SAP ASE ODATA SERVER denial of service vulnerability(CVE-2017-5371)

No description provided by source...

MyBB <= 1.8.3 remote code execution vulnerability

Taoguang Chen @chtg57 - Write Date: 2015.4.28 - Release Date: 2017.1.20 A type-confusion vulnerability was discovered in GMP deserialization with crafted object's wakeup magic method that can be abused for updating any already assigned properties of any already created objects, this result in...

SAP NetWeaver AS JAVA P4 information disclosure Vulnerability(CVE-2017-5372)

No description provided by source...

zzcms user/logincheck.php SQL injection vulnerability

inc/function.php 72 line php function getip if getenv"HTTPCLIENTIP" && strcasecmpgetenv"HTTPCLIENTIP", "unknown" $ip = getenv"HTTPCLIENTIP"; else if getenv"HTTPXFORWARDEDFOR" && strcasecmpgetenv"HTTPXFORWARDEDFOR", "unknown" $ip = getenv"HTTPXFORWARDEDFOR"; else if getenv"REMOTEADDR" &&...

zzcms admin/logincheck.php SQL injection vulnerability

inc/function.php 72 line php function getip if getenv"HTTPCLIENTIP" && strcasecmpgetenv"HTTPCLIENTIP", "unknown" $ip = getenv"HTTPCLIENTIP"; else if getenv"HTTPXFORWARDEDFOR" && strcasecmpgetenv"HTTPXFORWARDEDFOR", "unknown" $ip = getenv"HTTPXFORWARDEDFOR"; else if getenv"REMOTEADDR" &&...

libgd 2.1.1 - Signedness Heap Overflow

Vulnerability details Represents the block index size of 4 bytes is stored in a signed integer. chunkIdxi. size by gdGetIntto resolve the GD2 head during libgd-2.1.1/src/gdgd2. c: ,---- | 53 typedef struct | 54 int offset; | 55 int size; | 56 | 57 tchunkinfo; ---- libgd-2.1.1/src/gdgd2. c: ,---- ...

dedeCMS use links to mention the right vulnerability

In the tpl. php /--------------------------- function savetagfile Save the label pieces to modify --------------------------/ else if$action=='savetagfile' if! pregmatch"^a-z0-9-1,. lib.php$i", $filename ShowMsg'file name is not legal, not allowed!', '-1'; exit; requireonceDEDEINC.'/...

Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change

No description provided by source. !/bin/bash Tenda ADSL2/2+ Modem D840R Unauthenticated Remote DNS Change Exploit Copyright 2017 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is accessible...

Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change

No description provided by source. !/bin/bash Pirelli DRG A115 ADSL Router Unauthenticated Remote DNS Change Exploit Copyright 2017 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is accessibl...

Mozilla Firefox Use-After-Free（CVE-2016-9899）

No description provided by source. -- body background-color:lime; font-color:red; ; / Mozilla Firefox 50.1.0 Use-After-Free POC Author: Marcin Ressel Date: 13.01.2017 Vendor Homepage: www.mozilla.org Software Link: https://ftp.mozilla.org/pub/firefox/releases/50.0.2/ Version: 50.1.0 Tested on:...

Destoon 6.0 guestbook.php generic SQL injection vulnerability

Source: https://www.leavesongs.com/PENETRATION/destoon-v6-0-sql-injection.html Author: phithon Just saw today released Destoon 6.0 2017-01-09 updated, with I in code auditing】small key ring in the said method, the moment to find the Fix a SQL injection vulnerability. By noon of 20 minutes, little...

PHP Use of uninitialized memory in unserialize() （CVE-2017-5340）

Description: ------------ There was found a bug showing that PHP uses uninitialized memory during calls to unserialize. As the following report shows, the payload supplied to unserialize may control this uninitialized memory region and thus may be used to trick PHP into operating on faked objects...

Just Dial Clone Script /jus/restaurants-details.php parameters fid SQL injection vulnerability

No description provided by source...

WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3-elevation of Privilege

Vulnerability plugin address https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/ Vulnerability description You can login to anyone's account without knowing the password. This vulnerability is due to incorrect use wpsetauthcookie . File:...

PHPMailer local file read Vulnerability (CVE-2017-5223)

Details source: http://www.freebuf.com/vuls/124820.html Author: Yxlink Affected versions: PHPMailer = 5.2.21 Vulnerability level: High-risk Vulnerability details: Vulnerability file function: class.phpmailer.php the encodeFile function. The function receives a $path variable, and finally the $pat...

