wecenter deserialize caused by any SQL statement executed

/app/m/weixin. php:110 model'account'-logout; unsetAWSAPP::session-WXConnect; if getsetting'weixinaccountrole' != 'service' H::redirectmsgAWSAPP::lang-t'this feature is only applicable to through micro-channel authentication service number'; else if $GET'code' OR $GET'state' == 'OAUTH' if...

FTPShell Client 5.24 - 'PWD' Remote Buffer Overflow

No description provided by source...

74cms background tpl_dir parameter arbitrary code execution vulnerability

Foreword No getshell audit is playing rogue. Today suddenly Emmanuel flashed, re-looked under 74cms, finally scored. The body 在Application/Common/Controller/BackendController.class.php There are so a period of terrible code public function updateconfig$newconfig, $configfile = " ! isfile$configfi...

dotCMS Blind Boolean SQL Injection in dotCMS <= 3.6.1 (CVE-2017-5344)

Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content experiences across multiple channels. dotCMS can serve as the plaform for sites, mobile apps, mini-sites, portals,...

SSL 3.0 POODLE（CVE-2014-3566）

SSL 3.0 POODLE attack information disclosure VulnerabilityCVE-2014-3566 Release date: 2014-10-14 Update date: 2014-10-16 Affected system: Netscape ssl 3.0 Netscape tls Not affected system: Netscape tls 1.2 Netscape tls 1.1 Netscape tls 1.0 Description: CVECAN ID: CVE-2014-3566 SSL3. 0 is an...

RVM command injection when automatically loading environment variables from files in $PWD

RVM, by default, hooks cd and automatically detects the presence of certain files in the directory being changed to. These files and their mechanics are detailed at . The code that parses these files is available at look for the rvmloadprojectconfig function. The code, as of a vulnerable commit, ...

RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD

RVM, by default, hooks cd and automatically parses a file named .versions.conf in the directory being changed to. The intention seems to be that, if the user's $rvmautoinstallbundlerflag setting is enabled, then .versions.conf can specify a Gemfile that will automatically be fed to bundle install...

RVM automatically executes hooks located in $PWD

RVM, by default, hooks cd and automatically executes various auxiliary hooks when a user changes into a directory. The mechanics of these additional aftercd hooks are detailed at . What this page fails to mention is that hooks, as of a vulnerable version, are not only loaded from /.rvm/hooks but...

RVM automatically loads environment variables from files in $PWD

RVM, by default, hooks cd and automatically detects the presence of certain files in the directory being changed to. These files and their mechanics are detailed at . The code that parses these files is available at look for the rvmloadprojectconfig function. The code, as of a vulnerable commit, ...

RVM automatically installs gems as specified by files in $PWD

RVM, by default, hooks cd and automatically parses a file named .versions.conf in the directory being changed to. This file can provide the names of arbitrary gems, via ruby-gem-install entries, which will be automatically passed to gem install upon cd into the directory. The code responsible, as...

Oracle Mysql Memcached Remote Code Execution Vulnerability

Vulnerable Systems: Oracle Mysql 5.7.13 vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached...

ntfs-3g - Unsanitized modprobe mention the right Vulnerability( CVE-2017-0358)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 ntfs-3g is installed by default e.g. on Ubuntu and comes with a setuid root program /bin/ntfs-3g. When this program is invoked on a system whose kernel does not support FUSE filesystems detected by getfusefstype, ntfs-3g...

thinkcmf \application\User\Controller\ProfileController.class.php arbitrary file delete vulnerability

No description provided by source...

Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow

Vulnerability background An ftp server seems to be very small,the feeling should be not many people use this to open the ftp service, but there is a vulnerability, and zoomeye be able to search to a lot of equipment to use the service,and the analysis very simple. Vulnerability details Treatment...

D-link DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow

No description provided by source...

xercms \XerCMS\Modules\member\index.php parameters$_FILES SQL injection

sql injection in D:\wamp\www\XerCMS\Modules\member\index. in php upfiles function public function upfiles setformat'json'; $config = ini'member/group/'. X::$G'group'; ifempty$config exit'Access Denied'; else if$config'upload'0 == 0 error'uploadgrouplimit'; else if$config'upload'1 != 0 &&...

xercms \XerCMS\Services\admin\member.php the background file contains any SQL statement execution vulnerability

In the D:\phpStudy\WWW\xercms\XerCMS\Services\admin\forms. in php updateTemplate（）function function updateTemplate $sname = g'sname';$data = stripslashesp'content'; fileputcontentsINC.' Data/forms/template/'.$ sname.'. htm',$data; $this-tips'finish',dreferer; You can see fileputcontentsINC.'...

