Lucene search
K

122 matches found

Hacker One
Hacker One
added 2015/06/11 9:5 a.m.1102 views

Shopify: SSRF via 'Insert Image' feature of Products/Collections/Frontpage

Hi Security team, I would like to report an another SSRF issue like my previous bug 67377 https://hackerone.com/reports/67377. The description, threats, risks, exploatations are the same. The base request is the following POST /admin/settings/files.json HTTP/1.1 Host: test-4925.myshopify.com...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.94 views

apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error

Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang Date: 02. January 2014 / 05. September 2014 Vendor: Apache Product: Tomcat Affected versions at least: 7.0.26 7.0.39 7.0.40 Timeline: 1...

6.3AI score
Exploits0
Atlassian
Atlassian
added 2014/07/01 3:29 p.m.20 views

Subpages don't inherit permissions from parent pages (see comments for solution)

We are currently experiencing a serious issue with page restrictions. We have pages with restrictions, that have sub pages, which were created by users, that were deleted from the user directory in the meantime. These root-pages have read restrictions, set for a particular group. However, these s...

1.2AI score
Exploits0Affected Software1
OSV
OSV
added 2014/02/05 7:55 p.m.5 views

CVE-2013-2074

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...

5CVSS7.5AI score0.0198EPSS
Exploits0References9
Prion
Prion
added 2014/02/05 7:55 p.m.25 views

Default credentials

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...

5CVSS6.8AI score0.0198EPSS
Exploits0References9Affected Software1
UbuntuCve
UbuntuCve
added 2013/05/15 12:0 a.m.30 views

CVE-2013-2074

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...

5CVSS6.8AI score0.0198EPSS
Exploits0References2
Atlassian
Atlassian
added 2011/10/26 1:57 a.m.26 views

XSS vulnerability in default 'internal server error' page

We have identified and fixed a reflected cross-site scripting XSS vulnerability in the Bamboo default 'internal server error' page. This issue is reported in our security advisory on this page: https://confluence.atlassian.com/x/rQP5FQ You can read more about XSS attacks at:...

5.5AI score
Exploits0Affected Software1
exploitpack
exploitpack
added 2009/07/10 12:0 a.m.12 views

Phenotype CMS 2.8 - login.php?user Blind SQL Injection

Phenotype CMS 2.8 - login.php?user Blind SQL Injection Phenotype v2.8 Blind Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://ircrash.com My Official WebSite : http://r3dw0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina...

Exploits0
Packet Storm
Packet Storm
added 2009/05/08 12:0 a.m.33 views

Mortbay Jetty Denial Of Service

?php Mortbay Jetty = 7.0.0-pre5 Dispatcher Servlet DoS Affected Software: Jetty 6.1.16, 7.0.0.pre5 all platforms Author: Ikki http://blog.nibblesec.org/ Description: The dispatcher servlet com.acme.DispatchServlet is prone to a DoS vulnerability. This example servlet is meant to be used as a...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2009/05/08 12:0 a.m.15 views

Mortbay Jetty 7.0.0-pre5 Dispatcher Servlet - Denial of Service

Mortbay Jetty 7.0.0-pre5 Dispatcher Servlet - Denial of Service ?php Mortbay Jetty = 7.0.0-pre5 Dispatcher Servlet DoS Affected Software: Jetty 6.1.16, 7.0.0.pre5 all platforms Author: Ikki http://blog.nibblesec.org/ Description: The dispatcher servlet com.acme.DispatchServlet is prone to a DoS...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2008/07/16 12:0 a.m.19 views

Microsoft Exchange OWA 长用户名拒绝服务漏洞

微软Exchange OWAOutlook Web Access组件存在一个拒绝服务漏洞。当使用很多"%"作 为用户名和口令登录时,OWA会返回HTTP 500 - Internal server error信息。用户将不 能通过IE进行登录。据报告说WWW发布服务和IIS管理服务会停止响应。 Microsoft Exchange Server 5.5 SP4 Microsoft Exchange Server 5.5 SP3 Microsoft Exchange Server 5.5 SP2 Microsoft Exchange Server 5.5 SP1 Microsoft...

6.9AI score
Exploits0
0day.today
0day.today
added 2007/03/31 12:0 a.m.33 views

XOOPS Module Tutoriais (viewcat.php) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================= XOOPS Module Tutoriais viewcat.php Remote SQL Injection Exploit ================================================================= !/usr/bin/perl Script Name: XOOPS Module...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/03/18 12:0 a.m.18 views

ScriptMagix FAQ Builder 2.0 - index.php SQL Injection

ScriptMagix FAQ Builder 2.0 - index.php SQL Injection !/usr/bin/perl Script Name: ScriptMagix FAQ Builder : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; $target =...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2006/12/30 12:0 a.m.32 views

Click N Print Coupons 2006.01 - 'key' SQL Injection

!/usr/bin/perl Script Name: Click N' Print Coupons : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User : "; $ID = ; chop $ID; if $ID = /exit/ print "-- Exploit FailedYou Are Exited \n"...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/12/26 12:0 a.m.70 views

The Classified Ad System 1.0 - 'main' SQL Injection

!/usr/bin/perl Script Name: The Classified Ad System 1.0 main Remote SQL Injection Exploit Coded by : ajann Author : ajann Contact : : S.Page : http://www.mxmania.net $$ : 29.99 . .. : ajann,Turkey use IO::Socket; if@ARGV : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are...

7AI score
Exploits0
exploitpack
exploitpack
added 2006/12/24 12:0 a.m.19 views

NewsLetter MX 1.0.2 - ID SQL Injection

NewsLetter MX 1.0.2 - ID SQL Injection !/usr/bin/perl Script Name: Newsletter MX : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User : "; $ID = ; chop $ID; if $ID = /exit/ print "--...

0.3AI score
Exploits0
0day.today
0day.today
added 2006/12/23 12:0 a.m.32 views

Enthrallweb emates 1.0 (newsdetail.asp) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ==================================================================== Enthrallweb emates 1.0 newsdetail.asp Remote SQL Injection Exploit ==================================================================== !/usr/bin/perl Script Name:...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/12/23 12:0 a.m.60 views

Enthrallweb ePages (actualpic.asp) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =============================================================== Enthrallweb ePages actualpic.asp Remote SQL Injection Exploit =============================================================== !/usr/bin/perl Script Name: Enthrallweb ePages...

7.1AI score
Exploits0
Prion
Prion
added 2006/05/17 10:6 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the 500 Internal Server Error page on the SOAP port 8880/tcp in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is...

4.3CVSS5.8AI score0.03007EPSS
Exploits0References16Affected Software1
myhack58
myhack58
added 2006/02/17 12:0 a.m.16 views

Hacking tips-domestic famous website vulnerability-vulnerability warning-the black bar safety net

Recently about system vulnerabilities,has nothing of interest. Because now a patch out very quickly. The large site has been nothing system. Even if you use twwwscan,namp, etc. might very strong scanner also impossible to scan what the hell,there,is also deceptive. But,the so-called hundred Secre...

7.5AI score
Exploits0
Rows per page
Query Builder