CVE-2015-0902

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...

Qianwei Music 3.5 /source/admincp/include/function.php 登录绕过漏洞

No description provided by source...

The local file contains（LFI）vulnerability Detection Tool – Kadimus-vulnerability warning-the black bar safety net

Kadimus is for detecting a site local file inclusion（LFI）vulnerability of security tools. Characteristics Detect all URL parameters /var/log/auth. log RCE /proc/self/environ RCE php://input RCE data://text RCE The source code leak detection Multi-thread scanning HTTP command execution vulnerabili...

All in One SEO Pack <= 2.2.5.1 - Information Disclosure

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...

Kadimus - LFI Scan & Exploit Tool

Kadimus is a tool to check sites to lfi vulnerability , and also exploit it Features: Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support...

Phabricator: SSRF vulnerability (access to metadata server on EC2 and OpenStack)

In bug 50537, haquaman reported a SSRF vulnerability in the meme creation section of Phabricator. Ticket T6755 was created and the HackerOne issue was closed as "Won't fix". T6755 states that "attackers can use the machine's ability to access the network, which may allow them to find services and...

Source code disclosure of Websense Triton JSP files via double quote character

------------------------------------------------------------------------ Source code disclosure of Websense Triton JSP files via double quote character ------------------------------------------------------------------------ Han Sahin, September 2014...

EMC M&R (Watch4net) MIB Browser Path Traversal Vulnerability

A path traversal vulnerability was found in EMC M&R Watch4net MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries...

EMC M&R (Watch4net) MIB Browser Path Traversal

------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net MIB Browser ------------------------------------------------------------------------ Han Sahin, November 2014...

Websense Triton Source Code Disclosure

------------------------------------------------------------------------ Source code disclosure of Websense Triton JSP files via double quote character ------------------------------------------------------------------------ Han Sahin, September 2014...

EMC M&amp;R (Watch4net) - Directory Traversal

Abstract A path traversal vulnerability was found in EMC M&R Watch4net Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries. Affected products EMC repor...

EMC MR (Watch4net) - Directory Traversal

EMC MR Watch4net - Directory Traversal Abstract A path traversal vulnerability was found in EMC M&R Watch4net Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts an...

tcpdump 4.7.2 remote crashes

Hi, please find tcpdump 4.7.2 source code at: http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz.sig there is also a matching libpcap To validate the source code with the "make check" you need to have libpcap-4.7.2 or the geneve test cases will...

XYCMS管理咨询公司建站系统存在默认数据库下载和存储型XSS

简要描述： XYCMS管理咨询公司建站系统存在默认数据库下载和存储型XSS 详细说明： XYCMS管理咨询公司建站系统存在默认数据库下载和存储型XSS。 源码地址：http://down.chinaz.com/soft/29472.htm 一是存在存储型XSS，发生在在线应聘处，可插入XSS代码，漏洞文件：Careersyp.asp 可谷歌搜索：inurl:Careersyp.asp 实例如下：http://www.gaonengkedi.com/Careersyp.asp?id=4 http://njqygl.com/Careersyp.asp?id=1...

Elastix 2.x - Blind SQL Injection

Elastix 2.x - Blind SQL Injection Title: Elastix v2.x Blind SQL Injection Vulnerability Author: Ahmed Aboul-Ela Twitter: https://twitter.com/aboul3la Vendor : http://www.elastix.org Version: v2.5.0 and prior versions should be affected too - Vulnerable Source Code snippet in...

Security vulnerability is the essence of myth of the battle to compile code-bug warning-the black bar safety net

0x00 Preface Currently more popular but also more efficient mining of vulnerabilities is Fuzzing, of course, this also needs to take the time to write Fuzzing programs. However, not every things are necessary to write Fuzzing programs,not every thing can go to Fuzzing, so still have to continue t...

PNMsoft Sequence Kinetics Information Disclosure Vulnerability

PNMsoft Sequence Kinetics is a suite of intelligent workflow applications from PNMsoft that can organize modeling, design, and execution.Form Controls CSS is one of the control form CSS files. A security vulnerability exists in the Form Controls CSS file in PNMsoft Sequence Kinetics 7.5 and earli...

SQLite3 3.8.6 - Controlled Memory Corruption (PoC)

Exploit Title: SQLite3 controlled memory corruption PoC 0day Date: date Exploit Author: Andras Kabai Vendor Homepage: http://www.sqlite.org/ Software Link: http://www.sqlite.org/download.html Version: 3.8.6, 3.8.8.3 Tested on: Ubuntu 14.10, 64 bit 3.8.6 latest available package, 3.8.8.3 built fro...

FreeBSD-SA-15:04.igmp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:04.igmp Security Advisory The FreeBSD Project Topic: Integer overflow in IGMP protocol Category: core Module: igmp Announced: 2015-02-25; Last revised on...

Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)

Zabbix 2.0.5 - Cleartext ldapbindPassword Password Disclosure Metasploit This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE:...