6 matches found
NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2021-0159)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching onl...
EulerOS 2.0 SP5 : httpd (EulerOS-SA-2019-2157)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes...
JEEBBS任意帐号密码重置附poc
简要描述: JEEBBS 某些小问题可导致任意帐号密码重置。漏洞的类型,难度不重要,关键是能造成什么影响才是最重要的 详细说明: 一、首先注册个帐号,虽然有些网站去掉了注册连接,但是register.jspx 文件还是存在的,直接访问可以注册帐号。 二、来到论坛的随便一个帖子里,找到举报的连接,虽然有些网站去掉了连接,但是通过 member/getreportpage.jspx?url=/sqzx/帖子ID.jhtml 去举报帖子。 三、由于举报的字符串没有经过过滤直接查询显示在后台位置,于维护-用户举报-举报详情-举报理由。形成存储型xss...
Password Strength Testers Work for Important Accounts
Many popular online services have started to deploy password strength meters, visual gauges that are often color-coded and indicate whether the password you’ve chosen is weak or strong based on the website’s policy. The effectiveness of these meters in influencing users to choose stronger passwor...
VisualShapers EZContents 1.x2.0 - archivednews.php Arbitrary File Inclusion
VisualShapers EZContents 1.x2.0 - archivednews.php Arbitrary File Inclusion source: https://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence t...
PHPSysInfo 2.0/2.1 - 'index.php' File Disclosure
source: https://www.securityfocus.com/bid/7275/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. Local users may be capable of influencing the include path for several PHPSysinfo template files. If the malicious template file is symlinked to a web server readable file...