57 matches found
CVE-2020-29572
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field...
CVE-2020-29572
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field...
Design/Logic Flaw
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field...
CVE-2020-29572
CVE-2020-29572 affects MISP 2.4.135, with a cross-site scripting vulnerability in the file app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp via the authkey comment field. The root cause is unsanitized input leading to XSS in the template rendering, enabling arbitrary script e...
CVE-2020-29572
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field...
MISP 跨站脚本漏洞
MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in...
Discuz X3. 3 patch security analysis-vulnerability warning-the black bar safety net
Discuz official in 2017 8 May 1 release of the latest version of the X3. 4 version, the latest version fixes multiple security issues. 360CERT and 360 0KEE Team then for the events to follow. 0x01 vulnerability overview 360CERT and 360 0KEE Team by comparing DiscuzX3. 3SCUTF8 with DiscuzX3. 4SCUT...
Discuz X3. 3 authkey generation algorithm of the security vulnerability and the background arbitrary code execution vulnerability
0x00 background description Discuz official in 2017 8 May 1 release of the latest version of the X3. 4 version, the latest version fixes multiple security issues. 360CERT and 360 0KEE Team then for the events to follow. 0x01 vulnerability overview 360CERT and 360 0KEE Team by comparing DiscuzX3...
phpcms v9 后台任意文件读取(可获取authkey)
No description provided by source...
PHPCMS V9 phpsso/index.php authkey 泄露漏洞
No description provided by source...
Phpcmsv9 injection 0day analysis-vulnerability warning-the black bar safety net
According to the video I learned that is injected from the phpcms/modules/message/classes/messagetag. class. php checknew function public function checknew $where = array'sendtoid'=$this-username,'folder'='inbox','status'='1'; $newcount = $this-messagedb-count$where; //Check whether there is does...
PHPCMS V9 /api.php Authkey 信息泄漏
No description provided by source...
用友政务官方网站存在漏洞导致authkey泄露
简要描述: 用友政务官方网站存在漏洞导致authkey泄露 详细说明: 同学在用友政务工作,闲着没事看了看他们的官方网站,顺便手贱摸了一下·· http://www.yonyougov.com/index.php?m=admin&c=index&a=login&pchash= PHPCMS V9的系统 authkey很重要,可注射拿shell...
PHPCMS latest version authkey leakage vulnerability
PHPCMS is a content management system. PHPCMS latest version authkey leak vulnerability, attackers use authkey and cms comes with the encryption and decryption function can be encrypted, you can change the password, but also can be injected...
Pixiewps - Bruteforce Offline the WPS Pin (Pixie Dust Attack)
Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack. It is meant for educational purposes only. All credits for the research go to Dominique Bongard. DEPENDENCIES Pixiewps requires libssl. To install it:...
用友某业务站敏感信息泄漏+sql注入
简要描述: 用友某业务站敏感信息泄漏+sql注入 详细说明: 用友新道: http://home.seentao.com/ http://seentao.yonyou.com/ phpcms搭建,存在爆authkey漏洞,拿到key,想干什么干什么。。 WooYun: PHPCMS最新版本authkey泄露可注射拿shell 漏洞证明: 仅测试: web server operating system: Windows web application technology: PHP 5.3.29, Apache 2.4.10 back-end DBMS: MySQL 5.0...
PHPCMS V9 /phpsso_server/phpcms/modules/phpsso/index.php SQL注入漏洞
/api/getmenu.phpfunction ajaxgetlist $cachefile = $GET'cachefile'; $cachefile = strreplacearray'/', '//', '', $cachefile; //$cachefile = pregreplace'/\x00-\x08\x0B\x0C\x0E-\x1F\x7F+/S', '', $cachefile; $path = $GET'path'; $path = strreplacearray'/', '//', '', $path; //$path =...