Input validation

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited...

CVE-2023-43699

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited...

Gamification of Ethical Hacking and Hacking Esports

While ethical hacking is by no means a new or groundbreaking practice, the scale at which organizations and individuals are undertaking such initiatives continues to intensify, especially considering recent events such as the log4j vulnerability. Traditionally, ethical hacking is undertaken by...

Apache 'mod_accounting'模块SQL注入漏洞(CVE-2013-5697)

BUGTRAQ ID: 62677 CVE ID: CVE-2013-5697 modaccounting是Apache 1.3.x上的流量计费模块，该模块使用数据记录流量，支持的数据库类型包括MySQL及PostgreSQL。 modaccounting 0.5模块在Host报文头中存在SQL注入漏洞，攻击者可利用此漏洞破坏应用，执行未授权数据库操作。该漏洞源于用户提供的HTTP报文头未经过滤即用在查询内。该模块使用了简单的字符串串联来修改已定义查询内的占位符，然后再发送到数据库内。该代码位于modaccounting.c内。 0 modaccounting 0.5 临时解决方法：...

CVE-2011-1992

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different 1 domain or 2 zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."...