Lucene search
K

244 matches found

CNVD
CNVD
added 2017/08/01 12:0 a.m.3 views

Oracle iStore Remote Vulnerability (CNVD-2017-26818)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. Oracle iStore is one of the ability to allow merchant...

7.6CVSS7.8AI score0.01385EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/20 12:0 a.m.2 views

Oracle Enterprise Repository Unauthorized Operation Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is the United States Oracle Oracle company's set of business innovation platform for enterprise and cloud environments, the platform provides middleware, software collection and other functions. enterprise Repository is one of the data storage...

8.2CVSS8.4AI score0.01889EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/13 12:0 a.m.2 views

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2017-15376)

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management, etc. Oracle One-to-One Fulfillment is one of the...

8.2CVSS6.7AI score0.01237EPSS
Exploits0References1
wpexploit
wpexploit
added 2016/12/05 12:0 a.m.8 views

WA Form Builder 1.1 - Unauthenticated SQL Injection

$POST ‘waformsId’ is not escaped. WAFormBuilderuioutput is accessible to any user...

2AI score
Exploits0References1
CNVD
CNVD
added 2016/10/20 12:0 a.m.5 views

Unspecified Vulnerability in Oracle Fusion Middleware Oracle Outside In Technology Component (CNVD-2016-10062)

Oracle Outside In Technology is the United States Oracle Oracle company's set of software development kit SDK, which provides developers with a set of access, conversion and control of a variety of unstructured format files, a comprehensive solution. A remote security vulnerability exists in the...

8.6CVSS6.9AI score0.0224EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/22 12:0 a.m.4 views

Unspecified Vulnerability in Oracle E-Business Suite Application Object Library Component

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. Oracle Application Object Library AOL, Application Object Library is one of the system management components. An unspecified vulnerability exists in t...

4.7CVSS6.8AI score0.01207EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/22 12:0 a.m.2 views

Oracle MySQL Server: Federated Subcomponent Denial of Service Vulnerability

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in the Server: Federated subcomponent of Oracle MySQL, which can be exploited by an attacker to update, insert, or delete data, and may also cause a denial of service. The integrity a...

4.7CVSS6.4AI score0.0118EPSS
Exploits0References1
seebug.org
seebug.org
added 2015/07/27 12:0 a.m.55 views

DESTOON sql注入漏洞

简要描述: DESTOON sql注入漏洞 详细说明: 一枚二次注入,因为使用了dhtmlspecialchars导致防注入失效。可以任意数据。 先来看留言模块: \module\extend\comment.inc.php $item = $db-getone"SELECT title,linkurl,username,status FROM ".gettable$mid." WHERE itemid=$itemid"; //从数据库中取出对于模块的发布数据 $item or exit; $item'status' 2 or exit; $linkurl =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/05/27 12:0 a.m.20 views

thinkphp 某处缺陷可造成sql注射

简要描述: thinkphp 某处缺陷可造成sql注射 详细说明: 下载最新的版本: 强调一下和ph大神的漏洞 信息不一样 地方和函数都不一样 他那个已经被修复了 写一个demo: public function test $data = $GET'data'; $u = M'Data'-dataarray 'data' = $data -add; dump$u; 问题出在哪里: 先看看data函数: public function data$data='' if'' === $data && !empty$this-data return $this-data;...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/03/25 12:0 a.m.31 views

WordPress Marketplace 2.4.0 Add Administrator

!/usr/bin/python Exploit Name: WP Marketplace 2.4.0 Remote Command Execution Vulnerability discovered by Kacper Szurek http://security.szurek.pl Exploit written by Claudio Viviani -------------------------------------------------------------------- The vulnerable function is located on...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2014/08/26 12:0 a.m.22 views

TinyShop同一处盲注和存储型xss

简要描述: 参数未进行过滤,导致同一位置出现sql注入和可打后台存储xss。 详细说明: 先看看tinyshop如何处理传递的参数: /framework/lib/util/requestclass.php中 public static function get $num = funcnumargs; $args = funcgetargs; if$num==1 ifisset$GET$args0 ifisarray$GET$args0return $GET$args0; else return trim$GET$args0; return null; else if$num=2...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/08/07 12:0 a.m.84 views

Exim < 4.83 Math Comparison Functions Data Insertion

According to its banner, the version of Exim running on the remote host is prior to 4.83. It is, therefore, potentially affected by a data insertion vulnerability. A flaw exists in the expansion of arguments to math comparison functions which can cause values to be expanded twice. This could perm...

4.6CVSS7.2AI score0.00487EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

BaconMap 1.0 - SQL Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------ Software................BaconMap 1.0 Vulnerability...........SQL Injection Download................http://baconmap.nmsu.edu/ Release Date............10/10/2010 Tested On...............Windo...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/19 12:0 a.m.16 views

Savsoft Quiz跨站请求伪造漏洞

Savsoft Quiz是基于PHP的在线测验web应用程序。 应用程序允许用户通过未经验证检查的HTTP请求执行某些操作,攻击者可以利用漏洞在欺骗管理员用户登录特制网页时已管理权限创建用户。 0 Savsoft Quiz 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://savsoftquiz.com/web/ form method="POST" name="form0" action="http://savsoftquiz.com/quizdemo/index.php/userdata/insertuser" input...

7.1AI score
Exploits0
Veeam
Veeam
added 2013/12/04 12:0 a.m.13 views

Missing Data in SCOM Top Dashboards

Challenge While Veeam Collector works fine, and performance data are showing up in SCOM performance views, the Top dashboards are empty. Top Clusters Top Datastores Top Hosts Top Virtual Machines Cause The Top dashboards are populated with data from the Data Warehouse database, unlike the...

6.7AI score
Exploits0Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/29 8:55 a.m.12 views

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...

9.8CVSS8.1AI score0.87264EPSS
Exploits14References7
Symantec
Symantec
added 2010/11/18 8:0 a.m.64 views

PGP Desktop Unsigned Data Insertion

SUMMARY PGP Desktop versions are vulnerable to a data insertion vulnerability. Unsigned insecure data could be inserted into OpenPGP messages signed by a trusted source. When the message is decrypted and verified, PGP Desktop may incorrectly identify the message as being fully valid. AFFECTED...

4.3CVSS0.4AI score0.01555EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2010/10/13 4:22 p.m.4 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits14References4
exploitpack
exploitpack
added 2010/10/11 12:0 a.m.14 views

BaconMap 1.0 - SQL Injection

BaconMap 1.0 - SQL Injection ------------------------------------------------------------------------ Software................BaconMap 1.0 Vulnerability...........SQL Injection Download................http://baconmap.nmsu.edu/ Release Date............10/10/2010 Tested On...............Windows Vis...

8.7AI score
Exploits0
Packet Storm
Packet Storm
added 2010/10/11 12:0 a.m.18 views

BaconMap 1.0 SQL Injection

------------------------------------------------------------------------ Software................BaconMap 1.0 Vulnerability...........SQL Injection Download................http://baconmap.nmsu.edu/ Release Date............10/10/2010 Tested On...............Windows Vista + XAMPP...

7.4AI score
Exploits0
Rows per page
Query Builder