Lucene search
K

55 matches found

seebug.org
seebug.org
added 2013/07/03 12:0 a.m.29 views

shopex注册用户任意定义预存款余额或积分

简要描述: shopex在注册用户时存在验证不严,导致注册时可以随意定义预存款余额或积分等字段的内容 详细说明: 在文件\core\shop\controller\ctl.passport.php if !$info = $account-create$POST,$message $this-splash'failed','back',$message,'','',$POST'fromminipassport'; 用户注册的变量都保存在$POST中,继续看根目录文件index.php filterData$POST; require...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/02/22 12:0 a.m.371 views

CKEditor 4.0.1 多个安全漏洞

CKEditor是一款在线文字编辑器 CKEditor存在多个安全漏洞,允许攻击者利用漏洞进行跨站请求伪造,跨站脚本攻击及获取路径信息 0 CKEditor 4.0.1 厂商解决方案 目前没有详细解决方案提供: http://ckeditor.com/ =========================================== Vulnerable Software: ckeditor 4.0.1 standard Download:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/05/30 12:0 a.m.42 views

PHPList 2.10.9 'Sajax.php' PHP代码注入漏洞

phplist是一个开源的newsletter管理软件,用PHP开发。 PHPList 'Sajax.php'不正确处理用户提交的数据,远程攻击者可以利用漏洞提交恶意代码,并以WEB权限执行。 0 PHPList 2.10.9 厂商解决方案 phplist ----- 目前没有详细解决方案提供: http://www.phplist.com/ --------------------------------------- This PoC was written for educational purpose. Use it at your own risk. Author will b...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/04/13 12:0 a.m.32 views

Wordpress Plugin Email Before Download <=3.16 Blind SQL Inyection

Exploit for php platform in category web applications Wordpress Plugin: Email Before Download escape before using it. On line 120 File: /email-before-download/email-before-download.php we can see that: ===================================================================================== 120:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.57 views

Support Incident Tracker &lt;= 3.65 &#40;translate.php&#41; Remote Code Execution Vulnerability

Support Incident Tracker = 3.65 translate.php Remote Code Execution Vulnerability author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom software link........: http://sitracker.org/ affected versions....: from 3.45 to 3.65 - vulnerable code in /translate.php 23...

1.2AI score
Exploits0
Exploit DB
Exploit DB
added 2011/04/02 12:0 a.m.31 views

ilchClan 1.0.5 - &#039;regist.php&#039; SQL Injection

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- / \ \ \ \ | | | / / / // |/ | ' \ \ \ // / | | | | | | / / / |||| || \ \ Security Flaw in ilch clan 1.0.5 a,b,c,d,e,f! in regist.php /...

7.4AI score
Exploits0
0day.today
0day.today
added 2010/04/20 12:0 a.m.26 views

IPB <= 2.3.5 Improved SQL Injection Exploit

Exploit for php platform in category web applications =========================================== IPB Attention!\n"; echo "br...

6.7AI score
Exploits0
0day.today
0day.today
added 2010/04/20 12:0 a.m.24 views

IPB <= 3.0.1 SQL Injection Exploit

Exploit for php platform in category web applications ================================== IPB Attention!\n"; echo "\n"; echo "Error!\n"; echo "This exploit is meant to be used as php CLI script!\n"; echo "Mo...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2009/05/08 12:0 a.m.16 views

TinyWebGallery 1.7.6 Local File Inclusion

?php / ----------------------------------------------------------- TinyWebGallery = 1.7.6 LFI / Remote Code Execution Exploit ----------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.tinywebgallery.com/ details..: this...

7.4AI score
Exploits0
0day.today
0day.today
added 2008/09/21 12:0 a.m.63 views

Invision Power Board <= 2.3.5 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================== Invision Power Board = 2.3.5 Remote SQL Injection Exploit ========================================================== ?php errorreportingEALL;...

7.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2008/03/09 12:0 a.m.38 views

phpMyAdmin: SQL injection vulnerability

Background phpMyAdmin is a free web-based database administration tool. Description Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact An attacker could entice a user to visit a malicious web application that sets an...

5.1CVSS7.3AI score0.00912EPSS
Exploits0
myhack58
myhack58
added 2006/10/29 12:0 a.m.18 views

Php5 GPC bypass flaw-vulnerability warning-the black bar safety net

In the discussion of specific defects before we start to learn a little about php security aspect of small things. magicquotesgpc option is php one of the important security settings, when the option is ON that is open at the time, all from GET, POST, COOKie is passed over the data in the'," and,...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/07/05 12:0 a.m.29 views

CentOS 3 / 4 : SquirrelMail (CESA-2005:595)

An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released with this errata contained a bug which rendered the...

4.3CVSS5.2AI score0.04242EPSS
Exploits2References8
Cent OS
Cent OS
added 2005/08/03 4:4 p.m.83 views

squirrelmail security update

CentOS Errata and Security Advisory CESA-2005:595 An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released wi...

4.3CVSS5.6AI score0.04242EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2005/08/03 2:16 p.m.39 views

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released with this errata contained a bug which rendered the...

4.3CVSS5.6AI score0.04242EPSS
Exploits2References3
Rows per page
Query Builder