Foshan Nanhai Dachang shelf Co. SQL injection Vulnerability

No description provided by source...

Design By EZTRUST SQL injection Vulnerability

No description provided by source...

FCKEditor Core - (Editor 'spellchecker.php') Cross-Site Scripting

No description provided by source...

NETDOIT SQL injection Vulnerability

No description provided by source...

Sparkjava Framework arbitrary file read vulnerability

Classpath Vuln Exploit the classpath based vulnerability with something like: curl "http:///....\spark\Spark.class" The number of ..\ you need in the path depends on where in the classpath the static file location is configured to be. If you don't have the right amount then you don't get anything...

GitLab application server file to read result of command execution vulnerability

Vulnerability analysis reference: http://paper.seebug.org/104/ The GitLab export upload feature contains a vulnerability that allows an attacker to read arbitrary files on a GitLab instance. This vulnerability is caused by the behaviour of JSON. parse, your error handling, and the possibility to...

CmsEasy front Desk arbitrary code execution vulnerability

Source link: https://xianzhi.aliyun.com/forum/read/215.html 在补丁页面http://www.cmseasy.cn/patch/show1116.html下载补丁CmsEasyforUploads20161012.zip Modified files no more 通过diff发现补丁中lib/default/toolact.php 392 row cutimageactionfunction is commented out Take a look at this function php /function...

RealPlayer denial of service vulnerability

No description provided by source...

Oracle Java Runtime Environment The java. awt. Menu Use-After-Free command execution vulnerability

No description provided by source...

Oracle WebLogic Commons DiskFileItem Deserialization of Untrusted Data remote code execution vulnerability

No description provided by source...

phpMyAdmin dbase extension remote code execution vulnerability

No description provided by source...

MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞（CVE-2016-6663）

Release date: 01.11.2016 - Discovered by: Dawid Golunski I. VULNERABILITY ------------------------- MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition MariaDB 5.5.52 10.1.18 10.0.28 MySQL = 5.5.51 = 5.6.32 = 5.7.14 Percona Server 5.5.51-38.2 5.6.32-78-1 5.7.14-8 Percona XtraDB...

Schneider Electric Magelis HMI Advanced Panel denial of service vulnerability (PanelShock)

IMPROPER IMPLEMENTATION OF HTTP GET REQUEST CVE-2016-8367 / SVE-82003201 The timeout value for closing an HTTP client's requests in the Web Gate service is too long and allows a malicious attacker to open multiple connections to the targeted web server and keep them open for as long as possible b...

MySQL / MariaDB / PerconaDB elevation of privilege vulnerability, CVE-2016-6664）

I. VULNERABILITY ------------------------- MySQL / MariaDB / PerconaDB - Root Privilege Escalation MySQL = 5.5.51 = 5.6.32 = 5.7.14 MariaDB All current Percona Server 5.5.51-38.2 5.6.32-78-1 5.7.14-8 Percona XtraDB Cluster 5.6.32-25.17 5.7.14-26.17 5.5.41-37.0 II. BACKGROUND...

Memcached Server SASL authentication remote command execution vulnerability

Details Memcached is a high performance object caching server intended for speeding up dynamic web applications and is used by some of the most popular Internet websites. It has two versions of the protocol for storing and retrieving arbitrary data, an ASCII based one and a binary one. The binary...

Memcached Server Append/Prepend remote code execution vulnerability

DETAILS Memcached is a high performance object caching server intended for speeding up dynamic web applications and is used by some of the most popular Internet websites. It has two versions of the protocol for storing and retrieving arbitrary data, an ASCII based one and a binary one. The binary...

Symantec Messaging Gateway v10. 6. 1 arbitrary file read vulnerability

No description provided by source...

Memcached Server Update remote code execution vulnerability

DETAILS Memcached is a high performance object caching server intended for speeding up dynamic web applications and is used by some of the most popular Internet websites. It has two versions of the protocol for storing and retrieving arbitrary data, an ASCII based one and a binary one. The binary...

Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management

No description provided by source...

Leadersec network Imperial security gateway-online behaviour(audit)device file upload vulnerability

No description provided by source...

BIND 9 ‘buffer. c’denial of service vulnerability

No description provided by source. import socket import struct TARGET = '192.168.200.10', 53 QA = 1 QTSIG = 250 DNSMESSAGEHEADERLEN = 12 def buildbindnukequestion="\x06google\x03com\x00", udpsize=512: queryA = "\x8f\x65\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01" + question + int16QA + "\x00\x01"...

xson built Station system news_detail.php parameters news_id SQL injection vulnerability

No description provided by source...

Netease open source Pomelo game server framework is not authorized to access leads to remote command execution

Pomelo is a piece of Netease open source based on Node.js the game server framework, which is based on Node.js high-performance, distributed game server framework. It includes the basis of the development framework and the associated expansion components, libraries and tools packages, can help sa...

LanSpy 2.0.0.155 local code execution vulnerability

No description provided by source. import struct 32bit Alphanum-ish shellcodes Bad chars detected: 00 2d 20 MessageBoxA at = 00404D80 msgboxshellcode = "\x31\xC0\x50\x68" "\x70\x77\x6E\x64" "\x54\x5F\x50\x57" "\x57\x50\x35\xC4" "\x80\x80\x55\x35" "\x44\xCD\xC0\x55" "\x50\xC3" WinExec at - 004EC4F...