By the MurmurHash2 algorithm, a collision caused by Redis DDos attack vulnerability

Summary information: 1. In Martin Bosslet 2012 this article, The author mentioned the MurmurHash2 algorithm was found to be the stable structure of the collision function, the hash function and its deformation is CRuby, JRuby, Rubinius, Redis, etc. open source components used. 2. This article is...

Joomla com_rpl SQL injection Vulnerability

No description provided by source...

F3D4İ's Joomla Arbitrary File Upload Vulnerability

1:Search Google Dork and Choose a Target /index.php?option=comfabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0 upload shell.php or index.html Poc: http://www.localhost.com/media/index.... or http://www.localhost.com/media/shell.php...

GitHub Enterprise SQL injection vulnerability

作者：Orange 前言 GitHub Enterprise 是一款 GitHub.com 所出品，可將整個 GitHub 服務架設在自身企業內網中的應用軟體。 有興趣的話你可以從 enterprise.github.com 下載到多種格式的映像檔並從網頁上取得 45 天的試用授權! 安裝完成後，你應該會看到如下的畫面: 好!現在我們有整個 GitHub 的環境了，而且是在 VM 裡面，這代表幾乎有完整的控制權可以對他做更進一步的研究，分析環境、程式碼以及架構等等... 環境 身為一個駭客，再進行入侵前的第一件事當然是 Port Scanning! 透過 Nmap 掃描後發現 VM 上一...

Wisedesign-Studio magazine.php parameter Id SQL injection vulnerability

No description provided by source...

Topsi CMS downs.php parameters filename arbitrary File Download vulnerability

No description provided by source...

Wordpress Twentyfourteen Theme path disclosure vulnerability

No description provided by source...

WinaXe 7.7 'FTP client' - Remote Buffer Overflow

Vulnerability reproduction WinaXe is Windows next integrated management tools, there are many management tools, FTP Manager tool in connecting to the FTP server, if configured by a special FTP Server, when the WinaXe FTP connection, returns a malformed data packet, will cause the WinaXe stack...

FineCMS controllers\ApiController.php function downAction arbitrary File Download

Vulnerability file in D:\wamp\www\controllers\ApiController. in php downAction function / Download the file / public function downAction $data = fnauthcodebase64decode$this-get'file', 'DECODE'; $file = isset$data'finecms' && $data'finecms' ? $data'finecms' : "; if empty$file...

Plone - 'in_portal.py' <= 4.1.3 Session Hijacking

source: http://www.securityfocus.com/bid/61964/info Plone is prone to a session-hijacking vulnerability. An attacker can exploit this issue to hijack user sessions and gain unauthorized access to the affected application. Note: This issue was previously discussed in the BID 61544 Plone Multiple...

GenixCMS register.php SQL injection vulnerability

Details source: http://www.hackersb.cn/shenji/107.html The vulnerability principle Program the root directory of the register. php, section 116 row to 118 line: if isset$GET'activation' code... $usr = Db::resultsprintf"SELECT FROM user WHERE activation = '%s' LIMIT 1", $GET'activation' ; Can be...

Microsoft Internet Explorer jscript9 - Java­Script­Stack­Walker Memory Corruption (MS15-056)

Source: http://blog.skylined.nl/20161206001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. A pointer set up to point to certain data on the stack can be used after that data has been removed from the stack. This results i...

Wave SrcStencilList. aspx parameters infoflowId SQL blind injection vulnerability

No description provided by source...

Ruvar OA system wf_work_print. aspx the parameter idlist SQL injection vulnerability

No description provided by source...

Sea days OA system MessageInfoDis. asp parameters VOID SQL injection vulnerability

No description provided by source...

Dolphin v7. 3. 0 /flash/XML.php parameter key SQL injection vulnerabilities

No description provided by source...

Explore Bahrain products.php parameter cid SQL injection vulnerability

No description provided by source...

at&t and NetGear router information disclosure

No description provided by source...

Syrian's joomla 1.6.x Download Database Backup

No description provided by source...

SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)

DESCRIPTION ------------------------- SwiftMailer class uses PHP mail function as its default transport. SwiftMailer suffers from the same vulnerability as the one disclosed in PHPMailer in the advisory at:...

