Microsoft Internet Explorer Universal XSS Proof Of Concept

Cookie hijacking: Internet Explorer UXSS CVE-2015-0072 Host below files on webserver attacker.com and share the exploit link with victims, exploit.php --- exploit link Share with victim redirect.php --- Script to redirect on target page target page should not contain X-Frame-Options or it will fa...

Design/Logic Flaw

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

CVE-2014-3440

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

CVE-2014-3440

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

嘉缘人才系统最新版注入（无视防御）

简要描述： rt 详细说明： 看到\member\personinterview.php if$do=='del' $checks=$POST'checks'; $db -query"delete from $cfg'tbpre'myinterview where ipmember='$username' and iid in $checks"; showmsg'删除成功！',"?m=personinterview&show=$show",0,2000;exit; 由上面的代码可以看出来，$checks直接进入了sql中，而且没有单引号。...

CVE-2014-8009

CVE-2014-8009 affects Cisco Unified Computing System Manager (UCSM) up to version 2.1(3f). The issue is an information-disclosure vulnerability where remote, unauthenticated attackers can read log files to obtain sensitive system information. Exploitation details are not provided in the cited doc...

ovirt-engine-log-collector: database password disclosed in process listing

It was found that rhevm-log-collector called sosreport with the PostgreSQL database password passed as a command line parameter. A local attacker could read this password by monitoring a process listing. The password would also be written to a log file, which could potentially be read by a local...

Low: Red Hat Security Advisory: openstack-trove security update

Updated openstack-trove packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores,...

DEBIAN-CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...

CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...

CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...

Host Based Intrusion Detection System: Samhain

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. samhain is a file and host integrity and intrusion alert system...

Cross site scripting

Cross-site scripting XSS vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file...

CVE-2014-7248

Cross-site scripting XSS vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file...

CVE-2014-7248

Cross-site scripting XSS vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file...

Event tracking: Belkin router Belkin router）0day overflow vulnerability analysis-vulnerability warning-the black bar safety net

Vulnerability summary Security researcher Marco Vaz in Belkin n750 the model router found a serious vulnerability that can allow an attacker on the victim's device to get Root access permissions i.e. administrator privileges, the vulnerability of the main attacks is the router's Web...

CVE-2014-8735

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file...

Information disclosure

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file...

CVE-2014-8735

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file...

CVE-2014-8735

The Drupal Bad Behavior module (versions 6.x-2.x prior to 6.x-2.2216 and 7.x-2.x prior to 7.x-2.2216) allows information disclosure by logging usernames and passwords. This occurs because remote authenticated users with the "administer bad behavior" permission can read the module’s logs to obtain...