Lucene search
+L

520 matches found

securityvulns
securityvulns
added 2015/06/14 12:0 a.m.81 views

Nakid-CMS CSRF, Persistent XSS & LFI

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NAKIDCMS0611.txt Vendor: ================================ http://kilrizzy.github.io/Nakid-CMS/ Product: ================================ kilrizzy-Nakid-CMS-f274624 Nakid CMS is...

6.6AI score
Exploits0
exploitpack
exploitpack
added 2015/06/12 12:0 a.m.23 views

Nakid CMS - Multiple Vulnerabilities

Nakid CMS - Multiple Vulnerabilities Exploit Title: CSRF, Persistent XSS & LFI Google Dork: intitle: CSRF, Persistent XSS & LFI Date: 2015-06-11 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: kilrizzy.github.io/Nakid-CMS Software Link:...

0.5AI score
Exploits0
CNVD
CNVD
added 2015/05/11 12:0 a.m.3 views

Docker /proc/ directory insecure permission configuration vulnerability

Docker is an open source application container engine that allows developers to package their applications as well as dependency packages into a portable container and then distribute it to any popular Linux machine, also enabling virtualization. Docker insecurely sets up the /proc/ directory and...

7.2CVSS6.6AI score0.00548EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/09/22 12:0 a.m.23 views

XYCMS企业建站系统 2.5(注射&&后台配置插马)

简要描述: 前年她17岁,她看到我的IPad,说“姐夫,你的IPad不错嘛!” 她回去的时候,她姐姐把IPhone给她带上了。 去年她18岁,她看到我的IBM后,说“姐夫,你的IBM不错嘛!” 她回去的时候,她姐姐把IBM笔记本给她带上了。 今年她19岁,她看到我后,害羞的说:“姐夫,其实你这人挺不错的” 我在等她姐姐发话。 详细说明: 1 存在注入漏洞文件: newsdetail.asp 1-14行 无此新闻信息!" response.End end if % id没过滤进入查询 同样的问题:common.asp pro.asp news.asp prodetail.asp 漏洞证明:...

7.1AI score
Exploits0
NVD
NVD
added 2014/04/28 2:9 p.m.38 views

CVE-2014-1217

Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors...

7.5CVSS6.6AI score0.0154EPSS
Exploits2References4
0day.today
0day.today
added 2013/07/01 12:0 a.m.67 views

Fortigate Firewalls - CSRF Vulnerability

Exploit for hardware platform in category web applications Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version:...

5.1CVSS6.5AI score0.02286EPSS
Exploits6
Exploit DB
Exploit DB
added 2013/07/01 12:0 a.m.55 views

Fortigate Firewalls - Cross-Site Request Forgery

Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version: i...

5.1CVSS6.5AI score0.02286EPSS
Exploits6
myhack58
myhack58
added 2013/03/07 12:0 a.m.16 views

Android platform and exposure feel free to turn on and turn off the phone wifi function vulnerability-vulnerability warning-the black bar safety net

Disclosure of status: 2013-03-05: positive contact vendors and wait for manufacturers to claim, details not open to the public 2013-03-05: vendor has been active ignored vulnerabilities, the details disclosed to the public Brief description: The Settings application contains com. android. setting...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2012/11/20 12:0 a.m.36 views

SonicWALL CDP 5040 6.x Cross Site Scripting

Title: ====== SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Date: ===== 2012-11-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=549 VL-ID: ===== 549 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

Exploits0
ICS
ICS
added 2012/09/30 6:0 a.m.61 views

I-GEN opLYNX Central Authentication Bypass

Overview This advisory provides mitigation details for a vulnerability that impacts the i-GEN opLYNX Central software. Exploitation of this vulnerability would allow partial leakage of information and access to system settings. Independent researcher Anthony Cicalla has identified an authenticati...

7.5CVSS6.4AI score0.01646EPSS
Exploits0References10
myhack58
myhack58
added 2012/08/27 12:0 a.m.23 views

Anwsion background feature of the design defects can be obtained SHELL-vulnerability warning-the black bar safety net

The vulnerabilities affect all versions. Binding Anwsion 0.7 all of the following versions can lead to the site being invaded. Design flaws in the code are as follows see 7 5-9 6 line will be the website background configuration is saved to the database at the same time and save to a local PHP fi...

0.3AI score
Exploits0
NVD
NVD
added 2012/08/17 8:55 p.m.19 views

CVE-2012-2164

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack...

5.5CVSS5.9AI score0.01107EPSS
Exploits0References3
Prion
Prion
added 2012/08/17 8:55 p.m.15 views

Design/Logic Flaw

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack...

5.5CVSS6.4AI score0.01107EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2012/08/17 8:0 p.m.51 views

CVE-2012-2164

The CVE-2012-2164 entry affects IBM Rational ClearQuest Web. The Web client on ClearQuest versions 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions and use the Site Administration menu to modify system settings via a parameter-ta...

5.5CVSS6.1AI score0.01107EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/08/17 8:0 p.m.22 views

CVE-2012-2164

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack...

5.9AI score0.01107EPSS
Exploits0References3
securityvulns
securityvulns
added 2007/10/10 12:0 a.m.50 views

LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues

Severity: Critical Effect: Compromise of FInancial Data, deletion of audit trails, alteration of system settings, disclosure of confidential information possible in some setups. Affected products: LedgerSMB 1.0.0-1.2.7 , SQL-Ledger 2.x all versions. 1: SQL injection issue in invoice quantity fiel...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2007/06/12 12:0 a.m.33 views

Cisco Trust Agent for Mac OS X privilege escalation

It's possible to manipulate system settings with root permissions while message is displayed during user logon...

2.7AI score
Exploits0References1Affected Software1
myhack58
myhack58
added 2006/12/18 12:0 a.m.30 views

With the rabbit plus WinRAR play dead charge encryption software-bug warning-the black bar safety net

Currently on the network encryption software have mushroomed General everywhere, their price is often in the 3 0 yuan, and many friends also have to fork out money to buy these encryption software, but they really can play the role of encryption? Author Super rabbit and WinRAR both software for...

7.2AI score
Exploits0
myhack58
myhack58
added 2006/06/21 12:0 a.m.20 views

Crack the password file with spear and shield encryption and decryption battle-vulnerability warning-the black bar safety net

Currently on the network encryption software have mushroomed General everywhere, their price is often in the 3 0 yuan, and many friends also have to fork out money to buy these encryption software, but they really can play the role of encryption? Author Super rabbit and WinRAR both software for...

0.1AI score
Exploits0
myhack58
myhack58
added 2006/03/31 12:0 a.m.28 views

Elevated administrator permissions:startup script method-vulnerability warning-the black bar safety net

We watched“my non-IF. S. T”summary elevated administrator privileges 8 of the law, and now we use the startup script and batch in to get the shell of the case under the elevated No. 9: startup script method! of! The first batch of leakage Ah, we can get optimistic, and I try to cut the crap,...

0.1AI score
Exploits0
Rows per page
Query Builder