大米CMS多处XSS盲打后台

简要描述： 大米CMS多处XSS盲打后台 详细说明： 大米CMS多处XSS可以盲打后台，大米CMS后台的SQL注入一大堆，只要进了后台获取数据不成问题 第一处 文件/Web/Lib/Action/GuestbookAction.class.php public function update //输出gb2312码,ajax默认转的是utf-8 header"Content-type: text/html; charset=utf-8"; if!isset$POST'author' or !isset$POST'content' alert'非法操作!',3; //读取数据库和缓存 $p...

CVE-2014-1401

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 search parameter to mod/content/content.php or 2 CLIENTIP, 3 XFORWARDEDFOR, 4 XFORWARDED, 5 FORWARDEDFOR, or 6 FORWARDED HTTP header to index.php...

Oracle Linux 5 : Moderate: / squid (ELSA-2007-1130)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2007-1130 advisory. 2.5.STABLE3-8.3E - fix for 410181 - CVE-2007-6239 Squid DoS in cache updates 2.5.STABLE3-7 - resolves: 238103: 'forwardedfor off' in squid.conf does not work...