Lucene search
K

125 matches found

CNVD
CNVD
added 2016/09/21 12:0 a.m.2 views

SQL Injection Vulnerability in the getInfo Interface Function of Jiusi OA System

Ninth OA system is the OA system to install, implement, learn, operate and maintain. A SQL injection vulnerability exists in the Ninth OA System. The lack of filtering of the 'getInfo' parameter allows an attacker to exploit the vulnerability to obtain sensitive information about the database...

7.7AI score
Exploits0References1
CNVD
CNVD
added 2016/09/21 12:0 a.m.2 views

XXE Vulnerability in Ninth OA System

Ninth OA system is the OA system to install, implement, learn, operate and maintain. Ninth OA system DocumentBuilder db = ex.newDocumentBuilder; Document doc = db.parserequest.getInputStream; XXE vulnerability exists. An attacker can read arbitrary files on the server and obtain sensitive...

6.7AI score
Exploits0References1
seebug.org
seebug.org
added 2016/08/12 12:0 a.m.25 views

Ruvar OA system WorkPlanAttachDownLoad. aspx parameters sys_file_storage_id SQL injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/08/04 12:0 a.m.19 views

Limits of the OA system /inc/finger/use_finger.php file USER_ID parameter SQL injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/08/02 12:0 a.m.19 views

Ruvar OA system pm_gatt_inc. aspx SQL injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/07/12 12:0 a.m.14 views

JINGLUN OA system /Systems/code/Code_edit. aspx file ChannelId parameter SQL injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/07/04 12:0 a.m.19 views

JINGLUN OA system /Systems/user_priv/manage. aspx file id parameter SQL injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/06/21 12:0 a.m.18 views

Dimensions OA system notes.php parameter nid SQL injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/06/10 12:0 a.m.27 views

Mastery OA system /general/document/index. php/recv/register/turn parameter rid of the SQL injection vulnerability

http://xxx/general/document/index.php/recv/register/turn post:SERVER=&rid=expselectfromselect concat0x7e7e7e,@@version,0x7e7e7e from user limit 0,1x...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/09 12:0 a.m.20 views

泛微 eweaver OA系统 filebrowser.jsp 参数dir 目录遍历

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/02/19 12:0 a.m.24 views

kingdee 金蝶OA系统/oa/admin/application/file_download.jsp 参数filePath 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/02/19 12:0 a.m.23 views

金蝶kingdee OA办公系统 /kingdee/disk/add_folder.jsp 等2处 SQL盲注漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/10 12:0 a.m.38 views

通达OA系统 logincheck.php SQL注入

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/07/14 12:0 a.m.4 views

SQL Injection Vulnerability in Zhixiang OA Office System/mainpage/msg.aspx?user=parameters

Zhixiang OA office system is an enterprise office system. A SQL injection vulnerability exists in the OpenWindows/OpenleibiezlMc.aspx?id= parameter of the Zhixiang OA Office System, which can be exploited by an attacker to obtain sensitive information from the database...

7.7AI score
Exploits0References1
CNVD
CNVD
added 2015/06/25 12:0 a.m.4 views

SQL Injection Vulnerability in OAID Parameter of Haitian OA System/Documents/OA_WordDocDisplay.asp Page

Haitian OA network office system is suitable for enterprises and institutions of the general-purpose network office software, the system adopts the leading B / S browser / server mode of operation, so that the network office is not subject to geographical restrictions. A SQL injection vulnerabili...

7.7AI score
Exploits0References1
seebug.org
seebug.org
added 2015/05/21 12:0 a.m.14 views

53kf多站点配置不当导致整站可下载

简要描述: 详细说明: http://oa1.53kf.com/.svn/entries http://test2.53kf.com/.svn/entries http://test4.53kf.com/.svn/entries SVN泄露可导致整站下载 其中一个是OA系统 其他两个看源码疑似管理系统 漏洞证明: http://oa1.53kf.com/.svn/entries http://test2.53kf.com/.svn/entries http://test4.53kf.com/.svn/entries SVN泄露可导致整站下载 其中一个是OA系统 其他两个看源码疑似管理系统...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/04/21 12:0 a.m.34 views

某OA系统高危漏洞无需登陆Getshell

简要描述: 危害比较大把 详细说明: 我这个说的是前台无需登录的,前人好像说要注入后登录其实构造表单就可以了 海天OA官网:http://www.haitiansoft.com:8080/ 存在一处不需要登录就可以getshell的高危漏洞! Upload bug: None...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/02/02 12:0 a.m.19 views

某OA办公系统储存型XSS#2

简要描述: 某OA办公系统储存型XSSdemo演示 详细说明: 漏洞证明: 官方站:http://www.oa8000.com/online.htm 官方演示站:http://demo.oa8000.com/OAapp/WebObjects/OAapp.woa 普通用户登录,工作中心--任务管理--新建任务 在任务标题处写入XSS代码/" 查看我们发布的信息,直接查看任务即可,不用查看具体信息。...

7.1AI score
Exploits0
myhack58
myhack58
added 2015/01/24 12:0 a.m.36 views

New Oriental OA system patches timely thinkphp vulnerability to execute arbitrary system commands(getshell)-vulnerability warning-the black bar safety net

Brief description: New Oriental OA system patch is not timely, the thinkphp vulnerability to execute arbitrary system commandsgetshell Detailed description: ! https://. xdf. cn/mapp/index. php/module/action/param1/$%7B@printvardumpDAdmin-%3Eselect%7D The results are as follows: --------- array1 0...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2014/11/14 12:0 a.m.19 views

某OA系统SQL注射漏洞(SA权限)

简要描述: RT 详细说明: 海天OA存在一处sql注入 海天OA官网:http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了,下面就用5个案例来做安全测试! SQL注入点: /ZhuanTi/OALoadlink.asp?OAID= 漏洞证明: 案例: http://180.166.7.94/ZhuanTi/OALoadlink.asp?OAID=1 http://oa.tjfsu.edu.cn/ZhuanTi/OALoadlink.asp?OAID=1...

7.1AI score
Exploits0
Rows per page
Query Builder