Pages: 4/14 First page Previous page 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Next page Final page [ View by Articles | List ]

Discuz! admin unwizard.inc.php get-webshell bug

  [晴 November 4, 2008 09:08 | by !4p47hy ]
Author: 80vul-A  Team:http://www.80vul.com

由于Discuz!的admin\runwizard.inc.php里saverunwizardhistory()写文件操作没有限制导致执行代码漏洞.
Tags: , , , , , ,
虽然是个前段时间的漏洞了,但是之前一直只关注漏洞的利用,而未关注具体的解决方案,今天无意中和用户聊天时提到的,用户让帮忙找个解决方案,网上搜索了下,在 刺 那里找的相关的说明,并在微软的找到了具体的解决办法。详细如下:

这个漏洞是由于在NetworkService 或者 LocalService 下运行的代码,可以访问同样是在 NetworkService 或者 LocalService 下运行的进程,某些进程允许提升权限为LocalSystem。

MS08-067 Exploit for CN 2k/xp/2003 bypass version

  [多云 October 27, 2008 19:52 | by !4p47hy ]
MS08-067 Exploit for CN 2k/xp/2003 bypass version

PS:据说成功率非常高的 EXP ···
In vstudio command prompt:

  mk.bat

next:

  attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...)
Tags: , , , , , , ,

利用MS08-058攻击Google

  [阴 October 21, 2008 13:05 | by !4p47hy ]
来自:80sec

漏洞说明:Google是全球最大的搜索引擎。同时Google拥有其他庞大的WEB应用程序产品线,涉及EMAIL、BLOG、在线文档、个人主页、电子地图、论坛、RSS等互联网几乎所有的应用业务。80sec发现Google提供的图片搜索服务存在安全问题,结合IE浏览器的MS08-058漏洞可以造成整站的跨站脚本漏洞,几乎可以控制所有的Google服务和获得目标用户的认证信息。
Vulnerable:
Tru-Zone NukeET 3.4
FCKeditor FCKeditor 2.4.3
FCKeditor FCKeditor 2.0 rc3
Tags: , , , , , ,

快客电邮(QuarkMail)远程命令执行漏洞

  [晴 October 12, 2008 15:36 | by !4p47hy ]
来自:80Sec

漏洞说明:快客电邮(QuarkMail)是北京雄智伟业科技公司推出的电子邮件系统,被广泛用于各个领域的电子邮件解决方案,其webmail部分使用perl cgi编写,但是80sec在其系统中发现一个重大的安全漏洞,导致远程用户可以在邮件系统上以当前进程身份执行任意命令,从而进一步控制主机或者系统。

MS Windows 2003 Token Kidnapping Local Exploit PoC

  [阴 October 9, 2008 12:40 | by !4p47hy ]
It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.

Basically if you can run code under any service in Win2k3 then you can own Windows, this is because Windows services accounts can impersonate.  Other process (not services) that can impersonate are IIS 6 worker processes so if you can run code from an ASP .NET or classic ASP web application then you can own Windows too. If you provide shared hosting services then I would recomend to not allow users to run this kind of code from ASP.
作者:MJ0011

微点主动防御是一款号称使用行为分析技术实时保护的主动防御软件

其核心驱动MP110001.SYS最新版本存在本地权限提升漏洞,可导致任何权限的用户在本地提升权限到SYSTEM权限,绕过UAC等保护。同时也可以利用此漏洞注入到任何受保护进程,从而穿透防火墙、主动防御软件。
Serv-U 7.2.0.1 Remote FTP File Replacement Vulnerability (auth)
#Serv-U 7.2.0.1 ftp file replacement
#user must have upload permissions
#
#(x) dmnt 2008-10-01
MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021

EMR_COLORMATCHTOTARGETW stack buffer overflow exploit
By Ac!dDrop

This is one of the 2 Vulnerabilities of MS08-021

PhpCms2007 sp6 SQL injection 0day

  [晴 October 2, 2008 11:11 | by !4p47hy ]
PhpCms2007 sp6 SQL injection 0day
Tags: , , , , , ,

MS Internet Explorer GDI+ Proof of Concept (MS08-052)

  [多云 September 29, 2008 20:40 | by !4p47hy ]
MS Internet Explorer GDI+ Proof of Concept (MS08-052)
Tags: , , , , ,

多款RSS阅读器出现XSS漏洞

  [晴 September 27, 2008 17:13 | by !4p47hy ]
受影响系统:

调用以下内核解析RSS的RSS阅读器:
INTERNET EXPLORER ver<= IE7 (其他版本未经测试,估计也有)
OPERA ver <=9.52
Tags: , , , , ,
Pages: 4/14 First page Previous page 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Next page Final page [ View by Articles | List ]