage: http://www.esvacommunity.com/ Software Link: http://sourceforge.net/projects/esva-project/ Version: 2.0.6 ESVA E-Mail Security Virtual...
Linux Kernel 2.6.x - IPV6 Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15156/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from an infinite loop when binding IPv6 UDP ports. / Linux kernel IPv6 UDP port selection infinite loop local denial ...
DUclassmate 1.x account.asp MM-recordId Parameter Arbitrary Password Modification
No description provided by source. source: http://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's...
FTPGetter 3.58.0.21 - Buffer Overflow (PASV) Exploit
No description provided by source. !/usr/bin/python Exploit Title: FTPGetter v3.58.0.21 Buffer Overflow PASV Exploit Date: 02/03/2011 Author: modpr0be Software Link: http://www.ftpgetter.com/ftpgettersetup.exe Vulnerable version: = 3.58.0.21 Tested on: Windows XP SP3 VMware Player 3.1.3...
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow FreeBSD', 'Description' = %q This module...
TestLink <= 1.8.5 'order_by_login_dir' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37839/info TestLink is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...
linux 3.4+ - Local Root (CONFIG_X86_X32=y)
No description provided by source. / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13 minutes to run because timeout-tvsec is decremented once...
FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution
No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX http://www.freepbx.org/ Product:...
WeBid 1.0.2 persistent XSS via SQL Injection
No description provided by source. Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: powered by WeBid Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP Info: Open source php/mysql full...
PhotoStore view_photog.php photogid Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execu...
Oracle Application Server Portal 10g - Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29119/info Oracle Application Server Portal is prone to a authentication-bypass vulnerability because the application fails to properly restrict access to certain resources. An attacker can exploit this vulnerability to...
Active News Manager activeNews_categories.asp catID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploitin...
Joomla Component (com_sef) RFI
No description provided by source. ========================================================== Joomla Component comsef RFI =========================================================== WWw.HaCkTeacH.oRg/cc +===================================================================================+ ?Joomla...
Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC
No description provided by source. / Title: Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 4.1.3.4125 Standalone Summary: KONTAKT 4 PLAYER is the free sample...
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities
No description provided by source. ----------- Author: ----------- xistence xistenceat0x90.nl ------------------------- Affected products: ------------------------- Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances ------------------------- Affected vendors: ------------------------- Arra...
Joomla Component com_gigcal (gigcal_gigs_id) 1.0 - SQL Injection
No description provided by source. Joomla Component comgigcalgigcalgigsid SQL-injection Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1. Vulnerability : SQL injection Google Dork : inurl:comgigcal -------------------------------------------------- !...
deeemm cms (dmcms) 0.7.4 - Multiple Vulnerabilities
No description provided by source. DeeEmm CMS Sql Injection/Rfi AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Script Download :...
TestLink Test Management and Execution System - Multiple XSS and Injection Vulnerabilities
No description provided by source. Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System 1. Advisory Information Title: Multiple XSS and Injection Vulnerabilities in TestLink...
Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
No description provided by source. ScanAlert Security Advisory - http://www.scanalert.com Directory Listing in Apache Tomcat 5.x.x Date: 07/21/2006 Vendor: Apache Package: Tomcat Versions: 5.x.x 5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed Credit: ScanAlert.s Enterprise Services Team. Overview:...
Siemens SIMATIC S7-1200多个漏洞
CVE ID: CVE-2014-2249,CVE-2014-2250,CVE-2014-2252,CVE-2014-2254,CVE-2014-2256,CVE-2014-2258 SIMATIC S7-1200是可编程控制器,可实现简单却高度精确的自动化任务。 Siemens SIMATIC S7-1200 4.0.0之前版本在实现上存在多个漏洞,可被恶意利用执行跨站请求伪造、劫持用户会话、造成拒绝服务。 1、向TCP端口443发送特制的数据包造成的错误可造成设备进入defect模式。 2、随机生成器内弱熵相关错误,可导致劫持另外用户的会话。...
