Lucene search
K

3751 matches found

RedHat Linux
RedHat Linux
added 2013/09/30 8:30 p.m.3 views

php: PG(magic_quote_gpc) was not restored on shutdown

PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...

6.8CVSS5.9AI score0.06709EPSS
Exploits2References4
seebug.org
seebug.org
added 2013/09/24 12:0 a.m.25 views

Z-Blog的php版前台正则SQL盲注漏洞

简要描述: 第二发...另外有点疑惑想问下你们的开发 详细说明: 问题出在 /zbsystem/function/csystemcommon.php function GetVars$name,$type='REQUEST' if $type=='ENV' $array=&$ENV; if $type=='GET' $array=&$GET; if $type=='POST' $array=&$POST; if $type=='COOKIE' $array=&$COOKIE; if $type=='REQUEST' $array=&$REQUEST; if $type=='SERVER'...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/09/20 12:0 a.m.25 views

PHP168 a magical loophole, you can query any user data-bug warning-the black bar safety net

Brief description: Country micro-PHP168 appeared a magic array, can cause the whole station to the user data leakage. The leaked content includes total Station user passwords in cipher text, email, password, salt, IP and other sensitive information. Detailed description: PHP168 program...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/08/29 1:3 a.m.15 views

[Process Magic v2.0] Command-line Tool to Hide Windows Application or Launch New Process in Hidden Mode

Process Magic is the command-line tool to Hide any Windows application or launch new application in Hidden or Invisible mode. In addition to hiding any Windows process, it also allows you to Unhide any previously Hidden application. Note that it hides the application by hiding its main window. So...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/08/29 12:0 a.m.14 views

Alpaca the CMS injection and getwebshell code audit study-vulnerability warning-the black bar safety net

Recently in the study of code audit,will go to chinaz looking for a personal gas of a relatively high cms,this fit I just start dropping people Ue batch checked the source code of the entire system are in the injection the injection Well,single quotes Ah,also need to bypass,open the gpc will...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.25 views

Fedora 18 : python-bugzilla-0.9.0-1.fc18 (2013-11419)

Rebased to version 0.9.0 - bugzilla: modify: add --dependson Don Zickus - bugzilla: new: add --groups option Paul Frields - bugzilla: modify: Allow setting nearly every bug parameter - NovellBugzilla implementation removed, can't get it to work - Gracefully handle private bugs bz 963979 - Raise...

4.3CVSS5.4AI score0.00888EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.30 views

Fedora 19 : python-bugzilla-0.9.0-1.fc19 (2013-11336)

Rebased to version 0.9.0 - bugzilla: modify: add --dependson Don Zickus - bugzilla: new: add --groups option Paul Frields - bugzilla: modify: Allow setting nearly every bug parameter - NovellBugzilla implementation removed, can't get it to work - Gracefully handle private bugs bz 963979 - Raise...

4.3CVSS5.4AI score0.00888EPSS
Exploits0References3
Kitploit
Kitploit
added 2013/06/11 4:3 a.m.18 views

[Process Magic] Tool to Hide any Windows application in Hidden or Invisible mode

Process Magic is the command-line tool to Hide any Windows application or launch new application in Hidden or Invisible mode. In addition to hiding any Windows process, it also allows you to Unhide any previously Hidden application. Note that it hides the application by hiding its main window. So...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/05/08 12:0 a.m.19 views

Hloun Support Management System 3.0 SQL Injection / Bypass

Hloun Support Management System version 3.0 suffers from authentication bypass and remote SQL injection vulnerabilities. fixhashuser$COOKIE'onlineadmin'; $userquery = "SELECT FROM member WHERE username='".$memberhash'username'."' AND password='".$memberhash'password'."'"; $member =...

8.5AI score
Exploits0
Kitploit
Kitploit
added 2013/04/02 10:58 p.m.18 views

[Binwalk v1.2] Firmware Analysis Tool

Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/03/19 12:0 a.m.37 views

PHP-Fusion Authenticate.class.php Multiple Cookie SQL Injection

The version of the PHP-Fusion installed on the remote host is affected by a SQL injection vulnerability because it fails to properly sanitize user input to the 'user' and 'admin' cookies upon submission to the application. An unauthenticated, remote attacker could leverage this issue to launch a...