FUDforum 3.0.6 - Local File Inclusion

Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: LFI Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to public: 11/10/2016 Release...

Wordpress 插件cmw-speakers speaker_details.php 参数id SQL注入漏洞

No description provided by source...

Apache Tomcat information disclosure Vulnerability, CVE-2016-6816）

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M11 Apache Tomcat 8.5.0 to 8.5.6 Apache Tomcat 8.0.0.RC1 to 8.0.38 Apache Tomcat 7.0.0 to 7.0.72 Apache Tomcat 6.0.0 to 6.0.47 Earlier, unsupported versions may also be affected...

Apache Tomcat denial of service vulnerability, CVE-2016-6817）

The HTTP/2 header parser entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. This was fixed in revision 1765794. This issue was reported as 60232 on 10 October 2016 and the security implications identified by...

OnePlus 3/3T: Bootloader disable dm-verity Vulnerability (CVE-2017-5624)

CVE-2017-5624, affecting all versions of OxygenOS to date, allows the attacker to disable dm-verity. The combination of the vulnerabilities enables a powerful attack – persistent highly privileged code execution without any warning to the user and with access to the original user’s data after the...

OpenBSD http server - denial of service vulnerability(CVE-2017-5850)

No description provided by source. !/usr/bin/perl -w curl --limit-rate 1 --continue-at 1 --header "Host: www.example.com" http://target/10mb.fs use warnings; use IO::Socket; use Parallel::ForkManager; $numforks = 50; if $ARGV \n"; sub killhttpd print "ATTACKING $ARGV0 using $numforks forks\n"; $p...

OnePlus 3/3T Bypassing the Bootloader’s Lock (CVE-2017-5626)

Bypassing the Bootloader’s Lock CVE-2017-5626 OnePlus 3 & 3T running OxygenOS 3.2 - 4.0.1 had two proprietary fastboot oem commands: 1. fastboot oem 4F500301 – bypasses the bootloader’s lock – allowing one with fastboot access to effectively unlock the device, disregarding OEM Unlocking, without...

Node.js 模块 node-serialize 反序列化任意代码执行漏洞

原文链接：Exploiting Node.js deserialization bug for Remote Code Execution 有增改 原作者：Ajin Abraham 译：Holic 知道创宇404安全实验室 tl;dr 若不可信的数据传入 unserialize 函数，通过传递立即调用函数表达式（IIFE）的 JavaScript 对象可以实现任意代码执行。 漏洞详情 审计 Node.js 代码时，我正好看到一个名为 node-serialize 的序列号/反序列化模块。下面是一段代码示例，来自网络请求的 cookie 会传递到该模块的 unserialize 函数中。...

F5 TLS vulnerability (CVE-2016-9244) (Ticketbleed)

Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...

TP-Link C2 and C20i command injection Vulnerability

Product Description TP-Link is a Chinese manufacturer of computer networking products such as routers and IOT devices. Vulnerabilities Summary Command Injections exist in the HTTP management interface up to the latest firmware version 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n of TP-Link C2 and...

Pear HTTP_Upload 1.0. 0b3 - arbitrary file upload

Vulnerability description Vulnerability impact: Pear HTTPUpload 1.0. 0b3 Download: https://pear.php.net/manual/en/package.http.http-upload.php Vulnerability type: arbitrary file upload Pear HTTPUpload profile: Pear's HTTPUpload class library provides a good package of html form file upload handle...

DramaNetwork news.php parameter newid SQL injection vulnerability

No description provided by source...

Discuz! 2.5-3.3 version stored XSS vulnerability

No description provided by source...

Easy Support Tools 1.0 - 'stt' Parameter SQL Injection

No description provided by source. !/usr/bin/python -- coding: utf-8 -- from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re import random import hashlib class TestPOCPOCBase: name = "Easy Support Tools 1.0 - 'stt' Parameter SQL...

jQuery Mobile redirect XSS vulnerability

TL;DR - Any website that uses jQuery Mobile and has an open redirect is now vulnerable to XSS - and there's nothing you can do about it, there's not even patch \ツ/ . jQuery Mobile is a cool jQuery UI system that makes building mobile apps easier. It does some part of what other frameworks like...

