Lucene search
K

151 matches found

CNVD
CNVD
added 2018/07/03 12:0 a.m.3 views

Mozilla Firefox and Firefox ESR Security Restriction Bypass Vulnerability

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox versions prior to 61 and Firefox ESR versions...

4.3CVSS7AI score0.01985EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/02 12:0 a.m.2 views

Arbitrary File Read Vulnerability in Metinfo Version 6.0.0 (Patch Bypass)

MetInfo is a content management system developed using PHP and Mysql. An arbitrary file read vulnerability exists in Metinfo version 6.0.0. An attacker can exploit the vulnerability to read sensitive files on a website bypassing previous patches...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/30 1:36 p.m.5 views

Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates throu...

9.8CVSS8.2AI score0.99448EPSS
Exploits69
CNVD
CNVD
added 2017/11/03 12:0 a.m.3 views

Command Execution Vulnerability in MetInfo Version 5.3.19

MetInfo is a Content Management System CMS developed using PHP and Mysql. A command execution vulnerability exists in MetInfo version 5.3.19 patch bypass. After logging in to the system, an attacker can upload a file through the address bar icon, corresponding to change the name of the image file...

7.5AI score
Exploits0
CNVD
CNVD
added 2017/10/10 12:0 a.m.2 views

Code Execution Vulnerability in Ocean CMS v6.55

Ocean CMS seacms is a video-on-demand system designed for webmasters with different needs. A code execution vulnerability patch bypass exists in Ocean CMS v6.55. Allows an attacker to remotely execute arbitrary code and gain server privileges...

8.2AI score
Exploits0
CNVD
CNVD
added 2017/06/08 12:0 a.m.5 views

CMS4J suffers from an arbitrary file download vulnerability patch bypass vulnerability

CMS4J is a CMS system developed by Beijing Paidao Network based on JSP program. CMS4J has an arbitrary file download vulnerability patch bypass vulnerability. The vulnerability arises from the DownloadFile servlet arbitrary file download repair code to download the file filtering is not strict, c...

7.3AI score
Exploits0
myhack58
myhack58
added 2017/06/02 12:0 a.m.68 views

CVE-2017-6178: from patch contrast-to-Exploit-vulnerability warning-the black bar safety net

Some time ago in the EDB poking around, saw a driver of a kernel Vulnerability, CVE-2017-6178, like me in learning the Kernel PWN the newbie Natural is not missed:, after debugging analysis after feeling learned a few things, so come and share with everyone. USBPcap is a USB packet capture tool,...

4.6CVSS7.4AI score0.01042EPSS
Exploits5
seebug.org
seebug.org
added 2017/05/22 12:0 a.m.31 views

PHPCMS v9. 6. 2 arbitrary file read vulnerability

By diff found phpcms patch to modify the filtering$fileurl location and added the path in".."of the judgment. By fuzzing and read other about phpcms file read vulnerability analysis of the articles, found the following several ways the path can still bypass this patchwindows && a specific version...

7AI score
Exploits0
OSV
OSV
added 2017/04/06 5:59 p.m.3 views

CVE-2017-7569

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...

8.6CVSS5.8AI score0.01238EPSS
Exploits0References1
OSV
OSV
added 2017/01/23 7:59 a.m.14 views

CVE-2017-5539

The patch for directory traversal CVE-2017-5480 in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ../ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether...

9.1CVSS6.7AI score
Exploits0References4
The Hacker News
The Hacker News
added 2017/01/02 11:45 p.m.73 views

Critical Updates — RCE Flaws Found in SwiftMailer, PhpMailer and ZendMail

A security researcher recently reported a critical vulnerability in one of the most popular open source PHP libraries used to send emails that allowed a remote attacker to execute arbitrary code in the context of the web server and compromise a web application. Disclosed by Polish security...

7.5CVSS10.5AI score0.99714EPSS
Exploits71
0day.today
0day.today
added 2016/12/28 12:0 a.m.241 views

PHPMailer 5.2.20 - Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python intro = """ PHPMailer RCE PoC Exploits PHPMailer 5.2.18 Remote Code Execution PoC Exploit CVE-2016-10033 + PHPMailer 5.2.20 Remote Code Execution PoC Exploit CVE-2016-10045 the bypass of the first patch for CVE-2016-10033...