PHPMailer < 5.2.20 Remote Code Execution (0day Patch Bypass/exploit) (CVE-2016-10045)

The Chinese version of the analysis: http://paper.seebug.org/164/ BACKGROUND "PHPMailer continues to be the world's most popular transport class, with an estimated 9 million users worldwide. Downloads continue at a significant pace daily." http://phpmailer.worxware.com/ "Probably the world's most...

wordpress plugin FancyBox admin-head.php physical path disclosure vulnerability

No description provided by source...

Mastery oa 2015 \inc\common.inc.php approve_finish function injection vulnerability

Recently made public measured when encountered on a system, The 2015 version of the latest update date: 2016-07-22 Injection the analysis \inc\common.inc.php ? php function SecureRequest&$var if isarray$var foreach $var as $k = $v $var$k = securerequest$v; else if 0 strlen$var &&...

Joomla com_blog_calendar SQL injection vulnerability

A SQL Injection Vulnerability has been discovered in the Joomla Module called comblogcalendar. The Vulnerability is located in the index.php?option=comblogcalendar&modid=xxx Parameter. Attackers are able to execute own SQL commands by usage of a GET Method Request with manipulated modid Value...

115 Browser 7.2.5 RCE Vulnerability

Author: evi1m0sec.ly.com + Team: n0tr00t security team + From: http://www.n0tr00t.com + Create: 2015-12-26 DownProxy XSS view-source: http://m.115.com/downproxy.html javascript function localParamsearch, hash search = search || window. location. search; hash = hash || window. location. hash; var...

PHPMailer < 5.2.18 Remote Code Execution（CVE-2016-10033） (PwnScriptum)

来源：https://blog.chaitin.cn/phpmailer-cve-2016-10033/ 作者：phithon@长亭科技 对比一下新老版本： https://github.com/PHPMailer/PHPMailer/compare/v5.2.17...master 其实答案呼之欲出了——和Roundcube的RCE类似，mail函数的第五个参数，传命令参数的地方没有进行转义。...

Ubuntu Apport < 2.20.4 Code Execution on Ubuntu Desktop（CVE-2016-9949）

This research was inspired by Chris Evan’s great work on exploiting client-side file format parsing bugs in the gstreamer media library on Ubuntu. We will look for other default file handlers on Ubuntu which may be vulnerable to exploitation. I’m not a binary exploitation guru like Chris so inste...

NETGEAR WNR2000v5 remote code execution vulnerability

No description provided by source. Source: https://raw.githubusercontent.com/pedrib/PoC/master/exploits/netgearPwn.rb Remote code execution in NETGEAR WNR2000v5 - by Pedro Ribeiro [email protected] / Agile Information Security Released on 20/12/2016 NOTE: this exploit is "alpha" quality, however t...

OpenSSH remote code execution vulnerability, CVE-2016-10009）

2016 12 on 19 May, the foreign vulnerability of the platform to publish the latest OpenSSH（CVE-2016-10009 remote code execution vulnerability.Since the problem is in ssh-agent, this process by default does not start, only in a multi-host Free the password the login will only be used to exploit...

OpenSSH information leak Vulnerability, CVE-2016-10011）

No description provided by source...

OpenSSH authentication security bypass Vulnerability, CVE-2016-10012）

No description provided by source...

OpenSSH privilege escalation Vulnerability, CVE-2016-10010）

No description provided by source. Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 This issue affects OpenSSH if privilege separation is disabled config option UsePrivilegeSeparation=no. While privilege separation is enabled by default, it is documented as a hardening optio...

AVCON6 multimedia communication systems download. the action parameter filename arbitrary File Download vulnerability

No description provided by source...

OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)

OpenSSL is an open-source SSL implementation, used to implement the network communication of high-strength encryption, it is now widely used in various network applications. OpenSSL 0.9.8 za, 1.0.0 m, 1.0.1 h prior version, does not properly handle ChangeCipherSpec messages, which allows the midd...

Nagios Core < 4.2.4 - Root Privilege Escalation (CVE-2016-9566)

INTRODUCTION ------------------------- Nagios Core daemon in versions below 4.2.4 was found to perform unsafe operations when handling the log file. This could be exploited by malicious local attackers to escalate their privileges from 'nagios' system user, or from a user belonging to 'nagios'...