Easy Web Search 3 - 'id' Parameter SQL Injection

No description provided by source. !/usr/bin/python -- coding: utf-8 -- from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re import random import hashlib class TestPOCPOCBase: name = "Easy Web Search 3 - 'id' Parameter SQL Injection"...

PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP object injection vulnerability

Software Link: https://pear.php.net/package/HTMLAJAX Affected Versions: All versions from 0.3.0 to 0.5.7. Vulnerability Description: The vulnerable code is located within the HTMLAJAXSerializerPHP class defined into the /AJAX/Serializer/PHP.php script. Such a class uses the unserialize PHP functi...

Cicada-known CMS v5. 6 system/module/cart/control.php add function SQL injection vulnerability

Zen known in passing parameters when not directly global protection, but the first call of a dao class, that is, Zen is known the database connection class, and then call one of the quoteto escape. / On the field plus escape. Quote a var. @param mixed $value @access public @return mixed / public...

zzcms special/search.php SQL injection vulnerability

No description provided by source...

zzcms dl/dladd.php SQL injection

No description provided by source...

Cicada-known CMS v5. 6 user-deny-reflective XSS vulnerability

Vulnerability overview Cicada-known open source version of the CMS v5. 6 in the user module of the deny method to render the template file, for user input of parameters for rendering, and not handled correctly, can lead to bypassing some of the filter, thereby causing the reflective XSS the...

Jenkins remote code execution vulnerability (CVE-2017-2608)

No description provided by source...

Pear HTTP_Upload 1.0. 0b3 - arbitrary file upload

No description provided by source...

Artifex Software MuJS integer overflow vulnerability (CVE-2016-10141)

No description provided by source...

HP Printers Wi-Fi - Improper Access Control

0x01 vulnerability overview 1. Vulnerability information 2017 2 2 June, the foreign site seclists. org reported a HP printer WiFi direct connection of the unauthorized access vulnerability, through our follow-up, found that the unauthorized access vulnerability also affects the same type have the...

Microsoft Windows SMBv3 denial of service vulnerability (CVE-2017-0016)

1 vulnerability profile: SMB is a network file sharing Protocol that allows applications and end-user from a remote file server to access file resources. Just recently, foreign researchers published a SMB 3.0 Protocol 0day vulnerabilities, can cause the system to denial-of-service, there is no mo...

Apache Struts remote code execution vulnerability

No description provided by source...

Netwave IP Camera Server - Password Disclosure

No description provided by source. !/usr/bin/python2.7 Run the exploit against the victim to get WIFI password If the victim is vulnerable to memory leak it will try to extract the username and password for the weblogin magic for you bash: wget -qO- http://HOST:PORT//proc/kcore | strings wget -qO...

emlog personal blog system background there is privilege elevation vulnerability

Impact version emlog = 5.1.2 Prerequisites: need to log in the background Exploit Log in the background after a visit to admin/? action=phpinfo page, get website physical path In the database backup page to back up the database, export to a local computer, and then edit the exported . sql format ...

Netgear router password disclosure Vulnerability(CVE-2017-5521)

0x01 vulnerability overview NETGEAR is a United States well-known router manufacturers, its products are used worldwide extensively. Recently, foreign security researcher Simon Kenin find NETGEAR router more series there is a password leak Vulnerability, CVE-2017-5521-in. When the router Password...

WordPress REST API content injection vulnerability

1.漏洞信息： WordPress是一个以PHP和MySQL为平台的自由开源的博客软件和内容管理系统。在4.7.0版本后，REST API插件的功能被集成到WordPress中,由此也引发了一些安全性问题。近日，一个由REST API引起的影响WorePress4.7.0和4.7.1版本的漏洞被披露，该漏洞可以导致WordPress所有文章内容可以未经验证被查看，修改，删除，甚至创建新的文章，危害巨大。 2.漏洞影响版本： WordPress 4.7.0 WordPress 4.7.1 3.复现环境: Apache2.4 PHP 7.0 WordPress 4.7.1 4.复现过程:...

PHP PEAR 1.10.1 - arbitrary File Download Vulnerability (CVE-2017-5630)

Author: mapl0 Vulnerability details In the PEAR Base System The 1. 10. 1 version of the installer, can be in after the redirect does not verify file type and file name, and then allows the remote http server via a specially crafted request to overwrite the hacked server files, such as. htaccess i...

Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution

Cisco's WebEx extension jlhmfgmfgeifomenelglieieghnjghma has 20M active users, and is part of Cisco's popular web conferencing software. The extension works on any URL that contains the magic pattern "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html", which can be extracted from t...