GTAB Software Tabit 安全漏洞

GTAB Software Tabit is a full-featured program from GTAB Software for creating, playing, and printing fingerstyle music for guitar, bass, or banjo. GTAB Software Tabit suffers from a security vulnerability that stems from the fact that an attacker can query user data via one of its URL-mapped pag...

Msticpy - Microsoft Threat Intelligence Security Tools

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicator...

Cloudera Hue 跨站脚本漏洞

Cloudera Hue is a mature open source SQL helper for querying any database and data warehouse.A cross-site scripting vulnerability exists in Cloudera Hue version 4.6.0. An attacker can exploit the vulnerability to conduct cross-site scripting attacks via the type parameter...

[SECURITY] Fedora 34 Update: salt-3003.3-1.fc34

Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loa...

Unspecified Vulnerability in Couchbase Server

Couchbase Server is a distributed open source NoSQL non-relational database from the U.S. company Couchbase , which mainly supports data query , full-text search and active global replication and other functions . Couchbase Server has a security vulnerability that can be exploited by an attacker ...

CVE-2021-22859

The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege...

[SECURITY] Fedora 33 Update: salt-3002.1-1.fc33

Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loa...

SQL Injection Vulnerability in Joomla! component KSA*** parameters

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the KSA parameter of the Joomla! component. The vulnerability stems from th...

The vulnerability of the G-Cam/EFD-2250 IP camera’s microprogramming software lies in the improper elimination of certain elements in the data request logic, allowing a intruder to execute arbitrary code.

The vulnerability of the G-Cam/EFD-2250 IP camera’s microprogramming software is related to improper elimination of certain elements in the data query logic. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the operating system with root privileges...

EMC Documentum Content Server DQL Injection Vulnerability

EMC Documentum Content Server is a content management service system from EMC. A DQL injection vulnerability exists in EMC Documentum Content Server because the program fails to properly filter user-submitted input. A remote attacker can exploit the vulnerability by sending a specially crafted...

XYCMS企业建站系统 2.5(注射&&后台配置插马)

简要描述： 前年她17岁，她看到我的IPad，说“姐夫，你的IPad不错嘛！” 她回去的时候，她姐姐把IPhone给她带上了。 去年她18岁，她看到我的IBM后，说“姐夫，你的IBM不错嘛！” 她回去的时候，她姐姐把IBM笔记本给她带上了。 今年她19岁，她看到我后，害羞的说：“姐夫，其实你这人挺不错的” 我在等她姐姐发话。 详细说明： 1 存在注入漏洞文件： newsdetail.asp 1-14行 无此新闻信息！" response.End end if % id没过滤进入查询 同样的问题：common.asp pro.asp news.asp prodetail.asp 漏洞证明：...

SAP HANA信息泄漏漏洞

Bugtraq ID:66675 SAP HANA是一个软硬件结合体，提供高性能的数据查询功能，用户可以直接对大量实时业务数据进行查询和分析，而不需要对业务数据进行建模、聚合等。 在处理畸形HTTP请求时SAP HANA处理ICM存在错误，允许攻击者提交特制的HTTP请求获取平台版本，主机名和实例数等敏感信息。 0 SAP HANA 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： https://websmp230.sap-ag.de/sap/support/notes/1914778...

Distributed Red Team Operations with Cobalt Strike

What if you could easily host malicious websites, send phishing emails, and manage compromised hosts across diverse internet addresses? This week's Cobalt Strike adds the ability to manage multiple attack servers at once. Here's how it works: When you connect to two or more servers, Cobalt Strike...

Thousand Bo enterprise website management system v2010 Build 0 7 1 6 vulnerability analysis-vulnerability warning-the black bar safety net

Release time: 2010-07-16 Affected version: Thousand Bo enterprise website management system v2010 Build 0 7 1 6 Vulnerability Description: The search type injection vulnerability Default background address: http://127.1/system/AdminLogin.Asp Publishing author: m4r10 reproduced please indicate the...

CVE-2000-0098

CVE-2000-0098 describes a path-disclosure vulnerability in Microsoft Index Server/IIS WebHits: remote attackers can determine the real path of a web directory by requesting non-existent Internet Data Query files. OpenVAS notes the issue in MS00-006 (WebHits ISAPI filter) and IDA/IDQ path disclosu...

CVE-2000-0126

CVE-2000-0126 affects Microsoft IIS 3 and 4 via the idq.dll component. The vulnerability enables remote attackers to read arbitrary files on the target system by exploiting a dot-dot ('..') traversal in the IDQ scripts, specifically through the query.idq parameter. The root cause is a traversal f...

CVE-2000-0126

Sample Internet Data Query IDQ scripts in IIS 3 and 4 allow remote attackers to read files via a .. dot dot attack...

CVE-2000-0098

Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist...

PT-2000-1112 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: IIS versions 3 and 4 Description: The issue allows remote attackers to read files via a .. dot dot attack, potentially exposing sensitive information. This is made possible by sample Internet Data Query IDQ scripts in the affected IIS version...