Lucene search
+L

71 matches found

seebug.org
seebug.org
added 2014/07/12 12:0 a.m.59 views

亿邮邮件系统SQL导致批量GetShell(无需登录)

简要描述: 亿邮邮件系统SQL导致批量GetShell(至少几百个单位) 详细说明: 漏洞文件:\php\bill\printaddfeelog.php 执行任意SQL命令,且不受GPC影响。 默认MYSQL都是有权限导出文件权限的,可以导出一句话后门。 query$sql; ? 利用代码: POST /php/bill/printaddfeelog.php HTTP/1.1 Content-Length: 140 Host: mail.sihs.edu.cn User-Agent: Mozilla/5.0 Windows; U; Windows NT 6.2; zh-CN;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Hot or Not Picture Rating Script SQL Injection Vulnerability

No description provided by source. 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Pictue rating SQL Vulnerable Version:1 Price:20$ Published:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.32 views

ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution

No description provided by source. ===== TITLE ===== ESRI ArcMap Arbitrary Code Execution Via Crafted Map File ============ Description: ============ Opening a specially crafted mxd file will execute arbitrary code without prompting and without a crash of the application. This is due to a flaw in...

9.3CVSS6.5AI score0.23833EPSS
Exploits6
seebug.org
seebug.org
added 2014/05/19 12:0 a.m.213 views

Anymacro 邮件系统最新版SQL注入漏洞

简要描述: 厂商一直回复说,不是最新版的,现在我就捅几枚最新版的菊花出来,谢谢。。。 详细说明: 0x001 anymacro是国内较流行的一家企业级邮箱系统,客户主要为教育/政府机构。 今天所发现的SQL注入影响所有Anymacro所有邮件系统。 0x002 漏洞分析 本次属于黑盒测试。。。 漏洞点在网盘处,在下载里面的附件的时候,由于参数未进行判断,导致产生SQL注入漏洞 https://mail.xxx.com/down.php?netdisk=1...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/19 12:0 a.m.27 views

Anymacro 邮件系统任意文件下载漏洞(需登陆)

简要描述: 详细说明: 在mailattrFw.php中 其中$Fcid可控,从客户端获取,可以通过../跳转字符,跳转到相应目录进行读取。。 如默认状态下$SESSION'maildir'为:/mail/xxx.com/xxx/Maildir/ $Fcid可设置为:../../../../../etc/passwd 即可读取passwd内容 漏洞证明:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/19 12:0 a.m.53 views

Anymacro 邮件系统最新版SQL注入漏洞造成邮件泄露(通杀所有邮件服务器)

简要描述: 疯狗叔叔、Finger xsser ,我还有几枚怎么不帮我审核了? 详细说明: 疯狗叔叔、Finger xsser ,我还有几枚怎么不帮我审核了? 0x001 背景 anymacro已经被列入奖励名单了。 0x001 背景 anymacro是国内较流行的一家企业级邮箱系统,客户主要为教育/政府机构。 今天所发现的SQL注入影响所有Anymacro所有邮件系统。 例如近期项目,都是超大企业或者是单位: 安宁中标中国航天科技集团邮件系统建设项目 安宁承接中国海关总署邮件系统项目 安宁中标中国社科院邮件系统项目 安宁中标中国外交部邮件系统建设项目 安宁中标中国光大银行邮件系统项目...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/17 12:0 a.m.153 views

Anymacro 邮件系统N处SQL注入漏洞

简要描述: 详细说明: 与: WooYun: Anymacro 邮件系统SQL注入漏洞和任意文件(邮件)删除(无需登录) 重复 乌云已经把它列入到通用型奖励厂商当中了。 0x01 背景 AnyMacro(安宁)成立于1999年,是国内领先的统一消息/移动门户/PushMail产品与应用解决方案提供商。主要客户涵盖国家部委、大型企业以及部分海外客户,客户分布于政府、军工、金融、电信、能源、教育等行业。 AnyMacro在技术创新和关键应用中一直处于行业领先地位,在全球首家提出并实现LAMP架构邮件/消息系统已成为事实的行业标准。AnyMacro...

7.1AI score
Exploits0
myhack58
myhack58
added 2014/01/19 12:0 a.m.19 views

iGENUS5. 0 E-mail system of some vulnerability package injection and landing, etc-vulnerability warning-the black bar safety net

When nothing download a iGENUS5. 0 look at the watch, time is tight, only to see a probably. A large number of government, schools, scientific research institutions, large companies in the use of this system. Be the first to say I use the version and environment: ! 1 ! 2 ! 3 The entire program, n...

