Lucene search
+L

60 matches found

myhack58
myhack58
added 2014/12/12 12:0 a.m.16 views

ThinkOX full version through the kill 0day-vulnerability warning-the black bar safety net

Affected versions: ThinkOX the full version of the pass to killonethink and thinkphp framework may be affected, particularly too lazy to do it, who are interested in your own analysis. Vulnerability description: Through a dynamic caching mechanism, the input illegal content. Malicious execution o...

7.3AI score
Exploits0
myhack58
myhack58
added 2014/08/04 12:0 a.m.16 views

System vulnerability what is patched what is the meaning of-vulnerability warning-the black bar safety net

System vulnerabilities may often hear the word, but there are some novice friends do not know loopholes in the system? Simply put, the system vulnerability is theoperating systemsome of the possible security risks of the procedures and components, these vulnerabilities might allow your computer t...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2013/09/03 12:0 a.m.35 views

VMware ESXi及ESX NFC协议处理远程拒绝服务漏洞

BUGTRAQ ID: 62077 CVECAN ID: CVE-2013-1661 VMware ESX Server是为适用于任何系统环境的企业级虚拟计算机软件 ESXi 4.0, 4.1, 5.0, 5.1、ESX 4.0, 4.1 在处理NFC协议时存在远程拒绝服务漏洞,要利用此漏洞,攻击者需要截获并修改ESXi/ESX和客户端之间的NFC流量,利用成功后可导致拒绝服务 0 VMWare ESX 4.1 VMWare ESX 4.0 VMWare ESXi 5.0 VMWare ESXi 4.1 VMWare ESXi 4.0 厂商补丁: VMWare ------...

4.3CVSS6.4AI score0.01105EPSS
Exploits1
seebug.org
seebug.org
added 2012/12/13 12:0 a.m.31 views

Microsoft Windows TrueType Font (TTF)远程代码执行漏洞(MS12-078)

BUGTRAQ ID: 56842 CVECAN ID: CVE-2012-4786 Microsoft Windows是Microsoft开发的Windows是目前世界上用户最多、并且兼容性最强的操作系统。 Microsoft Windows未正确处理TrueType Font TTF文件而存在安全漏洞。通过诱使用户浏览恶意网站或打开恶意文件,未经身份验证的远程攻击者可利用此漏洞在内核态中执行任意代码。 0 Microsoft Windows RT Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows XP...

10CVSS6.9AI score0.24213EPSS
Exploits1
seebug.org
seebug.org
added 2012/12/13 12:0 a.m.54 views

Microsoft Word RTF File 'listoverridecount'远程代码执行漏洞(MS12-079)

BUGTRAQ ID: 56834 CVECAN ID: CVE-2012-2539 Microsoft Word 属于办公软件是微软公司的一个文字处理器应用程序。 Microsoft Word 在解析listoverridecount相关的RTF(Rich Text Format)数据时存在漏洞。通过诱使用户浏览恶意网站或在e-mail邮件中打开特定格式的rtf文件,未经身份验证的远程攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Office 2003 Professional Edition Microsoft Office Word Viewer...

9.3CVSS1.8AI score0.53159EPSS
Exploits1
seebug.org
seebug.org
added 2011/10/13 12:0 a.m.31 views

Microsoft Publisher 2007 Pubconv.dll内存破坏漏洞

CVE ID: CVE-2011-1508 Microsoft Publisher是微软公司发行的桌面出版应用软件。 Publisher 2007中存在输入验证错误,可被远程攻击者利用通过诱使用户在文档中插入特制的.pub文件执行任意代码。 通过修改.pub文件,可使pubconv.dll库复制很多文件内容到栈中,从而覆盖稍后执行的函数指针。 Microsoft Publisher 2007 12.0.6546.5000 厂商补丁: Microsoft --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

9.3CVSS6.4AI score0.14451EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2011/02/10 7:42 p.m.8 views

Important: Red Hat Security Advisory: jbossweb security update

Updated jbossweb packages that fix one security issue are now available for JBoss Enterprise Web Platform 5 from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which...

5CVSS6.1AI score0.2349EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2010/12/08 8:9 p.m.33 views

Low: Red Hat Security Advisory: jboss-remoting security update

A patch for JBoss Enterprise Application Platform 4.3.0.CP09 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...

2.6CVSS5.8AI score0.02611EPSS
Exploits0References2
myhack58
myhack58
added 2010/10/04 12:0 a.m.20 views

ecshop modify any user password vulnerability XSS exploit-vulnerability warning-the black bar safety net

Currently ecshop presence of the reflection typeXSS, you can use, if the secondary development existXSSor other CSRF problem, then use more. Once encountered this problem, slightly affected by its damage) ByXSSstructure post submission of personal information is modified, the modification is...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/06/04 12:0 a.m.38 views

Gmail Checker Plus Chrome Extension Cross Site Scripting

Gmail Checker plus Chrome extension XSS extension: https://chrome.google.com/extensions/detail/mihcahmgecmbnbcchbopgniflfhgnkff advisore:http://lostmon.blogspot.com/2010/06/gmail-checker-plus-chrome-extension-xss.html Exploit available:yes So in this case "Google Mail Checker Plus" version 1.1.7...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2009/06/18 12:0 a.m.19 views

FreeBSD直接管道写操作本地信息泄露漏洞

BUGTRAQ ID: 35279 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD和其他UNIX类系统上最常见的进程间通讯方式之一是匿名管道。这种机制会创建一对文件描述符,可以从一个描述符读取写入到另一个描述符的数据。 FreeBSD的管道实现中包含名为“直接写入”的优化。在这种优化中,FreeBSD内核利用虚拟内存映射允许直接在进程之间拷贝数据,而不是在调用...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2009/06/11 12:0 a.m.246 views

Apache APR-util xml/apr_xml.c文件拒绝服务漏洞

BUGTRAQ ID: 35253 CVECAN ID: CVE-2009-1955 Apr-util是Apache所使用的Apache可移植运行时工具库。 APR-util库所使用的expat XML解析器(位于xml/aprxml.c文件的aprxml接口)在处理实体定义中包含有大量嵌套实体引用的XML文件时可能会耗尽所有可用的内存,导致拒绝服务的情况。所有使用APR-util库的expat wrapper接口解析不可信任XML文档的网络服务都受这个漏洞影响,如Apache httpd WebDAV模块moddav。 Apache Group APR-util 1.3.x 厂商补丁:...

