Lucene search
K

849 matches found

seebug.org
seebug.org
added 2014/09/13 12:0 a.m.16 views

Discuz!的addcslashes对序列化字符串处理不当造成数据注入

简要描述: 首先声明一点,这个漏洞2014-09-10在“腾讯安全应急响应中心”发过,账号现已放弃,对于腾讯不想多说什么 问题描述: DiscuzX3.2及以下 可盗取管理员、用户信息,蠕虫攻击等 详细说明: source\class\discuz\discuzdatabase.php public static function quote$str, $noarray = false if isstring$str return ''' . addcslashes$str, "\n\r\'"\032" . ''';...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/09/02 12:0 a.m.115 views

Apache Tomcat 8.0.x < 8.0.11 Multiple OpenSSL Vulnerabilities

According to its self-reported version number, the Apache Tomcat server running on the remote host is 8.0.x prior to 8.0.11. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the function 'ssl3readbytes' that could allow data to be...

7.4CVSS8.2AI score0.99977EPSS
Exploits13References9
RubySec
RubySec
added 2014/08/18 12:0 a.m.23 views

Data Injection Vulnerability in Active Record

The createwith functionality in Active Record was implemented incorrectly and completely bypasses the strong parameters protection. Applications which pass user-controlled values to createwith could allow attackers to set arbitrary attributes on models...

7.5CVSS6.9AI score0.02797EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/08/12 12:0 a.m.437 views

HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities

The RPM installation of HP Version Control Agent VCA on the remote Linux host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL : - An error exists in the 'ssl3readbytes' function that permits data to be injected into other sessions ...

7.4CVSS8.1AI score0.99977EPSS
Exploits14References9
Mageia
Mageia
added 2014/08/05 8:8 p.m.47 views

Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.4, serialised data passed by repositories could potentially contain objects defined by add-ons that could include executable code CVE-2014-3541. In Moodle before 2.6.4, it was possible for manipulated XML files passed from LTI servers to be interpreted by Moodle to allow acce...

7.5CVSS6.6AI score0.04667EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2014/08/05 12:0 a.m.248 views

Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10629)

According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - An error exists in the ssl3readbytes function that permits data to be injected into other sessions or allows denial of service attacks. Note that this...

7.4CVSS7.4AI score0.95326EPSS
Exploits9References5
Tenable Nessus
Tenable Nessus
added 2014/07/17 12:0 a.m.69 views

McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075)

The remote host is running a version of McAfee VirusScan Enterprise for Linux VSEL that is affected by multiple vulnerabilities due to flaws in the included OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial...

7.4CVSS8.1AI score0.99977EPSS
Exploits14References18
seebug.org
seebug.org
added 2014/07/16 12:0 a.m.40 views

sitestar某功能鸡肋sql(需要一定条件)

简要描述: sql injection 详细说明: sitestar没有做全局的数据转义,很容易出现遗漏的地方。 测试版本sitestarv2.7build140505 出现问题的地方在module/modorder.php 176行开始。 鸡肋的地方在于这是一个普通用户使用的积分兑换功能。需要用户最少有100积分才可以之星下面的逻辑。 public function userjifensave $integral = ParamHolder::get'exchange'; if trimSessionHolder::get'SSLOCALE' != '' // 多语言切换用...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/07/14 12:0 a.m.675 views

Fortinet OpenSSL Multiple Vulnerabilities

The firmware of the remote Fortinet host is running a version of OpenSSL that is affected by one or more of the following vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issu...

7.4CVSS8.1AI score0.99977EPSS
Exploits13References7
Tenable Nessus
Tenable Nessus
added 2014/07/14 12:0 a.m.43 views

VMware vCenter Server Appliance Multiple Vulnerabilities (VMSA-2014-0006)

The version of VMware vCenter Server Appliance installed on the remote host is 5.0 prior to 5.0 Update 3a, 5.1 prior to 5.1 Update 2a, or 5.5 prior to 5.5 Update 1b. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function...

7.4CVSS8AI score0.99977EPSS
Exploits13References8
Tenable Nessus
Tenable Nessus
added 2014/07/09 12:0 a.m.43 views

VMware vCenter Chargeback Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

The version of vCenter Chargeback Manager installed on the remote host is 2.6.0. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service...

7.4CVSS7.4AI score0.95326EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2014/07/07 12:0 a.m.61 views

HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)

The version of HP Version Control Repository Manager installed on the remote host is prior to 7.3.4, and thus is affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or...

7.4CVSS8AI score0.99977EPSS
Exploits14References9
Tenable Nessus
Tenable Nessus
added 2014/07/03 12:0 a.m.57 views

VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0006)

The version of vSphere Client installed on the remote Windows host is is affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issu...

7.4CVSS7.4AI score0.95326EPSS
Exploits9References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

OCS Inventory NG 2.0.1 Persistent XSS

No description provided by source. OCS Inventory NG 2.0.1 - Persistent XSS CVE-2011-4024 ------------------------------------------------------- Software : Open Computer and Software OCS Inventory NG Download : http://www.ocsinventory-ng.org/ Discovered by : Nicolas DEROUET nicolas.derouetgmailco...

4.3CVSS6.4AI score0.04699EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2014/06/19 12:0 a.m.350 views

McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075)

The remote host is running a version of McAfee Web Gateway MWG that is affected by multiple vulnerabilities due to flaws in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note thi...

7.4CVSS8.1AI score0.99977EPSS
Exploits14References15
Tenable Nessus
Tenable Nessus
added 2014/06/19 12:0 a.m.51 views

McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075)

The remote host is running a version of McAfee ePolicy Orchestrator that is affected by multiple vulnerabilities due to flaws in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Not...

7.4CVSS8.1AI score0.99977EPSS
Exploits14References16
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.83 views

OpenSSL race conditions

Race conditions lead to DoS or data injection...

4.3CVSS2.2AI score0.43828EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2014/04/24 7:2 p.m.11 views

MGASA-2014-0191 Updated ruby-rails and associated packages fix multiple vulnerabilities

Updated ruby-activerecord and ruby-actionpack packages fix security vulnerabilities: There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may not be intended CVE-2014-0080. There is an XSS vulnerability in th...

6.8CVSS6.4AI score0.04032EPSS
Exploits0References5
Mageia
Mageia
added 2014/04/24 7:2 p.m.56 views

Updated ruby-rails and associated packages fix multiple vulnerabilities

Updated ruby-activerecord and ruby-actionpack packages fix security vulnerabilities: There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may not be intended CVE-2014-0080. There is an XSS vulnerability in th...

6.8CVSS6.6AI score0.04032EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/04/23 12:0 a.m.50 views

FreeBSD : OpenSSL -- Remote Data Injection / DoS (0b8d7194-ca88-11e3-9d8d-c80aa9043978)

Applications that use SSLMODERELEASEBUFFERS, such as nginx, are prone to a race condition which may allow a remote attacker to inject random data into other connections. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

4CVSS7.6AI score0.34132EPSS
Exploits0References4
Rows per page
Query Builder