56796 matches found
Oracle Outside In Technology PDF parser confusion Code Execution Vulnerability(CVE-2017-3271)
Summary An exploitable arbitrary write vulnerability exists in the PDF parser functionality of Oracle Outside In Technology SDK. A specially crafted PDF document can cause a parser confusion resulting in an arbitrary write vulnerability ultimately leading to code execution. Tested Versions Oracle...
Aerospike Database Server Set Name Code Execution Vulnerability(CVE-2016-9054)
Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchlistbysetbinid resulting in remote code execution. An...
dedecms最新版本后台getshell
官方下载最新安装包http://updatenew.dedecms.com/base-v57/package/DedeCMS-V5.7-UTF8-SP2.tar.gz 环境:Linux+phpstudy 上传图片抓包 POST /dedecms/include/dialog/selectimagespost.php?CKEditor=body&CKEditorFuncNum=2&langCode=zh-cn HTTP/1.1 Host: Content-Length: 42080 Cache-Control: max-age=0 Origin: http://...
youke365_SQL_Injection#1
优客365 v2.9版本 后台存在SQL注入,可导致获取后台管理员账号密码 1,一个单引号引发的血案 爆出了表名dirusers和一些列名 2,源码审计,问题代码在.\module\login.php 代码处理不严谨。根据上图,经测试,用户名可以用1' or '1'='1进行绕过 密码进行了md5加密,所以不能进行简单绕过 3,sql注入 将爆破后的密码进行md5解密,即可得到管理员密码。当然,也可以顺便爆破管理员账号。(所以通过管理员账号认证是有两种姿势) 4,愉快地登陆后台 最后附上payload payload = ' and select 1 fromselect...
Ichitaro Office JTD Figure handling Code Execution Vulnerability(CVE-2017-2789)
Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro's proprietary file format is a Compound Document similar to .doc for Microsoft Word called .jtd. Wh...
Iceni Argus PDF Inflate+LZW Decompression Heap-Based Buffer Overflow Vulnerability(CVE-2016-8387)
Summary An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to...
Ichitaro Office Excel File Code Execution Vulnerability(CVE-2017-2790)
Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro handles Microsoft Excel's .xls file format. When processing a record type of 0x3c from a Workbook...
优客365存储型XSS
在优客365的2.9版本,网站提交处的信息输入存在存储型XSS ./member/?mod=website&act=add 存在存储型xss 问题代码在./member/module/website.php 由图可见,filterwords没有进行过滤...
Apple GarageBand Out of Bounds Write Code Execution Vulnerability(CVE-2017-2372)
Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple's GarageBand version 10.1.4. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means to...
Apple GarageBand Out of Bounds Write Code Execution Vulnerability(CVE-2017-2374)
Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple's GarageBand version 10.1.5. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means. This...
Aerospike Database Server RW Fabric Message Particle Type Code Execution Vulnerability(CVE-2016-9053)
Summary An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An...
Aerospike Database Server Client Batch Request Code Execution Vulnerability(CVE-2016-9051)
Summary An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attack...
Aerospike Database Server Fabric-Worker Socket-Loop Denial-of-Service Vulnerability(CVE-2016-9049)
Summary An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this...
IBOS企业协同管理软件最新开源版一处SQL注入
No description provided by source...
Ichitaro Word Processor PersistDirectory Code Execution Vulnerability(CVE-2017-2791)
Summary Ichitaro Office contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due t...
Tomcat information disclosure Vulnerability(CVE-2017-12616 )analysis
Several recent Tomcat CVE CVE-2017-5664 Tomcat Security Constraint Bypass CVE-2017-12615 remote code execution vulnerability CVE-2017-12616 information disclosure vulnerability Common Is tasteless With JspServlet and DefaultServlet about the system. CVE-2017-12615 this remote code execution are...
Iceni Argus TrueType Font File Cmap Table Code Execution Vulnerability(CVE-2016-8386)
Summary An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than...
Joomla! 3.7.5 LDAP injection vulnerability(CVE-2017-14596)
Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection With over 84 million downloads, Joomla! is one of the most popular content management systems in the World Wide Web. It powers about 3.3% of all websites’ content and articles. Our code analysis solution RIPS detected a previously unknown...
Iceni Argus PDF Font-Encoding GlyphMap Adjustment Code Execution Vulnerability(CVE-2016-8388)
Summary An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects. Due to ...
Iceni Argus icnChainAlloc Signed Comparison Code Execution Vulnerability(CVE-2016-8715)
Summary An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this...
