CVE-2023-39638

D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbcsystem function at /htdocs/cgibin...

Libpng库'png_push_read_zTXt()'单字节拒绝服务漏洞

BUGTRAQ ID: 31049 CNCAN ID：CNCAN-2008090903 Libpng是一款多种应用程序所使用的解析PNG图形格式的函数库。 Libpng pngpushreadzTXt存在单字节错误，远程攻击者可以利用漏洞对链接此库的应用程序进行拒绝服务攻击。 问题代码存在于pngpushreadzTXt libpng-1.2.31/pngpread.c:1277-1288： pngcharp tmp; tmp = text; text = pngcharppngmallocpngptr, textsize + pnguint32pngptr-zbufsize -...

demo4cms-upload.txt

0 && !inarray $sExtension, $arAllowed || count$arDenied 0 && inarray $sExtension, $arDenied 63. SendResults '202' ; 64. 65. $sErrorNumber = '0' ; 66. $sFileUrl = '' ; 67. 68. // Initializes the counter used to rename the file, if another one...

demo4-sql.txt

=============================================================== Demo4 CMS index.php id Remote SQL Injection Vulnerability =============================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...