56796 matches found
Aerospike Database Server Set Name Code Execution Vulnerability(CVE-2016-9054)
Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchlistbysetbinid resulting in remote code execution. An...
Adobe Acrobat Reader DC jpeg decoder Remote Code Execution Vulnerability(CVE-2017-2971)
Summary A use of uninitialized memory vulnerability exists in JPEG image file format decoding code of Adobe Acrobat Reader which ultimately leads to a heap-based buffer overflow which can be abused to achieve remote code execution. A specially crafted PDF file with an embedded JPEG can trigger th...
youke365_SQL_Injection#1
优客365 v2.9版本 后台存在SQL注入,可导致获取后台管理员账号密码 1,一个单引号引发的血案 爆出了表名dirusers和一些列名 2,源码审计,问题代码在.\module\login.php 代码处理不严谨。根据上图,经测试,用户名可以用1' or '1'='1进行绕过 密码进行了md5加密,所以不能进行简单绕过 3,sql注入 将爆破后的密码进行md5解密,即可得到管理员密码。当然,也可以顺便爆破管理员账号。(所以通过管理员账号认证是有两种姿势) 4,愉快地登陆后台 最后附上payload payload = ' and select 1 fromselect...
dedecms最新版本后台getshell
官方下载最新安装包http://updatenew.dedecms.com/base-v57/package/DedeCMS-V5.7-UTF8-SP2.tar.gz 环境:Linux+phpstudy 上传图片抓包 POST /dedecms/include/dialog/selectimagespost.php?CKEditor=body&CKEditorFuncNum=2&langCode=zh-cn HTTP/1.1 Host: Content-Length: 42080 Cache-Control: max-age=0 Origin: http://...
优客365存储型XSS
在优客365的2.9版本,网站提交处的信息输入存在存储型XSS ./member/?mod=website&act=add 存在存储型xss 问题代码在./member/module/website.php 由图可见,filterwords没有进行过滤...
Ichitaro Office JTD Figure handling Code Execution Vulnerability(CVE-2017-2789)
Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro's proprietary file format is a Compound Document similar to .doc for Microsoft Word called .jtd. Wh...
IBOS企业协同管理软件最新开源版一处SQL注入
No description provided by source...
Apple GarageBand Out of Bounds Write Code Execution Vulnerability(CVE-2017-2374)
Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple's GarageBand version 10.1.5. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means. This...
Apple GarageBand Out of Bounds Write Code Execution Vulnerability(CVE-2017-2372)
Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple's GarageBand version 10.1.4. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means to...
Aerospike Database Server RW Fabric Message Particle Type Code Execution Vulnerability(CVE-2016-9053)
Summary An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An...
Iceni Argus PDF Inflate+LZW Decompression Heap-Based Buffer Overflow Vulnerability(CVE-2016-8387)
Summary An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to...
Ichitaro Word Processor PersistDirectory Code Execution Vulnerability(CVE-2017-2791)
Summary Ichitaro Office contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due t...
Ichitaro Office Excel File Code Execution Vulnerability(CVE-2017-2790)
Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro handles Microsoft Excel's .xls file format. When processing a record type of 0x3c from a Workbook...
Aerospike Database Server Fabric-Worker Socket-Loop Denial-of-Service Vulnerability(CVE-2016-9049)
Summary An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this...
Aerospike Database Server Client Batch Request Code Execution Vulnerability(CVE-2016-9051)
Summary An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attack...
Iceni Argus TrueType Font File Cmap Table Code Execution Vulnerability(CVE-2016-8386)
Summary An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than...
Iceni Argus icnChainAlloc Signed Comparison Code Execution Vulnerability(CVE-2016-8715)
Summary An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this...
Iceni Argus PDF Font-Encoding GlyphMap Adjustment Code Execution Vulnerability(CVE-2016-8388)
Summary An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects. Due to ...
Tomcat information disclosure Vulnerability(CVE-2017-12616 )analysis
Several recent Tomcat CVE CVE-2017-5664 Tomcat Security Constraint Bypass CVE-2017-12615 remote code execution vulnerability CVE-2017-12616 information disclosure vulnerability Common Is tasteless With JspServlet and DefaultServlet about the system. CVE-2017-12615 this remote code execution are...
Joomla! 3.7.5 LDAP injection vulnerability(CVE-2017-14596)
Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection With over 84 million downloads, Joomla! is one of the most popular content management systems in the World Wide Web. It powers about 3.3% of all websites’ content and articles. Our code analysis solution RIPS detected a previously unknown...
Moxa AWK-3131A Web Application onekey Information Disclosure Vulnerability(CVE-2016-0241)
Summary An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Tested Versions Moxa...
Iceni Argus PDF Uninitialized WordStyle Color Length Code Execution Vulnerability(CVE-2016-8385)
Summary An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operatio...