Huawei E355信息泄漏和跨站请求伪造漏洞
Bugtraq ID:66017 CVE ID:CVE-2013-6031 Huawei E355是一款家用SOHO路由器设备。 Huawei E355存在信息泄漏和跨站请求伪造漏洞,通过直接访问/api脚本,攻击者可利用漏洞获取敏感信息。此外构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 0 Huawei E355 目前没有详细解决方案提供: http://www.huawei.com/ This module requires Metasploit: http//metasploit.com/download Current source:...
Linux Kernel 'wanxl.c'本地信息泄露漏洞
BUGTRAQ ID: 64953 CVECAN ID: CVE-2014-1445 Linux Kernel是Linux操作系统的内核。 Linux kernel在实现上存在本地信息泄露漏洞,本地攻击者可利用此漏洞造成内存泄露敏感信息。 0 Linux kernel 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
大汉版通JCMS内容管理系统文件上传漏洞
大汉版通JCMS内容管理系统是基于J2EE构架设计的内容管理系统,多用于政府门户网站。 大汉通JCMS对/jcms/m55/m553/importstyle.jsp的访问缺少权限控制,且该页面对上传文件类型只在客户端做了限制,从而导致任意文件上传漏洞。 0 大汉版通JCMS内容管理系统 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.hanweb.com/...
Cisco WebEx Training Center培训注册跨站脚本漏洞
Bugtraq ID:64277 CVE ID:CVE-2013-6963 Cisco WebEx Training Center是一款互动式培训解决方案,可开展电子教学。 Cisco WebEx Training Center培训中心注册页面不正确过滤用户提交的输入,允许远程攻击者利用漏洞构建恶意URI,诱使用户解析,可获取敏感信息或劫持用户会话。 0 Cisco WebEx Training Center 厂商补丁: Cisco ----- 用户可参考如下厂商提供的安全公告获得补丁信息:...
Apache HBase RPC身份验证中间人安全措施绕过漏洞(CVE-2013-2193)
BUGTRAQ ID: 61981 CVECAN ID: CVE-2013-2193 HBase是一个分布式、版本化、构建在Apache Hadoop和Apache ZooKeeper上的列数据库 HBase 0.92.x、0.94.x版本在实现上存在安全绕过漏洞,从客户端到Region服务器的RPC流量可能会被具有任务运行权限的恶意用户及集群容器截获。Apache HBase RPC协议用来提供客户端和服务器之间的双向身份验证。但是恶意服务器或网络攻击者可以单方面禁用这些身份验证检查。这可导致绕过RPC流量保护机制。如果通过RPC传递身份验证凭证,也可导致权限提升 0 Apache...
Z-blog程序存在反射性XSS漏洞,影响1.8版本~
简要描述: 貌似听朋友说,剑心蝈蝈看到小厂商的XSS是审核不过的,所以我尴尬了,今天研究博客的时候无意发现了Z-blog博客存在的一个小XSS,在引用地址这里,试了试可以! 详细说明: 官方试了一下,可以弹, http://download.rainbowsoft.org/cmd.asp?act=gettburl&id=104%22%3E%3Cimg%20src=1%20onerror=alert1;%3E 然后GG一下 inurl:cmd.asp?act=gettburl&id= 先拿俩试试吧...
Google Chrome OS 远程代码执行漏洞
BUGTRAQ ID: 55135 CVE ID: CVE-2012-2864 Chrome OS是一款Google正式宣布处于开发中的基于PC的操作系统。 Google Chrome OS 21.0.1183.0之前版本在实现上存在远程代码执行漏洞,攻击者可利用此漏洞在系统中执行任意代码或造成拒绝服务。 0 Google Chrome OS 0.9.130.14 Beta 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.google.com...
Apache MyFaces EL表达式求值安全绕过漏洞
Bugtraq ID: 50848 CVE ID:CVE-2011-4359 Apache MyFaces是一款JavaServer Faces技术开源实现。 Apache MyFaces存在安全漏洞,允许恶意用户绕过部分安全限制。 问题是由于解析Java Bean中的参数存在错误,可导致部分参数以EL表达式语言表达式求值。 成功利用漏洞需要Java Bean中"includeViewParameters"设置为"true"。 Apache MyFaces 2.1.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...
