CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

Default coin spend limit was set wrong for ETH

Lines of code Vulnerability details Impact It is stated in the README that some spend limit are configured for the swaps. This is a security precaution to avoid spending too much tokens for the default 4 CANTO tokens in order to onboard the users if their balance is less than 4 tokens. As a...

XDcms订餐网站系统单店版注入(demo测试)

简要描述： rt 详细说明： 黑盒demo测试 首先注册一个用户，然后修改用户资料 http://dd.xdcms.cn/index.php?m=member&f=edit 修改完成之后，下单点餐。 然后报错了。二次注入 由于demo有安全狗，就没用深入测试了。 漏洞证明：...

DSA-1966-1 horde3 - cross-site scripting

Bulletin has no description...

opera -- multiple vulnerabilities

The Opera Team reports: Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to...

Microsoft Exchange Server SMTP服务溢出漏洞(MS05-021)

Microsoft Exchange是一款由微软开发的邮件服务程序。 Microsoft Exchange Server中存在缓冲区溢出漏洞，攻击者可能利用此漏洞在主机上执行任意指令。 起因是Exchange SMTP Server在处理特殊的扩展SMTP verb时存在缓冲区溢出。漏洞可能允许攻击者连接到Exchange服务器的SMTP端口并发送精心构造的恶意命令，这些命令可能导致拒绝服务或以SMTP服务进程的权限运行攻击者所选择的代码。 Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003 Microsof...