Lucene search
K

11967 matches found

seebug.org
seebug.org
added 2014/05/12 12:0 a.m.29 views

PHPYUN设计缺陷可批量重置全部用户密码

简要描述: 不过重置成了什么我也不知道。 但如果有一天,一个网站所有用户密码全部被重置成随机字符了,所有遗失邮箱的用户就完全丢失自己的账号了。就算没有遗失邮箱,但莫名其妙地被重置密码了,谁会开心? 详细说明: 0x01. 访问链接friend/index.php?C=profile&id=1可以查看uid=1的用户的信息,其中就有用户名。 因为uid是数字,所以存在遍历的可能,我可以写一个脚本,把数据库中所有用户用户名遍历出来。 0x02...

7AI score
Exploits0
Hacker One
Hacker One
added 2014/05/10 6:38 a.m.23 views

Hubdia: Subscribe User bug

Hi Hubdia, i found a bug in your subscribe page https://hubdia.com/ which this bug can subscribe multiple emails. Vulnerable Link: https://hubdia.com/ Proof of Concept: 1. use Live HTTP Headers firefox addon 2. change the email see in attached photo 3. submit the request in many times Thanks,...

0.5AI score
Exploits0
Metasploit
Metasploit
added 2014/05/09 3:27 p.m.39 views

Yokogawa CS3000 BKESimmgr.exe Buffer Overflow

This module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the BKESimmgr.exe service when handling specially crafted packets, due to an insecure usage of memcpy, using attacker controlled data as the size count. This module has been tested successfully in...

8.3CVSS7.3AI score0.56839EPSS
Exploits4
ThreatPost
ThreatPost
added 2014/05/07 12:56 p.m.14 views

Google Chrome Canary Bug Could Facilitate Phishing Attacks

Borrowing a tactic from the mobile Safari browser in iOS, Google may soon abandon displaying complete URLs in Chrome. The Canary version of the browser, an unstable version designed for developers and early adopters, is toying with the idea of no longer displaying full URLs in its Omnibox—what...

0.2AI score
Exploits0References5
Exploit DB
Exploit DB
added 2014/05/03 12:0 a.m.37 views

Seagate BlackArmor NAS - Multiple Vulnerabilities

Exploit Title: Seagate BlackArmor NAS Multiple Vulnerabilities Date: 2/17/14 Exploit Author: Shayan Sadigh twitter.com/r1pplex | Vendor Homepage: http://www.seagate.com/external-hard-drives/network-storage/ Version: All BlackArmor NAS devices.. Tested on: Linux CVE : N/A 1. some sort of backdoor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/04/28 12:0 a.m.27 views

GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection

Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/2014 +----------+ | OVERVIEW | +----------+ GeoCore is t...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2014/04/26 12:0 a.m.12 views

ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities

ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities ----------exploit Debut Multiple Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com ----------Script Info Site : http://www.apphp.com Download : http://www.apphp.com/downloadsfree/phpmicroblog101.zip ----------exploit Info RCE...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2014/04/17 6:22 p.m.11 views

Localize: XSS in Groups

Visit the following link after logging in: http://www.localize.io/pages/createproject/3D Add a new group with an XSS string as group name and you will see the XSS execting. String used: ? Thanks, Ben...

Exploits0
Hacker One
Hacker One
added 2014/04/17 6:35 a.m.163 views

Yahoo!: readble .htaccess + Source Code Disclosure (+ .SVN repository)

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

6.7AI score
Exploits0
Exploit DB
Exploit DB
added 2014/04/15 12:0 a.m.54 views

Xerox DocuShare - SQL Injection

The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...

7.4AI score
Exploits0
0day.today
0day.today
added 2014/04/09 12:0 a.m.156 views

OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)

Exploit for multiple platform in category remote exploits Exploit Title: OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions Date: 2014-04-09 Exploit Author: Csaba Fitzl Vendor Homepage: http://www.openssl.org/ Software Link:...

5CVSS8.2AI score0.99999EPSS
Exploits87
Packet Storm
Packet Storm
added 2014/04/05 12:0 a.m.21 views

XAMPP 3.2.1 / phpMyAdmin 4.1.6 XSS / CSRF

Title: XAMPP 3.2.1 & phpMyAdmin 4.1.6 = multiple vulnerabilities Date: 6/04/2014 Author: Software Link: http://www.apachefriends.org/en/xampp-windows.html Version: 3.2.1 & 4.1.6 Tested on: Windows 7 CVE : ██░ ██ ▄▄▄ ▄████▄ ██ ▄█▀▓█████ ██▀███ ▓█████▄ ▓█████ ██████ ██ ▄█▀ ▓██░ ██▒▒████▄ ▒██▀ ▀█...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/04/03 12:0 a.m.27 views

CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities

Exploit Title : CMS Made Simple 1.11.10 Multiple XSS Vulnerability Google dork : N/A Date : 02/04/2014 Exploit Author : Blessen Thomas Vendor Homepage : http://www.cmsmadesimple.org/ Software Link : N/A Version : 1.11.10 Tested on : Windows 7 hosted in WAMP server Type of Application : open sourc...

7AI score
Exploits0
0day.today
0day.today
added 2014/03/31 12:0 a.m.108 views

Wordpress Themify Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Title : Wordpress Themify Arbitrary File Upload Vulnerability Author : Jje Incovers Date : 31/03/2014 Category : Web Applications Type : TXT, PHP, HTML, HTM, ASP, Etc. Vendor : http://themify.me/ Download : http://themify.me/themes Tested :...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/03/28 12:0 a.m.44 views

Amazon Linux AMI : php55 (ALAS-2014-314)

A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before...

6.8CVSS8AI score0.06732EPSS
Exploits3References4
exploitpack
exploitpack
added 2014/03/25 12:0 a.m.11 views

Kemana Directory 1.5.6 - qvc_init() Cookie Poisoning CAPTCHA Bypass

Kemana Directory 1.5.6 - qvcinit Cookie Poisoning CAPTCHA Bypass !C:\Perl64\bin\perl.exe Kemana Directory 1.5.6 qvcinit Cookie Poisoning CAPTCHA Bypass Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/03/20 12:0 a.m.26 views

Cisco Unified SIP Phone 3905 unauthorized access

Undocumented TCP/7870 service...

10CVSS3.2AI score0.02912EPSS
Exploits1Affected Software1
UbuntuCve
UbuntuCve
added 2014/03/14 12:0 a.m.36 views

CVE-2014-2270

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...

4.3CVSS7.1AI score0.04318EPSS
Exploits1References4
Prion
Prion
added 2014/03/13 10:55 a.m.17 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3948. Reason: This candidate is a duplicate of CVE-2013-3948. Notes: All CVE users should reference CVE-2013-3948 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.8AI score0.01795EPSS
Exploits2
Exploit DB
Exploit DB
added 2014/03/12 12:0 a.m.29 views

Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Remote Buffer Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow in Yokoga...

7.4AI score
Exploits0
Rows per page
Query Builder