56796 matches found
HybridAuth 2.2.2 - Remote Code Execution
No description provided by source. | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| HybridAuth = 2.2.2 Remote Code Execution Website : http://hybridauth.sourceforge.net/ Exploit Author : @u0x Pichaya Morimoto Release dates : August 5, 2014...
Gitlab-shell Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include...
BlazeDVD Pro 7.0 - (.plf) Stack Based Buffer Overflow (Direct RET)
No description provided by source. BlazeDVD Pro v7.0 - .plf Stack Based Buffer Overflow direct RET - ALSR/DEP bypass on Win8.1 Pro Date: Mon, Aug 11 2014 12:58:06 GMT Exploit Author: Giovanni Bartolomucci Vendor Homepage: http://www.blazevideo.com/ Software Link:...
Easy FTP Pro 4.2 iOS - Command Injection Vulnerabilities
No description provided by source. Document Title: =============== Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1291 Release Date: ============= 2014-08-06 Vulnerability Laboratory ID VL-ID:...
PhotoSync Wifi & Bluetooth 1.0 - File Include Vulnerability
No description provided by source. Document Title: =============== PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1289 Release Date: ============= 2014-08-04 Vulnerability Laboratory ID VL-ID:...
Feng Office - Stored XSS
No description provided by source. Affected software: Feng Office - URL: http://www.fengoffice.com/web/demo.php Discovered by: Provensec Website: http://www.provensec.com Type of vulnerability: XSS Stored Feng Office is a Collaboration tool that includes a CRM, Communication, Document Management,...
ProFTPD-1.3.3c 后门
No description provided by source...
Disqus for Wordpress 2.7.5 Admin Stored CSRF and XSS
No description provided by source. !-- Exploit for Disqus for Wordpress admin stored CSRF+XSS up to v2.7.5 Blog post explainer: https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/ 12th August 2014 Nik Cubrilovic - www.nikcub.com Most of these params are...
VSFTPD v2.3.4 后门
No description provided by source...
ContentKeeper Web 125.10 远程命令执行漏洞
No description provided by source...
Array Networks vAPV and vxAG Private Key 权限提升漏洞
No description provided by source...
UnrealIRCD 3.2.8.1 后门
No description provided by source...
Exim4 4.69 string_format Function 堆缓冲区溢出漏洞
No description provided by source...
Tenda A5s Router 3.02.05_CN 身份验证绕过
No description provided by source. ----------------------------------------------------------------------- Tenda A5s Router Authentication Bypass Vulnerability ----------------------------------------------------------------------- Author : zixian Mail : [email protected] Date : Aug, 17-2014 Vendor :...
VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/local/windowskernel' require 'rex' class Metasploit3 Msf::Exploit::Local Rank =...
Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link:...
FreePBX 2.10.0 callmenum 远程代码执行漏洞
No description provided by source...
TomatoCart 1.x - SQL Injection Vulnerability
No description provided by source. Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability Background: TomatoCart is open source ecommerce solution developed and maintained by a number of 64,000+ users from 50+ countries and regions. It's distributed under the terms of the GNU...
phpdisk 注入一枚。
简要描述: rt 详细说明: 发现竟然报错了。 看了一下所执行的语句 delete from pdfile2tag where fileid='1' and tagname not in 'asd' 因为phpdisk有全局转义 这样就知道肯定是有个过滤函数 把单引号替换空了 就留下了转义符 但是只有一个参数可控 能引入单引号也没啥用啊。 在modules/public.inc.php中 $tagarr = explode',',$tags; ifcount$tagarr 5 $error = true; $sysmsg = 'toomanytags';...
Firefox toString console.time Privileged Javascript Injection
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/exploitation/jsobfu' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include...
Phpyun SQL注入两枚
简要描述: 20140811 详细说明: 漏洞一: /member/model/com.class.php中 function job 。。。 570行 if$GET'del' || isarray$POST'checkboxid' ifisarray$POST'checkboxid' $layertype=1; $delid=$this-pylode",",$POST'checkboxid'; else if$GET'del' $layertype=0; $delid=$GET'del';//GET的del没有过滤,传给delid...