7.8CVSS7.3AI score0.52988EPSS
Exploits2
seebug.org
seebug.org
added 2009/06/06 12:0 a.m.37 views

Podcast Generator多个模块文件包含和任意文件删除漏洞

BugCVE: CVE-2009-1230 CVE-2008-1124 CVE-2008-1125 BUGTRAQ: 34317 28038 Podcast Generator的core/archivecat.php、core/admin/itunescategories.php和core /admin/login.php页面没有正确地过滤对GLOBALSabsoluteurl参数所传送的输入,core/themes.php页面没有正确地过滤对GLOBALSthemepath参数所传送的输入,这可能用于包含本地或外部资源的任意文件;此外core/admin...

6.8CVSS6.6AI score0.19689EPSS
Exploits2
seebug.org
seebug.org
added 2009/04/21 12:0 a.m.33 views

Sun Solaris ip(7P)实现拒绝服务漏洞

BUGTRAQ ID: 33550 CVE ID:CVE-2009-0480 CNCVE ID:CNCVE-20090480 Sun Solaris是一款商业性质的操作系统。 Sun Solaris IP7pInternet协议相关最小号分配的实现存在安全问题,本地攻击者可以利用漏洞分配大量套接字而导致32位应用程序触发拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun Solaris 9x86 Sun Solaris 9 Sun Solaris 8x86 Sun Solaris 8 Sun Solaris 10x86 Sun Solaris 10 Sun OpenSolaris bui...

4.9CVSS6.4AI score0.00376EPSS
Exploits1
seebug.org
seebug.org
added 2008/11/07 12:0 a.m.35 views

Adobe ColdFusion本地信息泄露及权限提升漏洞

BUGTRAQ ID: 32130 CVECAN ID: CVE-2008-4831 ColdFusion是一款高效的网络应用服务器开发环境,具有很高的易用性和开发效率,基于标准的Java技术,可以与XML、Web Services和Microsoft.NET环境相集成。 ColdFusion中的安全漏洞可能允许低权限用户绕过沙盒限制,访问敏感信息或获得权限提升。仅处于共享托管环境中的ColdFusion服务器才受这个漏洞影响,无法远程利用。 Adobe ColdFusion MX 7.0.2 Adobe ColdFusion 8.0.1 Adobe ColdFusion 8 Adobe...

7.2CVSS6.5AI score0.00732EPSS
Exploits1
seebug.org
seebug.org
added 2008/07/30 12:0 a.m.27 views

European Performance Systems Probe Builder终止任意进程漏洞

BUGTRAQ ID: 30403 CVECAN ID: CVE-2008-1667 HP OpenView Internet Services(OVIS) Probe是用于监控系统组件性能的程序,Probe Builder是European Performance Systems公司开发的用于为OVIS创建 European Performance Systems Probe Builder A.02.20.900 European Performance Systems ----------------------------...

7.8CVSS6.4AI score0.03071EPSS
Exploits1
seebug.org
seebug.org
added 2008/06/16 12:0 a.m.26 views

Open Azimyt CMS <= 0.22 (lang) Local File Inclusion Vulnerability

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-026 Application: Open Azimyt CMS Versions Affected: 0.22 minimal, 0.21 stable Vendor URL: http://azimyt.net/ Bug: Local File Include Exploits: YES Reported: 07.06.2008 Vendor Response: 08.06.2008 Solution...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/06/16 12:0 a.m.39 views

Open Azimyt CMS <= 0.22 (lang) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================= Open Azimyt CMS adminfolder."/lang/lang-system-".$SESSION'lang'.".php"; if!fileexists$SystemLangFile exitErrorLang::LangFilenotload; require$SystemLangFile; Example:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/03/11 12:0 a.m.14 views

IBM AIX 'man'本地特权提升漏洞

BUGTRAQ ID: 28180 CNCAN ID:CNCAN-2008031105 IBM AIX是一款商业性质的操作系统。 IBM AIX 'man'没有使用全路径两进制,本地攻击者可以利用漏洞提升特权。 目前没有详细漏洞细节提供。 IBM AIX 6.1 补丁下载: IBM AIX 6.1 IBM IZ17177 http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/12/28 12:0 a.m.66 views

Gallery 2.2.4之前版本多个远程安全漏洞

BUGTRAQ ID: 27035 Gallery是基于Web的开源相册管理器。 Gallery的2.2.4之前版本存在多个安全漏洞,允许恶意用户泄露敏感信息、执行跨站脚本攻击、绕过安全限制或入侵有漏洞的系统。 1 Publish XP模块中的漏洞可能导致未经正确的授权便创建和上传文件。 2 URL重写模块中的管理员控制器中的漏洞可能允许包含本地文件。 3 core和add-item模块中没有正确地过滤通过文件名所传送的输入,导致在用户浏览器会话中执行任意HTML和脚本代码。 4 Core/MIME模块中没有对上传文件的扩展名执行正确的检查。 5 Gallery...

6.9AI score
Exploits0
Rows per page
Query Builder