Linux kernel 2.6.x CIFS本地安全限制绕过漏洞
BUGTRAQ ID: 47381 CVE ID: CVE-2011-1585 Linux是自由电脑操作系统内核。 CIFS在Linux Kernel的实现上存在本地安全漏洞,本地攻击者可利用此漏洞绕过安全限制,执行非法操作 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
Android 'vold'释放后使用本地特权提升漏洞
Bugtraq ID: 50598 CVE ID:CVE-2011-4123 Open Handset Alliance Android是一款超过30家科技与移动电话公司所组成的团体开发的免费的移动电话平台。 在Android平台上"log"组的本地用户向vold "volume daemon"发送畸形消息,可触发基于栈的缓冲区溢出。通过释放任意堆对象触发释放后使用错误,可在所有Froyo 2.2.x和Gingerbread 2.4.x设备上提升特权。不过看起来在Honeycomb 3.x中已经得到修补。 Open Handset Alliance Android 2.3.5 Open...
Microsoft Visio CVE-2011-1979远程代码执行漏洞
Bugtraq ID: 49021 CVE ID:CVE-2011-1979 Microsoft Visio是一款微软开发的流程图软件。 在解析特制的Visio文件时,Microsoft Visio校验内存中对象存在一个远程代码执行漏洞,攻击者构建恶意文件,诱使用户解析,可以应用程序上下文执行任意代码 Microsoft Visio 2007 SP2 Microsoft Visio 2007 SP1 Microsoft Visio 2007 0 Microsoft Visio 2003 Standard Microsoft Visio 2003 Professional Microsof...
Mozilla Firefox document.write()方式堆溢出漏洞
BUGTRAQ ID: 44425 CVE ID: CVE-2010-3765 Firefox是一款非常流行的开源WEB浏览器。 在启用了JavaScript的情况下,Firefox的document.write方式处理结合DOM注入可能触发堆溢出。攻击者可以通过 nsCSSFrameConstructor::ContentAppended、appendChild等方式触发这个漏洞,导致完全入侵用户系统。 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x Mozilla Thunderbird 3.1.x Mozilla Thunderbird...
Microsoft Excel EntExU2记录内存破坏漏洞(MS10-017)
BUGTRAQ ID: 38547 CVE ID: CVE-2010-0257 Excel是微软Office套件中的电子表格工具。 Excel处理特制Excel文件中畸形EntExU2记录的方式存在内存破坏漏洞。攻击者可以通过诱骗用户打开特制的XLS文件来利用这个漏洞,成功利用此漏洞可以导致完全控制受影响的系统。 Microsoft Excel 2002 SP3 临时解决方法: 不要打开从不可信任来源接收到货从可信任来源意外接收到的Excel文件。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS10-017)以及相应补丁:...
Kolang (proc_open PHP safe mode bypass 4.3.10 - 5.3.0)
No description provided by source. ?php / Kolang PHP Safe mode bypass IHSteam priv8 for lazy penetration testers php 4.3.10 - 5.3.0 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4018 12/19/2009 http://www.milw0rm.com/exploits/7393 12/09/2008 1- Kolang can be used directly in file...
BM Classifieds Ads SQL Injection Vulnerability
No description provided by source. ALGERIAN HACKER - NORTH-AFRICA SECURITY TEAM - ! BM Classifieds ads SQL injection vulnerability ! Author : Dr.0rYX & Cr3w-DZ ! MAIL : [email protected] & [email protected] / Software Information + Vendor : http://www.bmscripts.com/ + script : powered by BM Classified...
UiPlayer UiCheck组件栈溢出漏洞
CVE ID: CVE-2009-2970 UiPlayer网络视频播放软件是联合网视(UITV)公司的视频播放软件。 UiPlayer的安装目录下的UiCheck.dll是一个ActiveX控件,该控件允许在IE中加载。UiCheck.dll提供了一个接口函数 GetUiDllVersion,该函数会把接收到的文件名参数拷贝到一个固定大小的缓冲区,如果文件名超长,就会导致栈溢出。 因为和百度等公司的合作,很多视频播放软件中也集成了UiPlayer,例如百度下吧等。 UiTV UiPlayer UiCheck.dll 1.0.0.6 Baidu BaiduV 临时解决方法:...
e107 eCaptcha plugin 2.1 xss
No description provided by source. Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in eCaptcha plugin for E107. I found this hole in July 2008 and disclosed it at 25.09.2008. XSS: POST query at page http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0...