泛微eteams_oa系统越权修改任意用户信息
简要描述: 泛微eteams oa系统越权修改任何新信息 详细说明: 进入https://www.eteams.cn/login/demo 然后登陆一个普通用户如图所示: 然后鼠标点击页面尚首 这个人 如图所示: 抓包得到一个链接: https://www.eteams.cn/profile/summary/8005824116863355409.json?=1408094249509 这时候我们记住8005824116863355409这个东西 我们修改本用户资料处: 我们修改一下电话,然后抓包并且把里面的employee.id替换为8005824116863355409为:...
建站之星Sitestar设计缺陷可CSRF修改管理员密码
简要描述: 没有技术含量的洞。! 详细说明: WooYun: 建站之星敏感功能csrf 可dump数据库 对于这个洞中厂商的回复感觉坑爹,再来一处CSRF提醒下厂商。 强烈建议查下CSRF的介绍。 /admin/index.php?m=moduser&a=adminupdate&userid=1&passwdpasswd=123123&passwdrepasswd=123123&[email protected]&useractive=1&usersrole=admin&userfullname=&usermobile=&submit=%E4%BF%9D%E5%AD%98...
Ecmall v2.3.0 /seller_groupbuy.app.php SQL注入漏洞
No description provided by source...
oxwall 1.7.0 /avatar_service.php 文件上传漏洞
No description provided by source...
云之家(中国最大移动工作台)存储型XSS
简要描述: http://kdweibo.com/home/yonghuanli看了下他的用户,移动电信 还有银行房地产 还有跨国上市公司! 可惜我忘了这个好像不是通用┬_┬。。。奖金啊。。。 详细说明: 前言 系统确实不错,找了半天没啥地方可以插,不过“感觉”到某个点可以插,果不其然! 1 这个框从哪儿弹出来的呢? 上传特殊文件名的文件 2 windows系统不允许文件名包含特殊符号,但是linux,OSX等系统却可以 在消息处给目标账户发送该文件:数据搜索..exe 3 所有可以传文件的地方都存在该问题!是不是涨知识了呢? 漏洞证明: img...
Libsys 5.0 /ajax_asyn_link.php 本地文件包含漏洞
No description provided by source...
qibocms某功能缺陷可致前台管理登录
简要描述: RT.前台管理登录,由于是通用文件,涉及多个系统。 详细说明: 0x1 前台admin登录 inc/function.inc.php: function mymd5$string,$action="EN",$rand='' //字符串加密和解密 global $webdb; if$action=="DE"//处理+号在URL传递过程中会异常 $string = strreplace'QIBO|ADD','+',$string; $secretstring = $webdbmymd5.$rand.'5j,.^&;?.%@!'; //绝密字符串,可以任意设定...
U-Mail邮件服务系统存在漏洞可获取所有用户密码
简要描述: 产品介绍摘自官网 U-Mail专注于电子邮件领域15年,为企业轻松搭建最安全稳定的电子邮件系统软件。 关键字:15年 最安全 最稳定 涉及:金融、政府、银行,石油、军队、证券行业等重要部门,影响非常巨大,经测试受影响率:99.8%100% 场外话:我很想把农业银行拿下来的,想想还是算了,毕竟随便改卡里的数字,成土豪了,这样是极其不安全的.. 详细说明: 1 产品介绍...
用友网络商城命令执行(可getshell)
简要描述: 详细说明: 用友网络商城ThinkPHP2.2命令执行. 1.网络商城地址 http://ec.yonyou.com 2.命令执行 http://ec.yonyou.com/index.php/module/action/param1/$phpinfo phpinfo IP地址 物理路径 漏洞证明:...
用友某销售信息管理系统站点后台弱口令
简要描述: 用友某销售信息管理系统站点后台弱口令 详细说明: 1.用友销售信息管理系统SIMS地址: http://jygl.seentao.com/ 用sysadmin/ufsoft123成功登陆后台 传说用友好多密码都是ufsoft,ufsoft123,ufsoft888等等 漏洞证明:...
DigiEye 3G 后门
No description provided by source...
