Lucene search
K

70 matches found

ATTACKERKB
ATTACKERKB
added 2022/06/10 1:15 p.m.1 views

CVE-2022-31788

IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname...

9.8CVSS5.6AI score0.14257EPSS
Exploits1References3
Gitee
Gitee
added 2019/03/14 3:48 p.m.4 views

CVE2018-8550Poc

这个漏洞属于com组件Unmarshal类型本地权限提升漏洞 复现环境 1. Windows 10 1709 32位操作系统 2. 需要安装声卡或操作系统自带虚拟声卡 3. 编译环境Visual Studio 2013 Poc 分析 原poc作者James Forshaw使用C实现,我一直未复现成功,不过通过原poc的代码我大致明白了漏洞的成因和触发方法,原poc环境是win10 1803...

7AI score
Exploits0
OSV
OSV
added 2017/12/29 6:29 p.m.6 views

CVE-2017-17933

cgi/surgeftpmgr.cgi aka the Web Manager interface on TCP port 7021 or 9021 in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter...

6.1CVSS5.8AI score0.00945EPSS
Exploits4References1
Cvelist
Cvelist
added 2017/12/29 6:0 p.m.33 views

CVE-2017-17933

cgi/surgeftpmgr.cgi aka the Web Manager interface on TCP port 7021 or 9021 in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter...

6.1AI score0.00945EPSS
Exploits4References1
ThreatPost
ThreatPost
added 2017/12/20 3:23 p.m.13 views

CHM Help Files Deliver Brazilian Banking Trojan

Security researchers are warning of a new spam campaign targeting Brazilian institutions that contain Compiled HTML file attachments that are used to deliver a banking Trojan. Spam messages contain a malicious CHM attachment called “comprovante.chm”, wrote Rodel Mendrez, senior security researche...

7.2AI score
Exploits0References3
CNVD
CNVD
added 2016/06/12 12:0 a.m.2 views

SQL injection vulnerability in the newss.htm?classID= parameter of the distance education platform of Shenzhen Tengchuang Network Technology Co.

Tengchuang Internet Distance Education Platform is an online knowledge trading platform centered on real-time interactive online classroom, combining powerful functions such as courseware on-demand, course transaction, online payment, and online examination, etc. for students and teachers in...

7.8AI score
Exploits0References1
CNVD
CNVD
added 2016/05/03 12:0 a.m.2 views

SQL Injection Vulnerability in the 'classid' parameter of the mining system of Shenzhen Jishu Communication Co.

Ltd. is a communication enterprise providing communication services and communication products. A SQL injection vulnerability exists in the program mining system of Shenzhen Jishu Communication Co. The lack of filtering of the 'classid' parameter allows an attacker to exploit the vulnerability to...

7.9AI score
Exploits0References1
seebug.org
seebug.org
added 2015/06/03 12:0 a.m.31 views

一采通电子采购系统多处SQL注入漏洞#4

简要描述: 一采通电子采购系统多处SQL注入漏洞4 详细说明: google:inurl:companycglist.aspx?ComId= 1 漏洞存在于 /Plan/TitleShow/ApplyInfo.aspx,参数ApplyID 例如 http://eps.umgg.com.cn/Plan/TitleShow/ApplyInfo.aspx?ApplyID=1 2 漏洞存在于 /Price/AVL/AVLPriceTrendsSQU.aspx,参数classId 例如...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2015/04/02 12:0 a.m.19 views

WebGate eDVR Manager 2.6.4 - SiteChannel Property Stack Buffer Overflow

WebGate eDVR Manager 2.6.4 - SiteChannel Property Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2015/04/02 12:0 a.m.37 views

WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow

var arg1="PraveenD"; var arg2=1; var arg3= ""; var arg4="PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i1664; i++ arg3 += "B"; var nseh = "\xeb\x10PD"; //WESPSerialPort.dll0x100104e7 = pop pop ret var seh = "\xe7\x04\x01\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2015/04/02 12:0 a.m.25 views

WebGate eDVR Manager 2.6.4 - AudioOnlySiteChannel Stack Buffer Overflow

WebGate eDVR Manager 2.6.4 - AudioOnlySiteChannel Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

0.3AI score
Exploits0
0day.today
0day.today
added 2015/01/30 12:0 a.m.38 views

X360 VideoPlayer ActiveX Control 2.6 - Full ASLR & DEP Bypass Exploit

Exploit for windows platform in category remote exploits !-- Exploit Title: X360 VideoPlayer ActiveX Control RCE Full ASLR & DEP Bypass Author: Rh0 Date: Jan 30 2015 Affected Software: X360 VideoPlayer ActiveX Control 2.6 VideoPlayer.ocx Vulnerability: Buffer Overflow in Data Section Tested on:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/11/25 12:0 a.m.46 views

TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC)

TRENDnet SecurView Wireless Network Camera TV-IP422WN UltraCamX.ocx Stack BoF Vendor: TRENDnet Product web page: http://www.trendnet.com Affected version: TV-IP422WN/TV-IP422W Summary: SecurView Wireless N Day/Night Pan/Tilt Internet Camera, a powerful dual-codec wireless network camera with the...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/08/12 12:0 a.m.43 views

Fengcms v1.25 SQL注入漏洞

简要描述: 过滤不严,绕过并注入 详细说明: Template/article.html和Template/articleclass.html中 $classid=$GET‘classid’//直接GET传入 最新推荐 loop M"module"-l"article","wclassid='$classid'&&attribj=1&&status=1;ftitle,html,date;n10;sid,1" $k $v //classid直接带入查询 date'm/d',strtotime$v'date'$v'title' /loop 下面的一样,就省略了...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using Outlook, a temporary object is...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption

No description provided by source. $Id: msvidctlmpeg2.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

7.1AI score0.76647EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Rising Online Virus Scanner 22.0.0.5 - ActiveX Control DoS (Stack overflow)

No description provided by source. Exploit Title: Rising Online Virus Scanner ActiveX Control DoS Stack overflow Author: wirebonder Software Link: http://www.rising-global.com/products/online-scanner-intro.html Tested on: Windows XP sp3 ProgID: RavOLCtlLib.RavOnline ClassID:...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/03/30 12:0 a.m.52 views

RichTx32.OCX (TextBox Control 6.0) ActiveX Dos

Exploit for windows platform in category dos / poc Title: RichTx32.OCX TextBox Control 6.0 ActiveX Dos Author: Dmar al3noOoz يارب انصر اخوننا في سوريا Mail : email protected Software Link : http://support.microsoft.com/default.aspx?scid=kb;en-us;838010 Version: 6.00.8169 Tested on: Windows XP...

7AI score
Exploits0
myhack58
myhack58
added 2011/06/25 12:0 a.m.37 views

High-speed Ankang School Site program v3. 1. 1 cookie injection vulnerability-vulnerability warning-the black bar safety net

PS:seems to be oyaya kernel. Use the system notes: 1. The present program consists of extreme well-being and development,the symbolic charge a little Fee for everyone to use! 2. The present system for sharing procedures,the user the freedom to choose whether to use,in use, any problems and losses...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2011/05/03 12:0 a.m.36 views

ICONICS WebHMI - ActiveX Stack Overflow

ICONICS WebHMI - ActiveX Stack Overflow , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. ICONICS WebHMI ActiveX Stack Overflow Vendor Link: http://www.iconics.com/ PDF:...

0.6AI score
Exploits0
Rows per page
Query Builder