漏洞信息 - Blog - PortWatcher's Blog

Microsoft IE "ReleaseInterface()"远程代码执行漏洞

Refer to: http://sebug.net/vulndb/20316/

Category: 漏洞信息 | Views: 643 | Added by: Jury | Date: 2011-01-09 | Comments (0)

Windows Task Scheduler Privilege Escalation 0day

这次考得不好```上机时间很少```今天才看到这个漏洞```

# Exploit Title: Windows Task Scheduler Privilege Escalation 0day

# Date: 20-11-2010

# Author: webDEViL

# Tested on: Windows 7/2008 x86/x64

Code

<job id="tasksch-wD-0day">

<script language="Javascript">



crc_table = new Array(

  0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419,

  0x706AF48F, 0xE963A535, 0x9E6495A3, 0x0EDB8832, 0x79DCB8A4,

  0xE0D5E91E, 0x97D2D988, 0x09B64C2B, 0x7EB17CBD, 0xE7B82D07 ... Read more »

Category: 漏洞信息 | Views: 757 | Added by: Jury | Date: 2010-11-22 | Comments (1)

FCKeditor 2.x <= 2.4.3 Arbitrary File Upload Vulnerability

# Exploit Title: FCKeditor 2.0-2.4.3 arbitrary file upload

# Author: grabz

# Software Link: http://sourceforge.net/projects/fckeditor/

# Version: FCKeditor 2.x <= 2.4.3

# Tested on: 2.0, 2.2, 2.3.2, 2.4.0, 2.4.3

for version 2.0 - 2.2:

in file FCKeditor/editor/filemanager/upload/php/upload.php

Code

#$sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;

#

#// Get the allowed and denied extensions arrays.

#$arAllowed = $Config['AllowedExtensions'][$sType] ;

#$arDenied = $Config['DeniedExtensions'][$sTy ... Read more »

Category: 漏洞信息 | Views: 7702 | Added by: Jury | Date: 2010-11-11 | Comments (0)

shopxp html版2.0 CSRF漏洞

Refer to :

http://sebug.net/vulndb/20158/

Category: 漏洞信息 | Views: 524 | Added by: Jury | Date: 2010-10-13 | Comments (1)

Symantec Antivirus企业版Alert Management服务远程权限提升漏洞

发布时间:2010-07-26

影响版本:

Symantec AntiVirus Corporate Edition 9.0

Symantec AntiVirus Corporate Edition 8.0

Symantec AntiVirus Corporate Edition 10.1

Category: 漏洞信息 | Views: 558 | Added by: Jury | Date: 2010-07-28 | Comments (2)

风讯（FooSun）GetPassword.asp页面存在任意修改密码漏洞

发布时间:2010-07-02

影响版本:

FooSun > 5.0漏洞描述:

FoosunCMS是一款具有强大的功能的基于ASP+ACCESS/MSSQL构架的内容管理软件。

在文件\User\ GetPassword.asp中：

ElseIf Request.Form("Action") = "step3" then //第28行

Call step3()

……

Sub step3() //第198行

Dim p_pass_new,p_confim_pass_new

p_pass_new = md5(Request.Form("pass_new"),16)

……

User_Conn.execute("Update FS_ME_Users set UserPassword ='"& NoSqlHack(p_pass_new) &"' where UserName = '"& NoSqlHack(StrUserName) &"' and Email = '"& NoSqlHack(Replace(Request.Form("Email"),"''",""))&"'") //第220行

用户可以本地构造表单使程序直接进入修改密码，只需要知道用户名和邮箱。

<*参考

Bug.Center.Team

测试方法:

[www.sebug.net]

Category: 漏洞信息 | Views: 608 | Added by: Jury | Date: 2010-07-02 | Comments (0)

nginx文件类型错误解析漏洞

漏洞介绍：nginx是一款高性能的web服务器，使用非常广泛，其不仅经常被用作反向代理，也可以非常好的支持PHP的运行。80sec发现其中存在一个

较为严重的安全问题，默认情况下可能导致服务器错误的将任何类型的文件以PHP的方式进行解析，这将导致严重的安全问题，使得恶意的攻击者可能攻陷支持php的nginx服务器。

漏洞分析：nginx默认以cgi的方式支持php的运行，譬如在配置文件当中可以以

location ~ \.php$ {

root html;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;

include fastcgi_params;

}

的方式支持对php的解析，location对请求进行选择的时候会使用URI环境变量进行选择，其中传递到后端Fastcgi的关键变量SCRIPT_FILENAME由nginx生成的$fastcgi_scr ... Read more »

Category: 漏洞信息 | Views: 539 | Added by: Jury | Date: 2010-05-22 | Comments (0)

« 1 2

分类

站内搜索

日历

友情链接

访问统计(起于2010/10/2)

Blog