Linux Kernel kvm_emulate_hypercall函数非授权MMU调用漏洞
CVE ID: CVE-2009-3290 Linux Kernel是开放源码操作系统Linux所使用的内核。 运行在x86系统上的Linux Kernel KVM虚拟机的arch/x86/kvm/x86.c文件中的kvmemulatehypercall函数没有限制ring 0对MMU超级调用的访问,这允许本地guest用户导致guest内核崩溃,或通过随机地址读取guest内核内存。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Linux kernel md驱动本地拒绝服务漏洞
CVECAN ID: CVE-2009-2849 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的md驱动(drivers/md/md.c)中存在拒绝服务漏洞,本地用户可以通过suspend sysfs属性和suspendlostore或suspendhistore函数触发空指针引用。只有在sysfs可写的情况下才可以利用这个漏洞。以下是有漏洞的代码段: static ssizet suspendlostoremddevt mddev, const char buf, sizet len char e; unsigned long long...
CUPS _cupsImageReadTIFF()函数整数溢出漏洞
BUGTRAQ ID: 34571 CVECAN ID: CVE-2009-0163 Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS的cupsImageReadTIFF函数在解析TIFF文件时没有正确地验证从文件读取的图形高度参数便将height值用于计算动态堆缓冲区的大小。如果在图像文件中设置了很大的高度值,计算就可能溢出,导致以CUPS服务的权限执行任意代码。 Easy Software Products...
Steamcast 0.9.75b Remote Denial of Service Exploit
No description provided by source. !/usr/bin/perl Steamcast 0.9.75 beta Remote Denial of Service Download :http://www.steamcast.com Tested Under Windows XP and linux Dork for test :"Powered By Steamcast "0.9.75 beta Author: ksa04 use strict; use warnings; use IO::Socket; my $host = shift || die...
Ubuntu network-manager-applet错误权限限制漏洞
BUGTRAQ ID: 33966 CVECAN ID: CVE-2009-0365,CVE-2009-0578 dnetwork-manager-applet是Ubuntu系统中所使用的网络管理程序。 network-manager-applet在响应dbus请求时没有正确地强制权限,本地用户可以通过dbus请求查看其他用户的网络连接口令和预共享密钥。 network-manager-applet在响应dbus modify和delete请求时没有正确地强制权限,本地用户可以使用dbus请求修改或删除其他用户的网络连接。 Ubuntu Linux 8.10 Ubuntu Linux...
Qwerty CMS (id) Remote SQL Injection Vulnerability
No description provided by source. QWERTY CMS SQL Injection. www.turkguvenligi.info / [email protected] t4cs1zkr4L - Agdscorp - TheHacker - Fatih - SuSkuN - Zec - DreamTurk - Mr.SheYtaN - Ghost61 - BLaSteR - Desquner - s3fa CMS PAGE : http://web-sites.kiev.ua GOOGLE DORK :...
pam-krb5 API使用本地权限提升漏洞
BUGTRAQ ID: 33740 CVECAN ID: CVE-2009-0360 pam-krb5提供了支持认证、授权、用户票据缓存处理等功能的Kerberos v5 PAM模块。 当链接到MIT Kerberos时,pam-krb5没有对在setuid环境中初始化Kerberos库使用正确的API,也就是MIT Kerberos库会信任环境变量来锁定Kerberos配置。攻击者可以利用这个漏洞绕过使用PAM进行认证的setuid应用程序所执行的认证检查,获得权限提升。如果pam-krb5链接到了Heimdal Kerberos实现就不会出现这个问题。 Russ Allbery...
DMXReady News Manager <= 1.1 Arbitrary Category Change Vuln
No description provided by source. Title : DMXReady News Manager = 1.1 Remote Category Change Vulnerability Author : "ajann" from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 69.97 $ Dork : inurl:incnewsmanager.asp DorkEx :...
DMXReady Member Directory Manager <= 1.1 SQL Injection Vulnerability
No description provided by source. Title : DMXReady Member Directory Manager = 1.1 SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.dmxready.com $$ : 99.97 $ Dork : inurl:incmemberdirectorymanager.asp DorkEx :...