7.5CVSS5.9AI score0.0362EPSS
Exploits0References3
0day.today
0day.today
added 2013/03/14 12:0 a.m.16 views

ClipShare 4.1.4 SQL Injection / Plaintext Password Vulnerabilities

ClipShare version 4.1.4 suffers from remote blind SQL injection and plaintext password vulnerabilities. ===================================================================== Vulnerable Software: ClipShare - Video Sharing Community Script 4.1.4 Official site: http://www.clip-share.com Software...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.45 views

Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header

STValloc | st != NULL Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Full panic message: Panic message: Assert error in STValloc, stevedore.c line 192:012 Conditionst != NULL not true. Summary: Varnish 2.1.5 crash and restart via...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/02/20 4:21 p.m.3 views

php: PG(magic_quote_gpc) was not restored on shutdown

PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...

6.8CVSS5.9AI score0.06709EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2013/02/18 12:0 a.m.66 views

PHP-Fusion CMS 7.02.05 SQL Injection

SQL Injection vulnerability exists in releases since 7.02.01 till 7.02.05 of PHP-Fusion CMS. The vulnerability allows the attacker to authenticate as an arbitrary user and act with its rights which might lead to the code execution. Because of exploitation simplicity, the potential risk is very...

0.2AI score
Exploits0
myhack58
myhack58
added 2012/12/19 12:0 a.m.19 views

DedeCMS member center classification management SQL injection 0day vulnerabilities can be obtained the administrator password-vulnerability warning-the black bar safety net

Need magicquotesgpc = Off,so that is tasteless. Occurs in the array key where the injection vulnerability,a little mean. Here is blind,is the trouble point can also use,you can write a tool,automated attendant ran about http://www.xxx.com /dede/member/mtypes. php? dopost=save Trojan: mtypename7'...

1.4AI score
Exploits0
CVE
CVE
added 2012/11/26 11:0 p.m.42 views

CVE-2010-5281

CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1 is affected by a directory traversal in ibrowser.php. When magic_quotes_gpc is disabled, an attacker can read arbitrary files by injecting a .. into the lang parameter. This is a true vulnerability with CVE-2010-5281 documented by NVD (base score 6.8, ve...

6.8CVSS6.8AI score0.02289EPSS
Exploits1References5Affected Software1
myhack58
myhack58
added 2012/11/20 12:0 a.m.16 views

Code audit: DedeCMS several latest bug analysis-bug warning-the black bar safety net

Preface:the original is a contributor to the hacking of Defense want to change a few pieces of pocket money,results 3 on the cast of the manuscript,the editor replied that the proposed 4 period 4 late advice that,that”two days will be published”,the results of today's 5 on 2 numbers are not...

0.1AI score
Exploits0
myhack58
myhack58
added 2012/11/13 12:0 a.m.31 views

dedecms5. 7 latest sql injection exploit guestbook. php-vulnerability warning-the black bar safety net

Impact version 5. 7 Vulnerability file edit. inc. php specific code: ExecuteNoneQuery" DELETE FROM @guestbook WHERE id='$id' "; ShowMsg"successfully deleted a message!", $GUESTBOOKPOS; exit; else if$job=='check' && $gisadmin $dsql-ExecuteNoneQuery" UPDATE @guestbook SET ischeck=1 WHERE id='$id' "...

0.7AI score
Exploits0
0day.today
0day.today
added 2012/10/31 12:0 a.m.82 views

jNews com_jnews 7.0.0 => 7.7.5 execute arbitrary PHP code

The vulnerability affects all variations of jNews, including the premium ones this is where the 7.7.5 comes in, not just the free version. The dork "inurl:comjnews" currently produces "About 37,100 results". The exploit will create a file on the targeted website and enable you to execute arbitrar...

7.8AI score
Exploits0
Rows per page
Query Builder