ZIO ROUTER router unauthorized access vulnerability

No description provided by source...

De-randomizing the Kernel ASLR vulnerabilities (DrK )

For details refer to the document: http://www.cc.gatech.edu/%7Eyjang37/assets/papers/2016/jang:drk-ccs.pdf...

WordPress Plugin KBoard /wp-content/plugins/kboard/board.php parameters keyword XSS vulnerability

No description provided by source...

Joomla 3.4.4 - 3.6.3 not authorized to create user vulnerability

Author: p0wd3r know Chong Yu 404 security lab Date: 2016-10-26 0x00 vulnerability overview 1. Vulnerability description Joomla is a free open source content management system, recently researchers found in its 3. 4. 4 to 3. 6. 3 version there are two vulnerabilities: CVE-2016-8869, the...

Joomla : 3.4.4 - 3.6.3 privilege elevation vulnerability

Author: p0wd3r know Chong Yu 404 security lab Date: 2016-10-26 0x00 vulnerability overview 1. Vulnerability description Joomla is a free open source content management system, recently researchers found in its 3. 4. 4 to 3. 6. 3 version there are two vulnerabilities: CVE-2016-8869, the...

AVTECH video surveillance equipment authentication bypass and other vulnerabilities

Authentication bypass vulnerability There are two ways to achieve authentication bypass: The first one is. cab way, the cab file format is a video player plug-in, stored in the web root directory, it may need to verify directly be accessed and downloaded, and the device end only through the strst...

OpenSSL remote anonymous denial of service vulnerability (SSL Death Alert)

No description provided by source...

Android Rowhammer attack vulnerability (Drammer)

Project Description Drammer is a new attack that exploits the Rowhammer hardware vulnerability on Android devices. It allows attackers to take control over your mobile device by hiding it in a malicious app that requires no permissions. Practically all devices are possibly vulnerable and must wai...

AVTECH DVR settings without requiring the user to log command execution vulnerability

Set the DVR there exists no user-login command execution vulnerability Search. cgi provides cgiquery function is through the wget function to achieve the HTML request, but because of the parameters did not validate and filter, can be configured through the parameters to achieve root access to...

AVTECH monitoring products information disclosure vulnerability

Due to/cgi-bin/nobody directory of the CGI script file run permissions set unreasonable, resulting in not certified the case directly to run this type of vulnerability has been in the plurality of devices appears, FEI news K1 is because the cgi file to perform the access restrictions unreasonable...

AVTECH monitoring product without the need to login to SSRF vulnerability

In the DVR device, Search. the cgi can be accessed directly, Search. cgi is responsible for search and access to the local network of the camera, Search. cgi provides cgiquery function, by setting ip, port and queryb64str three parameters can achieve direct access to the local network of the...

Linux kernel 2.6.22 < 3.9 elevation of privilege vulnerability (Dirty COW)

Summary A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. All the information we have so far is included in this page. The bug has existed since around 2.6.22 released in 2007 and was fixed on Oct...

Joomla “Ja-Ka-Filter-And-Search” component SQL injection vulnerability

No description provided by source...

WordPress Plugin KBoard 2.7 board.php parameters uid SQL injection vulnerability

No description provided by source...

Yonyou NC integrated office platform /epp/detail/publishinfomore. jsp parameters pk_infotype SQL injection vulnerability

No description provided by source...

Siemens IP Camera v0. 1. 69 arbitrary File Download vulnerability

No description provided by source...

Cisco IKE Information Disclouse

No description provided by source...

2345 browser 8. 1. 0. 13750 arbitrary local file reading

No description provided by source...

IQInvision IQ832N /oditable. cgi page there is a command injection vulnerability

No description provided by source...

Dswjcms3. 2. 1 install.php repeat the installation

No description provided by source...

vlcms_v1. 2 getGameGift Sql injection vulnerability

No description provided by source...

NetBilleterie 2.8 SQL Injection / Information Disclosure

phpinfo 200 = http://localhost/netbilletterie/phpinfo.php SQL Injection Type: time-based blind 200 = http://localhost/netbilletterie/listerdetailbon.php?datedebut= 200 = http://localhost/netbilletterie/listerpointesok.php?datedebut= 302 = http://localhost/netbilletterie/deletearticle.php?article=...

Android AOSP Mail e-mail information disclosure vulnerability

No description provided by source...

Easy to enterprise network Cms Admin Page Bypass

No description provided by source...

Spring Security Oauth remote code execution vulnerability

Author: p0wd3r 知道创宇404安全实验室 Date: 2016-10-17 0x00 漏洞概述 1.漏洞简介 Spring Security OAuth是为Spring框架提供安全认证支持的一个模块，在7月5日其维护者发布了这样一个升级公告，主要说明在用户使用Whitelabel views来处理错误时，攻击者在被授权的情况下可以通过构造恶意参数来远程执行命令。漏洞的发现者在10月13日公开了该漏洞的挖掘记录。 2.漏洞影响 授权状态下远程命令执行 3.影响版本 2.0.0 to 2.0.9 1.0.0 to 1.0.5 0x01 漏洞复现 1. 环境搭建 bash...

Zenario ProBusiness 7.3.0.37342 Backup Disclosure

No description provided by source...