Lucene search
+L

229 matches found

CNVD
CNVD
added 2016/11/04 12:0 a.m.4 views

OIC Exponent CMS SQL Injection Vulnerability

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A SQL injection vulnerability...

7.5CVSS7.8AI score0.0204EPSS
Exploits0References1
myhack58
myhack58
added 2016/10/07 12:0 a.m.21 views

kill. exe overflow vulnerability analysis and EXP discussion-vulnerability warning-the black bar safety net

1. Foreword A few days ago, the author at exploit-db and found a kill. exe overflow vulnerability, in many of the UAF vulnerability, this simple overflow vulnerability simply as a unit of springs in General, then be picked out, deeply looked. The original plan to write a full available EXP, but...

0.4AI score
Exploits0
CVE
CVE
added 2016/08/09 8:0 p.m.51 views

CVE-2016-4169

Adobe Experience Manager 6.0–6.2 contains an information-disclosure vulnerability (CVE-2016-4169) that allows unprivileged users to access sensitive audit log event information via unspecified vectors. The issue affects AEM 6.0, 6.1, and 6.2 and is documented in multiple sources including the thr...

5.3CVSS5AI score0.0275EPSS
Exploits0References3Affected Software1
myhack58
myhack58
added 2016/06/27 12:0 a.m.25 views

CVE-2 0 1 5-7 5 4 7 analysis and use-vulnerability and early warning-the black bar safety net

0x01 analysis This vulnerability analysis and how to build a test environment k0 chef in seebug and mrh God in the drops of the articles are written very in detail, in the following reference to Annex A of the original address. I was standing on the shoulders of Giants to write some of your own i...

Exploits0
seebug.org
seebug.org
added 2016/04/25 12:0 a.m.20 views

东芝打印机未授权访问漏洞

exp: http://xxx/TopAccess/default.htm...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/04/09 12:0 a.m.37 views

DotCMS 3.5 Beta Cross Site Scripting

Advisory: DotCMS xss vulnerability Author: Piaox From Pingan Product Safety Group Email: [email protected] Affected Version: dotCMS 3.5 Betathe latest version Vulnerability Description lucenesearch.jsp 26 String query = request.getParameter"query"; 27 if!UtilMethods.isSetquery 28 query ...

Exploits0
hackapp
hackapp
added 2016/04/01 10:1 a.m.18 views

GT Racing 2: The Real Car Exp - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application GT Racing 2: The Real Car Exp published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:18 a.m.13 views

Theme eXp - Black Z Light - WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Theme eXp - Black Z Light published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
myhack58
myhack58
added 2016/02/17 12:0 a.m.132 views

WebDAV local mention the right Vulnerability, CVE-2 0 1 6-0 0 5 1. THE POC & EXP-vulnerability warning-the black bar safety net

Vulnerability information The vulnerability exists in the Microsoft Web Distributed Authoring and Versioning WebDAV, if Microsoft Web Distributed Authoring and Versioning WebDAV client to validate the input properly, then which will present elevation of privilege vulnerability. Successful...

7.2CVSS1.9AI score0.23383EPSS
Exploits12
CNVD
CNVD
added 2016/01/30 12:0 a.m.30 views

Google Go math/big library private key acquisition vulnerability

Google Go is a programming language optimized for programming applications on multiprocessor systems. A security vulnerability in the Int.Exp Montgomery code in Google Go's math/big library allows a remote attacker to exploit the vulnerability to obtain an RSA private key because the code fails t...

7.5CVSS8.4AI score0.02627EPSS
Exploits0References1
seebug.org
seebug.org
added 2016/01/07 12:0 a.m.39 views

大汉网络 /interface/ldap/ldapconf.xml 密钥泄露

第一步,大汉网络加解密说明 LDAP密钥配置文件,/interface/ldap/ldapconf.xml 获取密钥:o3h2iB8ggnp2 我们可以使用大汉的加解密库进行任意加解密,只要知道服务端的密钥,就可以和服务器进行通讯: 第二步,保存密钥的ldapconf.xml文件,放在了网站目录,直接可以访问: 我们拿官网,进行一下测试: 访问:http://app.hanweb.com.cn/jcms/interface/ldap/ldapconf.xml 拿到了密钥:OJ9Un5JmpTfN0gJx 第三步,通过密钥: OJ9Un5JmpTfN0gJx,我们构造如下几个密文:...

