Lucene search
+L

3398 matches found

seebug.org
seebug.org
added 2007/04/28 12:0 a.m.38 views

dxbbs注入漏洞

在UserFriend.aspx过滤了=Add&Name=admin加上'' 典型的过滤不严,导致注入漏洞. dxbbs 7.3 http://www.dxbbs.cn/ http://www.winshell.cn/read.php?508 SQL版测试方法: serFriend.aspx过滤了=Add&Name=大蝉;Update Dxbbsuser set userpass=''7a57a5a743894a0e'' where username=''admin'';--...

7.1AI score
Exploits0
NVD
NVD
added 2007/01/30 6:28 p.m.14 views

CVE-2007-0601

common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences URL encoded double quotes and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays...

7.5CVSS6.6AI score0.01501EPSS
Exploits1References4
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.86 views

[SA23887] Drupal Project Issue Tracking Module Multiple Vulnerabilities

TITLE: Drupal Project Issue Tracking Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23887 VERIFY ADVISORY: http://secunia.com/advisories/23887/ CRITICAL: Less critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access...

0.5AI score
Exploits0
Symantec
Symantec
added 2007/01/24 12:0 a.m.17 views

NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

Description NCTsoft NCTAudioFile2 ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. NCTAudioEditor is a collection of ActiveX controls for...

1.1AI score
Exploits0References8Affected Software118
securityvulns
securityvulns
added 2007/01/24 12:0 a.m.50 views

[SA23895] Drupal Acidfree Module "node titles" SQL Injection Vulnerability

TITLE: Drupal Acidfree Module "node titles" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA23895 VERIFY ADVISORY: http://secunia.com/advisories/23895/ CRITICAL: Less critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Drupal Acidfree Module 4.x http://secunia.com/product/13326/...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.57 views

[SA23726] All In One Control Panel "download_category" SQL Injection

TITLE: All In One Control Panel "downloadcategory" SQL Injection SECUNIA ADVISORY ID: SA23726 VERIFY ADVISORY: http://secunia.com/advisories/23726/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: All In One Control Panel 1.x http://secunia.com/product/12505...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/12/19 12:0 a.m.49 views

Mandiant First Response multiple security vulnerabilities

DoS on SSL parsing in HTTPS interface, data manipulation...

1.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/12/19 12:0 a.m.72 views

SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2006-013 Advisory Title: Multiple Vulnerabilities in Mandiant First Response Author: Brian Reilly / [email protected] Release Date: 18-12-2006...

7.1CVSS1.3AI score0.01684EPSS
Exploits0
Exploit DB
Exploit DB
added 2006/12/06 12:0 a.m.31 views

Dol Storye - 'Dettaglio.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/21463/info The 'dol storye' application is prone to multiple SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.82 views

[SA22812] Vallheru mail.php SQL Injection Vulnerabilities

---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understandi...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2006/10/11 12:0 a.m.54 views

[Full-disclosure] PacSec Hype Security Team: CGI.pm param injection

====================================================================== PacSec Hype Security Team param injection in CGI.pm and inheritors allows SQL injection and manipulation of data bypassing many perl web form validators ======================================================================...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2006/09/20 12:0 a.m.42 views

[SA22014] PHP-Post Multiple Vulnerabilities

TITLE: PHP-Post Multiple Vulnerabilities SECUNIA ADVISORY ID: SA22014 VERIFY ADVISORY: http://secunia.com/advisories/22014/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data, Exposure of sensitive information WHERE: From remote SOFTWARE: PHP-Post 1.x...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.40 views

[SA21558] WebAdmin Account Manipulation and Arbitrary File Disclosure

TITLE: WebAdmin Account Manipulation and Arbitrary File Disclosure SECUNIA ADVISORY ID: SA21558 VERIFY ADVISORY: http://secunia.com/advisories/21558/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information WHERE: From remote SOFTWARE...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/08/17 12:0 a.m.31 views

[SA21482] Spidey Blog Script "pid" SQL Injection Vulnerability

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/08/09 12:0 a.m.74 views

[SA21379] The Address Book Reloaded Login SQL Injection Vulnerabilities

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/07/28 12:0 a.m.41 views

[SA21223] Symantec Brightmail AntiSpam Multiple Vulnerabilities

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2006/07/26 12:0 a.m.38 views

LinksCaffe30.txt

LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties Produce : LinksCaffe 3.0 Website : http://gonafish.com/ Impact : manupulation of data / system access Discovered by : Simo64 - Moroccan Security Team + SQL injection 1Vulnerable code in line 223 in links.php code : $rime =...

7.4AI score
Exploits0
CERT
CERT
added 2006/07/24 12:0 a.m.44 views

OpenOffice.org may fail to recognize embedded Basic macros

Overview The OpenOffice.org team has reported a vulnerability in how the 1.1 and 2.0 versions of OpenOffice.org process basic macros. Description A vulnerability in OpenOffice.org may allow an attacker to inject basic code into documents such that the code will be executed when the document is...

7.6CVSS9.3AI score0.03344EPSS
Exploits0References10
securityvulns
securityvulns
added 2006/07/13 12:0 a.m.38 views

[SA20589] CMS Mundo SQL Injection Vulnerabilities

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/06/29 12:0 a.m.58 views

Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities

====================================================================== Secunia Research 14/06/2006 - DeluxeBB SQL Injection and File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...

5.1CVSS0.8AI score0.20301EPSS
Exploits2
Rows per page
Query Builder