kppw威客系统SQL注入一枚

简要描述： rt 详细说明： 注册处。 function checkall$regusername, $regemail, $regcode global $lang,$K; $res1 = $this-checkip ; if$K'do' $url = 'index.php?do='.$K'do'; else $url = 'index.php?do=register'; $res1 === true or $result = $res1; $res2 = $this-checkusername $regusername ; $res2 === true or $result =...

Wordpress MU < 2.7 'HOST' HTTP Header XSS Vulnerability

No description provided by source. ============================================= INTERNET SECURITY AUDITORS ALERT 2009-004 - Original release date: December 3rd, 2008 - Last revised: March 10th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.3/10 CVSS scored...

OSCommerce 2.2 Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7357/info osCommerce has been reported prone to authentication bypass vulnerability. It has been reported that osCommerce uses HTTP header information as a part of its authentication mechanism. Reportedly an attacker may...

Google Chrome 0.2.149 Malformed 'view-source' HTTP Header Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31035/info Google Chrome is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted HTTP 'view-source' headers. Attackers can exploit this issue to crash the affected...

AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13066/info AN HTTPD is reported prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself in 'cmdIS.DLL' which calls the 'GetEnvironmentStrings' function to copy environment variables into a...

ManageEngine ServiceDesk Plus 8.0 - Multiple Stored XSS Vulnerabilities

No description provided by source. ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and...

Joomla Component com_searchlog SQL Injection

No description provided by source. Exploit Title: Joomla Component comsearchlog SQL Injection Date: 05/06/2010 Author: d0lc3 d0lc3xatgmaildomcom Software Link: http://www.kanich.net/radio/site/searchlog/searchlog-download Version: 3.1.0 Tested on: Linux ubuntu32 2.6.32-22-generic x64 Summary: Goo...

nginx 0.7.61 - WebDAV Directory Traversal

No description provided by source. Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0.7.61 - other versions may also be affected Website: http://sysoev.ru/nginx/ Severity: Low Date discovered: 23 September 2009 The webdav component has to be enabled and t...

jakcms 2.0 pro rc5 - Stored XSS via useragent http header injection

No description provided by source. Exploit Title: JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection Date: 7-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version: JAKCMS PRO 2.0 RC5 and probably earlier version Teste...

Apple QuickTime 5.0 Content-Type Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4064/info Apple QuickTime is a freely available media player. It runs on a number of platforms including MacOS and Windows 9x/ME/NT/2000/XP operating systems. Apple QuickTime For Windows does not perform sufficient bounds...

phpLDAPadmin 0.9.4b DoS

No description provided by source. / Exploit Title: phpLDAPadmin 0.9.4b DoS Google Dork: phpLDAPadmin - 0.9.4b Date: 2011-10-23 Author: Alguien Software Link: http://sourceforge.net/projects/phpldapadmin/files/phpldapadmin/0.9.4b/ Version: 0.9.4b Tested on: Red Hat CVE : - Compilation: ----------...

LogMeIn 4.0.784 'cfgadvanced.html' HTTP Header Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be...

IBM Websphere Edge Server 3.69/4.0 HTTP Header Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6001/info A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct ...

Oracle WebCenter Sites Satellite Server - HTTP Header Injection

No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20130417-2 ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter Sites Satellite...

Mono <= 2.0 'System.Web' HTTP Header Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30867/info Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch...

PHP 4.2.3 Header Function Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5669/info PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. It has been reported that a vulnerability in the PHP header functi...

Liferay Enterprise Portal 4.3.6 User-Agent HTTP Header Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27547/info Liferay Enterprise Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

XOOPS 2.0.14 Article Module - 'article.php' SQL Injection Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '84999' ssvid version = '1.0' author = 'kikay' vulDate = '2008-05-06' createDate ...

Webmatic 3.1.1 - Blind SQL Injection

No description provided by source. Advisory ID: HTB23096 Product: Webmatic Vendor: valarsoft.com Vulnerable Versions: 3.1.1 and probably prior Tested Version: 3.1.1 Vendor Notification: 13 June 2012 Public Disclosure: 4 July 2012 Vulnerability Type: Blind SQL Injection CVE Reference: CVE-2012-335...

fresh email script 1.0 - Multiple Vulnerabilities

No description provided by source. 1. +-----------------+-----------------+-----------------+ 2. +-----------------+Fresh Email Script+----------------+ 3. +-----------------versions: 1.0 to 1.11 - all 4. +-----------------exploits: file inclusion & cookie manipulation 5. +-----------------founde...