Lucene search
K

169 matches found

myhack58
myhack58
added 2017/01/27 12:0 a.m.31 views

PHP study notes and security vulnerabilities-vulnerability warning-the black bar safety net

System variables $POST // get the post data is a dictionary $GET // get get data, is a dictionary The error control operator PHP supports one error control operator:@the. When it is placed in a PHP expression, the expression may produce any error information is ignored. Variable default value Whe...

0.2AI score
Exploits0
0day.today
0day.today
added 2014/05/14 12:0 a.m.50 views

CodeIgniter / Kohana PHP Object Injection / Timing Attack

CodeIgniter versions 2.1.4 and below and Kohana versions 3.2.3 and below and 3.3.2 and below suffer from PHP object injection, a timing attack, and a remote code execution vulnerability. Background info and boring history shit:...

8AI score
Exploits0
Exploit DB
Exploit DB
added 2014/04/17 12:0 a.m.77 views

SAP Router - Timing Attack Password Disclosure

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL: http://www.coresecurity.com/advisories/sap-router-password-timing-attack Date published:...

4.3CVSS6.9AI score0.02818EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.20 views

Scientific Linux Security Update : squid on SL6.x i386/x86_64

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the...

5CVSS5.5AI score0.64243EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2010/09/27 12:0 a.m.14 views

Mandriva Update for squid MDVSA-2010:187 (squid)

Check for the Version of squid OpenVAS Vulnerability Test Mandriva Update for squid MDVSA-2010:187 squid Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5CVSS6.4AI score0.64243EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2010/09/20 9:0 p.m.20 views

CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted request...

5CVSS5.9AI score0.64243EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2010/09/20 8:0 p.m.21 views

CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted request...

5CVSS5.3AI score0.64243EPSS
Exploits0
Cvelist
Cvelist
added 2010/09/20 8:0 p.m.16 views

CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted request...

6.1AI score0.64243EPSS
Exploits0References15
seebug.org
seebug.org
added 2007/04/20 12:0 a.m.56 views

ProFTPD AUTH多个验证模块安全绕过漏洞

proftpd是一款流行的开放源代码的FTP服务程序。 proftpd在AUTH API上存在一个错误,远程攻击者可以利用漏洞可以绕过安全限制,未授权访问。 由于FTP协议需要分开USER和PASS命令,ProFTPD独立的通过USER对用户数据进行检查,而当PASS接收到时对用户的验证进行校验。因此这些组合使ProFTPD允许多个同步Auth模块存在如modauthunix, modsql, modldap,可能导致某个验证模块提供用户数据modauthunix而另一个模块验证用户数据如modsql. 当验证模块modsql配置成使用底限制的验证策略,如: SQLAuthTypes...

7AI score
Exploits0
Rows per page
Query Builder