Pharos PopUp Printer Client memcpy Code Execution Vulnerability(CVE-2017-2787)
Summary A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening...
National Instruments LabVIEW LvVarientUnflatten Code Execution Vulnerability(CVE-2017-2775)
Summary An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled V...
Moxa AWK-3131A HTTP GET Denial of Service Vulnerability(CVE-2016-8723)
Summary An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of...
Pharos PopUp Printer Client DecodeString Code Execution Vulnerability(CVE-2017-2786)
Summary A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service. Tested Versions Pharos PopUp...
Moxa AWK-3131A Web Application bkpath HTTP Header Injection Vulnerability(CVE-2016-8720)
Summary An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the...
Iceni Argus ipStringCreate Code Execution Vulnerability(CVE-2017-2777)
Summary An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability. Tested Versions Iceni Argus 6.6.0...
Tomcat code execution vulnerability(CVE-2017-12615)
Vulnerability tidbits 2017 9 November 19, Apache Tomcat official confirmation and fixes two high-risk vulnerabilities, the vulnerability CVE number:CVE-2017-12615 and CVE-2017-12616,wherein the remote code execution vulnerability, CVE-2017-12615 impact: Apache Tomcat 7.0.0 - 7.0.79(7.0.81 repair...
Pharos PopUp Printer Client DecodeString Code Execution Vulnerability(CVE-2017-2785)
Summary An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always...
Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability(CVE-2016-8718)
Summary An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an...
Apps industrial OT over Server: Anti-Web Local File Inclusion(CVE-2017-9097)
Exploit Title: Apps industrial OT over Server: "Anti-Web 3.x.x 3.8.x" vuln: Local File Inclusion Date: 15/05/2017 Exploit Author: Bertin Jose @bertinjoseb && Fernandez Ezequiel @capitanalfa Vendor: Multiples vendors Category: Industrial OT webapps + DESCRIPTION: vulnerability: LFI Local File...
Apps industrial OT over Server: Anti-Web Remote Command Execution(CVE-2017-17888)
Exploit Title: Apps industrial OT over Server: "Anti-Web 3.x.x 3.8.x" vuln: Remote Command Execution Date: 15/05/2017 Exploit Author: Fernandez Ezequiel @capitanalfa && Bertin Jose @bertinjoseb Vendor: Multiples vendors Category: Industrial OT webapps + DESCRIPTION: vulnerability: RCE REMOTE...
Iceni Argus PDF TextToPolys Rasterization Code Execution Vulnerability(CVE-2016-8389)
Summary An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. When rasterizing these shapes, the tool will perfor...
Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability(CVE-2016-8716)
Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of...
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)
Summary An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the...
Pharos PopUp Printer Client DecodeBinary Code Execution Vulnerability(CVE-2017-2788)
Summary An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always...
R PDF LoadEncoding Code Execution Vulnerability(CVE-2016-8714)
Summary An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this...
Moxa AWK-3131A serviceAgent Information Disclosure Vulnerability(CVE-2016-8724)
Summary An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Tested Versions Moxa AWK-3131A...
ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability(CVE-2017-2784)
Summary An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbedTLS 2.4.0. A specially crafted x509 certificate, when parsed by mbedTLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order ...
Moxa AWK-3131A web_runScript Header Manipulation Denial of Service Vulnerability(CVE-2016-8726)
Summary An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web...
IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability(CVE-2017-2813)
Summary An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewin...
Moxa AWK-3131A Web Application asqc.asp Information Disclosure Vulnerability(CVE-2016-8722)
Summary An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Tested Versio...
Lexmark Perceptive Document Filters XLS ShapeHLink Information Disclosure Vulnerability(CVE-2017-2806)
Summary An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 Tested...
Moxa AWK-3131A Web Application Ping Command Injection Vulnerability(CVE-2016-8721)
Summary An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device...
Moxa AWK-3131A Web Application Multiple Reflected Cross-Site Scripting Vulnerabilities(CVE-2016-8719)
Summary An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Tested Versions...
HTTP OPTIONS method can leak Apache's server memory(CVE-2017-9798) (Optionsbleed)
If you're using the HTTP protocol in everday Internet use you are usually only using two of its methods: GET and POST. However HTTP has a number of other methods, so I wondered what you can do with them and if there are any vulnerabilities. One HTTP method is called OPTIONS. It simply allows aski...
AntennaHouse DMC HTMLFilter iBldDirInfo Code Execution Vulnerability(CVE-2017-2792)
Summary An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to...
Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability(CVE-2016-8717)
Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...
AntennaHouse DMC HTMLFilter FillRowFormat Code Execution Vulnerability(CVE-2017-2783)
Summary An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of AntennaHouse DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide maliciou...