0.9AI score
Exploits0
myhack58
myhack58
added 2013/12/27 12:0 a.m.118 views

Zimbra e-mail system file include vulnerability-vulnerability warning-the black bar safety net

! Zimbra mail system file include vulnerability Zimbra 0day exploit / Privilegie escalation via LFI - low-key development - Minghacker Foreign a vulnerabilities sharing platform http://www.exploit-db.com/exploits/30085/)broke Zimbra mail system there is a file that contains a vulnerability, the...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2013/05/27 6:27 a.m.11 views

Blueprints of Australia's top spy agency headquarters stolen by Chinese hackers

Secret and highly sensitive and $630 million building blueprints outlining the layout of Australia's top spy agency's new headquarters have been stolen by Chinese hackers. According to a report by the ABC's Four Corners, the blueprints included floor plans, communications cabling, server location...

6.9AI score
Exploits0
0day.today
0day.today
added 2012/10/19 12:0 a.m.72 views

Campaign Enterprise 11 SQL Injection / Unauthorized Access

Campaign Enterprise 11 suffers from multiple remote SQL injection, unauthorized access, clear text password storage, and direct access bypass vulnerabilities. CVE-2012-3820, CVE-2012-3821, CVE-2012-3822, CVE-2012-3823, CVE-2012-3824 Overview =============== Campaign Enterprise 11, by ArialSoftwar...

7.9AI score0.02082EPSS
Exploits6
seebug.org
seebug.org
added 2012/05/15 12:0 a.m.22 views

extmail找回密码带来的可提供交互性社工的问题

简要描述: 大部分的extmail产品用户在使用该产品时并不会注意到该问题,以至于许多这种页面都可以直接通过外网进行访问,由于该产品是属于邮件系统,使用者本身会在网络上留下邮件地址,通过web界面访问得知该系统之后就会给其带来可被交互性社工的危险。呵呵,最近挺忙,事情挺多的 详细说明:...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/05/16 12:0 a.m.14 views

Novell GroupWise Client IMG Tag SRC Parameter Buffer Overflow (CVE-2007-6435)

Novell GroupWise is a client-server collaborative software and email system provided by Novell. The Novell GroupWise Client application is capable of communicating with Novell Group server, as well as Internet email gateways using SMTP, POP, and IMAP protocols. A buffer overflow vulnerability has...

9.3CVSS7.4AI score0.06588EPSS
Exploits5
The Hacker News
The Hacker News
added 2011/04/25 6:35 a.m.6 views

India's Railway Email System hacked by Pakistan Cyber Army !

India's Railway Email System hacked by Pakistan Cyber Army ! The Indian Railway Email System is Hacked by Pakistan Cyber Army pca, They have taken complete backup of all important mails and user-pass of all email id's . Have a look to the images below as HACK PROOF and thier statement on this Hac...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2011/04/04 1:12 p.m.24 views

Epsilon Data Breach Expands to Include Capital One, Disney, Others

The compromise of a system at online marketing company Epsilon Data Management that came to light last week and involves the email addresses and names of customers at companies such as Citibank, Kroger and Disney expanded over the weekend to include a slew of other companies. The attack does not...

0.8AI score
Exploits0References2
Packet Storm
Packet Storm
added 2010/06/23 12:0 a.m.24 views

Pictue Rating SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...

Exploits0
exploitpack
exploitpack
added 2010/06/22 12:0 a.m.20 views

Hot or Not Picture Rating Script - SQL Injection

Hot or Not Picture Rating Script - SQL Injection 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Pictue rating SQL Vulnerable Version:1 Price:20$...

Exploits0
0day.today
0day.today
added 2010/06/22 12:0 a.m.26 views

Pictue rating SQL Injection Vulnerability

Exploit for php platform in category web applications ========================================= Pictue rating SQL Injection Vulnerability ========================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ ...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/06/22 12:0 a.m.33 views

Hot or Not Picture Rating Script - SQL Injection

1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Pictue rating SQL Vulnerable Version:1 Price:20$ Published: 2010-06-22 Greetz to:r0073r inj3ct0r.com,...

7.4AI score
Exploits0
myhack58
myhack58
added 2010/03/06 12:0 a.m.133 views

QUIK e-mail(QuarkMail latest remote vulnerability-vulnerability warning-the black bar safety net

From: http://www.aaibase.cn/Article/hk/201002/608.html Found by: me Vulnerability Description: The QUIK e-mail(QuarkMail Beijing Xiong Zhi weiye science and Technology Company launched the e-mail system, is widely used in various fields of the email solution该 产品 的 主要 客户 名单...

7.4AI score
Exploits0
Rows per page
Query Builder