金蝶某处存在默认密码泄露备份文件
简要描述: 金蝶某处存在默认密码泄露备份文件 详细说明: 三个FTP存在默认密码 ftp [email protected] 202.104.120.72 202.104.120.42 202.104.120.18 登录发现202.104.120.72 下存在压缩文件cloud.zip 漏洞证明: 可以看到某系统敏感信息。...
GitList 0.4.0 /controller/blobcontroller.php 命令执行漏洞
No description provided by source...
TCCMS /app/controller/user.class.php 权限提升漏洞
No description provided by source...
Dell DRAC 弱密码漏洞
No description provided by source...
qibocms b2b 二次注入一枚。
简要描述: 应该是qibo的最后一弹了。 详细说明: 所测试的 http://down.qibosoft.com/down.php?v=b2b 在hy/member/homapagectrl/info.php中 $db-query"INSERT INTO $precompanyfid VALUES $values"; $title=filtrate$title; $picurl=filtrate$picurl; $fname=filtrate$fname; $mytrade=filtrate$mytrade; $qycate=filtrate$qycate;...
Phpyun存储型xss14处可打后台cookie附带绕过和批量定位方法
简要描述: 20140811。绕过过滤,批量找xss,可打cookie。 详细说明: 刚开始做审计,phpyun的代码之前没有看过,phith0n曾经发过一个打包的xss,说是客户端过滤没有进行服务端过滤,现在这个版本应该是服务端过滤吧。 phpyun的global.php里面引用了两个安全的php文件,分别是data/db.safety.php和include/webscan360/360safe/360webscan.php。 先来看看data/db.safety.php: if$config'syistemplate'!='1' ||...
QiboCMS v7 /member/post.php SQL注入漏洞
No description provided by source...
建站之星Sitestar设计缺陷可dump数据库(有条件)
简要描述: 有条件的缺陷。 详细说明: 还是短文件名的问题,这种设计就是一个缺陷。 首先看下默认情况备份以后的文件名,每次备份会产生两个文件 一个为sql,一个是经过压缩的zip backup20140816134106v1.sql backup20140816134106v.zip 可以看到是 backup日期时间v 这样的结构 超过了9个字符,可以利用短文件名漏洞 只要管理员备份过文件,就可以利用 backup1.zip backup1.sql 漏洞证明:...
骑士CMS存储型XSS(攻击管理员)
简要描述: 写给审核:今天您说已多次提交所以忽略的BUG我解释下,我很久前提交过一次这个BUG,其次您说乌云不提倡脱数据,数据我都已删除了,我不是那种不明法律轻重的人,这个您放心,敬请原谅!ps:提交漏洞比挖掘漏洞用的时间还要多,我是对厂商负责的好少年 ---------------------------------------------------------------------------------------------------------------------------------------------- 以上与厂商无关,说的另外的事...
用友软件协作办公平台通用DBA权限SQL注入漏洞之三
简要描述: 与http://www.wooyun.org/bugs/wooyun-2014-072183非同目录下 详细说明: system/config/selectUDR.jsp 漏洞证明: 1.http://oa.danzi.com.cn:9090/system/config/selectUDR.jsp?id=1 2.http://fsd2014.f3322.org:9090/system/config/selectUDR.jsp...
欧朋浏览器表单请求伪造网站漏洞
简要描述: RT 详细说明: 欧朋手机浏览器 10.0.0.81463 测试手机为安卓4.4.2 漏洞证明: payload: None...
WebSTAR FTP Server USER 溢出漏洞
No description provided by source...
用友软件协作办公平台通用DBA权限SQL注入漏洞
简要描述: RT 详细说明: sys\sortListUI.jsp String done=request.getParameter"done"; String nodeId=request.getParameter"nodeId"; String strWhere=""; String id=request.getParameter"id"; String srcName = BaseFunc.ISOToGBKrequest.getParameter"srcName";//注入点 String searchKey =...
Mac OS X 10.4.9 mDNSResponder UPnP Location 缓冲区溢出漏洞
No description provided by source...
MacOS X EvoCam 3.6.7 HTTP GET 缓冲区溢出漏洞
No description provided by source...
Mac OS X NFS Mount 权限提升漏洞
No description provided by source...
Mac OS X 10.8.4 Sudo Password 登录绕过漏洞
No description provided by source...