逐浪CMS某处编码SQL注入漏洞

简要描述： 逐浪cms某处编码SQL注入漏洞 详细说明： 地址 http://demo.zoomla.cn/3d/InsertContext.aspx protected void PageLoadobject sender, EventArgs e if base.Request.QueryString"type" != null this.md.Caddtime = DateTime.Now; this.md.Cadduser = this.user.GetLogin.UserName; string s = base.Request.Form.ToString; s =...

CVE-2013-6372

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...

CVE-2013-6372

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...

Design/Logic Flaw

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...

CVE-2013-6372

The CVE-2013-6372 issue affects the Jenkins Subversion plugin prior to version 1.54. The vulnerability arises because credentials are stored using base64 encoding in a subversion.credentials file, allowing local users to read and extract passwords and SSH private keys. Impact is limited to local ...

CVE-2013-6372

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...

PT-2014-3100 · Jenkins · Jenkins Subversion Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion plugin versions prior to 1.54 Description: The issue allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file, due to the storage of credentials using base64 encoding...

COLDFUSION(CVE-2 0 1 0-2 8 6 1) the local contains a the use of method-vulnerability warning-the black bar safety net

Recently saw foreigner an article said that the CVE-2 0 1 0-2 8 6 1 This use of the method, only seen by reading the password. properties in the password field, to crack the SHA-1 value of the login background, or by passing a hash of the landing back, haven't seen can directly get the SHELL. In...

Design/Logic Flaw

Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect...

Trustport Webfilter Traversal / File Disclosure

Trustport Webfilter Remote File Access Vulnerability ==================================================== Affected Product ---------------- Product Name: Trustport Webfilter Product Version: 5.5.0.2232 Platform: Microsoft Windows Product/Company Information --------------------------- From...

WordPress Advanced XML Reader 0.3.4 XXE Injection

The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C:\ named "test.txt", which...

Multiple XSS in Hero Framework

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Hero Framework, which can be exploited to perform cross-site scripting attacks against vulnerable application. 1 Multiple XSS in Hero Framework: CVE-2013-2649 1.1 The vulnerability exists due to insufficient sanitisation...

Secret phpwebshell in the backdoor-vulnerability warning-the black bar safety net

Only will this document give to others the webshell to make a contribution to the classmates. Take down a website, after, Of course, pass webshll, mention right. But some people will be in webshell insert small piece of code, so that your hard-won webshell address and password, and so on will be...

DEBIAN-CVE-2012-5468

Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters...

Notes dog a pittance latest injection vulnerability-vulnerability warning-the black bar safety net

/modules/ajax/topic.mod.php function Picajax //echo 1 1; //echo base64encodeserializearray'a'='0''; $options = array; $TopicListLogic = Load::logic'topiclist', 1; $perpagenum = $this-Post'ppnum' ? int$this-Post'ppnum' : 2 0; $cachetime = $this-Post'ctime' ? int$this-Post'ctime' : 1 0; $uid =...

Scientific Linux Security Update : libsoup on SL4.x, SL5.x i386/x86_64

An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64...

Scientific Linux Security Update : evolution-data-server on SL5.x i386/x86_64

Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions S/MIME signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user...

Scientific Linux Security Update : glib2 on SL5.x i386/x86_64

Diego Petten discovered multiple integer overflows causing heap-based buffer overflows in GLib's Base64 encoding and decoding functions. An attacker could use these flaws to crash an application using GLib's Base64 functions to encode or decode large, untrusted inputs, or, possibly, execute...

Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities

Android Data Stealing Web PageClick: Malicious Link"; // Stage 1: Redirect to Stage 2 which will force a download of the HTML/JS payload, then a few seconds later redirect...

aidiCMS 3.55 - 'ajax_create_folder.php' Remote Code Execution

?php / -------------------------------------------------------------------- aidiCMS v3.55 ajaxcreatefolder.php Remote Code Execution Exploit -------------------------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom...