Lucene search
K

4 matches found

Hacker One
Hacker One
added 2016/01/02 1:46 a.m.49 views

Mail.ru: [cfire.mail.ru] Time Based SQL Injection

Добрый день. Уязвимо кукис с названием cfiresid. Рабочий PoC GET /account/userbar/ HTTP/1.1 User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/537.36 KHTML, like Gecko Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.25 Host: cfire.mail.ru Accept: text/html, application/xml;q=0.9,...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2014/12/21 12:0 a.m.4 views

PT-2014-9071 · Oracle +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 5.5.40 and earlier Description: The issue allows remote authenticated users to affect availability via vectors related to Server: InnoDB: DDL: Foreign Key. Recommendations: For Oracle MySQL Server versions 5.5.40...

7.8CVSS6.8AI score0.99977EPSS
Exploits18References316
Tenable Nessus
Tenable Nessus
added 2014/11/21 12:0 a.m.33 views

Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1859 advisory. 5.5.40-2 filter perlGD from Requires perl-gd is not available for RHEL5 Resolves: 1160514 5.5.40-1 - Rebase to 5.5.40 Also fixes: CVE-2014-4274...

6.8CVSS6.4AI score0.0726EPSS
Exploits0References19
seebug.org
seebug.org
added 2008/08/17 12:0 a.m.37 views

帝国CMS5.0“/e/member/list/index.php”文件注射漏洞

帝国ECMS /e/member/list/index.php文件: if$sear $keyboard=RepPostVar2$GET'keyboard'; if$keyboard $add.=$where.$userusername." like '%$keyboard%'"; $search.="&sear=1&keyboard=$keyboard"; 判断sear参数是否存在,然后直接去keyboard的参数,然后再判断keyboard值是否为空,如果不为空就直接把keyboard带入查询产生注射漏洞. exp:...

7.1AI score
Exploits0
Rows per page
Query Builder