7.5CVSS10AI score0.99714EPSS
Exploits59
Hacker One
Hacker One
added 2016/10/27 6:44 a.m.32 views

HackerOne: Limited Open redirection using SSO-SAML

Hello, Endpoint: https://hackerone.com/users//saml/[email protected]&rememberme=true Recently, you have patched an open redirection issue which was reported as 171398. I found a bypass of that patch. Steps to reproduce: 1. Add following in comment/report :...

7.1AI score
Exploits0
myhack58
myhack58
added 2015/03/29 12:0 a.m.19 views

Small ants camera commands to perform the patch bypass-vulnerability warning-the black bar safety net

The thing is, last week on the microblogging onlookers a safe laboratory and a factory camera in the tear forced war, saw the publication of an old version vulnerability suddenly shocked Ah, so you want to look at the people in the hands clutching that vulnerability is going around to ask for hel...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2015/03/11 1:1 p.m.142 views

Details Surface on Stuxnet Patch Bypass

It took 10 hours to find what had eluded others for close to five years. German computer science student Michael Heerklotz spent the Christmas holiday reading Countdown to Zero Day, a narrative on the discovery and impact of Stuxnet, the computer worm considered one of the first cyberweapons, and...

9.3CVSS0.7AI score0.99945EPSS
Exploits62References6
Metasploit
Metasploit
added 2014/11/12 7:10 a.m.81 views

MS14-064 Microsoft Windows OLE Package Manager Code Execution

This module exploits a vulnerability found in Windows Object Linking and Embedding OLE allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms such as Windows Vista SP2...

7.8CVSS7.6AI score0.77553EPSS
Exploits11
seebug.org
seebug.org
added 2014/08/05 12:0 a.m.19 views

CmsEasy最新版5.5_UTF-8_20140802绕过四次补丁继续SQL注入

简要描述: CmsEasy最新版5.5UTF-820140802绕过四次补丁继续SQL注入 详细说明: CmsEasy最新版5.5UTF-820140802,前面被雨神饶了三次 WooYun: cmseasy绕过补丁SQL注入一枚 WooYun: 继续绕过cmseasy补丁继续注入 WooYun: 持续绕过cmseasy两次补丁继续注入 最新的里面也修复了,但是修复不完整,这是第四次补丁了 继续绕过,进行SQL注入 来看看文件:archiveact.php function respondaction includeonce ROOT . '/lib/plugins/pay/'...

7AI score
Exploits0
Huawei
Huawei
added 2014/07/07 12:0 a.m.94 views

Security Advisory-Apache Struts2 vulnerability on Huawei multiple products

Some versions of Apache Struts2 software used in Huawei devices have security vulnerabilities. A patch released for the software to fix vulnerabilities CVE-2014-0050 and CVE-2014-0094 has the risk of being bypassed. Vulnerability ID: HWPSIRT-2014-0420 This Vulnerability has been assigned Common...

7.5CVSS2.2AI score0.99614EPSS
Exploits15Affected Software12
seebug.org
seebug.org
added 2014/06/07 12:0 a.m.31 views

cmseasy存储型XSS(CmsEasy_5.5_20140605升级补丁绕过)

简要描述: removexss函数依旧可绕过 详细说明: 这是我用你最新补丁中bbspublic.php里的removexss做的一个小的测试页面: http://x55.me/cmseasy.php?xss=test 下面是相关代码:(x-xss-protection:0 只是为了方便测试) ?php header"X-XSS-Protection: 0"; $val=$GET"xss"; $val = pregreplace'/\x00-\x08,\x0b-\x0c,\x0e-\x19/', '', $val; $search =...

7AI score
Exploits0
myhack58
myhack58
added 2014/05/10 12:0 a.m.17 views

STRUTS2 S2-0 2 0 patch bypass vulnerability-vulnerability warning-the black bar safety net

0×0 0 background Security researchers noted that the Apache Struts2 vulnerability Bulletin S2-0 2 0, in process repair CVE-2 0 1 4-0 0 9 4 bug fixes program vulnerability exists, resulting patch is completely bypassed. 0×0 1 Analysis Struts2 S2-0 2 0 was added .\.|^ class\.. to filter action...

0.3AI score
Exploits0
Rows per page
Query Builder