Tomcat code execution vulnerability(CVE-2017-12615)
Vulnerability tidbits 2017 9 November 19, Apache Tomcat official confirmation and fixes two high-risk vulnerabilities, the vulnerability CVE number:CVE-2017-12615 and CVE-2017-12616,wherein the remote code execution vulnerability, CVE-2017-12615 impact: Apache Tomcat 7.0.0 - 7.0.79(7.0.81 repair...
Iceni Argus PDF Uninitialized WordStyle Color Length Code Execution Vulnerability(CVE-2016-8385)
Summary An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operatio...
Pharos PopUp Printer Client DecodeString Code Execution Vulnerability(CVE-2017-2786)
Summary A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service. Tested Versions Pharos PopUp...
Apps industrial OT over Server: Anti-Web Remote Command Execution(CVE-2017-17888)
Exploit Title: Apps industrial OT over Server: "Anti-Web 3.x.x 3.8.x" vuln: Remote Command Execution Date: 15/05/2017 Exploit Author: Fernandez Ezequiel @capitanalfa && Bertin Jose @bertinjoseb Vendor: Multiples vendors Category: Industrial OT webapps + DESCRIPTION: vulnerability: RCE REMOTE...
Pharos PopUp Printer Client memcpy Code Execution Vulnerability(CVE-2017-2787)
Summary A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening...
Pharos PopUp Printer Client DecodeBinary Code Execution Vulnerability(CVE-2017-2788)
Summary An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always...
Iceni Argus PDF TextToPolys Rasterization Code Execution Vulnerability(CVE-2016-8389)
Summary An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. When rasterizing these shapes, the tool will perfor...
Pharos PopUp Printer Client DecodeString Code Execution Vulnerability(CVE-2017-2785)
Summary An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always...
R PDF LoadEncoding Code Execution Vulnerability(CVE-2016-8714)
Summary An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this...
National Instruments LabVIEW LvVarientUnflatten Code Execution Vulnerability(CVE-2017-2775)
Summary An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled V...
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)
Summary An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the...
Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability(CVE-2016-8718)
Summary An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an...
Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability(CVE-2016-8716)
Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of...
Moxa AWK-3131A Web Application bkpath HTTP Header Injection Vulnerability(CVE-2016-8720)
Summary An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the...
Moxa AWK-3131A HTTP GET Denial of Service Vulnerability(CVE-2016-8723)
Summary An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of...
Moxa AWK-3131A Web Application onekey Information Disclosure Vulnerability(CVE-2016-0241)
Summary An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Tested Versions Moxa...
Iceni Argus ipStringCreate Code Execution Vulnerability(CVE-2017-2777)
Summary An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability. Tested Versions Iceni Argus 6.6.0...
Apps industrial OT over Server: Anti-Web Local File Inclusion(CVE-2017-9097)
Exploit Title: Apps industrial OT over Server: "Anti-Web 3.x.x 3.8.x" vuln: Local File Inclusion Date: 15/05/2017 Exploit Author: Bertin Jose @bertinjoseb && Fernandez Ezequiel @capitanalfa Vendor: Multiples vendors Category: Industrial OT webapps + DESCRIPTION: vulnerability: LFI Local File...
Moxa AWK-3131A web_runScript Header Manipulation Denial of Service Vulnerability(CVE-2016-8726)
Summary An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web...
Moxa AWK-3131A Web Application Multiple Reflected Cross-Site Scripting Vulnerabilities(CVE-2016-8719)
Summary An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Tested Versions...
Moxa AWK-3131A serviceAgent Information Disclosure Vulnerability(CVE-2016-8724)
Summary An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Tested Versions Moxa AWK-3131A...
Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability(CVE-2016-8717)
Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...
Lexmark Perceptive Document Filters XLS ShapeHLink Information Disclosure Vulnerability(CVE-2017-2806)
Summary An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 Tested...
Moxa AWK-3131A Web Application asqc.asp Information Disclosure Vulnerability(CVE-2016-8722)
Summary An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Tested Versio...
ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability(CVE-2017-2784)
Summary An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbedTLS 2.4.0. A specially crafted x509 certificate, when parsed by mbedTLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order ...
IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability(CVE-2017-2813)
Summary An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewin...
AntennaHouse DMC HTMLFilter DHFSummary Code Execution Vulnerability(CVE-2016-8384)
Summary An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious doc file to trigger this vulnerability...
AntennaHouse DMC HTMLFilter iBldDirInfo Code Execution Vulnerability(CVE-2017-2792)
Summary An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to...
AntennaHouse DMC HTMLFilter PPT DHFSummary Code Execution Vulnerability(CVE-2017-2794)
Summary An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide maliciou...
AntennaHouse DMC HTMLFilter FillRowFormat Code Execution Vulnerability(CVE-2017-2783)
Summary An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of AntennaHouse DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide maliciou...