7.1AI score
Exploits0
myhack58
myhack58
added 2015/12/29 12:0 a.m.18 views

Seemingly tasteless ESPCMS background injected, can actually be a lot of fun-vulnerability warning-the black bar safety net

Yesterday, the black bar safety net loophole platform exposes a ESPCMS of injection vulnerabilities, Ali cloud computing security attack and defense against a team of friends first time on the vulnerability to do an impact assessment. Did not think need to login to the backend before it can be...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2015/06/23 12:0 a.m.40 views

嘉缘人才系统sql注入

简要描述: 无需登录,直接出数据 详细说明: 看到search\mapsearch.php if$act=='showmap' if$point $points=explode',',$point; vardump$points; ifcount$pointscounter"$cfg'tbpre'member a INNER JOIN $cfg'tbpre'membermap b ON a.mid=b.mmid","a.mflag=1 AND $points0query$sql;$i=0;$showinfolist=$showinfotip='';...

7AI score
Exploits0
seebug.org
seebug.org
added 2015/03/06 12:0 a.m.36 views

U-Mail邮件系统二次注入3(不鸡肋,可获取管理员密码)

简要描述: U-Mail邮件系统二次注入漏洞,可直接获取管理员密码 详细说明: 版本:最新版v9.8.57 漏洞文件 /client/oab/module/operates.php 代码 if ACTION == "save-to-pab" includeonce LIBPATH."PAB.php" ; $PAB = PAB::getinstance ; $maillistid = gss $GET'maillist' ; if $maillistid $memberall = $Maillist-getMemberByMaillistID $maillistid,...

7.2AI score
Exploits0
myhack58
myhack58
added 2015/01/28 12:0 a.m.13 views

CVE-2 0 1 5-0 2 3 5: Linux Glibc Ghost vulnerability allows hackers remote access to system permissions-bug warning-the black bar safety net

! t01a998ea950583688b. png Ghost vulnerability in Linux glibc library appeared on the a serious security issue, he can keep the attacker in ignorance of the system in any case remote accessoperating systemthe control authority. He is currently the CVE number for CVE-2 0 1 5-0 2 3 5 to. What is...

1AI score
Exploits0
myhack58
myhack58
added 2014/12/22 12:0 a.m.26 views

Vulnerability alert: Google security researchers discovered NTP-Network Time Protocol the latest vulnerability-vulnerability warning-the black bar safety net

Google security researchers recently discovered, NTP Protocol, the Network Time Protocol, there have been some new serious vulnerabilities, NTP 4.2.8 prior versions are affected, a hacker can exploit these vulnerabilities to expand the remote attack. NTP 4.2.8 previous versions are affected The N...

0.4AI score
Exploits0
seebug.org
seebug.org
added 2014/11/27 12:0 a.m.20 views

wecenter重定向漏洞导致可挟持微博用户

简要描述: 尽管新浪已经修复了OAuth的redirecturi重定向漏洞,但是不怕神一样的对手 就怕... 这个就是一个样列... 详细说明: /app/account/main.php 191行开始 public function syncloginaction if getsetting'ucenterenabled' == 'Y' if $ucuid = $this-model'ucenter'-isucuser$this-userinfo'email' $synccode = $this-model'ucenter'-synclogin$ucuid; if $GET'url'...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/11/10 12:0 a.m.18 views

Joomla Component com_expshop SQL Injection (CVE-2008-2892)

An SQL injection vulnerability has been reported in Feellove Exp Shop ComponentFeellove Exp Shop Component. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.1AI score0.00973EPSS
Exploits1
myhack58
myhack58
added 2014/10/21 12:0 a.m.21 views

Drupal 7.31 SQL injection vulnerability using detailed and EXP-vulnerability warning-the black bar safety net

Deliberately delayed a few days to put out this article and program, but looks like Drupal this hole did not cause much attention, so I didn't need to press not made, but to be honest this hole might quite large, of course, this is also Drupal itself is no surprise. 0x00 First of all, this...

8.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

PSOProxy 0.91 Remote Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/9706/info It has been reported that PSOProxy is prone to a remote buffer overflow vulnerability. The issue is due to the insufficient boundary checking. A malicious user may exploit this condition to potentially corrupt...

7.1AI score
Exploits0
Rows per page
Query Builder